Add patch for CVE-2020-6750 and related issues.

This commit is contained in:
Michael Catanzaro 2020-02-07 15:09:22 -06:00
parent 807f65d4bd
commit fdfddfe804
2 changed files with 741 additions and 1 deletions

734
CVE-2020-6750.patch Normal file
View File

@ -0,0 +1,734 @@
From d4fcf91460696b09bb2b55c352a023f6dd71c7fe Mon Sep 17 00:00:00 2001
From: Patrick Griffis <tingping@tingping.se>
Date: Thu, 23 Jan 2020 19:58:41 -0800
Subject: [PATCH] Refactor g_socket_client_connect_async()
This is a fairly large refactoring. The highlights are:
- Removing in-progress connections/addresses from GSocketClientAsyncConnectData:
This caused issues where multiple ConnectionAttempt's would step over eachother
and modify shared state causing bugs like accidentally bypassing a set proxy.
Fixes #1871
Fixes #1989
Fixes #1902
- Cancelling address enumeration on error/completion
- Queuing successful TCP connections and doing application layer work serially:
This is more in the spirit of Happy Eyeballs but it also greatly simplifies
the flow of connection handling so fewer tasks are happening in parallel
when they don't need to be.
The behavior also should more closely match that of g_socket_client_connect().
- Better track the state of address enumeration:
Previously we were over eager to treat enumeration finishing as an error.
Fixes #1872
See also #1982
- Add more detailed documentation and logging.
Closes #1995
---
gio/gsocketclient.c | 459 ++++++++++++++++++++++++++++----------------
1 file changed, 296 insertions(+), 163 deletions(-)
diff --git a/gio/gsocketclient.c b/gio/gsocketclient.c
index 81721795b..c9943309c 100644
--- a/gio/gsocketclient.c
+++ b/gio/gsocketclient.c
@@ -1337,13 +1337,15 @@ typedef struct
GSocketConnectable *connectable;
GSocketAddressEnumerator *enumerator;
- GProxyAddress *proxy_addr;
- GSocket *socket;
- GIOStream *connection;
+ GCancellable *enumeration_cancellable;
GSList *connection_attempts;
+ GSList *successful_connections;
GError *last_error;
+ gboolean enumerated_at_least_once;
+ gboolean enumeration_completed;
+ gboolean connection_in_progress;
gboolean completed;
} GSocketClientAsyncConnectData;
@@ -1355,10 +1357,9 @@ g_socket_client_async_connect_data_free (GSocketClientAsyncConnectData *data)
data->task = NULL;
g_clear_object (&data->connectable);
g_clear_object (&data->enumerator);
- g_clear_object (&data->proxy_addr);
- g_clear_object (&data->socket);
- g_clear_object (&data->connection);
+ g_clear_object (&data->enumeration_cancellable);
g_slist_free_full (data->connection_attempts, connection_attempt_unref);
+ g_slist_free_full (data->successful_connections, connection_attempt_unref);
g_clear_error (&data->last_error);
@@ -1370,6 +1371,7 @@ typedef struct
GSocketAddress *address;
GSocket *socket;
GIOStream *connection;
+ GProxyAddress *proxy_addr;
GSocketClientAsyncConnectData *data; /* unowned */
GSource *timeout_source;
GCancellable *cancellable;
@@ -1401,6 +1403,7 @@ connection_attempt_unref (gpointer pointer)
g_clear_object (&attempt->socket);
g_clear_object (&attempt->connection);
g_clear_object (&attempt->cancellable);
+ g_clear_object (&attempt->proxy_addr);
if (attempt->timeout_source)
{
g_source_destroy (attempt->timeout_source);
@@ -1418,37 +1421,59 @@ connection_attempt_remove (ConnectionAttempt *attempt)
}
static void
-g_socket_client_async_connect_complete (GSocketClientAsyncConnectData *data)
+cancel_all_attempts (GSocketClientAsyncConnectData *data)
{
- g_assert (data->connection);
+ GSList *l;
- if (!G_IS_SOCKET_CONNECTION (data->connection))
+ for (l = data->connection_attempts; l; l = g_slist_next (l))
{
- GSocketConnection *wrapper_connection;
-
- wrapper_connection = g_tcp_wrapper_connection_new (data->connection, data->socket);
- g_object_unref (data->connection);
- data->connection = (GIOStream *)wrapper_connection;
+ ConnectionAttempt *attempt_entry = l->data;
+ g_cancellable_cancel (attempt_entry->cancellable);
+ connection_attempt_unref (attempt_entry);
}
+ g_slist_free (data->connection_attempts);
+ data->connection_attempts = NULL;
- if (!data->completed)
+ g_slist_free_full (data->successful_connections, connection_attempt_unref);
+ data->successful_connections = NULL;
+
+ g_cancellable_cancel (data->enumeration_cancellable);
+}
+
+static void
+g_socket_client_async_connect_complete (ConnectionAttempt *attempt)
+{
+ GSocketClientAsyncConnectData *data = attempt->data;
+ GError *error = NULL;
+ g_assert (attempt->connection);
+ g_assert (!data->completed);
+
+ if (!G_IS_SOCKET_CONNECTION (attempt->connection))
{
- GError *error = NULL;
+ GSocketConnection *wrapper_connection;
- if (g_cancellable_set_error_if_cancelled (g_task_get_cancellable (data->task), &error))
- {
- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL);
- g_task_return_error (data->task, g_steal_pointer (&error));
- }
- else
- {
- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, data->connection);
- g_task_return_pointer (data->task, g_steal_pointer (&data->connection), g_object_unref);
- }
+ wrapper_connection = g_tcp_wrapper_connection_new (attempt->connection, attempt->socket);
+ g_object_unref (attempt->connection);
+ attempt->connection = (GIOStream *)wrapper_connection;
+ }
- data->completed = TRUE;
+ data->completed = TRUE;
+ cancel_all_attempts (data);
+
+ if (g_cancellable_set_error_if_cancelled (g_task_get_cancellable (data->task), &error))
+ {
+ g_debug ("GSocketClient: Connection cancelled!");
+ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL);
+ g_task_return_error (data->task, g_steal_pointer (&error));
+ }
+ else
+ {
+ g_debug ("GSocketClient: Connection successful!");
+ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, attempt->connection);
+ g_task_return_pointer (data->task, g_steal_pointer (&attempt->connection), g_object_unref);
}
+ connection_attempt_unref (attempt);
g_object_unref (data->task);
}
@@ -1470,59 +1495,63 @@ static void
enumerator_next_async (GSocketClientAsyncConnectData *data,
gboolean add_task_ref)
{
- /* We need to cleanup the state */
- g_clear_object (&data->socket);
- g_clear_object (&data->proxy_addr);
- g_clear_object (&data->connection);
-
/* Each enumeration takes a ref. This arg just avoids repeated unrefs when
an enumeration starts another enumeration */
if (add_task_ref)
g_object_ref (data->task);
g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_RESOLVING, data->connectable, NULL);
+ g_debug ("GSocketClient: Starting new address enumeration");
g_socket_address_enumerator_next_async (data->enumerator,
- g_task_get_cancellable (data->task),
+ data->enumeration_cancellable,
g_socket_client_enumerator_callback,
data);
}
+static void try_next_connection_or_finish (GSocketClientAsyncConnectData *, gboolean);
+
static void
g_socket_client_tls_handshake_callback (GObject *object,
GAsyncResult *result,
gpointer user_data)
{
- GSocketClientAsyncConnectData *data = user_data;
+ ConnectionAttempt *attempt = user_data;
+ GSocketClientAsyncConnectData *data = attempt->data;
if (g_tls_connection_handshake_finish (G_TLS_CONNECTION (object),
result,
&data->last_error))
{
- g_object_unref (data->connection);
- data->connection = G_IO_STREAM (object);
+ g_object_unref (attempt->connection);
+ attempt->connection = G_IO_STREAM (object);
- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_TLS_HANDSHAKED, data->connectable, data->connection);
- g_socket_client_async_connect_complete (data);
+ g_debug ("GSocketClient: TLS handshake succeeded");
+ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_TLS_HANDSHAKED, data->connectable, attempt->connection);
+ g_socket_client_async_connect_complete (attempt);
}
else
{
g_object_unref (object);
- enumerator_next_async (data, FALSE);
+ connection_attempt_unref (attempt);
+ g_debug ("GSocketClient: TLS handshake failed: %s", data->last_error->message);
+ try_next_connection_or_finish (data, TRUE);
}
}
static void
-g_socket_client_tls_handshake (GSocketClientAsyncConnectData *data)
+g_socket_client_tls_handshake (ConnectionAttempt *attempt)
{
+ GSocketClientAsyncConnectData *data = attempt->data;
GIOStream *tlsconn;
if (!data->client->priv->tls)
{
- g_socket_client_async_connect_complete (data);
+ g_socket_client_async_connect_complete (attempt);
return;
}
- tlsconn = g_tls_client_connection_new (data->connection,
+ g_debug ("GSocketClient: Starting TLS handshake");
+ tlsconn = g_tls_client_connection_new (attempt->connection,
data->connectable,
&data->last_error);
if (tlsconn)
@@ -1534,11 +1563,12 @@ g_socket_client_tls_handshake (GSocketClientAsyncConnectData *data)
G_PRIORITY_DEFAULT,
g_task_get_cancellable (data->task),
g_socket_client_tls_handshake_callback,
- data);
+ attempt);
}
else
{
- enumerator_next_async (data, FALSE);
+ connection_attempt_unref (attempt);
+ try_next_connection_or_finish (data, TRUE);
}
}
@@ -1547,23 +1577,38 @@ g_socket_client_proxy_connect_callback (GObject *object,
GAsyncResult *result,
gpointer user_data)
{
- GSocketClientAsyncConnectData *data = user_data;
+ ConnectionAttempt *attempt = user_data;
+ GSocketClientAsyncConnectData *data = attempt->data;
- g_object_unref (data->connection);
- data->connection = g_proxy_connect_finish (G_PROXY (object),
- result,
- &data->last_error);
- if (data->connection)
+ g_object_unref (attempt->connection);
+ attempt->connection = g_proxy_connect_finish (G_PROXY (object),
+ result,
+ &data->last_error);
+ if (attempt->connection)
{
- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_PROXY_NEGOTIATED, data->connectable, data->connection);
+ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_PROXY_NEGOTIATED, data->connectable, attempt->connection);
}
else
{
- enumerator_next_async (data, FALSE);
+ connection_attempt_unref (attempt);
+ try_next_connection_or_finish (data, TRUE);
return;
}
- g_socket_client_tls_handshake (data);
+ g_socket_client_tls_handshake (attempt);
+}
+
+static void
+complete_connection_with_error (GSocketClientAsyncConnectData *data,
+ GError *error)
+{
+ g_debug ("GSocketClient: Connection failed: %s", error->message);
+ g_assert (!data->completed);
+
+ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL);
+ data->completed = TRUE;
+ cancel_all_attempts (data);
+ g_task_return_error (data->task, error);
}
static gboolean
@@ -1577,15 +1622,114 @@ task_completed_or_cancelled (GSocketClientAsyncConnectData *data)
return TRUE;
else if (g_cancellable_set_error_if_cancelled (cancellable, &error))
{
- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL);
- g_task_return_error (task, g_steal_pointer (&error));
- data->completed = TRUE;
+ complete_connection_with_error (data, g_steal_pointer (&error));
return TRUE;
}
else
return FALSE;
}
+static gboolean
+try_next_successful_connection (GSocketClientAsyncConnectData *data)
+{
+ ConnectionAttempt *attempt;
+ const gchar *protocol;
+ GProxy *proxy;
+
+ if (data->connection_in_progress)
+ return FALSE;
+
+ g_assert (data->successful_connections != NULL);
+ attempt = data->successful_connections->data;
+ g_assert (attempt != NULL);
+ data->successful_connections = g_slist_remove (data->successful_connections, attempt);
+ data->connection_in_progress = TRUE;
+
+ g_debug ("GSocketClient: Starting application layer connection");
+
+ if (!attempt->proxy_addr)
+ {
+ g_socket_client_tls_handshake (g_steal_pointer (&attempt));
+ return TRUE;
+ }
+
+ protocol = g_proxy_address_get_protocol (attempt->proxy_addr);
+
+ /* The connection should not be anything other than TCP,
+ * but let's put a safety guard in case
+ */
+ if (!G_IS_TCP_CONNECTION (attempt->connection))
+ {
+ g_critical ("Trying to proxy over non-TCP connection, this is "
+ "most likely a bug in GLib IO library.");
+
+ g_set_error_literal (&data->last_error,
+ G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
+ _("Proxying over a non-TCP connection is not supported."));
+ }
+ else if (g_hash_table_contains (data->client->priv->app_proxies, protocol))
+ {
+ /* Simply complete the connection, we don't want to do TLS handshake
+ * as the application proxy handling may need proxy handshake first */
+ g_socket_client_async_connect_complete (g_steal_pointer (&attempt));
+ return TRUE;
+ }
+ else if ((proxy = g_proxy_get_default_for_protocol (protocol)))
+ {
+ GIOStream *connection = attempt->connection;
+ GProxyAddress *proxy_addr = attempt->proxy_addr;
+
+ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_PROXY_NEGOTIATING, data->connectable, attempt->connection);
+ g_debug ("GSocketClient: Starting proxy connection");
+ g_proxy_connect_async (proxy,
+ connection,
+ proxy_addr,
+ g_task_get_cancellable (data->task),
+ g_socket_client_proxy_connect_callback,
+ g_steal_pointer (&attempt));
+ g_object_unref (proxy);
+ return TRUE;
+ }
+ else
+ {
+ g_clear_error (&data->last_error);
+
+ g_set_error (&data->last_error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
+ _("Proxy protocol “%s” is not supported."),
+ protocol);
+ }
+
+ data->connection_in_progress = FALSE;
+ g_clear_pointer (&attempt, connection_attempt_unref);
+ return FALSE; /* All non-return paths are failures */
+}
+
+static void
+try_next_connection_or_finish (GSocketClientAsyncConnectData *data,
+ gboolean end_current_connection)
+{
+ if (end_current_connection)
+ data->connection_in_progress = FALSE;
+
+ if (data->connection_in_progress)
+ return;
+
+ /* Keep trying successful connections until one works, each iteration pops one */
+ while (data->successful_connections)
+ {
+ if (try_next_successful_connection (data))
+ return;
+ }
+
+ if (!data->enumeration_completed)
+ {
+ enumerator_next_async (data, FALSE);
+ return;
+ }
+
+ complete_connection_with_error (data, data->last_error);
+}
+
static void
g_socket_client_connected_callback (GObject *source,
GAsyncResult *result,
@@ -1593,10 +1737,7 @@ g_socket_client_connected_callback (GObject *source,
{
ConnectionAttempt *attempt = user_data;
GSocketClientAsyncConnectData *data = attempt->data;
- GSList *l;
GError *error = NULL;
- GProxy *proxy;
- const gchar *protocol;
if (task_completed_or_cancelled (data) || g_cancellable_is_cancelled (attempt->cancellable))
{
@@ -1618,11 +1759,12 @@ g_socket_client_connected_callback (GObject *source,
{
clarify_connect_error (error, data->connectable, attempt->address);
set_last_error (data, error);
+ g_debug ("GSocketClient: Connection attempt failed: %s", error->message);
connection_attempt_remove (attempt);
- enumerator_next_async (data, FALSE);
connection_attempt_unref (attempt);
+ try_next_connection_or_finish (data, FALSE);
}
- else
+ else /* Silently ignore cancelled attempts */
{
g_clear_error (&error);
g_object_unref (data->task);
@@ -1632,74 +1774,21 @@ g_socket_client_connected_callback (GObject *source,
return;
}
- data->socket = g_steal_pointer (&attempt->socket);
- data->connection = g_steal_pointer (&attempt->connection);
-
- for (l = data->connection_attempts; l; l = g_slist_next (l))
- {
- ConnectionAttempt *attempt_entry = l->data;
- g_cancellable_cancel (attempt_entry->cancellable);
- connection_attempt_unref (attempt_entry);
- }
- g_slist_free (data->connection_attempts);
- data->connection_attempts = NULL;
- connection_attempt_unref (attempt);
-
- g_socket_connection_set_cached_remote_address ((GSocketConnection*)data->connection, NULL);
- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_CONNECTED, data->connectable, data->connection);
+ g_socket_connection_set_cached_remote_address ((GSocketConnection*)attempt->connection, NULL);
+ g_debug ("GSocketClient: TCP connection successful");
+ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_CONNECTED, data->connectable, attempt->connection);
/* wrong, but backward compatible */
- g_socket_set_blocking (data->socket, TRUE);
+ g_socket_set_blocking (attempt->socket, TRUE);
- if (!data->proxy_addr)
- {
- g_socket_client_tls_handshake (data);
- return;
- }
-
- protocol = g_proxy_address_get_protocol (data->proxy_addr);
-
- /* The connection should not be anything other than TCP,
- * but let's put a safety guard in case
+ /* This ends the parallel "happy eyeballs" portion of connecting.
+ Now that we have a successful tcp connection we will attempt to connect
+ at the TLS/Proxy layer. If those layers fail we will move on to the next
+ connection.
*/
- if (!G_IS_TCP_CONNECTION (data->connection))
- {
- g_critical ("Trying to proxy over non-TCP connection, this is "
- "most likely a bug in GLib IO library.");
-
- g_set_error_literal (&data->last_error,
- G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
- _("Proxying over a non-TCP connection is not supported."));
-
- enumerator_next_async (data, FALSE);
- }
- else if (g_hash_table_contains (data->client->priv->app_proxies, protocol))
- {
- /* Simply complete the connection, we don't want to do TLS handshake
- * as the application proxy handling may need proxy handshake first */
- g_socket_client_async_connect_complete (data);
- }
- else if ((proxy = g_proxy_get_default_for_protocol (protocol)))
- {
- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_PROXY_NEGOTIATING, data->connectable, data->connection);
- g_proxy_connect_async (proxy,
- data->connection,
- data->proxy_addr,
- g_task_get_cancellable (data->task),
- g_socket_client_proxy_connect_callback,
- data);
- g_object_unref (proxy);
- }
- else
- {
- g_clear_error (&data->last_error);
-
- g_set_error (&data->last_error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
- _("Proxy protocol “%s” is not supported."),
- protocol);
-
- enumerator_next_async (data, FALSE);
- }
+ connection_attempt_remove (attempt);
+ data->successful_connections = g_slist_append (data->successful_connections, g_steal_pointer (&attempt));
+ try_next_connection_or_finish (data, FALSE);
}
static gboolean
@@ -1707,7 +1796,11 @@ on_connection_attempt_timeout (gpointer data)
{
ConnectionAttempt *attempt = data;
- enumerator_next_async (attempt->data, TRUE);
+ if (!attempt->data->enumeration_completed)
+ {
+ g_debug ("GSocketClient: Timeout reached, trying another enumeration");
+ enumerator_next_async (attempt->data, TRUE);
+ }
g_clear_pointer (&attempt->timeout_source, g_source_unref);
return G_SOURCE_REMOVE;
@@ -1717,9 +1810,9 @@ static void
on_connection_cancelled (GCancellable *cancellable,
gpointer data)
{
- GCancellable *attempt_cancellable = data;
+ GCancellable *linked_cancellable = G_CANCELLABLE (data);
- g_cancellable_cancel (attempt_cancellable);
+ g_cancellable_cancel (linked_cancellable);
}
static void
@@ -1743,39 +1836,49 @@ g_socket_client_enumerator_callback (GObject *object,
result, &error);
if (address == NULL)
{
- if (data->connection_attempts)
+ if (G_UNLIKELY (data->enumeration_completed))
+ return;
+
+ data->enumeration_completed = TRUE;
+ g_debug ("GSocketClient: Address enumeration completed (out of addresses)");
+
+ /* As per API docs: We only care about error if its the first call,
+ after that the enumerator is done.
+
+ Note that we don't care about cancellation errors because
+ task_completed_or_cancelled() above should handle that.
+
+ If this fails and nothing is in progress then we will complete task here.
+ */
+ if ((data->enumerated_at_least_once && !data->connection_attempts && !data->connection_in_progress) ||
+ !data->enumerated_at_least_once)
{
- g_object_unref (data->task);
- return;
+ g_debug ("GSocketClient: Address enumeration failed: %s", error ? error->message : NULL);
+ if (data->last_error)
+ {
+ g_clear_error (&error);
+ error = data->last_error;
+ data->last_error = NULL;
+ }
+ else if (!error)
+ {
+ g_set_error_literal (&error, G_IO_ERROR, G_IO_ERROR_FAILED,
+ _("Unknown error on connect"));
+ }
+
+ complete_connection_with_error (data, error);
}
- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL);
- data->completed = TRUE;
- if (!error)
- {
- if (data->last_error)
- {
- error = data->last_error;
- data->last_error = NULL;
- }
- else
- {
- g_set_error_literal (&error, G_IO_ERROR, G_IO_ERROR_FAILED,
- _("Unknown error on connect"));
- }
- }
- g_task_return_error (data->task, error);
+ /* Enumeration should never trigger again, drop our ref */
g_object_unref (data->task);
return;
}
+ data->enumerated_at_least_once = TRUE;
+ g_debug ("GSocketClient: Address enumeration succeeded");
g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_RESOLVED,
data->connectable, NULL);
- if (G_IS_PROXY_ADDRESS (address) &&
- data->client->priv->enable_proxy)
- data->proxy_addr = g_object_ref (G_PROXY_ADDRESS (address));
-
g_clear_error (&data->last_error);
socket = create_socket (data->client, address, &data->last_error);
@@ -1793,6 +1896,10 @@ g_socket_client_enumerator_callback (GObject *object,
attempt->cancellable = g_cancellable_new ();
attempt->connection = (GIOStream *)g_socket_connection_factory_create_connection (socket);
attempt->timeout_source = g_timeout_source_new (HAPPY_EYEBALLS_CONNECTION_ATTEMPT_TIMEOUT_MS);
+
+ if (G_IS_PROXY_ADDRESS (address) && data->client->priv->enable_proxy)
+ attempt->proxy_addr = g_object_ref (G_PROXY_ADDRESS (address));
+
g_source_set_callback (attempt->timeout_source, on_connection_attempt_timeout, attempt, NULL);
g_source_attach (attempt->timeout_source, g_task_get_context (data->task));
data->connection_attempts = g_slist_append (data->connection_attempts, attempt);
@@ -1802,6 +1909,7 @@ g_socket_client_enumerator_callback (GObject *object,
g_object_ref (attempt->cancellable), g_object_unref);
g_socket_connection_set_cached_remote_address ((GSocketConnection *)attempt->connection, address);
+ g_debug ("GSocketClient: Starting TCP connection attempt");
g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_CONNECTING, data->connectable, attempt->connection);
g_socket_connection_connect_async (G_SOCKET_CONNECTION (attempt->connection),
address,
@@ -1854,24 +1962,48 @@ g_socket_client_connect_async (GSocketClient *client,
else
data->enumerator = g_socket_connectable_enumerate (connectable);
- /* The flow and ownership here isn't quite obvious:
- - The task starts an async attempt to connect.
- - Each attempt holds a single ref on task.
- - Each attempt may create new attempts by timing out (not a failure) so
- there are multiple attempts happening in parallel.
- - Upon failure an attempt will start a new attempt that steals its ref
- until there are no more attempts left and it drops its ref.
- - Upon success it will cancel all other attempts and continue on
- to the rest of the connection (tls, proxies, etc) which do not
- happen in parallel and at the very end drop its ref.
- - Upon cancellation an attempt drops its ref.
- */
+ /* This function tries to match the behavior of g_socket_client_connect ()
+ which is simple enough but much of it is done in parallel to be as responsive
+ as possible as per Happy Eyeballs (RFC 8305). This complicates flow quite a
+ bit but we can describe it in 3 sections:
+
+ Firstly we have address enumeration (DNS):
+ - This may be triggered multiple times by enumerator_next_async().
+ - It also has its own cancellable (data->enumeration_cancellable).
+ - Enumeration is done lazily because GNetworkAddressAddressEnumerator
+ also does work in parallel and may lazily add new addresses.
+ - If the first enumeration errors then the task errors. Otherwise all enumerations
+ will potentially be used (until task or enumeration is cancelled).
+
+ Then we start attempting connections (TCP):
+ - Each connection is independent and kept in a ConnectionAttempt object.
+ - They each hold a ref on the main task and have their own cancellable.
+ - Multiple attempts may happen in parallel as per Happy Eyeballs.
+ - Upon failure or timeouts more connection attempts are made.
+ - If no connections succeed the task errors.
+ - Upon success they are kept in a list of successful connections.
+
+ Lastly we connect at the application layer (TLS, Proxies):
+ - These are done in serial.
+ - The reasoning here is that Happy Eyeballs is about making bad connections responsive
+ at the IP/TCP layers. Issues at the application layer are generally not due to
+ connectivity issues but rather misconfiguration.
+ - Upon failure it will try the next TCP connection until it runs out and
+ the task errors.
+ - Upon success it cancels everything remaining (enumeration and connections)
+ and returns the connection.
+ */
data->task = g_task_new (client, cancellable, callback, user_data);
g_task_set_check_cancellable (data->task, FALSE); /* We handle this manually */
g_task_set_source_tag (data->task, g_socket_client_connect_async);
g_task_set_task_data (data->task, data, (GDestroyNotify)g_socket_client_async_connect_data_free);
+ data->enumeration_cancellable = g_cancellable_new ();
+ if (cancellable)
+ g_cancellable_connect (cancellable, G_CALLBACK (on_connection_cancelled),
+ g_object_ref (data->enumeration_cancellable), g_object_unref);
+
enumerator_next_async (data, FALSE);
}
@@ -1990,6 +2122,7 @@ g_socket_client_connect_to_uri_async (GSocketClient *client,
}
else
{
+ g_debug("g_socket_client_connect_to_uri_async");
g_socket_client_connect_async (client,
connectable, cancellable,
callback, user_data);
--
2.24.1

View File

@ -2,13 +2,16 @@
Name: glib2
Version: 2.63.5
Release: 1%{?dist}
Release: 2%{?dist}
Summary: A library of handy utility functions
License: LGPLv2+
URL: http://www.gtk.org
Source0: http://download.gnome.org/sources/glib/2.63/glib-%{version}.tar.xz
# https://gitlab.gnome.org/GNOME/glib/merge_requests/1339
Patch0: CVE-2020-6750.patch
BuildRequires: chrpath
BuildRequires: gcc
BuildRequires: gcc-c++
@ -216,6 +219,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
%{_datadir}/installed-tests
%changelog
* Fri Feb 07 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 2.63.5-2
- Add patch for CVE-2020-6750 and related issues.
* Mon Feb 03 2020 Kalev Lember <klember@redhat.com> - 2.63.5-1
- Update to 2.63.5