Problem: secure servers ignore zap_connect failre code and set ready.

a0ccdc86 · evoskuil · 9c6fb099 · a0ccdc86 · a0ccdc86 · a0ccdc86
Commit a0ccdc86 authored Mar 29, 2017 by evoskuil
Show whitespace changes
Inline Side-by-side

Showing with 13 additions and 16 deletions

curve_server.cpp src/curve_server.cpp +2 -4

gssapi_server.cpp src/gssapi_server.cpp +9 -8

plain_server.cpp src/plain_server.cpp +2 -4

No files found.
--- a/src/curve_server.cpp
+++ b/src/curve_server.cpp
@@ -491,7 +491,8 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)

    //  Use ZAP protocol (RFC 27) to authenticate the user.
    rc = session->zap_connect ();
-    if (rc == 0) {
+    if (rc != 0)
+        return -1;
    rc = send_zap_request (client_key);
    if (rc != 0)
        return -1;
@@ -505,9 +506,6 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
        state = expect_zap_reply;
    else
        return -1;
-    }
-    else
-        state = send_ready;

    return parse_metadata (initiate_plaintext + crypto_box_ZEROBYTES + 128,
                           clen - crypto_box_ZEROBYTES - 128);

--- a/src/gssapi_server.cpp
+++ b/src/gssapi_server.cpp
@@ -120,20 +120,21 @@ int zmq::gssapi_server_t::process_handshake_command (msg_t *msg_)

    if (security_context_established) {
        //  Use ZAP protocol (RFC 27) to authenticate the user.
-        bool expecting_zap_reply = false;
        int rc = session->zap_connect ();
-        if (rc == 0) {
+        if (rc != 0)
+            return -1;
        rc = send_zap_request ();
        if (rc != 0)
            return -1;
        rc = receive_and_process_zap_reply ();
-            if (rc != 0) {
-                if (errno != EAGAIN)
+        if (rc == 0)
+            state = send_ready;
+        else
+        if (errno == EAGAIN)
+            state = expect_zap_reply;
+        else
            return -1;
-                expecting_zap_reply = true;
-            }
-        }
-        state = expecting_zap_reply? expect_zap_reply: send_ready;
+
        return 0;
    }


--- a/src/plain_server.cpp
+++ b/src/plain_server.cpp
@@ -190,7 +190,8 @@ int zmq::plain_server_t::process_hello (msg_t *msg_)

    //  Use ZAP protocol (RFC 27) to authenticate the user.
    int rc = session->zap_connect ();
-    if (rc == 0) {
+    if (rc != 0)
+        return -1;
    rc = send_zap_request (username, password);
    if (rc != 0)
        return -1;
@@ -204,9 +205,6 @@ int zmq::plain_server_t::process_hello (msg_t *msg_)
        state = waiting_for_zap_reply;
    else
        return -1;
-    }
-    else
-        state = sending_welcome;

    return 0;
 }