Page MenuHomeFreeBSD

clnt_rc.c: Fix the case where a TLS handshake fails
ClosedPublic

Authored by rmacklem on Jun 28 2025, 8:45 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Oct 15, 8:06 AM
Unknown Object (File)
Fri, Oct 10, 4:58 PM
Unknown Object (File)
Fri, Oct 10, 4:58 PM
Unknown Object (File)
Fri, Oct 10, 4:58 PM
Unknown Object (File)
Fri, Oct 10, 11:35 AM
Unknown Object (File)
Thu, Sep 18, 8:16 PM
Unknown Object (File)
Thu, Sep 18, 10:08 AM
Unknown Object (File)
Aug 10 2025, 4:35 PM
Subscribers

Details

Summary

When a TLS handshake fails during a NFS-over-TLS
mount attempt, the socket was left around because
it needed to be dereferenced. The dereference was
not happening in clnt_vc_destroy() because ct_closeit
was not set to TRUE.

This patch moves the code that sets ct_closeit to TRUE
up to before the rpctls_connect() call, so that ct_closeit
is set to TRUE if it fails and clnt_vc_destroy() will then
dereference the socket.

Test Plan

Tested by doing NS-over-TLS mount attempts when
rpc.tlsservd was not running on the server and then
observing the status of the socket via "netstat -a"
after the mount fails.

Without this patch, the socket is left around in
CLOSED state.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable