From: Roger A. Light <roger@atchoo.org>
Date: Fri, 12 Sep 2014 20:34:30 +0000 (+0100)
Subject: [443964] Fix possible race condition when connecting with TLS.
X-Git-Tag: v1.1~8
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=4643ecaf54f293ac2913b66d35b5e082d7a2a344;p=packages%2Fp%2Fpaho-mqtt.git

[443964] Fix possible race condition when connecting with TLS.

Fix possible race condition when connecting with TLS and publishing at
the same time, which could lead to PUBLISH data being sent before any
other messages and unencrypted. Closes #443964. Thanks to Hiram van
Paassen.

Bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=443964
Change-Id: I3945ed7d470b69fc939343fc21beffcd7315c502
---

diff --git a/ChangeLog.txt b/ChangeLog.txt
index 5bec8cc..75d04c0 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -8,6 +8,10 @@ v1.0.2
 - Handle "unicode" type payloads on Python 2.7. Thanks to Luc Milland.
 - Fix reconnecting after sending more QoS>0 messages than inflight messages is
   set to, whilst connecting.  Closes #443935. Thanks to Hiram van Paassen.
+- Fix possible race condition when connecting with TLS and publishing at the
+  same time, which could lead to PUBLISH data being sent before any other
+  messages and unencrypted. Closes #443964. Thanks to Hiram van Paassen.
+
 
 v1.0.1
 ======
diff --git a/src/paho/mqtt/client.py b/src/paho/mqtt/client.py
index 6b6afed..3a95509 100755
--- a/src/paho/mqtt/client.py
+++ b/src/paho/mqtt/client.py
@@ -724,16 +724,16 @@ class Client(object):
 
         try:
             if (sys.version_info[0] == 2 and sys.version_info[1] < 7) or (sys.version_info[0] == 3 and sys.version_info[1] < 2):
-                self._sock = socket.create_connection((self._host, self._port))
+                sock = socket.create_connection((self._host, self._port))
             else:
-                self._sock = socket.create_connection((self._host, self._port), source_address=(self._bind_address, 0))
+                sock = socket.create_connection((self._host, self._port), source_address=(self._bind_address, 0))
         except socket.error as err:
             if err.errno != errno.EINPROGRESS and err.errno != errno.EWOULDBLOCK and err.errno != EAGAIN:
                 raise
 
         if self._tls_ca_certs is not None:
             self._ssl = ssl.wrap_socket(
-                self._sock,
+                sock,
                 certfile=self._tls_certfile,
                 keyfile=self._tls_keyfile,
                 ca_certs=self._tls_ca_certs,
@@ -747,6 +747,7 @@ class Client(object):
                 else:
                     ssl.match_hostname(self._ssl.getpeercert(), self._host)
 
+        self._sock = sock
         self._sock.setblocking(0)
 
         return self._send_connect(self._keepalive, self._clean_session)