f



[ace-users] ACE SSL connect: Socket handle leak when connecting to an unreachable SSL endpoint

This is a multi-part message in MIME format.

------=_NextPart_000_0044_01CF317F.636F4D40
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

    ACE VERSION: 6.1.4

    HOST MACHINE and OPERATING SYSTEM:
        If on Windows based OS's, which version of WINSOCK do you
        use?: Windows 7, Winsock2

    TARGET MACHINE and OPERATING SYSTEM, if different from HOST:
    COMPILER NAME AND VERSION (AND PATCHLEVEL):

    THE $ACE_ROOT/ace/config.h FILE : config-win32.h

    THE $ACE_ROOT/include/makeinclude/platform_macros.GNU FILE ]: not =
used

    CONTENTS OF $ACE_ROOT/bin/MakeProjectCreator/config/default.features
    (used by MPC when you generate your own makefiles):

    AREA/CLASS/EXAMPLE AFFECTED: Open SSL connection on an unreachable
endpoint

    DOES THE PROBLEM AFFECT:
        EXECUTION : socket handle leak

    SYNOPSIS:
Opening an SSL connection to an unreachable endpoint leads to a timeout.
But the used TCP socket remains unclosed and its handle leaks.
Within programs running for a long time periodical connection retries=20
make socket resources to run out.

    DESCRIPTION:
The following test code shows the problem:

#include <ace/SSL/SSL_SOCK_Stream.h>
#include <ace/Connector.h>
#include <ace/SSL/SSL_SOCK_Connector.h>

#include <sstream>

class ConnHandler : public ACE_Svc_Handler <ACE_SSL_SOCK_Stream,
ACE_MT_SYNCH>
{
 public:
  ConnHandler()
  {
   printf("ConnHandler constructor\n");
  }
  virtual ~ConnHandler()
  {
   printf("ConnHandler destructor\n");
  }

  virtual int open(void * =3D NULL)
  {
   printf("ConnHandler open\n");
   return -1;
  }

  virtual int handle_input(ACE_HANDLE =3D ACE_INVALID_HANDLE)
  {
   printf("ConnHandler handle_input\n");
   return 0;
  }
=20
  /**
   * Perform termination activities on the SVC_HANDLER.  The default
   * behavior is to close down the <peer_> (to avoid descriptor leaks)
   * and to <destroy> this object (to avoid memory leaks)!  If you
   * don't want this behavior make sure you override this method...
   */
  virtual int handle_close(ACE_HANDLE =3D ACE_INVALID_HANDLE,
                           ACE_Reactor_Mask =3D
ACE_Event_Handler::ALL_EVENTS_MASK)
  {
   printf("ConnHandler handle_close\n");

   // For SSL peer() contains the SSL socket and peer().peer() contains =
the
TCP socket.
   // ACE Handle Leak:=20
   //  At connect timeout the SSL socket handle is invalid, the TCP =
socket
handle isn't.
   //  ACE_SOCK_STREAM::close() doesn't anything when its SSL handle is
invalid.
   //   See your code in ACE_Wrappers/ace/SSL/SSL_SOCK_Stream.inl in =
line
317:
   // 312  ACE_INLINE int
   // 313  ACE_SSL_SOCK_Stream::close (void)
   // 314  {
   // 315   ACE_TRACE ("ACE_SSL_SOCK_Stream::close");
   // 316
   // 317   if (this->ssl_ =3D=3D 0 || this->get_handle () =3D=3D
ACE_INVALID_HANDLE)
   // 318     return 0;  // SSL_SOCK_Stream was never opened.
   // ...
   // 352  }

   //  So the TCP socket remains NOT closed and the handle leaks.

   // Here our workaround to prevent a handle leak:
   ACE_SOCK_Stream & TCP_Peer =3D this->peer().peer();

   if(TCP_Peer.get_handle() !=3D ACE_INVALID_HANDLE)
   {
    std::stringstream sstr;
    sstr << "Closing TCP socket with handle "
         << (int)TCP_Peer.get_handle();
    printf("handle_close %s\n", sstr.str().c_str());

    TCP_Peer.close();
   }

   // From the default function handle_close() from Svc_Handler.cpp line
304:
   //  ACE_Svc_Handler<PEER_STREAM, SYNCH_TRAITS>::handle_close
(ACE_HANDLE,ACE_Reactor_Mask)
   this->destroy();
   return 0;
  }

  virtual int svc()
  {
   printf("ConnHandler svc\n");
   return 0;
  }
};

int main(int , char ** )
{
 // Using ACE 6.1.4
 ACE_Connector < ConnHandler, ACE_SSL_SOCK_Connector > cSockConnector;

 ConnHandler * pcConnHandler =3D new ConnHandler();

 // Use a not reachable endpoint.
 const ACE_INET_Addr ConnectAddr("172.22.113.7:35000");

 int iConnectReturn =3D cSockConnector.connect(pcConnHandler, =
ConnectAddr);
 if(iConnectReturn < 0)
 {
  int iErrno =3D errno;
  printf("connect failed: Errno=3D%d\n", iErrno);
 }
 else
 {
  printf("connect successful\n");
 }

 return 0;
}

    REPEAT BY:
 see test code obove

    SAMPLE FIX/WORKAROUND:
 see test code and comment above
 The function ACE_SOCK_STREAM::close() should close the TCP socket=20
  even when the ssl peer wasn't initialized.

Best Regards,
Dr. Norbert Kl=F6tzer

--
LeuTek GmbH | Dr. Norbert Kl=F6tzer | Software-Entwicklung
Stadionstr. 4-6 | 70771 Leinfelden-Echterdingen | Deutschland
Tel.: +49 711 94707-13 | Fax: +49 711 799177
E-Mail: mailto:Norbert.Kl=F6tzer@leutek.de | Web: http://www.leutek.de

Gesch=E4ftsf=FChrer: J=FCrgen Frey, Claus Mohoric
Handelsregister: Stuttgart HRB 224464



------=_NextPart_000_0044_01CF317F.636F4D40
Content-Type: application/x-pkcs7-signature;
	name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKmjCCBSww
ggQUoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdHZXJt
YW55MSAwHgYDVQQHExdMZWluZmVsZGVuLUVjaHRlcmRpbmdlbjEaMBgGA1UEChQRTGV1VGVrIEdt
YkggJiBDby4xCzAJBgNVBAsTAkNBMScwJQYDVQQDEx5MZXVUZWsgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkxLzAtBgkqhkiG9w0BCQEWIENlcnRpZmljYXRpb25BdXRob3JpdHlAbGV1dGVrLmRlMB4X
DTA5MDUwNTA5MjEwNloXDTI5MDQzMDA5MjEwNlowgcQxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdH
ZXJtYW55MSAwHgYDVQQHExdMZWluZmVsZGVuLUVjaHRlcmRpbmdlbjEaMBgGA1UEChQRTGV1VGVr
IEdtYkggJiBDby4xCzAJBgNVBAsTAkNBMScwJQYDVQQDEx5MZXVUZWsgQ2VydGlmaWNhdGlvbiBB
dXRob3JpdHkxLzAtBgkqhkiG9w0BCQEWIENlcnRpZmljYXRpb25BdXRob3JpdHlAbGV1dGVrLmRl
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1lU9OBS8PrJ2QzOBCFl0vBealnGctvhA
RMg3YlUf+1fWiUafkGYM3H/Qvby45c+IYjsOo9FPPWBinvUS/snSx13W/VJ5oYN9q5pHZegNA7hQ
HUUsaFXlzpIQAtOXAUHmRfWKV68CFZ6qnfcEPWKq7kv+u/rX8D7c9AMS4WmCbe4fnEjZEI0wonga
6HvD7yVjgV/TMnkPifuCuiNyJ9HSTPEFpAXSv3waJdKXVL7f8jXiNj18bNh+QcM9XWdRXroAeOBf
IgGReUt38uJM5o/SpMOblf/etoBHxx9gqmnu8Nuv0qByhVLSB5H5Uq4oAnL6IvCd8VHoGeYSlZsN
z5ycVwIDAQABo4IBJTCCASEwHQYDVR0OBBYEFBX60otfjm2aM5zSsxKJw/6RvAyvMIHxBgNVHSME
gekwgeaAFBX60otfjm2aM5zSsxKJw/6RvAyvoYHKpIHHMIHEMQswCQYDVQQGEwJERTEQMA4GA1UE
CBMHR2VybWFueTEgMB4GA1UEBxMXTGVpbmZlbGRlbi1FY2h0ZXJkaW5nZW4xGjAYBgNVBAoUEUxl
dVRlayBHbWJIICYgQ28uMQswCQYDVQQLEwJDQTEnMCUGA1UEAxMeTGV1VGVrIENlcnRpZmljYXRp
b24gQXV0aG9yaXR5MS8wLQYJKoZIhvcNAQkBFiBDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5QGxldXRl
ay5kZYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCYyQ8ku7OVYbmlxV0O11NQ
azL6GhCqC7DoMrTaR+zqBY57g997hiOPl2/Mes0CKy2855k+K6ky7BVNx2bwPBQvIeCpwz0z2RqX
LIybJNhIAcyGEoUpMxLGx+kSnD2I584xVkKZw4tQK+k97fzCa0T8E7QfjZOVLhZFxIBJYFCxWqwe
Jjo82fXSSTvlwpHY8iv1O9MAEyjdXLX7wdCq1hYH6QiWP/r49SQRBehIjIRpu5Qa0sroSEDMrSAO
2HW5yDdJyFOxDcNTzo05Pb2hHczdt4DDzK6Yqju/dgA8WvNXXsY6/PYidlwkNqFjihx5QVpJGYmn
G4UsHmLGA9RCCuKPMIIFZjCCBE6gAwIBAgIKK3OOR1MXnU/VBTANBgkqhkiG9w0BAQsFADCBxDEL
MAkGA1UEBhMCREUxEDAOBgNVBAgTB0dlcm1hbnkxIDAeBgNVBAcTF0xlaW5mZWxkZW4tRWNodGVy
ZGluZ2VuMRowGAYDVQQKFBFMZXVUZWsgR21iSCAmIENvLjELMAkGA1UECxMCQ0ExJzAlBgNVBAMT
HkxldVRlayBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0GCSqGSIb3DQEJARYgQ2VydGlmaWNh
dGlvbkF1dGhvcml0eUBsZXV0ZWsuZGUwHhcNMTQwMjEwMTA1NDMwWhcNMTkwMTE1MTA1NDMwWjBw
MQswCQYDVQQGEwJERTEgMB4GA1UEBwwXTGVpbmZlbGRlbi1FY2h0ZXJkaW5nZW4xDjAMBgNVBAsM
BVVzZXJzMRQwEgYDVQQKDAtMZXVUZWsgR21iSDEZMBcGA1UEAwwQTm9yYmVydCBLbG9ldHplcjCB
nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwWzrKSyj/MNv6sLIvW+2ZErwtdlBZiGX24J/hxS3
gT0Kl61Wb7AaVnvJHdBV2xvU2I4xFSogbMOsYRrVG4MARkxwkPuxUHQE+LS9VZyRrwT9fm8Eutln
5FRNnPYjAJB23MM1DO6FjCBxJwGqyMIM69ucS/WdzJ/49TI7XzEBiKkCAwEAAaOCAi8wggIrMAkG
A1UdEwQCMAAwUwYDVR0gBEwwSjAGBgQqAwMEMAYGBCoDAwUwOAYEKgMDBjAwMC4GCCsGAQUFBwIB
FiJodHRwczovL0xldVRla0NBL3BraS9wdWIvY3BzL2Jhc2ljMBEGCWCGSAGG+EIBAQQEAwIFoDAL
BgNVHQ8EBAMCBeAwKQYDVR0lBCIwIAYIKwYBBQUHAwIGCCsGAQUFBwMEBgorBgEEAYI3FAICMC4G
CWCGSAGG+EIBDQQhFh9Vc2VyIENlcnRpZmljYXRlIG9mIExldVRlayBHbWJIMB0GA1UdDgQWBBSa
E/UKhG9G9iq6ltZimdJ2gP9xpTAfBgNVHSMEGDAWgBQV+tKLX45tmjOc0rMSicP+kbwMrzAlBgNV
HREEHjAcgRpOb3JiZXJ0Lktsb2V0emVyQGxldXRlay5kZTAJBgNVHRIEAjAAMIGnBggrBgEFBQcB
AQSBmjCBlzAuBggrBgEFBQcwAoYiaHR0cDovL3d3dy5sZXV0ZWsuZGUvY2EvY2FjZXJ0LmNydDAy
BggrBgEFBQcwAYYmaHR0cDovL2xldXRla2NhLmludGVybi5sZXV0ZWsuZGU6MjU2MC8wMQYIKwYB
BQUHMAyGJWh0dHA6Ly9sZXV0ZWtjYS5pbnRlcm4ubGV1dGVrLmRlOjgzMC8wMgYDVR0fBCswKTAn
oCWgI4YhaHR0cDovL3d3dy5sZXV0ZWsuZGUvY2EvY2FjcmwuY3JsMA0GCSqGSIb3DQEBCwUAA4IB
AQAmiLkQwRVRs3G1Vxoj2vbwoChtT43W04wcpz0cI3oPB91feZx3QCV9UrlWWMx+E4e6poF2ODAz
FvymnLiuLdsIJHQecAURqAthFP/HWsUZGhNFSCZn3i1RQYs8Ffq9Ttmit0fqdh6x92uSI4Y2gJMK
J9/XRRvta8TLsur2x2g5keyqldN5F3vVe9BjWxs2l2v9q30z1vSVAjoCUw5nltfVWwGxIbLEQA/v
2PBLx8iWSmCLBsS0FIlkOwHiJQClIdZK8M11zQr6ihafSXm2lzxKnkYIunqRzUiwBLK3FAvl73C5
/PRrhhIIGwmbjtiq/Etn0jloEsG4J+Wkco//3xILMYIEFDCCBBACAQEwgdMwgcQxCzAJBgNVBAYT
AkRFMRAwDgYDVQQIEwdHZXJtYW55MSAwHgYDVQQHExdMZWluZmVsZGVuLUVjaHRlcmRpbmdlbjEa
MBgGA1UEChQRTGV1VGVrIEdtYkggJiBDby4xCzAJBgNVBAsTAkNBMScwJQYDVQQDEx5MZXVUZWsg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkxLzAtBgkqhkiG9w0BCQEWIENlcnRpZmljYXRpb25BdXRo
b3JpdHlAbGV1dGVrLmRlAgorc45HUxedT9UFMAkGBSsOAwIaBQCgggKWMBgGCSqGSIb3DQEJAzEL
BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE0MDIyNDE1NDIyMVowIwYJKoZIhvcNAQkEMRYE
FPsL9RT0c0BxIwKxaBBlOEN3XJf0MGcGCSqGSIb3DQEJDzFaMFgwCgYIKoZIhvcNAwcwDgYIKoZI
hvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMAcGBSsOAwIa
MAoGCCqGSIb3DQIFMIHkBgkrBgEEAYI3EAQxgdYwgdMwgcQxCzAJBgNVBAYTAkRFMRAwDgYDVQQI
EwdHZXJtYW55MSAwHgYDVQQHExdMZWluZmVsZGVuLUVjaHRlcmRpbmdlbjEaMBgGA1UEChQRTGV1
VGVrIEdtYkggJiBDby4xCzAJBgNVBAsTAkNBMScwJQYDVQQDEx5MZXVUZWsgQ2VydGlmaWNhdGlv
biBBdXRob3JpdHkxLzAtBgkqhkiG9w0BCQEWIENlcnRpZmljYXRpb25BdXRob3JpdHlAbGV1dGVr
LmRlAgorc45HUxedT9UFMIHmBgsqhkiG9w0BCRACCzGB1qCB0zCBxDELMAkGA1UEBhMCREUxEDAO
BgNVBAgTB0dlcm1hbnkxIDAeBgNVBAcTF0xlaW5mZWxkZW4tRWNodGVyZGluZ2VuMRowGAYDVQQK
FBFMZXVUZWsgR21iSCAmIENvLjELMAkGA1UECxMCQ0ExJzAlBgNVBAMTHkxldVRlayBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTEvMC0GCSqGSIb3DQEJARYgQ2VydGlmaWNhdGlvbkF1dGhvcml0eUBs
ZXV0ZWsuZGUCCitzjkdTF51P1QUwDQYJKoZIhvcNAQEBBQAEgYCFy3+L+5F96eevFWuIByzhwMB9
oVG0fj7G/DP4sI2ix0y6rKcO/IE7P+Nx8495vwIEquyxN8GYpS8dM2HsqcapWncoCw0cjrqWO8Cy
g9X6wwjQC8VJ7I5Adjjb61kFtsZ2J7/vwNRNez7jqzIma+F7444F+kt9Qlf2d/g4EjOvIQAAAAAA
AA==

------=_NextPart_000_0044_01CF317F.636F4D40--
0
Kloetzer
2/24/2014 3:42:21 PM
comp.soft-sys.ace 20326 articles. 1 followers. marlow.andrew (167) is leader. Post Follow

0 Replies
2119 Views

Similar Articles

[PageSpeed] 35

Reply: