[DRE-maint] Bug#770891: ruby-mysql2: possible openssl infinite loop

Mon Nov 24 23:04:08 UTC 2014

Package: ruby-mysql2
Severity: important
Tags: patch upstream

Hi,

Currently, the dummy socket used to absorb wirtes in invalidate_fd
function may not absorb all writes and yield an infinite openssl loop.

This can be avoided, by replacing the dummy socket with /dev/null, as
proposed in upstream commit:

fc30a7c056e63517f5f66702016941b3902ec0b6
    Use /dev/null in invalidate_fd to avoid infinite loop in OpenSSL

Reproduced below:

------8<------------------

    Use /dev/null in invalidate_fd to avoid infinite loop in OpenSSL

    Thanks to Andy Bakun / @thwarted for identifying the issue and
    suggesting the /dev/null workaround.
---
 ext/mysql2/client.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/ext/mysql2/client.c b/ext/mysql2/client.c
index 71a7a35..3743d93 100644
--- a/ext/mysql2/client.c
+++ b/ext/mysql2/client.c
@@ -169,26 +169,30 @@ static void *nogvl_connect(void *ptr) {

 #ifndef _WIN32
 /*
- * Redirect clientfd to a dummy socket for mysql_close to
- * write, shutdown, and close on as a no-op.
- * We do this hack because we want to call mysql_close to release
- * memory, but do not want mysql_close to drop connections in the
- * parent if the socket got shared in fork.
+ * Redirect clientfd to /dev/null for mysql_close and SSL_close to write,
+ * shutdown, and close. The hack is needed to prevent shutdown() from breaking
+ * a socket that may be in use by the parent or other processes after fork.
+ *
+ * /dev/null is used to absorb writes; previously a dummy socket was used, but
+ * it could not abosrb writes and caused openssl to go into an infinite loop.
+ *
  * Returns Qtrue or Qfalse (success or failure)
+ *
+ * Note: if this function is needed on Windows, use "nul" instead of "/dev/null"
  */
 static VALUE invalidate_fd(int clientfd)
 {
 #ifdef SOCK_CLOEXEC
   /* Atomically set CLOEXEC on the new FD in case another thread forks */
-  int sockfd = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
+  int sockfd = open("/dev/null", O_RDWR | O_CLOEXEC);
   if (sockfd < 0) {
     /* Maybe SOCK_CLOEXEC is defined but not available on this kernel */
-    int sockfd = socket(AF_UNIX, SOCK_STREAM, 0);
+    int sockfd = open("/dev/null", O_RDWR);
     fcntl(sockfd, F_SETFD, FD_CLOEXEC);
   }
 #else
   /* Well we don't have SOCK_CLOEXEC, so just set FD_CLOEXEC quickly */
-  int sockfd = socket(AF_UNIX, SOCK_STREAM, 0);
+  int sockfd = open("/dev/null", O_RDWR);
   fcntl(sockfd, F_SETFD, FD_CLOEXEC);
 #endif

----------------------------8<-----------------------

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'testing'), (100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20141125/650d364b/attachment.sig>
