Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 16:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix UB during early shutdown on OpenSSL state

Browse source
This commit is contained in:
Dominik Charousset 2022-05-12 06:54:52 +02:00
parent 4d8a24642e
commit 6b1e796df7
1 changed files with 21 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

24
src/zeek-setup.cc
View file

@ -823,8 +823,21 @@ SetupResult setup(int argc, char** argv, Options* zopts)
if ( supervisor_mgr )
supervisor_mgr->InitPostScript();
// After spinning up Broker, we have background threads running now. If
// we exit early, we need to shut down at least Broker to get a clean
// program exit. Otherwise, we may run into undefined behavior, e.g., if
// Broker is still accessing OpenSSL but OpenSSL has already cleaned up
// its state due to calling exit().
auto early_shutdown = []
{
broker_mgr->Terminate();
delete iosource_mgr;
delete telemetry_mgr;
};
if ( options.print_plugins )
{
early_shutdown();
bool success = show_plugins(options.print_plugins);
exit(success ? 0 : 1);
}
@ -843,7 +856,7 @@ SetupResult setup(int argc, char** argv, Options* zopts)
if ( reporter->Errors() > 0 )
{
delete dns_mgr;
early_shutdown();
exit(1);
}
@ -880,7 +893,7 @@ SetupResult setup(int argc, char** argv, Options* zopts)
rule_matcher = new RuleMatcher(options.signature_re_level);
if ( ! rule_matcher->ReadFiles(all_signature_files) )
{
delete dns_mgr;
early_shutdown();
exit(1);
}
@ -913,6 +926,7 @@ SetupResult setup(int argc, char** argv, Options* zopts)
if ( analysis_options.usage_issues > 0 )
analyze_scripts();
early_shutdown();
exit(reporter->Errors() != 0);
}
@ -921,8 +935,11 @@ SetupResult setup(int argc, char** argv, Options* zopts)
analyze_scripts();
if ( analysis_options.report_recursive )
{
// This option is report-and-exit.
early_shutdown();
exit(0);
}
if ( dns_type != DNS_PRIME )
run_state::detail::init_run(options.interface, options.pcap_file,
@ -951,7 +968,7 @@ SetupResult setup(int argc, char** argv, Options* zopts)
reporter->FatalError("can't update DNS cache");
event_mgr.Drain();
delete dns_mgr;
early_shutdown();
exit(0);
}
@ -968,6 +985,7 @@ SetupResult setup(int argc, char** argv, Options* zopts)
id->DescribeExtended(&desc);
fprintf(stdout, "%s\n", desc.Description());
early_shutdown();
exit(0);
}