[Libreoffice-commits] online.git: 2 commits - net/Socket.cpp net/Socket.hpp wsd/LOOLWSD.cpp

Libreoffice Gerrit user logerrit at kemper.freedesktop.org
Wed Nov 7 17:39:27 UTC 2018 

 net/Socket.cpp  |   12 ++++++++++++
 net/Socket.hpp  |    7 +++++--
 wsd/LOOLWSD.cpp |   14 ++++++++++++++
 3 files changed, 31 insertions(+), 2 deletions(-)

New commits:
commit d00aa78c9b7841e8ce68b92c04916be41ac6aadc
Author:     Michael Meeks <michael.meeks at collabora.com>
AuthorDate: Wed Nov 7 17:36:45 2018 +0000
Commit:     Michael Meeks <michael.meeks at collabora.com>
CommitDate: Wed Nov 7 17:37:25 2018 +0000

    Don't name parameter after a local method.
    
    Change-Id: I06929d23009b851cf3fb20da5bfe66d9795dcdd9

diff --git a/net/Socket.hpp b/net/Socket.hpp
index db4f58760..531f5358a 100644
--- a/net/Socket.hpp
+++ b/net/Socket.hpp
@@ -126,9 +126,9 @@ public:
     /// Create socket of the given type.
     static int createSocket(Type type);
 
-    void setClientAddress(const std::string& clientAddress)
+    void setClientAddress(const std::string& address)
     {
-        _clientAddress = clientAddress;
+        _clientAddress = address;
     }
 
     const std::string& clientAddress() const
commit 738abc1de7e5905d3b323f1ddb3938754024c844
Author:     Michael Meeks <michael.meeks at collabora.com>
AuthorDate: Wed Nov 7 17:35:46 2018 +0000
Commit:     Michael Meeks <michael.meeks at collabora.com>
CommitDate: Wed Nov 7 17:36:18 2018 +0000

    Respond to SSL/TLS over http - when we don't expect it.
    
    Change-Id: I48c7607cd4e1416fb4ac28c552c2cd96b51d60a6

diff --git a/net/Socket.cpp b/net/Socket.cpp
index 208efc3c9..44f5d18a4 100644
--- a/net/Socket.cpp
+++ b/net/Socket.cpp
@@ -607,6 +607,18 @@ namespace HttpHelper
     }
 }
 
+bool StreamSocket::sniffSSL() const
+{
+    // Only sniffing the first bytes of a sockte.
+    if (_bytesSent > 0 || _bytesRecvd != _inBuffer.size() || _bytesRecvd < 6)
+        return false;
+
+    // 0x0000  16 03 01 02 00 01 00 01
+    return (_inBuffer[0] == 0x16 && // HANDSHAKE
+            _inBuffer[1] == 0x03 && // SSL 3.0 / TLS 1.x
+            _inBuffer[5] == 0x01);  // Handshake: CLIENT_HELLO
+}
+
 #endif // !MOBILEAPP
 
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/net/Socket.hpp b/net/Socket.hpp
index e62b01039..db4f58760 100644
--- a/net/Socket.hpp
+++ b/net/Socket.hpp
@@ -1073,6 +1073,9 @@ public:
         while (!_outBuffer.empty());
     }
 
+    /// Does it look like we have some TLS / SSL where we don't expect it ?
+    bool sniffSSL() const;
+
 protected:
     /// Override to handle reading of socket data differently.
     virtual int readData(char* buf, int len)
diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp
index 2c31e88c6..85040f13e 100644
--- a/wsd/LOOLWSD.cpp
+++ b/wsd/LOOLWSD.cpp
@@ -2005,6 +2005,20 @@ private:
         std::shared_ptr<StreamSocket> socket = _socket.lock();
 
 #ifndef MOBILEAPP
+        if (socket->sniffSSL())
+        {
+            LOG_ERR("Looks like SSL/TLS traffic on plain http port");
+            std::ostringstream oss;
+            oss << "HTTP/1.1 400\r\n"
+                << "Date: " << Poco::DateTimeFormatter::format(Poco::Timestamp(), Poco::DateTimeFormat::HTTP_FORMAT) << "\r\n"
+                << "User-Agent: " << WOPI_AGENT_STRING << "\r\n"
+                << "Content-Length: 0\r\n"
+                << "\r\n";
+            socket->send(oss.str());
+            socket->shutdown();
+            return;
+        }
+
         Poco::MemoryInputStream message(&socket->getInBuffer()[0],
                                         socket->getInBuffer().size());;
         Poco::Net::HTTPRequest request;

More information about the Libreoffice-commits mailing list