mirror of https://github.com/omar-polo/gmid.git
don't ignore punycode errors when decoding SNI-provided servname
This commit is contained in:
parent
4a3ab60928
commit
a8d4a89770
9
server.c
9
server.c
|
@ -251,6 +251,7 @@ handle_handshake(struct pollfd *fds, struct client *c)
|
||||||
{
|
{
|
||||||
struct vhost *h;
|
struct vhost *h;
|
||||||
const char *servname;
|
const char *servname;
|
||||||
|
const char *parse_err = "unknown error";
|
||||||
|
|
||||||
switch (tls_handshake(c->ctx)) {
|
switch (tls_handshake(c->ctx)) {
|
||||||
case 0: /* success */
|
case 0: /* success */
|
||||||
|
@ -268,7 +269,10 @@ handle_handshake(struct pollfd *fds, struct client *c)
|
||||||
}
|
}
|
||||||
|
|
||||||
servname = tls_conn_servername(c->ctx);
|
servname = tls_conn_servername(c->ctx);
|
||||||
puny_decode(servname, c->domain, sizeof(c->domain));
|
if (!puny_decode(servname, c->domain, sizeof(c->domain), &parse_err)) {
|
||||||
|
LOGI(c, "%s", parse_err);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
for (h = hosts; h->domain != NULL; ++h) {
|
for (h = hosts; h->domain != NULL; ++h) {
|
||||||
if (!fnmatch(h->domain, c->domain, 0))
|
if (!fnmatch(h->domain, c->domain, 0))
|
||||||
|
@ -287,12 +291,13 @@ handle_handshake(struct pollfd *fds, struct client *c)
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
err:
|
||||||
if (servname != NULL)
|
if (servname != NULL)
|
||||||
strncpy(c->req, servname, sizeof(c->req));
|
strncpy(c->req, servname, sizeof(c->req));
|
||||||
else
|
else
|
||||||
strncpy(c->req, "null", sizeof(c->req));
|
strncpy(c->req, "null", sizeof(c->req));
|
||||||
|
|
||||||
start_reply(fds, c, BAD_REQUEST, "Wrong host or missing SNI");
|
start_reply(fds, c, BAD_REQUEST, "Wrong/malformed host or missing SNI");
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
|
|
Loading…
Reference in New Issue