net/Socket.cpp | 12 ++++++++++++
net/Socket.hpp | 7 +++++--
wsd/LOOLWSD.cpp | 14 ++++++++++++++
3 files changed, 31 insertions(+), 2 deletions(-)
New commits:
commit d00aa78c9b7841e8ce68b92c04916be41ac6aadc
Author: Michael Meeks <michael.me...@collabora.com>
AuthorDate: Wed Nov 7 17:36:45 2018 +0000
Commit: Michael Meeks <michael.me...@collabora.com>
CommitDate: Wed Nov 7 17:37:25 2018 +0000
Don't name parameter after a local method.
Change-Id: I06929d23009b851cf3fb20da5bfe66d9795dcdd9
diff --git a/net/Socket.hpp b/net/Socket.hpp
index db4f58760..531f5358a 100644
--- a/net/Socket.hpp
+++ b/net/Socket.hpp
@@ -126,9 +126,9 @@ public:
/// Create socket of the given type.
static int createSocket(Type type);
- void setClientAddress(const std::string& clientAddress)
+ void setClientAddress(const std::string& address)
{
- _clientAddress = clientAddress;
+ _clientAddress = address;
}
const std::string& clientAddress() const
commit 738abc1de7e5905d3b323f1ddb3938754024c844
Author: Michael Meeks <michael.me...@collabora.com>
AuthorDate: Wed Nov 7 17:35:46 2018 +0000
Commit: Michael Meeks <michael.me...@collabora.com>
CommitDate: Wed Nov 7 17:36:18 2018 +0000
Respond to SSL/TLS over http - when we don't expect it.
Change-Id: I48c7607cd4e1416fb4ac28c552c2cd96b51d60a6
diff --git a/net/Socket.cpp b/net/Socket.cpp
index 208efc3c9..44f5d18a4 100644
--- a/net/Socket.cpp
+++ b/net/Socket.cpp
@@ -607,6 +607,18 @@ namespace HttpHelper
}
}
+bool StreamSocket::sniffSSL() const
+{
+ // Only sniffing the first bytes of a sockte.
+ if (_bytesSent > 0 || _bytesRecvd != _inBuffer.size() || _bytesRecvd < 6)
+ return false;
+
+ // 0x0000 16 03 01 02 00 01 00 01
+ return (_inBuffer[0] == 0x16 && // HANDSHAKE
+ _inBuffer[1] == 0x03 && // SSL 3.0 / TLS 1.x
+ _inBuffer[5] == 0x01); // Handshake: CLIENT_HELLO
+}
+
#endif // !MOBILEAPP
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/net/Socket.hpp b/net/Socket.hpp
index e62b01039..db4f58760 100644
--- a/net/Socket.hpp
+++ b/net/Socket.hpp
@@ -1073,6 +1073,9 @@ public:
while (!_outBuffer.empty());
}
+ /// Does it look like we have some TLS / SSL where we don't expect it ?
+ bool sniffSSL() const;
+
protected:
/// Override to handle reading of socket data differently.
virtual int readData(char* buf, int len)
diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp
index 2c31e88c6..85040f13e 100644
--- a/wsd/LOOLWSD.cpp
+++ b/wsd/LOOLWSD.cpp
@@ -2005,6 +2005,20 @@ private:
std::shared_ptr<StreamSocket> socket = _socket.lock();
#ifndef MOBILEAPP
+ if (socket->sniffSSL())
+ {
+ LOG_ERR("Looks like SSL/TLS traffic on plain http port");
+ std::ostringstream oss;
+ oss << "HTTP/1.1 400\r\n"
+ << "Date: " <<
Poco::DateTimeFormatter::format(Poco::Timestamp(),
Poco::DateTimeFormat::HTTP_FORMAT) << "\r\n"
+ << "User-Agent: " << WOPI_AGENT_STRING << "\r\n"
+ << "Content-Length: 0\r\n"
+ << "\r\n";
+ socket->send(oss.str());
+ socket->shutdown();
+ return;
+ }
+
Poco::MemoryInputStream message(&socket->getInBuffer()[0],
socket->getInBuffer().size());;
Poco::Net::HTTPRequest request;
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
