GUACAMOLE-1910: Merge addition of proper locking around TLS socket.

apache · Feb 16, 2024 · 06a9aa9 · 06a9aa9
2 parents 06d55b0 + 85bfebb
commit 06a9aa9
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 0 deletions.
diff --git a/src/libguac/guacamole/socket-ssl.h b/src/libguac/guacamole/socket-ssl.h
@@ -31,6 +31,7 @@
 #include "socket-types.h"
 
 #include <openssl/ssl.h>
+#include <pthread.h>
 
 /**
  * SSL socket-specific data.
@@ -54,6 +55,12 @@ typedef struct guac_socket_ssl_data {
      */
     SSL* ssl;
 
+    /**
+     * Lock that is acquired when an instruction is being written, and released
+     * when the instruction is finished being written.
+     */
+    pthread_mutex_t socket_lock;
+
 } guac_socket_ssl_data;
 
 /**

diff --git a/src/libguac/socket-ssl.c b/src/libguac/socket-ssl.c
@@ -25,6 +25,7 @@
 #include "guacamole/socket.h"
 #include "wait-fd.h"
 
+#include <pthread.h>
 #include <stdlib.h>
 
 #include <openssl/ssl.h>
@@ -97,10 +98,42 @@ static int __guac_socket_ssl_free_handler(guac_socket* socket) {
     /* Close file descriptor */
     close(data->fd);
 
+    pthread_mutex_destroy(&(data->socket_lock));
+
     guac_mem_free(data);
     return 0;
 }
 
+/**
+ * Acquires exclusive access to the given socket.
+ *
+ * @param socket
+ *      The guac_socket to which exclusive access is requested.
+ */
+static void __guac_socket_ssl_lock_handler(guac_socket* socket) {
+
+    guac_socket_ssl_data* data = (guac_socket_ssl_data*) socket->data;
+
+    /* Acquire exclusive access to the socket */
+    pthread_mutex_lock(&(data->socket_lock));
+
+}
+
+/**
+ * Releases exclusive access to the given socket.
+ *
+ * @param socket
+ *      The guac_socket to which exclusive access is released.
+ */
+static void __guac_socket_ssl_unlock_handler(guac_socket* socket) {
+
+    guac_socket_ssl_data* data = (guac_socket_ssl_data*) socket->data;
+
+    /* Relinquish exclusive access to the socket */
+    pthread_mutex_unlock(&(data->socket_lock));
+
+}
+
 guac_socket* guac_socket_open_secure(SSL_CTX* context, int fd) {
 
     /* Create new SSL structure */
@@ -129,6 +162,11 @@ guac_socket* guac_socket_open_secure(SSL_CTX* context, int fd) {
         return NULL;
     }
 
+    pthread_mutexattr_t lock_attributes;
+    pthread_mutexattr_init(&lock_attributes);
+    pthread_mutexattr_setpshared(&lock_attributes, PTHREAD_PROCESS_SHARED);
+    pthread_mutex_init(&(data->socket_lock), &lock_attributes);
+
     /* Store file descriptor as socket data */
     data->fd = fd;
     socket->data = data;
@@ -138,6 +176,8 @@ guac_socket* guac_socket_open_secure(SSL_CTX* context, int fd) {
     socket->write_handler  = __guac_socket_ssl_write_handler;
     socket->select_handler = __guac_socket_ssl_select_handler;
     socket->free_handler   = __guac_socket_ssl_free_handler;
+    socket->lock_handler   = __guac_socket_ssl_lock_handler;
+    socket->unlock_handler = __guac_socket_ssl_unlock_handler;
 
     return socket;