mirror of
https://repo.or.cz/socat.git
synced 2024-12-22 23:42:34 +00:00
Catch the case of empty SNI host to prevent OpenSSL error
This commit is contained in:
parent
43eb003245
commit
797d0f9695
4 changed files with 40 additions and 181 deletions
3
CHANGES
3
CHANGES
|
@ -25,6 +25,9 @@ Corrections:
|
||||||
but remembers the failure and allows further processing.
|
but remembers the failure and allows further processing.
|
||||||
Thanks to Luke Jones for reporting this issue.
|
Thanks to Luke Jones for reporting this issue.
|
||||||
|
|
||||||
|
Now catching the case of empty SNI host to prevent OpenSSL error.
|
||||||
|
This is related to Red Hat issue 2081414.
|
||||||
|
|
||||||
Coding:
|
Coding:
|
||||||
Introduced groups_t instead of uint32_t, for more flexibility
|
Introduced groups_t instead of uint32_t, for more flexibility
|
||||||
|
|
||||||
|
|
172
gatherinfo.sh
172
gatherinfo.sh
|
@ -1,172 +0,0 @@
|
||||||
#! /bin/sh
|
|
||||||
# source: gatherinfo.sh
|
|
||||||
# Copyright Gerhard Rieger and contributors (see file CHANGES)
|
|
||||||
# Published under the GNU General Public License V.2, see file COPYING
|
|
||||||
|
|
||||||
#set -vx
|
|
||||||
|
|
||||||
# use this script after successful porting
|
|
||||||
# provide the platform name as argument with no dots, e.g. HPUX-11-0
|
|
||||||
# it generates the files:
|
|
||||||
# Config/Makefile.PLATFORM
|
|
||||||
# Config/config.PLATFORM.h
|
|
||||||
# Config/socat.PLATFORM.out
|
|
||||||
#
|
|
||||||
# Config/config.PLATFORM.log
|
|
||||||
# Config/compile.PLATFORM.log
|
|
||||||
# Config/test.PLATFORM.log
|
|
||||||
|
|
||||||
VERBOSE=
|
|
||||||
LOGGING=
|
|
||||||
INTERACTIVE=
|
|
||||||
CONFOPTS=
|
|
||||||
PLATFORM=
|
|
||||||
OUTPUT='>/dev/null'
|
|
||||||
|
|
||||||
# how to echo special characters?
|
|
||||||
if [ `echo "x\c"` = "x" ]; then E=""
|
|
||||||
elif [ `echo -e "x\c"` = "x" ]; then E="-e"
|
|
||||||
fi
|
|
||||||
|
|
||||||
while [ -n "$1" ]; do
|
|
||||||
case "$1" in
|
|
||||||
-v) VERBOSE=1; shift;; # tell about progress
|
|
||||||
-d) LOGGING=1; shift;; # show complete output
|
|
||||||
-i) INTERACTIVE=1; shift;; # diff and ask before overriding old files
|
|
||||||
-*) CONFOPTS="$CONFOPTS $1"; shift;;
|
|
||||||
*) PLATFORM="$1"; break;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
#if [ -z "$PLATFORM" ]; then
|
|
||||||
# echo "please specify a configuration name, e.g. `uname -s`-`uname -r|tr '.' '-'`!" >&2; exit 1;
|
|
||||||
#fi
|
|
||||||
|
|
||||||
if [ $# -eq 0 ]; then
|
|
||||||
echo $E "usage: $0 [-v] [-i] [configure options ...] platform" >&2
|
|
||||||
echo $E "\t-v\t\tverbose (print actual command)" >&2
|
|
||||||
echo $E "\t-d\t\tdump command outputs" >&2
|
|
||||||
echo $E "\t-i\t\tinteractive (ask before overwriting something)" >&2
|
|
||||||
echo $E "\tconfigure options\toptions for configure script, e.g. --disable-ip6" >&2
|
|
||||||
echo $E "\tplatform\tdescribe your OS, e.g. `uname -s`-`uname -r|tr '.' '-'`" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
case "$PLATFORM" in
|
|
||||||
*.*) echo "platform name must not contain '.'" >&2; exit 1;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
|
|
||||||
# now, lets begin!
|
|
||||||
|
|
||||||
if [ -f Makefile ]; then
|
|
||||||
COMMAND="make distclean"
|
|
||||||
[ "$VERBOSE" ] && echo "$COMMAND"
|
|
||||||
$COMMAND >/dev/null 2>&1 || echo "*** failed: $COMMAND" 1>&2
|
|
||||||
fi
|
|
||||||
|
|
||||||
# implicitly generates Makefile, config.h, config.log
|
|
||||||
COMMAND="./configure $CONFOPTS"
|
|
||||||
LOGFILE="compile.log"
|
|
||||||
[ "$VERBOSE" ] && echo "$COMMAND"
|
|
||||||
if [ "$LOGGING" ]; then
|
|
||||||
{ $COMMAND; echo "$?" >socat.rc; } 2>&1 |tee $LOGFILE;
|
|
||||||
if [ `cat socat.rc` -ne 0 ]; then echo "*** failed: $COMMAND" 1>&2; exit 1; fi
|
|
||||||
else
|
|
||||||
$COMMAND >$LOGFILE 2>&1 || { echo "*** failed: $COMMAND" 1>&2; exit 1; }
|
|
||||||
fi
|
|
||||||
|
|
||||||
COMMAND="make -k"
|
|
||||||
LOGFILE="compile.log"
|
|
||||||
[ "$VERBOSE" ] && echo "$COMMAND"
|
|
||||||
if [ "$LOGGING" ]; then
|
|
||||||
{ $COMMAND; echo "$?" >socat.rc; } 2>&1 |tee -a $LOGFILE;
|
|
||||||
if [ `cat socat.rc` -ne 0 ]; then echo "*** failed: $COMMAND" 1>&2; exit 1; fi
|
|
||||||
else
|
|
||||||
$COMMAND >>$LOGFILE 2>&1 || { echo "*** failed: $COMMAND" 1>&2; exit 1; }
|
|
||||||
fi
|
|
||||||
|
|
||||||
# generates socat.out
|
|
||||||
COMMAND="make info"
|
|
||||||
[ "$VERBOSE" ] && echo "$COMMAND"
|
|
||||||
$COMMAND >/dev/null || echo "*** failed: $COMMAND" 1>&2
|
|
||||||
|
|
||||||
COMMAND="./test.sh"
|
|
||||||
LOGFILE="test.log"
|
|
||||||
[ "$VERBOSE" ] && echo "$COMMAND"
|
|
||||||
if [ "$LOGGING" ]; then
|
|
||||||
{ $COMMAND; echo "$?" >socat.rc; } 2>&1 |tee $LOGFILE;
|
|
||||||
if [ `cat socat.rc` -ne 0 ]; then
|
|
||||||
echo "*** failed: $COMMAND" 1>&2
|
|
||||||
if [ `cat socat.rc` -ge 128 ]; then
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
$COMMAND >$LOGFILE 2>&1 || echo "*** failed: $COMMAND" 1>&2
|
|
||||||
fi
|
|
||||||
|
|
||||||
FILES=
|
|
||||||
|
|
||||||
b=Makefile; e=; f=$b; p=Config/$b.$PLATFORM
|
|
||||||
if [ "$INTERACTIVE" -a -f $p ]; then
|
|
||||||
if ! diff $p $f; then
|
|
||||||
cp -pi $f $p
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
cp -p $f $p
|
|
||||||
fi
|
|
||||||
FILES="$p"
|
|
||||||
|
|
||||||
b=config; e=h; f=$b.$e; p=Config/$b.$PLATFORM.$e
|
|
||||||
if [ "$INTERACTIVE" -a -f $p ]; then
|
|
||||||
if ! diff $p $f; then
|
|
||||||
cp -pi $f $p
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
cp -p $f $p
|
|
||||||
fi
|
|
||||||
FILES="$FILES $p"
|
|
||||||
|
|
||||||
b=socat; e=out; f=$b.$e; p=Config/$b.$PLATFORM.$e
|
|
||||||
if [ "$INTERACTIVE" -a -f $p ]; then
|
|
||||||
if ! diff $p $f; then
|
|
||||||
cp -pi $f $p
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
cp -p $f $p
|
|
||||||
fi
|
|
||||||
FILES="$FILES $p"
|
|
||||||
|
|
||||||
b=config; e=log; f=$b.$e; p=Config/$b.$PLATFORM.$e
|
|
||||||
if [ "$INTERACTIVE" -a -f $p ]; then
|
|
||||||
if ! diff $p $f; then
|
|
||||||
cp -pi $f $p
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
cp -p $f $p
|
|
||||||
fi
|
|
||||||
FILES="$FILES $p"
|
|
||||||
|
|
||||||
b=compile; e=log; f=$b.$e; p=Config/$b.$PLATFORM.$e
|
|
||||||
if [ "$INTERACTIVE" -a -f $p ]; then
|
|
||||||
if ! diff $p $f; then
|
|
||||||
cp -pi $f $p
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
cp -p $f $p
|
|
||||||
fi
|
|
||||||
FILES="$FILES $p"
|
|
||||||
|
|
||||||
b=test; e=log; f=$b.$e; p=Config/$b.$PLATFORM.$e
|
|
||||||
if [ "$INTERACTIVE" -a -f $p ]; then
|
|
||||||
if ! diff $p $f; then
|
|
||||||
cp -pi $f $p
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
cp -p $f $p
|
|
||||||
fi
|
|
||||||
FILES="$FILES $p"
|
|
||||||
|
|
||||||
echo "output files:"
|
|
||||||
echo "$FILES"
|
|
41
test.sh
41
test.sh
|
@ -11178,6 +11178,12 @@ esac
|
||||||
N=$((N+1))
|
N=$((N+1))
|
||||||
|
|
||||||
|
|
||||||
|
# Does Socat have -d0 option?
|
||||||
|
opt_d0=
|
||||||
|
if $SOCAT -h |grep -e -d0 >/dev/null; then
|
||||||
|
opt_d0="-d0"
|
||||||
|
fi
|
||||||
|
|
||||||
# socat up to 1.7.2.1 did only shutdown() but not close() an accept() socket
|
# socat up to 1.7.2.1 did only shutdown() but not close() an accept() socket
|
||||||
# that was rejected due to range, tcpwrap, lowport, or sourceport option.
|
# that was rejected due to range, tcpwrap, lowport, or sourceport option.
|
||||||
# This file descriptor leak could be used for a denial of service attack.
|
# This file descriptor leak could be used for a denial of service attack.
|
||||||
|
@ -11202,7 +11208,7 @@ if [ $RLIMIT_NOFILE -gt 1024 ]; then
|
||||||
RLIMIT_NOFILE="$(ulimit -n)"
|
RLIMIT_NOFILE="$(ulimit -n)"
|
||||||
fi
|
fi
|
||||||
newport tcp4
|
newport tcp4
|
||||||
CMD0="$TRACE $SOCAT -d0 $opts TCP-LISTEN:$PORT,$REUSEADDR,range=$LOCALHOST:255.255.255.255 PIPE"
|
CMD0="$TRACE $SOCAT $opt_d0 $opts TCP-LISTEN:$PORT,$REUSEADDR,range=$LOCALHOST:255.255.255.255 PIPE"
|
||||||
CMD1="$TRACE $SOCAT $opts -t 0 /dev/null TCP:$SECONDADDR:$PORT,bind=$SECONDADDR"
|
CMD1="$TRACE $SOCAT $opts -t 0 /dev/null TCP:$SECONDADDR:$PORT,bind=$SECONDADDR"
|
||||||
CMD2="$TRACE $SOCAT $opts - TCP:$LOCALHOST:$PORT,bind=$LOCALHOST"
|
CMD2="$TRACE $SOCAT $opts - TCP:$LOCALHOST:$PORT,bind=$LOCALHOST"
|
||||||
printf "test $F_n $TEST... " $N
|
printf "test $F_n $TEST... " $N
|
||||||
|
@ -14997,7 +15003,7 @@ pid2=$!
|
||||||
sleep 2
|
sleep 2
|
||||||
cpids="$(childpids $pid0 </dev/null)"
|
cpids="$(childpids $pid0 </dev/null)"
|
||||||
kill $pid1 $pid2 $cpids $pid0 2>/dev/null; wait
|
kill $pid1 $pid2 $cpids $pid0 2>/dev/null; wait
|
||||||
if echo -e "$da 2\n$da 1" |diff - $tf >$tdiff; then
|
if $ECHO "$da 2\n$da 1" |diff - $tf >$tdiff; then
|
||||||
$PRINTF "$OK\n"
|
$PRINTF "$OK\n"
|
||||||
if [ "$VERBOSE" ]; then echo "$CMD0 &"; fi
|
if [ "$VERBOSE" ]; then echo "$CMD0 &"; fi
|
||||||
if [ "$DEBUG" ]; then cat "${te}0" >&2; fi
|
if [ "$DEBUG" ]; then cat "${te}0" >&2; fi
|
||||||
|
@ -15039,19 +15045,29 @@ TEST="$NAME: Option -S can turn off logging of SIGTERM"
|
||||||
# Start Socat with option -S 0x0000, kill it with SIGTERM
|
# Start Socat with option -S 0x0000, kill it with SIGTERM
|
||||||
# When no logging entry regarding this signal is there, the test succeeded
|
# When no logging entry regarding this signal is there, the test succeeded
|
||||||
if ! eval $NUMCOND; then :;
|
if ! eval $NUMCOND; then :;
|
||||||
|
elif ! $SOCAT -h | grep -e " -S\>" >/dev/null; then
|
||||||
|
$PRINTF "test $F_n $TEST... ${YELLOW}Option -S not available${NORMAL}\n" $N
|
||||||
|
numCANT=$((numCANT+1))
|
||||||
|
listCANT="$listCANT $N"
|
||||||
|
elif ! F=$(testfeats PIPE); then
|
||||||
|
$PRINTF "test $F_n $TEST... ${YELLOW}Feature $F not configured${NORMAL}\n" $N
|
||||||
|
numCANT=$((numCANT+1))
|
||||||
|
listCANT="$listCANT $N"
|
||||||
|
elif ! A=$(testaddrs PIPE); then
|
||||||
|
$PRINTF "test $F_n $TEST... ${YELLOW}Address $A not available${NORMAL}\n" $N
|
||||||
|
numCANT=$((numCANT+1))
|
||||||
|
listCANT="$listCANT $N"
|
||||||
else
|
else
|
||||||
tf="$td/test$N.stdout"
|
tf="$td/test$N.stdout"
|
||||||
te="$td/test$N.stderr"
|
te="$td/test$N.stderr"
|
||||||
tdiff="$td/test$N.diff"
|
tdiff="$td/test$N.diff"
|
||||||
da="test$N $(date) $RANDOM"
|
|
||||||
newport tcp4 # or whatever proto, or drop this line
|
|
||||||
CMD0="$TRACE $SOCAT $opts -S 0x0000 PIPE PIPE"
|
CMD0="$TRACE $SOCAT $opts -S 0x0000 PIPE PIPE"
|
||||||
printf "test $F_n $TEST... " $N
|
printf "test $F_n $TEST... " $N
|
||||||
$CMD0 >/dev/null 2>"${te}0" &
|
$CMD0 >/dev/null 2>"${te}0" &
|
||||||
pid0=$!
|
pid0=$!
|
||||||
relsleep 1 # give process time to start
|
relsleep 1 # give process time to start
|
||||||
kill -TERM $pid0 2>/dev/null; wait
|
kill -TERM $pid0 2>/dev/null; wait
|
||||||
if ! grep -q "exiting on signal" ${te}0; then
|
if ! grep "exiting on signal" ${te}0 >/dev/null; then
|
||||||
$PRINTF "$OK\n"
|
$PRINTF "$OK\n"
|
||||||
if [ "$VERBOSE" ]; then echo "$CMD0 &"; fi
|
if [ "$VERBOSE" ]; then echo "$CMD0 &"; fi
|
||||||
if [ "$DEBUG" ]; then cat "${te}0" >&2; fi
|
if [ "$DEBUG" ]; then cat "${te}0" >&2; fi
|
||||||
|
@ -15079,19 +15095,30 @@ TEST="$NAME: Option -S can turn on logging of signal 31"
|
||||||
# Start Socat with option -S 0x80000000, kill it with -31
|
# Start Socat with option -S 0x80000000, kill it with -31
|
||||||
# When a logging entry regarding this signal is there, the test succeeded
|
# When a logging entry regarding this signal is there, the test succeeded
|
||||||
if ! eval $NUMCOND; then :;
|
if ! eval $NUMCOND; then :;
|
||||||
|
elif ! $SOCAT -h | grep -e " -S\>" >/dev/null; then
|
||||||
|
$PRINTF "test $F_n $TEST... ${YELLOW}Option -S not available${NORMAL}\n" $N
|
||||||
|
numCANT=$((numCANT+1))
|
||||||
|
listCANT="$listCANT $N"
|
||||||
|
elif ! F=$(testfeats PIPE); then
|
||||||
|
$PRINTF "test $F_n $TEST... ${YELLOW}Feature $F not configured${NORMAL}\n" $N
|
||||||
|
numCANT=$((numCANT+1))
|
||||||
|
listCANT="$listCANT $N"
|
||||||
|
elif ! A=$(testaddrs PIPE); then
|
||||||
|
$PRINTF "test $F_n $TEST... ${YELLOW}Address $A not available${NORMAL}\n" $N
|
||||||
|
numCANT=$((numCANT+1))
|
||||||
|
listCANT="$listCANT $N"
|
||||||
else
|
else
|
||||||
tf="$td/test$N.stdout"
|
tf="$td/test$N.stdout"
|
||||||
te="$td/test$N.stderr"
|
te="$td/test$N.stderr"
|
||||||
tdiff="$td/test$N.diff"
|
tdiff="$td/test$N.diff"
|
||||||
da="test$N $(date) $RANDOM"
|
da="test$N $(date) $RANDOM"
|
||||||
newport tcp4 # or whatever proto, or drop this line
|
|
||||||
CMD0="$TRACE $SOCAT $opts -S 0x80000000 PIPE PIPE"
|
CMD0="$TRACE $SOCAT $opts -S 0x80000000 PIPE PIPE"
|
||||||
printf "test $F_n $TEST... " $N
|
printf "test $F_n $TEST... " $N
|
||||||
$CMD0 >/dev/null 2>"${te}0" &
|
$CMD0 >/dev/null 2>"${te}0" &
|
||||||
pid0=$!
|
pid0=$!
|
||||||
relsleep 1 # give process time to start
|
relsleep 1 # give process time to start
|
||||||
kill -31 $pid0 2>/dev/null; wait
|
kill -31 $pid0 2>/dev/null; wait
|
||||||
if grep -q "exiting on signal" ${te}0; then
|
if grep "exiting on signal" ${te}0 >/dev/null; then
|
||||||
$PRINTF "$OK\n"
|
$PRINTF "$OK\n"
|
||||||
if [ "$VERBOSE" ]; then echo "$CMD0 &"; fi
|
if [ "$VERBOSE" ]; then echo "$CMD0 &"; fi
|
||||||
if [ "$DEBUG" ]; then cat "${te}0" >&2; fi
|
if [ "$DEBUG" ]; then cat "${te}0" >&2; fi
|
||||||
|
|
|
@ -448,8 +448,9 @@ int _xioopen_openssl_connect(struct single *xfd,
|
||||||
|
|
||||||
#if defined(HAVE_SSL_set_tlsext_host_name) || defined(SSL_set_tlsext_host_name)
|
#if defined(HAVE_SSL_set_tlsext_host_name) || defined(SSL_set_tlsext_host_name)
|
||||||
if (!no_sni) {
|
if (!no_sni) {
|
||||||
/*Warn1("_xioopen_openssl_connect(): calling SSL_set_tlsext_host_name(snihost=\"%s\")", snihost?snihost:"NULL");*/
|
if (snihost == NULL || strlen(snihost) == 0) {
|
||||||
if (!SSL_set_tlsext_host_name(ssl, snihost)) {
|
Warn("refusing to set empty SNI host name");
|
||||||
|
} else if (!SSL_set_tlsext_host_name(ssl, snihost)) {
|
||||||
Error1("Failed to set SNI host \"%s\"", snihost);
|
Error1("Failed to set SNI host \"%s\"", snihost);
|
||||||
sycSSL_free(xfd->para.openssl.ssl);
|
sycSSL_free(xfd->para.openssl.ssl);
|
||||||
xfd->para.openssl.ssl = NULL;
|
xfd->para.openssl.ssl = NULL;
|
||||||
|
|
Loading…
Reference in a new issue