[Vortex] [BUG] Race condition in vortex_tls_start_negotiation_sync

AMIAUX Benoît b.amiaux at ateme.com
Wed Aug 18 16:57:03 CEST 2010


Hello,

I believe there is a race condition in vortex_tls_start_negotiation_sync.
(Please note it's from vortex 1.0. I didn't check vortex 1.1 yet)

Code:
VortexConnection* link_a = <some_valid_pointer>
if( vortex_connection_is_ok(link_a, false) )
   link_b = vortex_tls_start_negotiation_sync(link_a, <...>)
vortex_connection_close(link_b);

if there is a timeout in the TLS negotiation, vortex_tls_start_negotiation_sync will return link_a (see vortex_tls.c:1704)
However, if there's a timeout, a vortex thread is still trying to connect, and it will release link_a during its process (see vortex_tls.c:893).
So when the calling code will call vortex_connection_close on link_b, the connection will already have been freed resulting in a crash.

I'm not sure yet how to fix it.

Thanks,
Benoît Amiaux





Ce message et toutes les pièces jointes sont confidentiels et établis à l'intention exclusive de ses destinataires. Toute modification, édition, utilisation ou diffusion non autorisée est interdite. Si vous avez reçu ce message par erreur, merci de nous en avertir immédiatement. ATEME décline toute responsabilité au titre de ce message s'il a été altéré, déformé, falsifié ou encore édité ou diffusé sans autorisation.
This message and any attachments are confidential and intended solely for the addressees. Any unauthorized modification, edition, use or dissemination is prohibited. If you have received this message by mistake, please notify us immediately. ATEME decline all responsibility for this message if it has been altered, deformed, falsified or even edited or disseminated without authorization.


More information about the Vortex mailing list