Handle GnuTLS shutdown on dead session

The session might have died, or failed to initialise properly, so be
prepared for gnutls_bye() to be unable to do its job.

diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index b32725f085be161844e2cd27f017b0a282efb066..d33a76e2351ee5ab6dfa014378176d6beb6d9165 100644 (file)
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -3,6 +3,7 @@
  * Copyright (C) 2005 Martin Koegler
  * Copyright (C) 2010 TigerVNC Team
  * Copyright (C) 2010 m-privacy GmbH
+ * Copyright (C) 2012-2021 Pierre Ossman for Cendio AB
  *    
  * This is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -99,11 +100,14 @@ void CSecurityTLS::setDefaults()
    X509CRL.setDefaultStr(crlDefault.buf);
 }
 
-void CSecurityTLS::shutdown(bool needbye)
+void CSecurityTLS::shutdown()
 {
-  if (session && needbye)
-    if (gnutls_bye(session, GNUTLS_SHUT_RDWR) != GNUTLS_E_SUCCESS)
-      vlog.error("gnutls_bye failed");
+  if (session) {
+    int ret;
+    ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
+    if ((ret != GNUTLS_E_SUCCESS) && (ret != GNUTLS_E_INVALID_SESSION))
+      vlog.error("TLS shutdown failed: %s", gnutls_strerror(ret));
+  }
 
   if (anon_cred) {
     gnutls_anon_free_client_credentials(anon_cred);
@@ -139,7 +143,7 @@ void CSecurityTLS::shutdown(bool needbye)
 
 CSecurityTLS::~CSecurityTLS()
 {
-  shutdown(true);
+  shutdown();
 
   delete[] cafile;
   delete[] crlfile;
@@ -186,7 +190,7 @@ bool CSecurityTLS::processMsg()
     }
 
     vlog.error("TLS Handshake failed: %s\n", gnutls_strerror (err));
-    shutdown(false);
+    shutdown();
     throw AuthFailureException("TLS Handshake failed");
   }
 

diff --git a/common/rfb/CSecurityTLS.h b/common/rfb/CSecurityTLS.h
index 476d0ef87b7c0c396a66b450f29a52e90bb2784d..0dcf2ad38c0f2b7f41dc7b0fdbd587654f0d420d 100644 (file)
--- a/common/rfb/CSecurityTLS.h
+++ b/common/rfb/CSecurityTLS.h
@@ -55,7 +55,7 @@ namespace rfb {
     static UserMsgBox *msg;
 
   protected:
-    void shutdown(bool needbye);
+    void shutdown();
     void freeResources();
     void setParam();
     void checkSession();

diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
index d5ef47e6d54acd82005ee2f94f929c79c651d4ec..72262b9afb8a6957986f1495835f3c6f0aebcb5b 100644 (file)
--- a/common/rfb/SSecurityTLS.cxx
+++ b/common/rfb/SSecurityTLS.cxx
@@ -2,6 +2,7 @@
  * Copyright (C) 2004 Red Hat Inc.
  * Copyright (C) 2005 Martin Koegler
  * Copyright (C) 2010 TigerVNC Team
+ * Copyright (C) 2012-2021 Pierre Ossman for Cendio AB
  *    
  * This is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -64,10 +65,10 @@ SSecurityTLS::SSecurityTLS(SConnection* sc, bool _anon)
 void SSecurityTLS::shutdown()
 {
   if (session) {
-    if (gnutls_bye(session, GNUTLS_SHUT_RDWR) != GNUTLS_E_SUCCESS) {
-      /* FIXME: Treat as non-fatal error */
-      vlog.error("TLS session wasn't terminated gracefully");
-    }
+    int ret;
+    ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
+    if ((ret != GNUTLS_E_SUCCESS) && (ret != GNUTLS_E_INVALID_SESSION))
+      vlog.error("TLS shutdown failed: %s", gnutls_strerror(ret));
   }
 
   if (dh_params) {