Skip to content

Commit

Permalink
https: fix renegotation attack protection
Browse files Browse the repository at this point in the history 
Listen for the 'clientError' event that is emitted when a renegotation attack
is detected and close the connection.

Fixes test/pummel/test-https-ci-reneg-attack.js
  • Loading branch information
@bnoordhuis
bnoordhuis committed Oct 9, 2012
1 parent 7394e89 commit 0ad0058
Show file tree
Hide file tree
Showing 5 changed files with 17 additions and 4 deletions.
5 changes: 4 additions & 1 deletion doc/api/http.markdown
View file
Expand Up @@ -127,10 +127,13 @@ sent to the server on that socket.

### Event: 'clientError'

`function (exception) { }`
`function (exception, socket) { }`

If a client connection emits an 'error' event - it will forwarded here.

`socket` is the `net.Socket` object that the error originated from.


### server.listen(port, [hostname], [backlog], [callback])

Begin accepting connections on the specified port and hostname. If the
Expand Down
4 changes: 3 additions & 1 deletion doc/api/tls.markdown
View file
Expand Up @@ -367,11 +367,13 @@ SNI.

### Event: 'clientError'

`function (exception) { }`
`function (exception, securePair) { }`

When a client connection emits an 'error' event before secure connection is
established - it will be forwarded here.

`securePair` is the `tls.SecurePair` that the error originated from.


### Event: 'newSession'

Expand Down
6 changes: 5 additions & 1 deletion lib/http.js
View file
Expand Up @@ -1647,6 +1647,10 @@ function Server(requestListener) {
this.httpAllowHalfOpen = false;

this.addListener('connection', connectionListener);

this.addListener('clientError', function(err, conn) {
conn.destroy(err);
});
}
util.inherits(Server, net.Server);

Expand Down Expand Up @@ -1705,7 +1709,7 @@ function connectionListener(socket) {
}

socket.addListener('error', function(e) {
self.emit('clientError', e);
self.emit('clientError', e, this);
});

socket.ondata = function(d, start, end) {
Expand Down
4 changes: 4 additions & 0 deletions lib/https.js
View file
Expand Up @@ -39,6 +39,10 @@ function Server(opts, requestListener) {
if (requestListener) {
this.addListener('request', requestListener);
}

this.addListener('clientError', function(err, conn) {
conn.destroy(err);
});
}
inherits(Server, tls.Server);

Expand Down
2 changes: 1 addition & 1 deletion lib/tls.js
View file
Expand Up @@ -1155,7 +1155,7 @@ function Server(/* [options], listener */) {
}
});
pair.on('error', function(err) {
self.emit('clientError', err);
self.emit('clientError', err, this);
});
});

Expand Down

0 comments on commit 0ad0058

Please sign in to comment.