aboutsummaryrefslogtreecommitdiffstats
path: root/common/rdr/TLSInStream.cxx
Commit message (Collapse)AuthorAgeFilesLines
* Make BufferedInStream allocation more availablePierre Ossman2022-08-251-2/+2
| | | | | Allow subclasses to call it, instead of it being strictly internal. This is useful when a subclass can only provide data in minimum sized chunks.
* Don't trust GNUTLS_E_AGAINPierre Ossman2022-04-061-3/+16
| | | | | | Unfortunately this error can be given by GnuTLS even though the underlying stream still has data available. So stop trusting this value and keep track of the underlying stream explicitly.
* Propagate exceptions from GnuTLS push/pull functionsPierre Ossman2021-06-111-2/+13
| | | | | Gives us a more meaningful error rather than just "Error in push/pull function".
* Remove early data check for TLSInStreamPierre Ossman2021-06-111-5/+3
| | | | | | | Having this early check means that we somewhat randomly get different exception behaviours on errors in deeper layers as some exceptions are allowed to propagate unhindered and some are not (since they are thrown in the pull function).
* Propagate errno to GnuTLSPierre Ossman2021-06-111-0/+5
| | | | | Give GnuTLS the correct errno from deeper layers, in the cases where we know it. In most cases GnuTLS doesn't care, but just in case...
* Change streams to be asynchronousPierre Ossman2020-05-211-7/+6
| | | | | | | | | | Major restructuring of how streams work. Neither input nor output streams are now blocking. This avoids stalling the rest of the client or server when a peer is slow or unresponsive. Note that this puts an extra burden on users of streams to make sure they are allowed to do their work once the underlying transports are ready (e.g. monitoring fds).
* Log I/O errors from TLS streamsPierre Ossman2020-05-211-1/+6
|
* Simplify stream availability handlingPierre Ossman2020-05-211-2/+2
| | | | | Just have a simply number of bytes argument to avoid a lot of complexity.
* Create common base classes for buffered streamsPierre Ossman2020-05-211-37/+9
| | | | | Most streams are backed by a memory buffer. Create common base classes for this functionality to avoid code duplication.
* Add stream avail() methodsPierre Ossman2020-05-211-1/+1
| | | | | Makes it more readable to write code that needs to know how much data/space is available in a stream.
* Merge branch 'secfix' of https://github.com/CendioOssman/tigervncPierre Ossman2019-12-201-8/+10
|\
| * Be defensive about overflows in stream objectsPierre Ossman2019-11-151-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | We use a lot of lengths given to us over the network, so be more paranoid about them causing an overflow as otherwise an attacker might trick us in to overwriting other memory. This primarily affects the client which often gets lengths from the server, but there are also some scenarios where the server might theoretically be vulnerable. Issue found by Pavel Cheremushkin from Kaspersky Lab.
| * Use size_t for lengths in stream objectsPierre Ossman2019-11-151-5/+5
| | | | | | | | | | | | | | | | Provides safety against them accidentally becoming negative because of bugs in the calculations. Also does the same to CharArray and friends as they were strongly connection to the stream objects.
* | Handle pending data in TLS buffersPierre Ossman2019-12-091-3/+5
|/ | | | | | There might be more bytes left in the current TLS record, even if there is nothing on the underlying stream. Make sure we properly return this when we aren't being requested to block.
* Merge branch 'upreqs' of https://github.com/CendioOssman/tigervncPierre Ossman2015-03-121-6/+5
|\ | | | | | | | | | | Conflicts: contrib/packages/rpm/el5/SPECS/tigervnc.spec vncviewer/Viewport.cxx
| * Raise GnuTLS requirements to 3.xPierre Ossman2015-01-291-6/+5
| | | | | | | | | | | | This allows us to simplify things by getting rid of some old compatibility code. People should really be using current versions of GnuTLS anyway to stay secure.
* | Fix bad signed/unsigned comparisonsPierre Ossman2015-03-031-1/+1
|/ | | | | Either by casting, or switching to a more appropriate type for the variable.
* GnuTLS 3.x has removed gnutls_transport_set_global_errno() in favour ofPierre Ossman2012-07-031-6/+3
| | | | | | | | gnutls_transport_set_errno(). Make sure we call the right errno function depending on which GnuTLS we're using. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4922 3789f03b-4d11-0410-bbf8-ca57d06f2519
* Refactor the TLS code so that the push/pull functions are aware of theirPierre Ossman2012-07-031-3/+11
| | | | | | | containing stream object. This is in preparation for supporting GnuTLS 3.x. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4921 3789f03b-4d11-0410-bbf8-ca57d06f2519
* Support building with older versions of gnutls; Fix gnutls detection when ↵DRC2010-09-301-0/+4
| | | | | | building statically using build-xorg git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4147 3789f03b-4d11-0410-bbf8-ca57d06f2519
* [Bugfix] Properly report transport errors to GNUTLS.Adam Tkac2010-08-251-7/+13
| | | | | | | Signed-off-by: Martin Koegler <mkoegler@auto.tuwien.ac.at> git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4125 3789f03b-4d11-0410-bbf8-ca57d06f2519
* [Development] Implement secure TLS streams.Adam Tkac2010-04-231-0/+111
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4044 3789f03b-4d11-0410-bbf8-ca57d06f2519