Date: Sun, 12 Jul 2020 04:29:40 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r363119 - projects/nfs-over-tls/usr.sbin/rpctlssd Message-ID: <202007120429.06C4TeoN026164@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rmacklem Date: Sun Jul 12 04:29:39 2020 New Revision: 363119 URL: https://svnweb.freebsd.org/changeset/base/363119 Log: Add code that does a shutdown() on all sockets during termination. I am not sure if this is required, since the sockets will be closed during exit(), but it seems safe to do to ensure that sockets no longer work in the kernel RPC. Modified: projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Modified: projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c ============================================================================== --- projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Sun Jul 12 04:26:19 2020 (r363118) +++ projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Sun Jul 12 04:29:39 2020 (r363119) @@ -518,9 +518,17 @@ rpctlssd_1_freeresult(SVCXPRT *transp, xdrproc_t xdr_r static void rpctlssd_terminate(int sig __unused) { + struct ssl_entry *slp; rpctls_syscall(RPCTLS_SYSC_SRVSHUTDOWN, ""); pidfile_remove(rpctls_pfh); + + /* + * Shut down all TCP connections, so that any compromised TLS + * connection is no longer usable. + */ + LIST_FOREACH(slp, &rpctls_ssllist, next) + shutdown(slp->s, SHUT_RD); exit(0); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202007120429.06C4TeoN026164>