Página inicial Explorar Ajuda
Entrar
libreCMC
/
libreCMC
17
18
Fork 12
Arquivos Issues 66 Pull Requests 3 Wiki
Tree: 707ac2686f
Branches Tags
libreCMC
/
package
/
libs
/
ustream-ssl
/
patches
/
0001-ustream-ssl-skip-writing-pending-data.patch

0001-ustream-ssl-skip-writing-pending-data.patch 2.0 KB
Histórico Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 
  1. From c9b6668215a27f2346d5eedd6f29cc720985b448 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Jo-Philipp Wich <jo@mein.io>
    3. 

  3. Date: Wed, 11 Sep 2019 21:09:59 +0200
    4. 

  4. Subject: [PATCH] ustream-ssl: skip writing pending data if .eof is true after
    5. 

  5.  connect
    6. 

  6. 

  7. Check the .eof member of the underlying ustream after the call to
    8. 

  8. __ustream_ssl_connect() since existing users of the library appear
    9. 

  9. to set the eof flag as a way to signal connection termination upon
    10. 

  10. failing certificate verification.
    11. 

  11. 

  12. This is a stop-gap measure to address TALOS-2019-0893 but a proper
    13. 

  13. API redesign is required to give applications proper control over
    14. 

  14. whether certificate failures are to be ignored or not and the default
    15. 

  15. implementation without custom callbacks should always terminate on
    16. 

  16. verification failures.
    17. 

  17. 

  18. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
    19. 

  19. ---
    20. 

  20.  ustream-ssl.c | 20 ++++++++++++++++++++
    21. 

  21.  1 file changed, 20 insertions(+)
    22. 

  22. 

  23. diff --git a/ustream-ssl.c b/ustream-ssl.c
    24. 

  24. index e6b084b..47f66d6 100644
    25. 

  25. --- a/ustream-ssl.c
    26. 

  26. +++ b/ustream-ssl.c
    27. 

  27. @@ -40,6 +40,26 @@ static void ustream_ssl_check_conn(struct ustream_ssl *us)
    28. 

  28.  		return;
    29. 

  29.  
    30. 

  30.  	if (__ustream_ssl_connect(us) == U_SSL_OK) {
    31. 

  31. +
    32. 

  32. +		/* __ustream_ssl_connect() will also return U_SSL_OK when certificate
    33. 

  33. +		 * verification failed!
    34. 

  34. +		 *
    35. 

  35. +		 * Applications may register a custom .notify_verify_error callback in the
    36. 

  36. +		 * struct ustream_ssl which is called upon verification failures, but there
    37. 

  37. +		 * is no straight forward way for the callback to terminate the connection
    38. 

  38. +		 * initiation right away, e.g. through a true or false return value.
    39. 

  39. +		 *
    40. 

  40. +		 * Instead, existing implementations appear to set .eof field of the underlying
    41. 

  41. +		 * ustream in the hope that this inhibits further operations on the stream.
    42. 

  42. +		 *
    43. 

  43. +		 * Declare this informal behaviour "official" and check for the state of the
    44. 

  44. +		 * .eof member after __ustream_ssl_connect() returned, and do not write the
    45. 

  45. +		 * pending data if it is set to true.
    46. 

  46. +		 */
    47. 

  47. +
    48. 

  48. +		if (us->stream.eof)
    49. 

  49. +			return;
    50. 

  50. +
    51. 

  51.  		us->connected = true;
    52. 

  52.  		if (us->notify_connected)
    53. 

  53.  			us->notify_connected(us);
    54. 

  54. -- 
    55. 

  55. 2.20.1
    56. 

  56.