[freenet-dev] [freenet-cvs] r15120 - trunk/freenet/src/freenet/node/fcp

Matthew Toseland Thu, 13 Sep 2007 18:11:47 +0100

On Tuesday 11 September 2007 01:57, Florent Daigni?re wrote:
> * Matthew Toseland <toad at amphibian.dyndns.org> [2007-09-10 22:50:43]:
> 
> > I don't see how this changes anything: ConnectionInputHandler already 
checks 
> > for whether the connection has been closed:
> > 
> >                     if(handler.isClosed()) return;
> > 
> > I've committed a better fix.
> 
> Sure, I chose to close the socket directly... whereas you close the
> input stream in r15121 ... the old code wasn't doing neither anyway and
> that was the "bug".


Closing the socket directly is messy IMHO.
> 
> > 
> > On Monday 10 September 2007 20:54, you wrote:
> > > Author: nextgens
> > > Date: 2007-09-10 19:54:34 +0000 (Mon, 10 Sep 2007)
> > > New Revision: 15120
> > > 
> > > Modified:
> > >    trunk/freenet/src/freenet/node/fcp/FCPConnectionHandler.java
> > >    trunk/freenet/src/freenet/node/fcp/FCPConnectionInputHandler.java
> > > Log:
> > > Fix a potential security issue with FCP -thanks to makomk for the heads 
up-
> > > Will detail the vulnerability when this fix hits stable.
> > > 
> > > Modified: trunk/freenet/src/freenet/node/fcp/FCPConnectionHandler.java
> > > ===================================================================
> > > --- trunk/freenet/src/freenet/node/fcp/FCPConnectionHandler.java  
2007-09-10 
> > 19:24:45 UTC (rev 15119)
> > > +++ trunk/freenet/src/freenet/node/fcp/FCPConnectionHandler.java  
2007-09-10 
> > 19:54:34 UTC (rev 15120)
> > > @@ -97,6 +97,7 @@
> > >                   requests = new 
> > > ClientRequest[requestsByIdentifier.size()];
> > >                   requests = (ClientRequest[]) 
> > requestsByIdentifier.values().toArray(requests);
> > >           }
> > > +         try { sock.close(); } catch (IOException e) {}
> > >           for(int i=0;i<requests.length;i++)
> > >                   requests[i].onLostConnection();
> > >           if((client != null) && !client.hasPersistentRequests())
> > > 
> > > Modified: 
trunk/freenet/src/freenet/node/fcp/FCPConnectionInputHandler.java
> > > ===================================================================
> > > --- trunk/freenet/src/freenet/node/fcp/FCPConnectionInputHandler.java     
> > 2007-09-10 19:24:45 UTC (rev 15119)
> > > +++ trunk/freenet/src/freenet/node/fcp/FCPConnectionInputHandler.java     
> > 2007-09-10 19:54:34 UTC (rev 15120)
> > > @@ -67,11 +67,12 @@
> > >                           is.close();
> > >                           return;
> > >                   }
> > > -                 if(messageType.equals("")) continue;
> > > +                 if(messageType.equals(""))
> > > +                         continue;
> > >                   fs = new SimpleFieldSet(lis, 4096, 128, true, true, 
> > > true, true);
> > >                   
> > >                   // check for valid endmarker
> > > -                 if (fs.getEndMarker() != null && 
(!fs.getEndMarker().startsWith("End")) 
> > && (!"Data".equals(fs.getEndMarker()))) {
> > > +                 if (!firstMessage && fs.getEndMarker() != null && 
> > (!fs.getEndMarker().startsWith("End")) && 
> > (!"Data".equals(fs.getEndMarker()))) {
> > >                           FCPMessage err = new 
> > ProtocolErrorMessage(ProtocolErrorMessage.MESSAGE_PARSE_ERROR, 
> > false, "Invalid end marker: "+fs.getEndMarker(), fs.get("Identifer"), 
> > fs.getBoolean("Global", false));
> > >                           handler.outputHandler.queue(err);
> > >                           continue;
> > > @@ -84,8 +85,15 @@
> > >                           msg = FCPMessage.create(messageType, fs, 
> > > handler.bf, 
> > handler.server.core.persistentTempBucketFactory);
> > >                           if(msg == null) continue;
> > >                   } catch (MessageInvalidException e) {
> > > -                         FCPMessage err = new 
> > > ProtocolErrorMessage(e.protocolCode, false, 
> > e.getMessage(), e.ident, e.global);
> > > -                         handler.outputHandler.queue(err);
> > > +                         if(firstMessage) {
> > > +                                 FCPMessage err = new 
> > 
ProtocolErrorMessage(ProtocolErrorMessage.CLIENT_HELLO_MUST_BE_FIRST_MESSAGE, 
> > true, null, null, false);
> > > +                                 handler.outputHandler.queue(err);
> > > +                                 handler.close();
> > > +                                 continue;
> > > +                         } else {
> > > +                                 FCPMessage err = new 
> > > ProtocolErrorMessage(e.protocolCode, false, 
> > e.getMessage(), e.ident, e.global);
> > > +                                 handler.outputHandler.queue(err);
> > > +                         }
> > >                           continue;
> > >                   }
> > >                   if(firstMessage && !(msg instanceof 
> > > ClientHelloMessage)) {
> > > 
> > > _______________________________________________
> > > cvs mailing list
> > > cvs at freenetproject.org
> > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs
> > > 
> > > 
> 
> 
> 
> > _______________________________________________
> > Devl mailing list
> > Devl at freenetproject.org
> > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: 
<https://emu.freenetproject.org/pipermail/devl/attachments/20070913/68a862b6/attachment.pgp>

[freenet-dev] [freenet-cvs] r15120 - trunk/freenet/src/freenet/node/fcp

Reply via email to