diff options
author | Pierre Ossman <ossman@cendio.se> | 2021-06-10 16:40:28 +0200 |
---|---|---|
committer | Pierre Ossman <ossman@cendio.se> | 2021-06-11 09:42:44 +0200 |
commit | 14d21d7b445107873166b528c66881bf736285f8 (patch) | |
tree | 7282807699449e11d5910bbd9ef57f46cbdbe179 /common | |
parent | fa2d8cd455a9f1ec632a493edc09e0c661ed9d51 (diff) | |
download | tigervnc-14d21d7b445107873166b528c66881bf736285f8.tar.gz tigervnc-14d21d7b445107873166b528c66881bf736285f8.zip |
Handle GnuTLS shutdown on dead session
The session might have died, or failed to initialise properly, so be
prepared for gnutls_bye() to be unable to do its job.
Diffstat (limited to 'common')
-rw-r--r-- | common/rfb/CSecurityTLS.cxx | 16 | ||||
-rw-r--r-- | common/rfb/CSecurityTLS.h | 2 | ||||
-rw-r--r-- | common/rfb/SSecurityTLS.cxx | 9 |
3 files changed, 16 insertions, 11 deletions
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx index b32725f0..d33a76e2 100644 --- a/common/rfb/CSecurityTLS.cxx +++ b/common/rfb/CSecurityTLS.cxx @@ -3,6 +3,7 @@ * Copyright (C) 2005 Martin Koegler * Copyright (C) 2010 TigerVNC Team * Copyright (C) 2010 m-privacy GmbH + * Copyright (C) 2012-2021 Pierre Ossman for Cendio AB * * This is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -99,11 +100,14 @@ void CSecurityTLS::setDefaults() X509CRL.setDefaultStr(crlDefault.buf); } -void CSecurityTLS::shutdown(bool needbye) +void CSecurityTLS::shutdown() { - if (session && needbye) - if (gnutls_bye(session, GNUTLS_SHUT_RDWR) != GNUTLS_E_SUCCESS) - vlog.error("gnutls_bye failed"); + if (session) { + int ret; + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + if ((ret != GNUTLS_E_SUCCESS) && (ret != GNUTLS_E_INVALID_SESSION)) + vlog.error("TLS shutdown failed: %s", gnutls_strerror(ret)); + } if (anon_cred) { gnutls_anon_free_client_credentials(anon_cred); @@ -139,7 +143,7 @@ void CSecurityTLS::shutdown(bool needbye) CSecurityTLS::~CSecurityTLS() { - shutdown(true); + shutdown(); delete[] cafile; delete[] crlfile; @@ -186,7 +190,7 @@ bool CSecurityTLS::processMsg() } vlog.error("TLS Handshake failed: %s\n", gnutls_strerror (err)); - shutdown(false); + shutdown(); throw AuthFailureException("TLS Handshake failed"); } diff --git a/common/rfb/CSecurityTLS.h b/common/rfb/CSecurityTLS.h index 476d0ef8..0dcf2ad3 100644 --- a/common/rfb/CSecurityTLS.h +++ b/common/rfb/CSecurityTLS.h @@ -55,7 +55,7 @@ namespace rfb { static UserMsgBox *msg; protected: - void shutdown(bool needbye); + void shutdown(); void freeResources(); void setParam(); void checkSession(); diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx index d5ef47e6..72262b9a 100644 --- a/common/rfb/SSecurityTLS.cxx +++ b/common/rfb/SSecurityTLS.cxx @@ -2,6 +2,7 @@ * Copyright (C) 2004 Red Hat Inc. * Copyright (C) 2005 Martin Koegler * Copyright (C) 2010 TigerVNC Team + * Copyright (C) 2012-2021 Pierre Ossman for Cendio AB * * This is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -64,10 +65,10 @@ SSecurityTLS::SSecurityTLS(SConnection* sc, bool _anon) void SSecurityTLS::shutdown() { if (session) { - if (gnutls_bye(session, GNUTLS_SHUT_RDWR) != GNUTLS_E_SUCCESS) { - /* FIXME: Treat as non-fatal error */ - vlog.error("TLS session wasn't terminated gracefully"); - } + int ret; + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + if ((ret != GNUTLS_E_SUCCESS) && (ret != GNUTLS_E_INVALID_SESSION)) + vlog.error("TLS shutdown failed: %s", gnutls_strerror(ret)); } if (dh_params) { |