From 4e7a66eded0778f9ded5232760c348cf55578058 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tam=C3=A1s=20Kosztyu?= <tamas.kosztyu@axoflow.com>
Date: Sat, 14 Dec 2024 13:51:30 +0100
Subject: [PATCH] afsocket: update the TLS verifier during reload to fix a
 crash
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It is possible to keep TLS connections alive during reload.
In that case the LogWriter instance is persisted in cfg persist.
This LogWriter's signal slot connector wasn't updated based on the
new configuration, which could cause a crash.
The signal slot connector is updated, so the newly configured
verifier is used, instead of the old one.

Signed-off-by: Tamás Kosztyu <tamas.kosztyu@axoflow.com>
---
 modules/afsocket/afinet-dest.c | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/modules/afsocket/afinet-dest.c b/modules/afsocket/afinet-dest.c
index 62016830e2..e2acf2f532 100644
--- a/modules/afsocket/afinet-dest.c
+++ b/modules/afsocket/afinet-dest.c
@@ -28,6 +28,8 @@
 #include "gprocess.h"
 #include "compat/openssl_support.h"
 #include "afsocket-signals.h"
+#include "transport/transport-tls.h"
+#include "transport/transport-stack.h"
 
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -228,6 +230,12 @@ afinet_dd_setup_tls_verifier(AFInetDestDriver *self)
   transport_mapper_inet_set_tls_verifier(transport_mapper_inet, verifier);
 }
 
+static AFInetDestDriverTLSVerifyData *
+_get_tls_verify_data (TLSVerifier *verifier)
+{
+  return (AFInetDestDriverTLSVerifyData *)verifier->verify_data;
+}
+
 void
 afinet_dd_enable_failover(LogDriver *s)
 {
@@ -697,6 +705,31 @@ afinet_dd_free(LogPipe *s)
   afsocket_dd_free(s);
 }
 
+static void
+afinet_dd_update_tls_verifier(AFSocketDestDriver *s, ReloadStoreItem *rsi)
+{
+  AFInetDestDriver *self = (AFInetDestDriver *) s;
+
+  LogWriter *writer = rsi->writer;
+
+  if (!writer)
+    return;
+
+  LogProtoClient *proto = log_writer_get_proto(writer);
+
+  if (!proto)
+    return;
+
+  LogTransport *transport = log_transport_stack_get_transport(&proto->transport_stack, LOG_TRANSPORT_TLS);
+
+  if (transport)
+    {
+      TLSSession *session = log_tansport_tls_get_session(transport);
+      AFInetDestDriverTLSVerifyData *verify_data = _get_tls_verify_data (session->verifier);
+      verify_data->signal_connector = self->super.super.super.super.signal_slot_connector;
+    }
+}
+
 static AFInetDestDriver *
 afinet_dd_new_instance(TransportMapper *transport_mapper, gchar *hostname, GlobalConfig *cfg)
 {
@@ -710,6 +743,7 @@ afinet_dd_new_instance(TransportMapper *transport_mapper, gchar *hostname, Globa
   self->super.construct_writer = afinet_dd_construct_writer;
   self->super.setup_addresses = afinet_dd_setup_addresses;
   self->super.get_dest_name = afinet_dd_get_dest_name;
+  self->super.on_connection_restore = afinet_dd_update_tls_verifier;
 
   self->primary = g_strdup(hostname);