From c0465935db72d69c90a2556ff64c64f7eeb8ec48 Mon Sep 17 00:00:00 2001 From: Andre Noll Date: Thu, 3 Mar 2011 17:39:11 +0100 Subject: [PATCH] handle_connect(): Don't send anything to non-authorized clients. Currently, if we don't receive a valid authentication request, we send back an RC4-encrypted error message to the client, which is kind of pointless since the RC4 keys are not set up at this point. Of course we could send an unencryted error message in this case, but in since the peer could be anything, it seems safer to just close the connection. --- command.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/command.c b/command.c index f462016b..f9ef6cd7 100644 --- a/command.c +++ b/command.c @@ -743,24 +743,24 @@ __noreturn void handle_connect(int fd, const char *peername) /* we need a blocking fd here as recv() might return EAGAIN otherwise. */ ret = mark_fd_blocking(fd); if (ret < 0) - goto err_out; + goto net_err; /* send Welcome message */ ret = send_va_buffer(fd, "This is para_server, version " PACKAGE_VERSION ".\n" ); if (ret < 0) - goto err_out; + goto net_err; /* recv auth request line */ ret = recv_buffer(fd, buf, sizeof(buf)); if (ret < 0) - goto err_out; + goto net_err; if (ret < 10) { ret = -E_AUTH_REQUEST; - goto err_out; + goto net_err; } numbytes = ret; ret = -E_AUTH_REQUEST; if (strncmp(buf, AUTH_REQUEST_MSG, strlen(AUTH_REQUEST_MSG))) - goto err_out; + goto net_err; p = buf + strlen(AUTH_REQUEST_MSG); PARA_DEBUG_LOG("received auth request for user %s\n", p); ret = -E_BAD_USER; @@ -770,7 +770,7 @@ __noreturn void handle_connect(int fd, const char *peername) ret = para_encrypt_buffer(u->rsa, rand_buf, sizeof(rand_buf), (unsigned char *)buf); if (ret < 0) - goto err_out; + goto net_err; numbytes = ret; } else { /* -- 2.39.2