Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/usr.sbin/syslogd With TLSv1.3 a client has to receive and pr...



details:   https://anonhg.NetBSD.org/src/rev/2ee2c5d975a3
branches:  trunk
changeset: 1004327:2ee2c5d975a3
user:      hannken <hannken%NetBSD.org@localhost>
date:      Thu Oct 24 08:21:18 2019 +0000

description:
With TLSv1.3 a client has to receive and process metadata.

Update dispatch_tls_eof() to check for metadata and
rearm on success.

Ok: christos@

diffstat:

 usr.sbin/syslogd/tls.c |  21 ++++++++++++++++++---
 1 files changed, 18 insertions(+), 3 deletions(-)

diffs (54 lines):

diff -r a0b8859f72a9 -r 2ee2c5d975a3 usr.sbin/syslogd/tls.c
--- a/usr.sbin/syslogd/tls.c    Thu Oct 24 03:37:58 2019 +0000
+++ b/usr.sbin/syslogd/tls.c    Thu Oct 24 08:21:18 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: tls.c,v 1.16 2018/02/08 17:45:29 christos Exp $        */
+/*     $NetBSD: tls.c,v 1.17 2019/10/24 08:21:18 hannken Exp $ */
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -45,7 +45,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: tls.c,v 1.16 2018/02/08 17:45:29 christos Exp $");
+__RCSID("$NetBSD: tls.c,v 1.17 2019/10/24 08:21:18 hannken Exp $");
 
 #ifndef DISABLE_TLS
 #include <sys/stat.h>
@@ -1450,7 +1450,7 @@
  *
  * I do not know if libevent can tell us the difference
  * between available data and an EOF. But it does not matter
- * because there should not be any incoming data.
+ * because there should not be any incoming data beside metadata.
  * So we close the connection either because the peer closed its
  * side or because the peer broke the protocol by sending us stuff  ;-)
  */
@@ -1460,11 +1460,26 @@
        struct tls_conn_settings *conn_info = (struct tls_conn_settings *) arg;
        sigset_t newmask, omask;
        struct timeval tv;
+       int rc;
+       char buf[1];
 
        BLOCK_SIGNALS(omask, newmask);
        DPRINTF((D_TLS|D_EVENT|D_CALL), "dispatch_eof_tls(%d, %d, %p)\n",
            fd, event, arg);
        assert(conn_info->state == ST_TLS_EST);
+
+       /* First check for incoming metadata. */
+       ST_CHANGE(conn_info->state, ST_READING);
+       rc = SSL_read(conn_info->sslptr, buf, sizeof(buf));
+       ST_CHANGE(conn_info->state, ST_TLS_EST);
+       if (rc <= 0 && tls_examine_error("SSL_read()", conn_info->sslptr,
+           conn_info, rc) == TLS_RETRY_READ) {
+               /* Connection is still alive, rearm and return. */
+               EVENT_ADD(conn_info->event);
+               RESTORE_SIGNALS(omask);
+               return;
+       }
+
        ST_CHANGE(conn_info->state, ST_EOF);
        DEL_EVENT(conn_info->event);
 



Home | Main Index | Thread Index | Old Index