From 1a3cf64fc9018ce3a60523234621afe36a3bbf41 Mon Sep 17 00:00:00 2001
From: "msvensson@shellback.(none)" <>
Date: Fri, 26 Jan 2007 11:30:54 +0100
Subject: Bug#25203 Mysql crashes when mysql_kill() is executed in a connection
 using SSL  - It's too early to free the SSL object in 'vio_ssl_close'. There 
   might still be a thread using or reading from it on platforms    where we
 need to close the active connection/socket in order    to break the read.  -
 Add new function 'vio_ssl_delete' and install it as the viodelete    function
 for SSL connections.

---
 vio/vio.c      | 19 +++++++++----------
 vio/vio_priv.h |  1 +
 vio/viossl.c   | 20 ++++++++++++++++++--
 3 files changed, 28 insertions(+), 12 deletions(-)

(limited to 'vio')

diff --git a/vio/vio.c b/vio/vio.c
index 00b8964e30b..84b3e26fa52 100644
--- a/vio/vio.c
+++ b/vio/vio.c
@@ -86,7 +86,7 @@ static void vio_init(Vio* vio, enum enum_vio_type type,
 #ifdef HAVE_OPENSSL 
   if (type == VIO_TYPE_SSL)
   {
-    vio->viodelete	=vio_delete;
+    vio->viodelete	=vio_ssl_delete;
     vio->vioerrno	=vio_errno;
     vio->read		=vio_ssl_read;
     vio->write		=vio_ssl_write;
@@ -220,17 +220,16 @@ Vio *vio_new_win32shared_memory(NET *net,HANDLE handle_file_map, HANDLE handle_m
 #endif
 #endif
 
+
 void vio_delete(Vio* vio)
 {
-  /* It must be safe to delete null pointers. */
-  /* This matches the semantics of C++'s delete operator. */
-  if (vio)
-  {
-    if (vio->type != VIO_CLOSED)
-      vio->vioclose(vio);
-    my_free((gptr) vio->read_buffer, MYF(MY_ALLOW_ZERO_PTR));
-    my_free((gptr) vio,MYF(0));
-  }
+  if (!vio)
+    return; /* It must be safe to delete null pointers. */
+
+  if (vio->type != VIO_CLOSED)
+    vio->vioclose(vio);
+  my_free((gptr) vio->read_buffer, MYF(MY_ALLOW_ZERO_PTR));
+  my_free((gptr) vio,MYF(0));
 }
 
 
diff --git a/vio/vio_priv.h b/vio/vio_priv.h
index 6820e49273a..4a272e519a3 100644
--- a/vio/vio_priv.h
+++ b/vio/vio_priv.h
@@ -32,6 +32,7 @@ int	vio_ssl_write(Vio *vio,const gptr buf,int size);
 
 /* When the workday is over... */
 int vio_ssl_close(Vio *vio);
+void vio_ssl_delete(Vio *vio);
 
 int vio_ssl_blocking(Vio *vio, my_bool set_blocking_mode, my_bool *old_mode);
 
diff --git a/vio/viossl.c b/vio/viossl.c
index 4267486112f..5e4203a3fb5 100644
--- a/vio/viossl.c
+++ b/vio/viossl.c
@@ -140,13 +140,29 @@ int vio_ssl_close(Vio *vio)
                                SSL_get_error(ssl, r)));
       break;
     }
-    SSL_free(ssl);
-    vio->ssl_arg= 0;
   }
   DBUG_RETURN(vio_close(vio));
 }
 
 
+void vio_ssl_delete(Vio *vio)
+{
+  if (!vio)
+    return; /* It must be safe to delete null pointer */
+
+  if (vio->type == VIO_TYPE_SSL)
+    vio_ssl_close(vio); /* Still open, close connection first */
+
+  if (vio->ssl_arg)
+  {
+    SSL_free((SSL*) vio->ssl_arg);
+    vio->ssl_arg= 0;
+  }
+
+  vio_delete(vio);
+}
+
+
 int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
 {
   SSL *ssl;
-- 
cgit v1.2.1