tls: zero SSL_CTX freelist for a singleUse socket

When connecting to server with `keepAlive` turned off - make sure that the read/write buffers won't be kept in a single use SSL_CTX instance after the socket will be destroyed. Fix: https://github.com/iojs/io.js/issues/1522 PR-URL: https://github.com/iojs/io.js/pull/1529 Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
10 years ago · 2684c902c4
4 changed files with 16 additions and 0 deletions
--- a/lib/_tls_common.js
+++ b/lib/_tls_common.js
@ -133,6 +133,10 @@ exports.createSecureContext = function createSecureContext(options, context) {
    }
  }

+  // Do not keep read/write buffers in free list
+  if (options.singleUse)
+    c.context.setFreeListLength(0);
+
  return c;
 };

--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@ -862,6 +862,8 @@ exports.connect = function(/* [port, host], options, cb */) {
  };

  options = util._extend(defaults, options || {});
+  if (!options.keepAlive)
+    options.singleUse = true;

  assert(typeof options.checkServerIdentity === 'function');

--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@ -265,6 +265,7 @@ void SecureContext::Initialize(Environment* env, Handle<Object> target) {
  env->SetProtoMethod(t, "loadPKCS12", SecureContext::LoadPKCS12);
  env->SetProtoMethod(t, "getTicketKeys", SecureContext::GetTicketKeys);
  env->SetProtoMethod(t, "setTicketKeys", SecureContext::SetTicketKeys);
+  env->SetProtoMethod(t, "setFreeListLength", SecureContext::SetFreeListLength);
  env->SetProtoMethod(t, "getCertificate", SecureContext::GetCertificate<true>);
  env->SetProtoMethod(t, "getIssuer", SecureContext::GetCertificate<false>);

@ -933,6 +934,13 @@ void SecureContext::SetTicketKeys(const FunctionCallbackInfo<Value>& args) {
 }


+void SecureContext::SetFreeListLength(const FunctionCallbackInfo<Value>& args) {
+  SecureContext* wrap = Unwrap<SecureContext>(args.Holder());
+
+  wrap->ctx_->freelist_max_len = args[0]->Int32Value();
+}
+
+
 void SecureContext::CtxGetter(Local<String> property,
                              const PropertyCallbackInfo<Value>& info) {
  HandleScope scope(info.GetIsolate());
--- a/src/node_crypto.h
+++ b/src/node_crypto.h
@ -85,6 +85,8 @@ class SecureContext : public BaseObject {
  static void LoadPKCS12(const v8::FunctionCallbackInfo<v8::Value>& args);
  static void GetTicketKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
  static void SetTicketKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
+  static void SetFreeListLength(
+      const v8::FunctionCallbackInfo<v8::Value>& args);
  static void CtxGetter(v8::Local<v8::String> property,
                        const v8::PropertyCallbackInfo<v8::Value>& info);