diff options
author | Florent Le Coz <louiz@louiz.org> | 2015-09-22 03:59:14 +0200 |
---|---|---|
committer | Florent Le Coz <louiz@louiz.org> | 2015-09-22 03:59:14 +0200 |
commit | 2928598e773ca6708efdda1b6c35786cd3fa5587 (patch) | |
tree | 232a74c74045a588bb07f2f7f1012777766f86db /louloulibs/network | |
parent | 7247228e9785fd7c8d796d4aa0eb3b9c6fc8f221 (diff) | |
download | biboumi-2928598e773ca6708efdda1b6c35786cd3fa5587.tar.gz biboumi-2928598e773ca6708efdda1b6c35786cd3fa5587.tar.bz2 biboumi-2928598e773ca6708efdda1b6c35786cd3fa5587.tar.xz biboumi-2928598e773ca6708efdda1b6c35786cd3fa5587.zip |
Catch TLS exceptions, close the connection and inform the user of the error
Diffstat (limited to 'louloulibs/network')
-rw-r--r-- | louloulibs/network/tcp_socket_handler.cpp | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/louloulibs/network/tcp_socket_handler.cpp b/louloulibs/network/tcp_socket_handler.cpp index cca6cd2..9424a1a 100644 --- a/louloulibs/network/tcp_socket_handler.cpp +++ b/louloulibs/network/tcp_socket_handler.cpp @@ -20,6 +20,7 @@ #ifdef BOTAN_FOUND # include <botan/hex.h> +# include <botan/tls_exceptn.h> Botan::AutoSeeded_RNG TCPSocketHandler::rng; Permissive_Credentials_Manager TCPSocketHandler::credential_manager; @@ -364,7 +365,13 @@ void TCPSocketHandler::send_data(std::string&& data) { #ifdef BOTAN_FOUND if (this->use_tls) - this->tls_send(std::move(data)); + try { + this->tls_send(std::move(data)); + } catch (const Botan::TLS::TLS_Exception& e) { + this->on_connection_close("TLS error: "s + e.what()); + this->close(); + return ; + } else #endif this->raw_send(std::move(data)); @@ -426,8 +433,17 @@ void TCPSocketHandler::tls_recv() if (size > 0) { const bool was_active = this->tls->is_active(); - this->tls->received_data(reinterpret_cast<const Botan::byte*>(recv_buf), - static_cast<size_t>(size)); + try { + this->tls->received_data(reinterpret_cast<const Botan::byte*>(recv_buf), + static_cast<size_t>(size)); + } catch (const Botan::TLS::TLS_Exception& e) { + // May happen if the server sends malformed TLS data (buggy server, + // or more probably we are just connected to a server that sends + // plain-text) + this->on_connection_close("TLS error: "s + e.what()); + this->close(); + return ; + } if (!was_active && this->tls->is_active()) this->on_tls_activated(); } @@ -441,7 +457,7 @@ void TCPSocketHandler::tls_send(std::string&& data) if (!this->pre_buf.empty()) { this->tls->send(reinterpret_cast<const Botan::byte*>(this->pre_buf.data()), - this->pre_buf.size()); + this->pre_buf.size()); this->pre_buf = ""; } if (!data.empty()) |