FS-10150: [freeswitch-core] Reduce writes to closed ssl sockets #resolve
This commit is contained in:
Anthony Minessale
parent
4a56cc6401
commit
cd5182c27c
|
|
@ -236,6 +236,7 @@ static int ws_client_handshake(kws_t *kws)
|
|||
bytes = kws_raw_read(kws, kws->buffer + kws->datalen, kws->buflen - kws->datalen, WS_BLOCK);
|
||||
} while (bytes > 0 && !strstr((char *)kws->buffer, "\r\n\r\n"));
|
||||
|
||||
if (bytes > 0) {
|
||||
char accept[128] = "";
|
||||
|
||||
cheezy_get_var(kws->buffer, "Sec-WebSocket-Accept", accept, sizeof(accept));
|
||||
|
|
@ -243,6 +244,9 @@ static int ws_client_handshake(kws_t *kws)
|
|||
if (zstr_buf(accept) || !verify_accept(kws, enonce, (char *)accept)) {
|
||||
return -1;
|
||||
}
|
||||
} else {
|
||||
return -1;
|
||||
}
|
||||
|
||||
kws->handshake = 1;
|
||||
|
||||
|
|
@ -273,7 +277,7 @@ static int ws_server_handshake(kws_t *kws)
|
|||
}
|
||||
}
|
||||
|
||||
if (bytes > kws->buflen -1) {
|
||||
if (bytes < 0 || bytes > kws->buflen -1) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
|
@ -332,11 +336,13 @@ static int ws_server_handshake(kws_t *kws)
|
|||
|
||||
if (!kws->stay_open) {
|
||||
|
||||
if (bytes > 0) {
|
||||
snprintf(respond, sizeof(respond), "HTTP/1.1 400 Bad Request\r\n"
|
||||
"Sec-WebSocket-Version: 13\r\n\r\n");
|
||||
respond[511] = 0;
|
||||
|
||||
kws_raw_write(kws, respond, strlen(respond));
|
||||
}
|
||||
|
||||
kws_close(kws, WS_NONE);
|
||||
}
|
||||
|
|
@ -880,20 +886,22 @@ KS_DECLARE(ks_ssize_t) kws_read_frame(kws_t *kws, kws_opcode_t *oc, uint8_t **da
|
|||
}
|
||||
|
||||
if (!kws->handshake) {
|
||||
return kws_close(kws, WS_PROTO_ERR);
|
||||
return kws_close(kws, WS_NONE);
|
||||
}
|
||||
|
||||
if ((kws->datalen = kws_raw_read(kws, kws->buffer, 9, kws->block)) < 0) {
|
||||
if (kws->datalen == -2) {
|
||||
return -2;
|
||||
}
|
||||
return kws_close(kws, WS_PROTO_ERR);
|
||||
return kws_close(kws, WS_NONE);
|
||||
}
|
||||
|
||||
if (kws->datalen < need) {
|
||||
if ((kws->datalen += kws_raw_read(kws, kws->buffer + kws->datalen, 9 - kws->datalen, WS_BLOCK)) < need) {
|
||||
ssize_t bytes = kws_raw_read(kws, kws->buffer + kws->datalen, 9 - kws->datalen, WS_BLOCK);
|
||||
|
||||
if (bytes < 0 || (kws->datalen += bytes) < need) {
|
||||
/* too small - protocol err */
|
||||
return kws_close(kws, WS_PROTO_ERR);
|
||||
return kws_close(kws, WS_NONE);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -929,7 +937,7 @@ KS_DECLARE(ks_ssize_t) kws_read_frame(kws_t *kws, kws_opcode_t *oc, uint8_t **da
|
|||
if (need > kws->datalen) {
|
||||
/* too small - protocol err */
|
||||
*oc = WSOC_CLOSE;
|
||||
return kws_close(kws, WS_PROTO_ERR);
|
||||
return kws_close(kws, WS_NONE);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -949,9 +957,9 @@ KS_DECLARE(ks_ssize_t) kws_read_frame(kws_t *kws, kws_opcode_t *oc, uint8_t **da
|
|||
|
||||
more = kws_raw_read(kws, kws->buffer + kws->datalen, need - kws->datalen, WS_BLOCK);
|
||||
|
||||
if (more < need - kws->datalen) {
|
||||
if (more < 0 || more < need - kws->datalen) {
|
||||
*oc = WSOC_CLOSE;
|
||||
return kws_close(kws, WS_PROTO_ERR);
|
||||
return kws_close(kws, WS_NONE);
|
||||
} else {
|
||||
kws->datalen += more;
|
||||
}
|
||||
|
|
@ -970,7 +978,7 @@ KS_DECLARE(ks_ssize_t) kws_read_frame(kws_t *kws, kws_opcode_t *oc, uint8_t **da
|
|||
if (need > kws->datalen) {
|
||||
/* too small - protocol err */
|
||||
*oc = WSOC_CLOSE;
|
||||
return kws_close(kws, WS_PROTO_ERR);
|
||||
return kws_close(kws, WS_NONE);
|
||||
}
|
||||
|
||||
u16 = (uint16_t *) kws->payload;
|
||||
|
|
@ -988,7 +996,7 @@ KS_DECLARE(ks_ssize_t) kws_read_frame(kws_t *kws, kws_opcode_t *oc, uint8_t **da
|
|||
if (need < 0) {
|
||||
/* invalid read - protocol err .. */
|
||||
*oc = WSOC_CLOSE;
|
||||
return kws_close(kws, WS_PROTO_ERR);
|
||||
return kws_close(kws, WS_NONE);
|
||||
}
|
||||
|
||||
blen = kws->body - kws->bbuffer;
|
||||
|
|
@ -1019,7 +1027,7 @@ KS_DECLARE(ks_ssize_t) kws_read_frame(kws_t *kws, kws_opcode_t *oc, uint8_t **da
|
|||
if (r < 1) {
|
||||
/* invalid read - protocol err .. */
|
||||
*oc = WSOC_CLOSE;
|
||||
return kws_close(kws, WS_PROTO_ERR);
|
||||
return kws_close(kws, WS_NONE);
|
||||
}
|
||||
|
||||
kws->datalen += r;
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
Tue Feb 14 14:26:14 CST 2017
|
||||
Fri Mar 17 13:47:30 CDT 2017
|
||||
|
|
|
|||
|
|
@ -110,13 +110,13 @@ void init_ssl(void) {
|
|||
assert(ws_globals.ssl_ctx);
|
||||
|
||||
/* Disable SSLv2 */
|
||||
SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_SSLv2);
|
||||
SSL_CTX_set_options(ws_globals.ssl_ctx, SSL_OP_NO_SSLv2);
|
||||
/* Disable SSLv3 */
|
||||
SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_SSLv3);
|
||||
SSL_CTX_set_options(ws_globals.ssl_ctx, SSL_OP_NO_SSLv3);
|
||||
/* Disable TLSv1 */
|
||||
SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_TLSv1);
|
||||
SSL_CTX_set_options(ws_globals.ssl_ctx, SSL_OP_NO_TLSv1);
|
||||
/* Disable Compression CRIME (Compression Ratio Info-leak Made Easy) */
|
||||
SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_COMPRESSION);
|
||||
SSL_CTX_set_options(ws_globals.ssl_ctx, SSL_OP_NO_COMPRESSION);
|
||||
/* set the local certificate from CertFile */
|
||||
SSL_CTX_use_certificate_file(ws_globals.ssl_ctx, ws_globals.cert, SSL_FILETYPE_PEM);
|
||||
/* set the private key from KeyFile */
|
||||
|
|
@ -272,7 +272,7 @@ int ws_handshake(wsh_t *wsh)
|
|||
}
|
||||
}
|
||||
|
||||
if (bytes > wsh->buflen -1) {
|
||||
if (bytes < 0 || bytes > wsh->buflen -1) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
|
@ -331,11 +331,13 @@ int ws_handshake(wsh_t *wsh)
|
|||
|
||||
if (!wsh->stay_open) {
|
||||
|
||||
if (bytes > 0) {
|
||||
snprintf(respond, sizeof(respond), "HTTP/1.1 400 Bad Request\r\n"
|
||||
"Sec-WebSocket-Version: 13\r\n\r\n");
|
||||
respond[511] = 0;
|
||||
|
||||
ws_raw_write(wsh, respond, strlen(respond));
|
||||
}
|
||||
|
||||
ws_close(wsh, WS_NONE);
|
||||
}
|
||||
|
|
@ -769,20 +771,22 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data)
|
|||
}
|
||||
|
||||
if (!wsh->handshake) {
|
||||
return ws_close(wsh, WS_PROTO_ERR);
|
||||
return ws_close(wsh, WS_NONE);
|
||||
}
|
||||
|
||||
if ((wsh->datalen = ws_raw_read(wsh, wsh->buffer, 9, wsh->block)) < 0) {
|
||||
if (wsh->datalen == -2) {
|
||||
return -2;
|
||||
}
|
||||
return ws_close(wsh, WS_PROTO_ERR);
|
||||
return ws_close(wsh, WS_NONE);
|
||||
}
|
||||
|
||||
if (wsh->datalen < need) {
|
||||
if ((wsh->datalen += ws_raw_read(wsh, wsh->buffer + wsh->datalen, 9 - wsh->datalen, WS_BLOCK)) < need) {
|
||||
ssize_t bytes = ws_raw_read(wsh, wsh->buffer + wsh->datalen, 9 - wsh->datalen, WS_BLOCK);
|
||||
|
||||
if (bytes < 0 || (wsh->datalen += bytes) < need) {
|
||||
/* too small - protocol err */
|
||||
return ws_close(wsh, WS_PROTO_ERR);
|
||||
return ws_close(wsh, WS_NONE);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -818,7 +822,7 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data)
|
|||
if (need > wsh->datalen) {
|
||||
/* too small - protocol err */
|
||||
*oc = WSOC_CLOSE;
|
||||
return ws_close(wsh, WS_PROTO_ERR);
|
||||
return ws_close(wsh, WS_NONE);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -838,9 +842,9 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data)
|
|||
|
||||
more = ws_raw_read(wsh, wsh->buffer + wsh->datalen, need - wsh->datalen, WS_BLOCK);
|
||||
|
||||
if (more < need - wsh->datalen) {
|
||||
if (more < 0 || more < need - wsh->datalen) {
|
||||
*oc = WSOC_CLOSE;
|
||||
return ws_close(wsh, WS_PROTO_ERR);
|
||||
return ws_close(wsh, WS_NONE);
|
||||
} else {
|
||||
wsh->datalen += more;
|
||||
}
|
||||
|
|
@ -859,7 +863,7 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data)
|
|||
if (need > wsh->datalen) {
|
||||
/* too small - protocol err */
|
||||
*oc = WSOC_CLOSE;
|
||||
return ws_close(wsh, WS_PROTO_ERR);
|
||||
return ws_close(wsh, WS_NONE);
|
||||
}
|
||||
|
||||
u16 = (uint16_t *) wsh->payload;
|
||||
|
|
@ -877,7 +881,7 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data)
|
|||
if (need < 0) {
|
||||
/* invalid read - protocol err .. */
|
||||
*oc = WSOC_CLOSE;
|
||||
return ws_close(wsh, WS_PROTO_ERR);
|
||||
return ws_close(wsh, WS_NONE);
|
||||
}
|
||||
|
||||
blen = wsh->body - wsh->bbuffer;
|
||||
|
|
@ -908,7 +912,7 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data)
|
|||
if (r < 1) {
|
||||
/* invalid read - protocol err .. */
|
||||
*oc = WSOC_CLOSE;
|
||||
return ws_close(wsh, WS_PROTO_ERR);
|
||||
return ws_close(wsh, WS_NONE);
|
||||
}
|
||||
|
||||
wsh->datalen += r;
|
||||
|
|
|
|||
|
|
@ -272,7 +272,7 @@ int ws_handshake(wsh_t *wsh)
|
|||
}
|
||||
}
|
||||
|
||||
if (bytes > wsh->buflen -1) {
|
||||
if (bytes < 0 || bytes > wsh->buflen -1) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
|
@ -331,11 +331,13 @@ int ws_handshake(wsh_t *wsh)
|
|||
|
||||
if (!wsh->stay_open) {
|
||||
|
||||
if (bytes > 0) {
|
||||
snprintf(respond, sizeof(respond), "HTTP/1.1 400 Bad Request\r\n"
|
||||
"Sec-WebSocket-Version: 13\r\n\r\n");
|
||||
respond[511] = 0;
|
||||
|
||||
ws_raw_write(wsh, respond, strlen(respond));
|
||||
}
|
||||
|
||||
ws_close(wsh, WS_NONE);
|
||||
}
|
||||
|
|
@ -769,20 +771,22 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data)
|
|||
}
|
||||
|
||||
if (!wsh->handshake) {
|
||||
return ws_close(wsh, WS_PROTO_ERR);
|
||||
return ws_close(wsh, WS_NONE);
|
||||
}
|
||||
|
||||
if ((wsh->datalen = ws_raw_read(wsh, wsh->buffer, 9, wsh->block)) < 0) {
|
||||
if (wsh->datalen == -2) {
|
||||
return -2;
|
||||
}
|
||||
return ws_close(wsh, WS_PROTO_ERR);
|
||||
return ws_close(wsh, WS_NONE);
|
||||
}
|
||||
|
||||
if (wsh->datalen < need) {
|
||||
if ((wsh->datalen += ws_raw_read(wsh, wsh->buffer + wsh->datalen, 9 - wsh->datalen, WS_BLOCK)) < need) {
|
||||
ssize_t bytes = ws_raw_read(wsh, wsh->buffer + wsh->datalen, 9 - wsh->datalen, WS_BLOCK);
|
||||
|
||||
if (bytes < 0 || (wsh->datalen += bytes) < need) {
|
||||
/* too small - protocol err */
|
||||
return ws_close(wsh, WS_PROTO_ERR);
|
||||
return ws_close(wsh, WS_NONE);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -818,7 +822,7 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data)
|
|||
if (need > wsh->datalen) {
|
||||
/* too small - protocol err */
|
||||
*oc = WSOC_CLOSE;
|
||||
return ws_close(wsh, WS_PROTO_ERR);
|
||||
return ws_close(wsh, WS_NONE);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -838,9 +842,9 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data)
|
|||
|
||||
more = ws_raw_read(wsh, wsh->buffer + wsh->datalen, need - wsh->datalen, WS_BLOCK);
|
||||
|
||||
if (more < need - wsh->datalen) {
|
||||
if (more < 0 || more < need - wsh->datalen) {
|
||||
*oc = WSOC_CLOSE;
|
||||
return ws_close(wsh, WS_PROTO_ERR);
|
||||
return ws_close(wsh, WS_NONE);
|
||||
} else {
|
||||
wsh->datalen += more;
|
||||
}
|
||||
|
|
@ -859,7 +863,7 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data)
|
|||
if (need > wsh->datalen) {
|
||||
/* too small - protocol err */
|
||||
*oc = WSOC_CLOSE;
|
||||
return ws_close(wsh, WS_PROTO_ERR);
|
||||
return ws_close(wsh, WS_NONE);
|
||||
}
|
||||
|
||||
u16 = (uint16_t *) wsh->payload;
|
||||
|
|
@ -877,7 +881,7 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data)
|
|||
if (need < 0) {
|
||||
/* invalid read - protocol err .. */
|
||||
*oc = WSOC_CLOSE;
|
||||
return ws_close(wsh, WS_PROTO_ERR);
|
||||
return ws_close(wsh, WS_NONE);
|
||||
}
|
||||
|
||||
blen = wsh->body - wsh->bbuffer;
|
||||
|
|
@ -908,7 +912,7 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data)
|
|||
if (r < 1) {
|
||||
/* invalid read - protocol err .. */
|
||||
*oc = WSOC_CLOSE;
|
||||
return ws_close(wsh, WS_PROTO_ERR);
|
||||
return ws_close(wsh, WS_NONE);
|
||||
}
|
||||
|
||||
wsh->datalen += r;
|
||||
|
|
|
|||
Loading…
Reference in New Issue