From 7ca6c1ff782afbb83b9f17d6552566c823247e29 Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Mon, 27 Feb 2012 22:15:39 +0000 Subject: Fix of rbtree lookup on hash collisions. Previous code incorrectly assumed that nodes with identical keys are linked together. This might not be true after tree rebalance. Patch by Lanshun Zhou. --- src/event/ngx_event_openssl.c | 72 +++++++++++++++++++------------------------ 1 file changed, 31 insertions(+), 41 deletions(-) (limited to 'src/event') diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index f393334ad..93d38a11f 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -1801,44 +1801,39 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_t *ssl_conn, u_char *id, int len, /* hash == node->key */ - do { - sess_id = (ngx_ssl_sess_id_t *) node; + sess_id = (ngx_ssl_sess_id_t *) node; - rc = ngx_memn2cmp(id, sess_id->id, - (size_t) len, (size_t) node->data); - if (rc == 0) { + rc = ngx_memn2cmp(id, sess_id->id, (size_t) len, (size_t) node->data); - if (sess_id->expire > ngx_time()) { - ngx_memcpy(buf, sess_id->session, sess_id->len); + if (rc == 0) { - ngx_shmtx_unlock(&shpool->mutex); + if (sess_id->expire > ngx_time()) { + ngx_memcpy(buf, sess_id->session, sess_id->len); - p = buf; - sess = d2i_SSL_SESSION(NULL, &p, sess_id->len); + ngx_shmtx_unlock(&shpool->mutex); - return sess; - } + p = buf; + sess = d2i_SSL_SESSION(NULL, &p, sess_id->len); + + return sess; + } - ngx_queue_remove(&sess_id->queue); + ngx_queue_remove(&sess_id->queue); - ngx_rbtree_delete(&cache->session_rbtree, node); + ngx_rbtree_delete(&cache->session_rbtree, node); - ngx_slab_free_locked(shpool, sess_id->session); + ngx_slab_free_locked(shpool, sess_id->session); #if (NGX_PTR_SIZE == 4) - ngx_slab_free_locked(shpool, sess_id->id); + ngx_slab_free_locked(shpool, sess_id->id); #endif - ngx_slab_free_locked(shpool, sess_id); - - sess = NULL; - - goto done; - } + ngx_slab_free_locked(shpool, sess_id); - node = (rc < 0) ? node->left : node->right; + sess = NULL; - } while (node != sentinel && hash == node->key); + goto done; + } - break; + node = (rc < 0) ? node->left : node->right; } done: @@ -1908,31 +1903,26 @@ ngx_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess) /* hash == node->key */ - do { - sess_id = (ngx_ssl_sess_id_t *) node; + sess_id = (ngx_ssl_sess_id_t *) node; - rc = ngx_memn2cmp(id, sess_id->id, len, (size_t) node->data); + rc = ngx_memn2cmp(id, sess_id->id, len, (size_t) node->data); - if (rc == 0) { + if (rc == 0) { - ngx_queue_remove(&sess_id->queue); + ngx_queue_remove(&sess_id->queue); - ngx_rbtree_delete(&cache->session_rbtree, node); + ngx_rbtree_delete(&cache->session_rbtree, node); - ngx_slab_free_locked(shpool, sess_id->session); + ngx_slab_free_locked(shpool, sess_id->session); #if (NGX_PTR_SIZE == 4) - ngx_slab_free_locked(shpool, sess_id->id); + ngx_slab_free_locked(shpool, sess_id->id); #endif - ngx_slab_free_locked(shpool, sess_id); - - goto done; - } - - node = (rc < 0) ? node->left : node->right; + ngx_slab_free_locked(shpool, sess_id); - } while (node != sentinel && hash == node->key); + goto done; + } - break; + node = (rc < 0) ? node->left : node->right; } done: -- cgit