GNOME.org
 

[glib-networking/mcatanzaro/failed] gnutls: Add missing calls to failed vfunc

commit 318f549d2c4199370d4a9e5d855dbc42f819c89a
Author: Michael Catanzaro <mcatanzaro igalia com>
Date:   Thu May 2 15:00:33 2019 -0500

    gnutls: Add missing calls to failed vfunc
    
    This is needed wherever the connection can enter a failed state after a
    handshake. We don't really have any way to track failed state, but it's
    desirable to avoid connection reuse after errors.
    
    It's non-obvious and not robust. We should try to improve this to make
    it harder to break.

 tls/gnutls/gtlsconnection-gnutls.c | 3 +++
 1 file changed, 3 insertions(+)
---
diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c
index 774d668..3d69398 100644
--- a/tls/gnutls/gtlsconnection-gnutls.c
+++ b/tls/gnutls/gtlsconnection-gnutls.c
@@ -1033,6 +1033,7 @@ end_gnutls_io (GTlsConnectionGnutls  *gnutls,
     {
       if (priv->rehandshake_mode == G_TLS_REHANDSHAKE_NEVER)
         {
+          G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->failed (gnutls);
           g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
                                _("Peer requested illegal TLS rehandshake"));
           return GNUTLS_E_PULL_ERROR;
@@ -1083,6 +1084,7 @@ end_gnutls_io (GTlsConnectionGnutls  *gnutls,
       g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
                    _("Peer sent fatal TLS alert: %s"),
                    gnutls_alert_get_name (gnutls_alert_get (priv->session)));
+      G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->failed (gnutls);
       return status;
     }
   else if (status == GNUTLS_E_INAPPROPRIATE_FALLBACK)
@@ -1102,6 +1104,7 @@ end_gnutls_io (GTlsConnectionGnutls  *gnutls,
       g_set_error (error, G_IO_ERROR, G_IO_ERROR_MESSAGE_TOO_LARGE,
                    ngettext ("Message is too large for DTLS connection; maximum is %u byte",
                              "Message is too large for DTLS connection; maximum is %u bytes", mtu), mtu);
+      G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->failed (gnutls);
       return status;
     }
   else if (status == GNUTLS_E_TIMEDOUT)
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]