From d9993456439c1704ca819033eac155308db2855c Mon Sep 17 00:00:00 2001 From: Colin Sullivan Date: Thu, 22 Aug 2019 21:17:51 -0600 Subject: [PATCH 1/3] Fix memory leak on timed out connection attempt Signed-off-by: Colin Sullivan --- NATS.Client/Conn.cs | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/NATS.Client/Conn.cs b/NATS.Client/Conn.cs index c3bcd388c..ea4234edb 100644 --- a/NATS.Client/Conn.cs +++ b/NATS.Client/Conn.cs @@ -439,6 +439,7 @@ internal void open(Srv s, int timeoutMillis) task.ContinueWith(t => GC.KeepAlive(t.Exception), TaskContinuationOptions.OnlyOnFaulted); if (!task.Wait(TimeSpan.FromMilliseconds(timeoutMillis))) { + close(client); client = null; throw new NATSConnectionException("timeout"); } @@ -467,7 +468,7 @@ private static bool remoteCertificateValidation( return false; } - internal void closeClient(TcpClient c) + internal static void close(TcpClient c) { if (c != null) { @@ -500,7 +501,7 @@ internal void makeTLS(Options options) } catch (Exception ex) { - closeClient(client); + close(client); throw new NATSConnectionException("TLS Authentication error", ex); } } @@ -540,7 +541,7 @@ internal void teardown() s.Dispose(); if (c != null) - closeClient(c); + close(c); } catch (Exception) { } } @@ -601,7 +602,7 @@ void Dispose(bool disposing) if (stream != null) stream.Dispose(); if (client != null) - closeClient(client); + close(client); disposedValue = true; } From 56b51cee6738e3e2054d0897f11da1b1bc0eb9e2 Mon Sep 17 00:00:00 2001 From: Colin Sullivan Date: Fri, 23 Aug 2019 09:00:37 -0600 Subject: [PATCH 2/3] Dispose the sslstream on tls error Signed-off-by: Colin Sullivan --- NATS.Client/Conn.cs | 1 + NATSUnitTests/UnitTestTLS.cs | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/NATS.Client/Conn.cs b/NATS.Client/Conn.cs index ea4234edb..c08c31db1 100644 --- a/NATS.Client/Conn.cs +++ b/NATS.Client/Conn.cs @@ -501,6 +501,7 @@ internal void makeTLS(Options options) } catch (Exception ex) { + sslStream.Dispose(); close(client); throw new NATSConnectionException("TLS Authentication error", ex); } diff --git a/NATSUnitTests/UnitTestTLS.cs b/NATSUnitTests/UnitTestTLS.cs index d34166bf9..fbc736c5d 100644 --- a/NATSUnitTests/UnitTestTLS.cs +++ b/NATSUnitTests/UnitTestTLS.cs @@ -155,6 +155,33 @@ public void TestTlsFailWithCert() } } + // Test verfier to fail on the server cert. + // + private bool verifyCertAlwaysFail(object sender, + X509Certificate certificate, X509Chain chain, + SslPolicyErrors sslPolicyErrors) + { + return false; + } + + [Fact] + public void TestTlsFailWithInvalidServerCert() + { + using (NATSServer srv = util.CreateServerWithConfig("tls_1222_verify.conf")) + { + Options opts = util.DefaultTestOptions; + opts.Secure = true; + opts.Url = "nats://localhost:1222"; + opts.TLSRemoteCertificationValidationCallback = verifyCertAlwaysFail; + + // this will fail, because it's not complete - missing the private + // key. + opts.AddCertificate(UnitTestUtilities.GetFullCertificatePath("client-cert.pem")); + + Assert.ThrowsAny(() => new ConnectionFactory().CreateConnection(opts)); + } + } + [Fact] public void TestTlsFailWithBadAuth() { From 02f6f65d4232744ea9fe158cb62de187f1acc08f Mon Sep 17 00:00:00 2001 From: Colin Sullivan Date: Fri, 23 Aug 2019 09:11:43 -0600 Subject: [PATCH 3/3] null out ssl stream after dispose Signed-off-by: Colin Sullivan --- NATS.Client/Conn.cs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/NATS.Client/Conn.cs b/NATS.Client/Conn.cs index c08c31db1..f90cc972a 100644 --- a/NATS.Client/Conn.cs +++ b/NATS.Client/Conn.cs @@ -502,6 +502,8 @@ internal void makeTLS(Options options) catch (Exception ex) { sslStream.Dispose(); + sslStream = null; + close(client); throw new NATSConnectionException("TLS Authentication error", ex); }