Improve cancellation forwarding for TLS handshake after connecting

clue · clue · commit 9f493fd2571f · 2018-09-27T10:50:22.000+02:00
diff --git a/src/SecureConnector.php b/src/SecureConnector.php
@@ -40,8 +40,10 @@ public function connect($uri)
         $context = $this->context;
 
         $encryption = $this->streamEncryption;
-        return $this->connector->connect($uri)->then(function (ConnectionInterface $connection) use ($context, $encryption, $uri) {
+        $connected = false;
+        $promise = $this->connector->connect($uri)->then(function (ConnectionInterface $connection) use ($context, $encryption, $uri, &$promise, &$connected) {
             // (unencrypted) TCP/IP connection succeeded
+            $connected = true;
 
             if (!$connection instanceof Connection) {
                 $connection->close();
@@ -54,7 +56,7 @@ public function connect($uri)
             }
 
             // try to enable encryption
-            return $encryption->enable($connection)->then(null, function ($error) use ($connection, $uri) {
+            return $promise = $encryption->enable($connection)->then(null, function ($error) use ($connection, $uri) {
                 // establishing encryption failed => close invalid connection and return error
                 $connection->close();
 
@@ -65,5 +67,19 @@ public function connect($uri)
                 );
             });
         });
+
+        return new \React\Promise\Promise(
+            function ($resolve, $reject) use ($promise) {
+                $promise->then($resolve, $reject);
+            },
+            function ($_, $reject) use (&$promise, $uri, &$connected) {
+                if ($connected) {
+                    $reject(new \RuntimeException('Connection to ' . $uri . ' cancelled during TLS handshake'));
+                }
+
+                $promise->cancel();
+                $promise = null;
+            }
+        );
     }
 }
diff --git a/src/StreamEncryption.php b/src/StreamEncryption.php
@@ -136,15 +136,20 @@ public function toggleCrypto($socket, Deferred $deferred, $toggle, $method)
         if (true === $result) {
             $deferred->resolve();
         } else if (false === $result) {
+            // overwrite callback arguments for PHP7+ only, so they do not show
+            // up in the Exception trace and do not cause a possible cyclic reference.
+            $d = $deferred;
+            $deferred = null;
+
             if (\feof($socket) || $error === null) {
                 // EOF or failed without error => connection closed during handshake
-                $deferred->reject(new UnexpectedValueException(
+                $d->reject(new UnexpectedValueException(
                     'Connection lost during TLS handshake',
                     \defined('SOCKET_ECONNRESET') ? \SOCKET_ECONNRESET : 0
                 ));
             } else {
                 // handshake failed with error message
-                $deferred->reject(new UnexpectedValueException(
+                $d->reject(new UnexpectedValueException(
                     'Unable to complete TLS handshake: ' . $error
                 ));
             }
diff --git a/tests/IntegrationTest.php b/tests/IntegrationTest.php
@@ -280,6 +280,46 @@ function ($e) use (&$wait) {
         $this->assertEquals(0, gc_collect_cycles());
     }
 
+    /**
+     * @requires PHP 7
+     */
+    public function testWaitingForInvalidTlsConnectionShouldNotCreateAnyGarbageReferences()
+    {
+        if (class_exists('React\Promise\When')) {
+            $this->markTestSkipped('Not supported on legacy Promise v1 API');
+        }
+
+        $loop = Factory::create();
+        $connector = new Connector($loop, array(
+            'tls' => array(
+                'verify_peer' => true
+            )
+        ));
+
+        gc_collect_cycles();
+
+        $wait = true;
+        $promise = $connector->connect('tls://self-signed.badssl.com:443')->then(
+            null,
+            function ($e) use (&$wait) {
+                $wait = false;
+                throw $e;
+            }
+        );
+
+        // run loop for short period to ensure we detect DNS error
+        Block\sleep(0.1, $loop);
+        if ($wait) {
+            Block\sleep(0.4, $loop);
+            if ($wait) {
+                $this->fail('Connection attempt did not fail');
+            }
+        }
+        unset($promise);
+
+        $this->assertEquals(0, gc_collect_cycles());
+    }
+
     public function testWaitingForSuccessfullyClosedConnectionShouldNotCreateAnyGarbageReferences()
     {
         if (class_exists('React\Promise\When')) {
@@ -303,10 +343,6 @@ function ($conn) {
 
     public function testConnectingFailsIfTimeoutIsTooSmall()
     {
-        if (!function_exists('stream_socket_enable_crypto')) {
-            $this->markTestSkipped('Not supported on your platform (outdated HHVM?)');
-        }
-
         $loop = Factory::create();
 
         $connector = new Connector($loop, array(
diff --git a/tests/SecureConnectorTest.php b/tests/SecureConnectorTest.php
@@ -3,6 +3,7 @@
 namespace React\Tests\Socket;
 
 use React\Promise;
+use React\Promise\Deferred;
 use React\Socket\SecureConnector;
 
 class SecureConnectorTest extends TestCase
@@ -49,6 +50,15 @@ public function testConnectionToInvalidSchemeWillReject()
         $promise->then(null, $this->expectCallableOnce());
     }
 
+    public function testCancelDuringTcpConnectionCancelsTcpConnection()
+    {
+        $pending = new Promise\Promise(function () { }, $this->expectCallableOnce());
+        $this->tcp->expects($this->once())->method('connect')->with('example.com:80')->willReturn($pending);
+
+        $promise = $this->connector->connect('example.com:80');
+        $promise->cancel();
+    }
+
     /**
      * @expectedException RuntimeException
      * @expectedExceptionMessage Connection cancelled
@@ -121,6 +131,80 @@ public function testConnectionWillBeRejectedIfStreamEncryptionFailsAndClosesConn
         $this->throwRejection($promise);
     }
 
+    /**
+     * @expectedException RuntimeException
+     * @expectedExceptionMessage Connection to example.com:80 cancelled during TLS handshake
+     */
+    public function testCancelDuringStreamEncryptionCancelsEncryptionAndClosesConnection()
+    {
+        $connection = $this->getMockBuilder('React\Socket\Connection')->disableOriginalConstructor()->getMock();
+        $connection->expects($this->once())->method('close');
+
+        $pending = new Promise\Promise(function () { }, function () {
+            throw new \Exception('Ignored');
+        });
+        $encryption = $this->getMockBuilder('React\Socket\StreamEncryption')->disableOriginalConstructor()->getMock();
+        $encryption->expects($this->once())->method('enable')->willReturn($pending);
+
+        $ref = new \ReflectionProperty($this->connector, 'streamEncryption');
+        $ref->setAccessible(true);
+        $ref->setValue($this->connector, $encryption);
+
+        $this->tcp->expects($this->once())->method('connect')->with($this->equalTo('example.com:80'))->willReturn(Promise\resolve($connection));
+
+        $promise = $this->connector->connect('example.com:80');
+        $promise->cancel();
+
+        $this->throwRejection($promise);
+    }
+
+    public function testRejectionDuringConnectionShouldNotCreateAnyGarbageReferences()
+    {
+        if (class_exists('React\Promise\When')) {
+            $this->markTestSkipped('Not supported on legacy Promise v1 API');
+        }
+
+        gc_collect_cycles();
+
+        $tcp = new Deferred();
+        $this->tcp->expects($this->once())->method('connect')->willReturn($tcp->promise());
+
+        $promise = $this->connector->connect('example.com:80');
+        $tcp->reject(new \RuntimeException());
+        unset($promise, $tcp);
+
+        $this->assertEquals(0, gc_collect_cycles());
+    }
+
+    public function testRejectionDuringTlsHandshakeShouldNotCreateAnyGarbageReferences()
+    {
+        if (class_exists('React\Promise\When')) {
+            $this->markTestSkipped('Not supported on legacy Promise v1 API');
+        }
+
+        gc_collect_cycles();
+
+        $connection = $this->getMockBuilder('React\Socket\Connection')->disableOriginalConstructor()->getMock();
+
+        $tcp = new Deferred();
+        $this->tcp->expects($this->once())->method('connect')->willReturn($tcp->promise());
+
+        $tls = new Deferred();
+        $encryption = $this->getMockBuilder('React\Socket\StreamEncryption')->disableOriginalConstructor()->getMock();
+        $encryption->expects($this->once())->method('enable')->willReturn($tls->promise());
+
+        $ref = new \ReflectionProperty($this->connector, 'streamEncryption');
+        $ref->setAccessible(true);
+        $ref->setValue($this->connector, $encryption);
+
+        $promise = $this->connector->connect('example.com:80');
+        $tcp->resolve($connection);
+        $tls->reject(new \RuntimeException());
+        unset($promise, $tcp, $tls);
+
+        $this->assertEquals(0, gc_collect_cycles());
+    }
+
     private function throwRejection($promise)
     {
         $ex = null;
