From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <e@80x24.org>
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN:  
X-Spam-Status: No, score=-4.2 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,
	T_SCC_BODY_TEXT_LINE shortcircuit=no autolearn=ham autolearn_force=no
	version=3.4.6
Received: from localhost (dcvr.yhbt.net [127.0.0.1])
	by dcvr.yhbt.net (Postfix) with ESMTP id D5C701F406;
	Thu,  2 Nov 2023 21:35:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=80x24.org;
	s=selector1; t=1698960950;
	bh=pQthVdsIaa1Z3RbVXRspGVnEBqZkfd4tfqLnJQYDqLA=;
	h=Date:From:To:Subject:References:In-Reply-To:From;
	b=nHh+0E5xphCKClbf4ZtnT1tPSoCQrjOXumr2LDMIkqEICxRbZ6LW4DEsERstIugrW
	 46W3Jyi/IXtsWt82nt0NGutF/5dnHPGdkrHYMlhjk6J6Gj0YQNHAX+MwWWgMxK11l7
	 6OIxCU+YaLavKnia7XztKo/TLct83HZ7Ttqkxk6Y=
Date: Thu, 2 Nov 2023 21:35:50 +0000
From: Eric Wong <e@80x24.org>
To: meta@public-inbox.org
Subject: [PATCH 15/14] ds: don't try ->close after ->accept_SSL failure
Message-ID: <20231102213550.M92818@dcvr>
References: <20231102093539.2067470-1-e@80x24.org>
 <20231102093539.2067470-4-e@80x24.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20231102093539.2067470-4-e@80x24.org>
List-Id: <meta.public-inbox.org>

Eric Wong <e@80x24.org> wrote:
> --- a/lib/PublicInbox/DS.pm
> +++ b/lib/PublicInbox/DS.pm
> @@ -341,8 +341,8 @@ sub greet {
>  	my $ev = EPOLLIN;
>  	my $wbuf;
>  	if ($sock->can('accept_SSL') && !$sock->accept_SSL) {
> -		return CORE::close($sock) if $! != EAGAIN;
> -		$ev = PublicInbox::TLS::epollbit() or return CORE::close($sock);
> +		return $sock->close if $! != EAGAIN;
> +		$ev = PublicInbox::TLS::epollbit() or return $sock->close;
>  		$wbuf = [ \&accept_tls_step, $self->can('do_greet')];
>  	}
>  	new($self, $sock, $ev | EPOLLONESHOT);

Noticed this on deploy:

-----8<-----
Subject: [PATCH] ds: don't try ->close after ->accept_SSL failure

->accept_SSL failures leaves the socket ref as a GLOB (not
IO::Handle) and unable to respond to the ->close method.
Calling close in any form isn't actually necessary at all,
so just let refcounting destroy the socket.
---
 lib/PublicInbox/DS.pm | 3 +--
 t/nntpd-tls.t         | 5 +++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/PublicInbox/DS.pm b/lib/PublicInbox/DS.pm
index 33f80087..da26efc4 100644
--- a/lib/PublicInbox/DS.pm
+++ b/lib/PublicInbox/DS.pm
@@ -341,8 +341,7 @@ sub greet {
 	my $ev = EPOLLIN;
 	my $wbuf;
 	if ($sock->can('accept_SSL') && !$sock->accept_SSL) {
-		return $sock->close if $! != EAGAIN;
-		$ev = PublicInbox::TLS::epollbit() or return $sock->close;
+		return if $! != EAGAIN || !($ev = PublicInbox::TLS::epollbit());
 		$wbuf = [ \&accept_tls_step, $self->can('do_greet')];
 	}
 	new($self, $sock, $ev | EPOLLONESHOT);
diff --git a/t/nntpd-tls.t b/t/nntpd-tls.t
index cf3c95c9..a11a0dd9 100644
--- a/t/nntpd-tls.t
+++ b/t/nntpd-tls.t
@@ -185,6 +185,10 @@ for my $args (
 		is($x, undef, 'no BSD accept filter for plain NNTP');
 	};
 
+	my $s = tcp_connect($nntps);
+	syswrite($s, '->accept_SSL_ will fail on this!');
+	ok(!sysread($s, my $rbuf, 128), 'EOF or ECONNRESET on ->accept_SSL fail');
+
 	$c = undef;
 	$td->kill;
 	$td->join;
@@ -195,6 +199,7 @@ for my $args (
 		<$fh>;
 	};
 	unlike($eout, qr/wide/i, 'no Wide character warnings');
+	unlike($eout, qr/^E:/, 'no other errors');
 }
 done_testing();