]> source.dussan.org Git - rspamd.git/commitdiff
projects / rspamd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cd151c8)
[Minor] Make HTTP reply codes more consistent with the standard
authorVsevolod Stakhov <vsevolod@highsecure.ru>
Mon, 8 Mar 2021 20:41:15 +0000 (20:41 +0000)
committerVsevolod Stakhov <vsevolod@highsecure.ru>
Mon, 8 Mar 2021 20:41:15 +0000 (20:41 +0000)
Reported by: Steve Sturges

src/libserver/http/http_connection.c patch | blob | history
src/libserver/ssl_util.c patch | blob | history

diff --git a/src/libserver/http/http_connection.c b/src/libserver/http/http_connection.c
index 050fb4285fccef09a3c09182102ece00be29b335..bf4d07b72ac78e362a0d80ade964545957803a61 100644 (file)
--- a/src/libserver/http/http_connection.c
+++ b/src/libserver/http/http_connection.c
@@ -820,7 +820,7 @@ rspamd_http_write_helper (struct rspamd_http_connection *conn)
 
        if (r == -1) {
                if (!priv->ssl) {
-                       err = g_error_new (HTTP_ERROR, errno, "IO write error: %s", strerror (errno));
+                       err = g_error_new (HTTP_ERROR, 500, "IO write error: %s", strerror (errno));
                        rspamd_http_connection_ref (conn);
                        conn->error_handler (conn, err);
                        rspamd_http_connection_unref (conn);
@@ -970,9 +970,16 @@ rspamd_http_event_handler (int fd, short what, gpointer ud)
                                        return;
                                }
                                else {
-                                       err = g_error_new (HTTP_ERROR, 500 + priv->parser.http_errno,
-                                                       "HTTP parser error: %s",
-                                                       http_errno_description (priv->parser.http_errno));
+                                       if (priv->parser.http_errno > HPE_CB_status) {
+                                               err = g_error_new (HTTP_ERROR, 400,
+                                                               "HTTP parser error: %s",
+                                                               http_errno_description (priv->parser.http_errno));
+                                       }
+                                       else {
+                                               err = g_error_new (HTTP_ERROR, 500,
+                                                               "HTTP parser internal error: %s",
+                                                               http_errno_description (priv->parser.http_errno));
+                                       }
                                }
 
                                if (!conn->finished) {
@@ -996,7 +1003,7 @@ rspamd_http_event_handler (int fd, short what, gpointer ud)
 
                        if (!conn->finished) {
                                err = g_error_new (HTTP_ERROR,
-                                               errno,
+                                               400,
                                                "IO read error: unexpected EOF");
                                conn->error_handler (conn, err);
                                g_error_free (err);
@@ -1009,8 +1016,8 @@ rspamd_http_event_handler (int fd, short what, gpointer ud)
                else {
                        if (!priv->ssl) {
                                err = g_error_new (HTTP_ERROR,
-                                               errno,
-                                               "IO read error: %s",
+                                               500,
+                                               "HTTP IO read error: %s",
                                                strerror (errno));
                                conn->error_handler (conn, err);
                                g_error_free (err);
@@ -1029,7 +1036,7 @@ rspamd_http_event_handler (int fd, short what, gpointer ud)
                if (r > 0) {
                        if (http_parser_execute (&priv->parser, &priv->parser_cb,
                                        d, r) != (size_t)r || priv->parser.http_errno != 0) {
-                               err = g_error_new (HTTP_ERROR, priv->parser.http_errno,
+                               err = g_error_new (HTTP_ERROR, 400,
                                                "HTTP parser error: %s",
                                                http_errno_description (priv->parser.http_errno));
 
@@ -1050,7 +1057,7 @@ rspamd_http_event_handler (int fd, short what, gpointer ud)
                }
                else if (r == 0) {
                        if (!conn->finished) {
-                               err = g_error_new (HTTP_ERROR, ETIMEDOUT,
+                               err = g_error_new (HTTP_ERROR, 408,
                                                "IO timeout");
                                conn->error_handler (conn, err);
                                g_error_free (err);
@@ -1062,7 +1069,7 @@ rspamd_http_event_handler (int fd, short what, gpointer ud)
                        return;
                }
                else {
-                       err = g_error_new (HTTP_ERROR, ETIMEDOUT,
+                       err = g_error_new (HTTP_ERROR, 408,
                                        "IO timeout");
                        conn->error_handler (conn, err);
                        g_error_free (err);
@@ -2258,7 +2265,7 @@ rspamd_http_connection_write_message_common (struct rspamd_http_connection *conn
                                priv->ctx->ssl_ctx_noverify : priv->ctx->ssl_ctx;
 
                if (!ssl_ctx) {
-                       err = g_error_new (HTTP_ERROR, errno, "ssl message requested "
+                       err = g_error_new (HTTP_ERROR, 400, "ssl message requested "
                                        "with no ssl ctx");
                        rspamd_http_connection_ref (conn);
                        conn->error_handler (conn, err);
@@ -2281,7 +2288,7 @@ rspamd_http_connection_write_message_common (struct rspamd_http_connection *conn
                                        priv->timeout, rspamd_http_event_handler,
                                        rspamd_http_ssl_err_handler, conn)) {
 
-                               err = g_error_new (HTTP_ERROR, errno,
+                               err = g_error_new (HTTP_ERROR, 400,
                                                "ssl connection error: ssl error=%s, errno=%s",
                                                ERR_error_string (ERR_get_error (), NULL),
                                                strerror (errno));
diff --git a/src/libserver/ssl_util.c b/src/libserver/ssl_util.c
index c01f7467fb181cbbe7c54103d07d40e131b5b70c..b9fb175e5bf364651e12687b4e245ba6378a92f0 100644 (file)
--- a/src/libserver/ssl_util.c
+++ b/src/libserver/ssl_util.c
@@ -356,7 +356,7 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c)
        ver_err = SSL_get_verify_result (c->ssl);
 
        if (ver_err != X509_V_OK) {
-               g_set_error (&err, rspamd_ssl_quark (), ver_err, "certificate validation "
+               g_set_error (&err, rspamd_ssl_quark (), 400, "certificate validation "
                                "failed: %s", X509_verify_cert_error_string (ver_err));
                c->err_handler (c->handler_data, err);
                g_error_free (err);
@@ -367,7 +367,7 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c)
        /* Get server's certificate */
        server_cert =  SSL_get_peer_certificate (c->ssl);
        if (server_cert == NULL) {
-               g_set_error (&err, rspamd_ssl_quark (), ver_err, "peer certificate is absent");
+               g_set_error (&err, rspamd_ssl_quark (), 401, "peer certificate is absent");
                c->err_handler (c->handler_data, err);
                g_error_free (err);
 
@@ -377,7 +377,7 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c)
        if (c->hostname) {
                if (!rspamd_tls_check_name (server_cert, c->hostname)) {
                        X509_free (server_cert);
-                       g_set_error (&err, rspamd_ssl_quark (), ver_err, "peer certificate fails "
+                       g_set_error (&err, rspamd_ssl_quark (), 403, "peer certificate fails "
                                        "hostname verification for %s", c->hostname);
                        c->err_handler (c->handler_data, err);
                        g_error_free (err);
@@ -396,22 +396,21 @@ rspamd_tls_set_error (gint retcode, const gchar *stage, GError **err)
 {
        GString *reason;
        gchar buf[120];
-       gint err_code = 0, last_err = 0;
+       gint err_code = 0;
 
        reason = g_string_sized_new (sizeof (buf));
 
        if (retcode == SSL_ERROR_SYSCALL) {
                rspamd_printf_gstring (reason, "syscall fail: %s", strerror (errno));
-               err_code = errno;
+               err_code = 500;
        }
        else {
                while ((err_code = ERR_get_error()) != 0) {
-                       last_err = err_code;
                        ERR_error_string (err_code, buf);
                        rspamd_printf_gstring (reason, "ssl error: %s,", buf);
                }
 
-               err_code = last_err;
+               err_code = 400;
 
                if (reason->len > 0 && reason->str[reason->len - 1] == ',') {
                        reason->str[reason->len - 1] = '\0';
@@ -544,7 +543,7 @@ rspamd_ssl_event_handler (gint fd, short what, gpointer ud)
                else {
                        conn->shut = ssl_shut_unclean;
                        rspamd_ev_watcher_stop (conn->event_loop, conn->ev);
-                       g_set_error (&err, rspamd_ssl_quark (), ETIMEDOUT,
+                       g_set_error (&err, rspamd_ssl_quark (), 408,
                                        "ssl connection timed out");
                        conn->err_handler (conn->handler_data, err);
                        g_error_free (err);
@@ -616,7 +615,7 @@ rspamd_ssl_event_handler (gint fd, short what, gpointer ud)
                break;
        default:
                rspamd_ev_watcher_stop (conn->event_loop, conn->ev);
-               g_set_error (&err, rspamd_ssl_quark (), EINVAL,
+               g_set_error (&err, rspamd_ssl_quark (), 500,
                                "ssl bad state error: %d", conn->state);
                conn->err_handler (conn->handler_data, err);
                g_error_free (err);
@@ -760,7 +759,7 @@ rspamd_ssl_read (struct rspamd_ssl_connection *conn, gpointer buf,
 
        if (conn->state != ssl_conn_connected && conn->state != ssl_next_read) {
                errno = EINVAL;
-               g_set_error (&err, rspamd_ssl_quark (), ECONNRESET,
+               g_set_error (&err, rspamd_ssl_quark (), 400,
                                "ssl state error: cannot read data");
                conn->shut = ssl_shut_unclean;
                conn->err_handler (conn->handler_data, err);
Rapid spam filtering system: https://github.com/rspamd/rspamd