Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 00:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix UB during early shutdown on OpenSSL state

Browse source
This commit is contained in:
Dominik Charousset 2022-05-12 06:54:52 +02:00
parent 4d8a24642e
commit 6b1e796df7
1 changed files with 21 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

24
src/zeek-setup.cc
View file

@ -823,8 +823,21 @@ SetupResult setup(int argc, char** argv, Options* zopts)
if ( supervisor_mgr ) if ( supervisor_mgr )
supervisor_mgr->InitPostScript(); supervisor_mgr->InitPostScript();
// After spinning up Broker, we have background threads running now. If
// we exit early, we need to shut down at least Broker to get a clean
// program exit. Otherwise, we may run into undefined behavior, e.g., if
// Broker is still accessing OpenSSL but OpenSSL has already cleaned up
// its state due to calling exit().
auto early_shutdown = []
{
broker_mgr->Terminate();
delete iosource_mgr;
delete telemetry_mgr;
};
if ( options.print_plugins ) if ( options.print_plugins )
{ {
early_shutdown();
bool success = show_plugins(options.print_plugins); bool success = show_plugins(options.print_plugins);
exit(success ? 0 : 1); exit(success ? 0 : 1);
} }
@ -843,7 +856,7 @@ SetupResult setup(int argc, char** argv, Options* zopts)
if ( reporter->Errors() > 0 ) if ( reporter->Errors() > 0 )
{ {
delete dns_mgr; early_shutdown();
exit(1); exit(1);
} }
@ -880,7 +893,7 @@ SetupResult setup(int argc, char** argv, Options* zopts)
rule_matcher = new RuleMatcher(options.signature_re_level); rule_matcher = new RuleMatcher(options.signature_re_level);
if ( ! rule_matcher->ReadFiles(all_signature_files) ) if ( ! rule_matcher->ReadFiles(all_signature_files) )
{ {
delete dns_mgr; early_shutdown();
exit(1); exit(1);
} }
@ -913,6 +926,7 @@ SetupResult setup(int argc, char** argv, Options* zopts)
if ( analysis_options.usage_issues > 0 ) if ( analysis_options.usage_issues > 0 )
analyze_scripts(); analyze_scripts();
early_shutdown();
exit(reporter->Errors() != 0); exit(reporter->Errors() != 0);
} }
@ -921,8 +935,11 @@ SetupResult setup(int argc, char** argv, Options* zopts)
analyze_scripts(); analyze_scripts();
if ( analysis_options.report_recursive ) if ( analysis_options.report_recursive )
{
// This option is report-and-exit. // This option is report-and-exit.
early_shutdown();
exit(0); exit(0);
}
if ( dns_type != DNS_PRIME ) if ( dns_type != DNS_PRIME )
run_state::detail::init_run(options.interface, options.pcap_file, run_state::detail::init_run(options.interface, options.pcap_file,
@ -951,7 +968,7 @@ SetupResult setup(int argc, char** argv, Options* zopts)
reporter->FatalError("can't update DNS cache"); reporter->FatalError("can't update DNS cache");
event_mgr.Drain(); event_mgr.Drain();
delete dns_mgr; early_shutdown();
exit(0); exit(0);
} }
@ -968,6 +985,7 @@ SetupResult setup(int argc, char** argv, Options* zopts)
id->DescribeExtended(&desc); id->DescribeExtended(&desc);
fprintf(stdout, "%s\n", desc.Description()); fprintf(stdout, "%s\n", desc.Description());
early_shutdown();
exit(0); exit(0);
} }