These are reference counted so it is important to retain symmetry between the calls. Failure to do so will result in bad memory access and crashes.

пре 7 година · 8aa4bc5320
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -67,21 +67,14 @@ StringParameter CSecurityTLS::X509CRL("X509CRL", "X509 CRL file", "", ConfViewer

 static LogWriter vlog("TLS");

 void CSecurityTLS::initGlobal()
 {
  static bool globalInitDone = false;

  if (!globalInitDone) {
    gnutls_global_init();
    globalInitDone = true;
  }
 }

 CSecurityTLS::CSecurityTLS(bool _anon) : session(0), anon_cred(0),
 						 anon(_anon), fis(0), fos(0)
 {
  cafile = X509CA.getData();
  crlfile = X509CRL.getData();

  if (gnutls_global_init() != GNUTLS_E_SUCCESS)
    throw AuthFailureException("gnutls_global_init failed");
 }

 void CSecurityTLS::setDefaults()
@@ -125,8 +118,6 @@ void CSecurityTLS::shutdown(bool needbye)
  if (session) {
    gnutls_deinit(session);
    session = 0;

    gnutls_global_deinit();
  }
 }

@@ -142,6 +133,8 @@ CSecurityTLS::~CSecurityTLS()

  delete[] cafile;
  delete[] crlfile;

  gnutls_global_deinit();
 }

 bool CSecurityTLS::processMsg(CConnection* cc)
@@ -150,8 +143,6 @@ bool CSecurityTLS::processMsg(CConnection* cc)
  rdr::OutStream* os = cc->getOutStream();
  client = cc;

  initGlobal();

  if (!session) {
    if (!is->checkNoWait(1))
      return false;
--- a/common/rfb/CSecurityTLS.h
+++ b/common/rfb/CSecurityTLS.h
@@ -62,8 +62,6 @@ namespace rfb {
    CConnection *client;

  private:
    static void initGlobal();

    gnutls_session_t session;
    gnutls_anon_client_credentials_t anon_cred;
    gnutls_certificate_credentials_t cert_cred;
--- a/common/rfb/SSecurityTLS.cxx
+++ b/common/rfb/SSecurityTLS.cxx
@@ -48,23 +48,15 @@ StringParameter SSecurityTLS::X509_KeyFile

 static LogWriter vlog("TLS");

 void SSecurityTLS::initGlobal()
 {
  static bool globalInitDone = false;

  if (!globalInitDone) {
    if (gnutls_global_init() != GNUTLS_E_SUCCESS)
      throw AuthFailureException("gnutls_global_init failed");
    globalInitDone = true;
  }
 }

 SSecurityTLS::SSecurityTLS(bool _anon) : session(0), dh_params(0),
 						 anon_cred(0), cert_cred(0),
 						 anon(_anon), fis(0), fos(0)
 {
  certfile = X509_CertFile.getData();
  keyfile = X509_KeyFile.getData();

  if (gnutls_global_init() != GNUTLS_E_SUCCESS)
    throw AuthFailureException("gnutls_global_init failed");
 }

 void SSecurityTLS::shutdown()
@@ -94,8 +86,6 @@ void SSecurityTLS::shutdown()
  if (session) {
    gnutls_deinit(session);
    session = 0;

    gnutls_global_deinit();
  }
 }

@@ -111,6 +101,8 @@ SSecurityTLS::~SSecurityTLS()

  delete[] keyfile;
  delete[] certfile;

  gnutls_global_deinit();
 }

 bool SSecurityTLS::processMsg(SConnection *sc)
@@ -121,8 +113,6 @@ bool SSecurityTLS::processMsg(SConnection *sc)
  vlog.debug("Process security message (session %p)", session);

  if (!session) {
    initGlobal();

    if (gnutls_init(&session, GNUTLS_SERVER) != GNUTLS_E_SUCCESS)
      throw AuthFailureException("gnutls_init failed");

--- a/common/rfb/SSecurityTLS.h
+++ b/common/rfb/SSecurityTLS.h
@@ -54,8 +54,6 @@ namespace rfb {
    void setParams(gnutls_session_t session);

  private:
    static void initGlobal();

    gnutls_session_t session;
    gnutls_dh_params_t dh_params;
    gnutls_anon_server_credentials_t anon_cred;