[omniORB] sslEndpoint::AcceptAndMonitor still broken in 4-0-0-beta1
Nick Murtagh
murtaghn@tcd.ie
Sun, 14 Apr 2002 14:23:30 +0100
Hi,
sslEndpoint::AcceptAndMonitor is still broken in omniORB-4-0-0-beta1.
This means that any endpoint using ssl can be shutdown simply by telneting
to the correct port and typing randomly. I urge anyone using ssl with omniORB
to apply this fix themselves, or forget about using this feature in a
production environment.
The problematic code is the following:
SSL_free(ssl);
CLOSESOCKET(pd_new_conn_socket);
//break;
// XXX We should be able to go back to accept again. But for
// some reason the SSL library SEGV if we do. For the time
// being, we returns 0 which effectively shutdown the endpoint.
return 0;
The reason for the SEGV is that ssl has been freed, and after doing break,
the code tries to use ssl without allocating a new structure with SSL_new.
To fix this: remove the inner while loop, and reinstate the break statement
instead of returning 0.
Hope this helps,
Nick