aboutsummaryrefslogtreecommitdiff
path: root/roms
diff options
context:
space:
mode:
authorDaniel P. Berrangé <berrange@redhat.com>2018-11-19 13:42:28 +0000
committerEric Blake <eblake@redhat.com>2018-11-19 11:16:46 -0600
commita2458b6f6998c9a079f710ed7495d5c6f037e942 (patch)
tree327f84a768219485e03dbdafa57c4315cf2272fc /roms
parent3e99ebb9d3df15ce0ecf1b435816c9c46ee9a1ad (diff)
io: return 0 for EOF in TLS session read after shutdown
GNUTLS takes a paranoid approach when seeing 0 bytes returned by the underlying OS read() function. It will consider this an error and return GNUTLS_E_PREMATURE_TERMINATION instead of propagating the 0 return value. It expects apps to arrange for clean termination at the protocol level and not rely on seeing EOF from a read call to detect shutdown. This is to harden apps against a malicious 3rd party causing termination of the sockets layer. This is unhelpful for the QEMU NBD code which does have a clean protocol level shutdown, but still relies on seeing 0 from the I/O channel read in the coroutine handling incoming replies. The upshot is that when using a plain NBD connection shutdown is silent, but when using TLS, the client spams the console with Cannot read from TLS channel: Broken pipe The NBD connection has, however, called qio_channel_shutdown() at this point to indicate that it is done with I/O. This gives the opportunity to optimize the code such that when the channel has been shutdown in the read direction, the error code GNUTLS_E_PREMATURE_TERMINATION gets turned into a '0' return instead of an error. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20181119134228.11031-1-berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com>
Diffstat (limited to 'roms')
0 files changed, 0 insertions, 0 deletions