Problem: secure servers ignore zap_connect failre code and set ready.

a0ccdc86 · evoskuil · 9c6fb099 · a0ccdc86 · a0ccdc86 · a0ccdc86
Commit a0ccdc86 authored Mar 29, 2017 by evoskuil
Hide whitespace changes
Inline Side-by-side

Showing with 42 additions and 45 deletions

curve_server.cpp src/curve_server.cpp +14 -16

gssapi_server.cpp src/gssapi_server.cpp +14 -13

plain_server.cpp src/plain_server.cpp +14 -16

No files found.
--- a/src/curve_server.cpp
+++ b/src/curve_server.cpp
@@ -491,23 +491,21 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
    //  Use ZAP protocol (RFC 27) to authenticate the user.
    rc = session->zap_connect ();
-    if (rc == 0) {
+    if (rc != 0)
-        rc = send_zap_request (client_key);
+        return -1;
-        if (rc != 0)
+    rc = send_zap_request (client_key);
-            return -1;
+    if (rc != 0)
-        rc = receive_and_process_zap_reply ();
+        return -1;
-        if (rc == 0)
+    rc = receive_and_process_zap_reply ();
-            state = status_code == "200"
+    if (rc == 0)
-                ? send_ready
+        state = status_code == "200"
-                : send_error;
+            ? send_ready
-        else
+            : send_error;
-        if (errno == EAGAIN)
+    else
-            state = expect_zap_reply;
+    if (errno == EAGAIN)
-        else
+        state = expect_zap_reply;
-            return -1;
-    }
    else
-        state = send_ready;
+        return -1;
    return parse_metadata (initiate_plaintext + crypto_box_ZEROBYTES + 128,
                           clen - crypto_box_ZEROBYTES - 128);

--- a/src/gssapi_server.cpp
+++ b/src/gssapi_server.cpp
@@ -120,20 +120,21 @@ int zmq::gssapi_server_t::process_handshake_command (msg_t *msg_)
    if (security_context_established) {
        //  Use ZAP protocol (RFC 27) to authenticate the user.
-        bool expecting_zap_reply = false;
        int rc = session->zap_connect ();
-        if (rc == 0) {
+        if (rc != 0)
-            rc = send_zap_request ();
+            return -1;
-            if (rc != 0)
+        rc = send_zap_request ();
-                return -1;
+        if (rc != 0)
-            rc = receive_and_process_zap_reply ();
+            return -1;
-            if (rc != 0) {
+        rc = receive_and_process_zap_reply ();
-                if (errno != EAGAIN)
+        if (rc == 0)
-                    return -1;
+            state = send_ready;
-                expecting_zap_reply = true;
+        else
-            }
+        if (errno == EAGAIN)
-        }
+            state = expect_zap_reply;
-        state = expecting_zap_reply? expect_zap_reply: send_ready;
+        else
+            return -1;
        return 0;
    }

--- a/src/plain_server.cpp
+++ b/src/plain_server.cpp
@@ -190,23 +190,21 @@ int zmq::plain_server_t::process_hello (msg_t *msg_)
    //  Use ZAP protocol (RFC 27) to authenticate the user.
    int rc = session->zap_connect ();
-    if (rc == 0) {
+    if (rc != 0)
-        rc = send_zap_request (username, password);
+        return -1;
-        if (rc != 0)
+    rc = send_zap_request (username, password);
-            return -1;
+    if (rc != 0)
-        rc = receive_and_process_zap_reply ();
+        return -1;
-        if (rc == 0)
+    rc = receive_and_process_zap_reply ();
-            state = status_code == "200"
+    if (rc == 0)
-                ? sending_welcome
+        state = status_code == "200"
-                : sending_error;
+            ? sending_welcome
-        else
+            : sending_error;
-        if (errno == EAGAIN)
+    else
-            state = waiting_for_zap_reply;
+    if (errno == EAGAIN)
-        else
+        state = waiting_for_zap_reply;
-            return -1;
-    }
    else
-        state = sending_welcome;
+        return -1;
    return 0;
 }