mute unexpected eof & protect against fd leaks (#2369)

2026-04-01 21:13:09 +00:00 · 2023-07-20 11:40:30 -06:00
parent 564186a1f9
commit 234f0d75e8
3 changed files with 98 additions and 11 deletions
--- a/backend/src/net/vhost.rs
+++ b/backend/src/net/vhost.rs
@@ -3,6 +3,7 @@ use std::convert::Infallible;
 use std::net::{IpAddr, Ipv6Addr, SocketAddr};
 use std::str::FromStr;
 use std::sync::{Arc, Weak};
+use std::time::Duration;

 use color_eyre::eyre::eyre;
 use helpers::NonDetachingJoinHandle;
@@ -19,7 +20,7 @@ use tokio_rustls::{LazyConfigAcceptor, TlsConnector};
 use crate::net::keys::Key;
 use crate::net::ssl::SslManager;
 use crate::net::utils::SingleAccept;
-use crate::util::io::BackTrackingReader;
+use crate::util::io::{BackTrackingReader, TimeoutStream};
 use crate::Error;

 // not allowed: <=1024, >=32768, 5355, 5432, 9050, 6010, 9051, 5353
@@ -104,6 +105,8 @@ impl VHostServer {
                loop {
                    match listener.accept().await {
                        Ok((stream, _)) => {
+                            let stream =
+                                Box::pin(TimeoutStream::new(stream, Duration::from_secs(300)));
                            let mut stream = BackTrackingReader::new(stream);
                            stream.start_buffering();
                            let mapping = mapping.clone();
@@ -271,7 +274,7 @@ impl VHostServer {
                                                    &mut tls_stream,
                                                    &mut target_stream,
                                                )
-                                                .await?;
+                                                .await
                                            }
                                            Err(AlpnInfo::Reflect) => {
                                                for proto in
@@ -286,7 +289,7 @@ impl VHostServer {
                                                    &mut tls_stream,
                                                    &mut tcp_stream,
                                                )
-                                                .await?;
+                                                .await
                                            }
                                            Err(AlpnInfo::Specified(alpn)) => {
                                                cfg.alpn_protocols = alpn;
@@ -297,9 +300,16 @@ impl VHostServer {
                                                    &mut tls_stream,
                                                    &mut tcp_stream,
                                                )
-                                                .await?;
+                                                .await
                                            }
                                        }
+                                        .map_or_else(
+                                            |e| match e.kind() {
+                                                std::io::ErrorKind::UnexpectedEof => Ok(()),
+                                                _ => Err(e),
+                                            },
+                                            |_| Ok(()),
+                                        )?;
                                    } else {
                                        // 503
                                    }