1 From c9b6668215a27f2346d5eedd6f29cc720985b448 Mon Sep 17 00:00:00 2001
2 From: Jo-Philipp Wich <jo@mein.io>
3 Date: Wed, 11 Sep 2019 21:09:59 +0200
4 Subject: [PATCH] ustream-ssl: skip writing pending data if .eof is true after
7 Check the .eof member of the underlying ustream after the call to
8 __ustream_ssl_connect() since existing users of the library appear
9 to set the eof flag as a way to signal connection termination upon
10 failing certificate verification.
12 This is a stop-gap measure to address TALOS-2019-0893 but a proper
13 API redesign is required to give applications proper control over
14 whether certificate failures are to be ignored or not and the default
15 implementation without custom callbacks should always terminate on
16 verification failures.
18 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
20 ustream-ssl.c | 20 ++++++++++++++++++++
21 1 file changed, 20 insertions(+)
23 diff --git a/ustream-ssl.c b/ustream-ssl.c
24 index e6b084b..47f66d6 100644
27 @@ -40,6 +40,26 @@ static void ustream_ssl_check_conn(struct ustream_ssl *us)
30 if (__ustream_ssl_connect(us) == U_SSL_OK) {
32 + /* __ustream_ssl_connect() will also return U_SSL_OK when certificate
33 + * verification failed!
35 + * Applications may register a custom .notify_verify_error callback in the
36 + * struct ustream_ssl which is called upon verification failures, but there
37 + * is no straight forward way for the callback to terminate the connection
38 + * initiation right away, e.g. through a true or false return value.
40 + * Instead, existing implementations appear to set .eof field of the underlying
41 + * ustream in the hope that this inhibits further operations on the stream.
43 + * Declare this informal behaviour "official" and check for the state of the
44 + * .eof member after __ustream_ssl_connect() returned, and do not write the
45 + * pending data if it is set to true.
52 if (us->notify_connected)
53 us->notify_connected(us);
projects / librecmc / librecmc.git / blob