Skip to content

Commit

Permalink
Issue #18: Fix the handling of session notes, and the fact that TLVs …
Browse files Browse the repository at this point in the history 
…are not null-terminated strings.
  • Loading branch information
@Castaglia
Castaglia committed Jun 6, 2021
1 parent 9de87d2 commit ead16a9
Showing 1 changed file with 30 additions and 16 deletions.
46 changes: 30 additions & 16 deletions mod_proxy_protocol.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -628,6 +628,21 @@ static int read_haproxy_v1(pool *p, conn_t *conn,
return -1;
}

static void add_tlv_session_note(const char *key, const char *tlv_val,
size_t tlv_valsz) {
void *val;
size_t valsz;

/* TLVs are NOT null-terminated strings, but we want to store their
* session notes as such.
*/
valsz = tlv_valsz + 1;
val = pr_table_pcalloc(session.notes, valsz);
memcpy(val, tlv_val, tlv_valsz);

(void) pr_table_add(session.notes, key, val, valsz);
}

static const char haproxy_v2_sig[12] = "\x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A";

/* The TLS TLV is convoluted enough to warrant its own special function. */
Expand Down Expand Up @@ -697,42 +712,42 @@ static int read_haproxy_v2_tls_tlv(pool *p, void *tlv_val, size_t tlv_valsz) {
case 0x21:
pr_trace_msg(trace_channel, 19,
"TLS TLV: TLS version: %.*s", (int) tls_valsz, (char *) tls_val);
(void) pr_table_add_dup(session.notes, "mod_proxy_protocol.tls-version",
tlv_val, (size_t) tlv_valsz);
add_tlv_session_note("mod_proxy_protocol.tls.version", tlv_val,
tlv_valsz);
break;

/* TLS CN */
case 0x22:
pr_trace_msg(trace_channel, 19,
"TLS TLV: TLS CN: %*.s", (int) tls_valsz, (char *) tls_val);
(void) pr_table_add_dup(session.notes,
"mod_proxy_protocol.tls-common-name", tlv_val, (size_t) tlv_valsz);
add_tlv_session_note("mod_proxy_protocol.tls.common-name", tlv_val,
tlv_valsz);
break;

/* TLS cipher */
case 0x23:
pr_trace_msg(trace_channel, 19,
"TLS TLV: TLS cipher: %.*s", (int) tls_valsz, (char *) tls_val);
(void) pr_table_add_dup(session.notes, "mod_proxy_protocol.tls-cipher",
tlv_val, (size_t) tlv_valsz);
add_tlv_session_note("mod_proxy_protocol.tls.cipher", tlv_val,
tlv_valsz);
break;

/* TLS signature algorithm */
case 0x24:
pr_trace_msg(trace_channel, 19,
"TLS TLV: TLS signature algorithm: %.*s", (int) tls_valsz,
(char *) tls_val);
(void) pr_table_add_dup(session.notes,
"mod_proxy_protocol.tls-signature-algo", tlv_val, (size_t) tlv_valsz);
add_tlv_session_note("mod_proxy_protocol.tls.signature-algo", tlv_val,
tlv_valsz);
break;

/* TLS key algorithm */
case 0x25:
pr_trace_msg(trace_channel, 19,
"TLS TLV: TLS key algorithm: %.*s", (int) tls_valsz,
(char *) tls_val);
(void) pr_table_add_dup(session.notes,
"mod_proxy_protocol.tls-key-algo", tlv_val, (size_t) tlv_valsz);
add_tlv_session_note("mod_proxy_protocol.tls.key-algo", tlv_val,
tlv_valsz);
break;

default:
Expand Down Expand Up @@ -798,17 +813,16 @@ static int read_haproxy_v2_tlvs(pool *p, conn_t *conn, size_t len) {
pr_trace_msg(trace_channel, 19,
"received proxy protocol V2 ALPN: %.*s", (int) tlv_valsz,
(char *) tlv_val);
(void) pr_table_add_dup(session.notes, "mod_proxy_protocol.alpn",
tlv_val, (size_t) tlv_valsz);
add_tlv_session_note("mod_proxy_protocol.alpn", tlv_val, tlv_valsz);
break;

/* "Authority" (server name, ala SNI) */
case 0x02:
pr_trace_msg(trace_channel, 19,
"received proxy protocol V2 SNI: %.*s", (int) tlv_valsz,
(char *) tlv_val);
(void) pr_table_add_dup(session.notes, "mod_proxy_protocol.authority",
tlv_val, (size_t) tlv_valsz);
add_tlv_session_note("mod_proxy_protocol.authority", tlv_val,
tlv_valsz);
break;

/* CRC32 */
Expand All @@ -830,8 +844,8 @@ static int read_haproxy_v2_tlvs(pool *p, conn_t *conn, size_t len) {
pr_trace_msg(trace_channel, 19,
"received proxy protocol V2 Unique ID TLV (%lu bytes)",
(unsigned long) tlv_valsz);
(void) pr_table_add_dup(session.notes, "mod_proxy_protocol.unique-id",
tlv_val, (size_t) tlv_valsz);
add_tlv_session_note("mod_proxy_protocol.unique-id", tlv_val,
tlv_valsz);
break;

/* TLS */
Expand Down

0 comments on commit ead16a9

Please sign in to comment.