reject old ZMTP connections if auth enabled

auth mechanisms were only enabled when ZMTP handshake is latest version, meaning that connections from old sockets would skip authentication altogether

reject old ZMTP connections if auth enabled
auth mechanisms were only enabled when ZMTP handshake is latest version, meaning that connections from old sockets would skip authentication altogether
6cf120ea · Min RK · c35c0ca1 · 6cf120ea
Commit 6cf120ea authored Dec 03, 2014 by Min RK
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 0 deletions

stream_engine.cpp src/stream_engine.cpp +18 -0

No files found.
--- a/src/stream_engine.cpp
+++ b/src/stream_engine.cpp
@@ -534,6 +534,12 @@ bool zmq::stream_engine_t::handshake ()
    //  Is the peer using ZMTP/1.0 with no revision number?
    //  If so, we send and receive rest of identity message
    if (greeting_recv [0] != 0xff || !(greeting_recv [9] & 0x01)) {
+        if (session->zap_connect () == 0) {
+           // reject ZMTP 1.0 connections if ZAP is enabled
+           error (protocol_error);
+           return false;
+        }
+
        encoder = new (std::nothrow) v1_encoder_t (out_batch_size);
        alloc_assert (encoder);

@@ -575,6 +581,12 @@ bool zmq::stream_engine_t::handshake ()
    }
    else
    if (greeting_recv [revision_pos] == ZMTP_1_0) {
+        if (session->zap_connect () == 0) {
+           // reject ZMTP 1.0 connections if ZAP is enabled
+           error (protocol_error);
+           return false;
+        }
+
        encoder = new (std::nothrow) v1_encoder_t (
            out_batch_size);
        alloc_assert (encoder);
@@ -585,6 +597,12 @@ bool zmq::stream_engine_t::handshake ()
    }
    else
    if (greeting_recv [revision_pos] == ZMTP_2_0) {
+        if (session->zap_connect () == 0) {
+           // reject ZMTP 2.0 connections if ZAP is enabled
+           error (protocol_error);
+           return false;
+        }
+
        encoder = new (std::nothrow) v2_encoder_t (out_batch_size);
        alloc_assert (encoder);