From: Pierre Ossman Date: Fri, 21 Sep 2018 13:34:47 +0000 (+0200) Subject: Restore original streams when terminating TLS X-Git-Tag: v1.9.90~81^2 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=refs%2Fpull%2F722%2Fhead;p=tigervnc.git Restore original streams when terminating TLS In theory we could return to communicate without TLS after a shutdown. It also makes sure the connection object isn't left completely without streams. --- diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx index 7ca01d57..e1a31f78 100644 --- a/common/rfb/CSecurityTLS.cxx +++ b/common/rfb/CSecurityTLS.cxx @@ -69,7 +69,7 @@ static LogWriter vlog("TLS"); CSecurityTLS::CSecurityTLS(CConnection* cc, bool _anon) : CSecurity(cc), session(NULL), anon_cred(NULL), cert_cred(NULL), - anon(_anon), tlsis(NULL), tlsos(NULL) + anon(_anon), tlsis(NULL), tlsos(NULL), rawis(NULL), rawos(NULL) { cafile = X509CA.getData(); crlfile = X509CRL.getData(); @@ -116,6 +116,12 @@ void CSecurityTLS::shutdown(bool needbye) cert_cred = 0; } + if (rawis && rawos) { + cc->setStreams(rawis, rawos); + rawis = NULL; + rawos = NULL; + } + if (tlsis) { delete tlsis; tlsis = NULL; @@ -174,6 +180,9 @@ bool CSecurityTLS::processMsg() // for GnuTLS tlsis = new rdr::TLSInStream(is, session); tlsos = new rdr::TLSOutStream(os, session); + + rawis = is; + rawos = os; } int err; diff --git a/common/rfb/CSecurityTLS.h b/common/rfb/CSecurityTLS.h index 0d5f8997..4932c078 100644 --- a/common/rfb/CSecurityTLS.h +++ b/common/rfb/CSecurityTLS.h @@ -72,6 +72,9 @@ namespace rfb { rdr::InStream* tlsis; rdr::OutStream* tlsos; + + rdr::InStream* rawis; + rdr::OutStream* rawos; }; } diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx index bf77b9b2..49532f52 100644 --- a/common/rfb/SSecurityTLS.cxx +++ b/common/rfb/SSecurityTLS.cxx @@ -51,7 +51,8 @@ static LogWriter vlog("TLS"); SSecurityTLS::SSecurityTLS(SConnection* sc, bool _anon) : SSecurity(sc), session(NULL), dh_params(NULL), anon_cred(NULL), - cert_cred(NULL), anon(_anon), tlsis(NULL), tlsos(NULL) + cert_cred(NULL), anon(_anon), tlsis(NULL), tlsos(NULL), + rawis(NULL), rawos(NULL) { certfile = X509_CertFile.getData(); keyfile = X509_KeyFile.getData(); @@ -84,6 +85,12 @@ void SSecurityTLS::shutdown() cert_cred = 0; } + if (rawis && rawos) { + sc->setStreams(rawis, rawos); + rawis = NULL; + rawos = NULL; + } + if (tlsis) { delete tlsis; tlsis = NULL; @@ -139,6 +146,9 @@ bool SSecurityTLS::processMsg() // for GnuTLS tlsis = new rdr::TLSInStream(is, session); tlsos = new rdr::TLSOutStream(os, session); + + rawis = is; + rawos = os; } int err; diff --git a/common/rfb/SSecurityTLS.h b/common/rfb/SSecurityTLS.h index 6d32e3ba..6f711824 100644 --- a/common/rfb/SSecurityTLS.h +++ b/common/rfb/SSecurityTLS.h @@ -65,6 +65,9 @@ namespace rfb { rdr::InStream* tlsis; rdr::OutStream* tlsos; + + rdr::InStream* rawis; + rdr::OutStream* rawos; }; }