Proper global init/deinit of GnuTLS

These are reference counted so it is important to retain symmetry between the calls. Failure to do so will result in bad memory access and crashes. (cherry picked from commit 8aa4bc5)
TigerVNC · Aug 23, 2016 · f8af13d · f8af13d
1 parent df2eca6
commit f8af13d
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 33 deletions.
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
@@ -67,21 +67,14 @@ StringParameter CSecurityTLS::X509CRL("X509CRL", "X509 CRL file", "", ConfViewer
 
 static LogWriter vlog("TLS");
 
-void CSecurityTLS::initGlobal()
-{
-  static bool globalInitDone = false;
-
-  if (!globalInitDone) {
-    gnutls_global_init();
-    globalInitDone = true;
-  }
-}
-
 CSecurityTLS::CSecurityTLS(bool _anon) : session(0), anon_cred(0),
 						 anon(_anon), fis(0), fos(0)
 {
   cafile = X509CA.getData();
   crlfile = X509CRL.getData();
+
+  if (gnutls_global_init() != GNUTLS_E_SUCCESS)
+    throw AuthFailureException("gnutls_global_init failed");
 }
 
 void CSecurityTLS::setDefaults()
@@ -125,8 +118,6 @@ void CSecurityTLS::shutdown(bool needbye)
   if (session) {
     gnutls_deinit(session);
     session = 0;
-
-    gnutls_global_deinit();
   }
 }
 
@@ -142,6 +133,8 @@ CSecurityTLS::~CSecurityTLS()
 
   delete[] cafile;
   delete[] crlfile;
+
+  gnutls_global_deinit();
 }
 
 bool CSecurityTLS::processMsg(CConnection* cc)
@@ -150,8 +143,6 @@ bool CSecurityTLS::processMsg(CConnection* cc)
   rdr::OutStream* os = cc->getOutStream();
   client = cc;
 
-  initGlobal();
-
   if (!session) {
     if (!is->checkNoWait(1))
       return false;

diff --git a/common/rfb/CSecurityTLS.h b/common/rfb/CSecurityTLS.h
@@ -62,8 +62,6 @@ namespace rfb {
     CConnection *client;
 
   private:
-    static void initGlobal();
-
     gnutls_session_t session;
     gnutls_anon_client_credentials_t anon_cred;
     gnutls_certificate_credentials_t cert_cred;

diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
@@ -48,23 +48,15 @@ StringParameter SSecurityTLS::X509_KeyFile
 
 static LogWriter vlog("TLS");
 
-void SSecurityTLS::initGlobal()
-{
-  static bool globalInitDone = false;
-
-  if (!globalInitDone) {
-    if (gnutls_global_init() != GNUTLS_E_SUCCESS)
-      throw AuthFailureException("gnutls_global_init failed");
-    globalInitDone = true;
-  }
-}
-
 SSecurityTLS::SSecurityTLS(bool _anon) : session(0), dh_params(0),
 						 anon_cred(0), cert_cred(0),
 						 anon(_anon), fis(0), fos(0)
 {
   certfile = X509_CertFile.getData();
   keyfile = X509_KeyFile.getData();
+
+  if (gnutls_global_init() != GNUTLS_E_SUCCESS)
+    throw AuthFailureException("gnutls_global_init failed");
 }
 
 void SSecurityTLS::shutdown()
@@ -94,8 +86,6 @@ void SSecurityTLS::shutdown()
   if (session) {
     gnutls_deinit(session);
     session = 0;
-
-    gnutls_global_deinit();
   }
 }
 
@@ -111,6 +101,8 @@ SSecurityTLS::~SSecurityTLS()
 
   delete[] keyfile;
   delete[] certfile;
+
+  gnutls_global_deinit();
 }
 
 bool SSecurityTLS::processMsg(SConnection *sc)
@@ -121,8 +113,6 @@ bool SSecurityTLS::processMsg(SConnection *sc)
   vlog.debug("Process security message (session %p)", session);
 
   if (!session) {
-    initGlobal();
-
     if (gnutls_init(&session, GNUTLS_SERVER) != GNUTLS_E_SUCCESS)
       throw AuthFailureException("gnutls_init failed");
 

diff --git a/common/rfb/SSecurityTLS.h b/common/rfb/SSecurityTLS.h
@@ -54,8 +54,6 @@ namespace rfb {
     void setParams(gnutls_session_t session);
 
   private:
-    static void initGlobal();
-
     gnutls_session_t session;
     gnutls_dh_params_t dh_params;
     gnutls_anon_server_credentials_t anon_cred;