diff options
author | Ben Noordhuis <info@bnoordhuis.nl> | 2012-10-08 01:22:44 +0200 |
---|---|---|
committer | Ben Noordhuis <info@bnoordhuis.nl> | 2012-10-09 16:38:00 +0200 |
commit | 0ad005852c7bd7e896c9c94ae5284493aa35cb83 (patch) | |
tree | 652d0519192f49a5e5ac9a8ab2071ab2445a02b0 /lib | |
parent | 7394e89ff6167cf371e17cb43ff8d5c2f10d539c (diff) | |
download | android-node-v8-0ad005852c7bd7e896c9c94ae5284493aa35cb83.tar.gz android-node-v8-0ad005852c7bd7e896c9c94ae5284493aa35cb83.tar.bz2 android-node-v8-0ad005852c7bd7e896c9c94ae5284493aa35cb83.zip |
https: fix renegotation attack protection
Listen for the 'clientError' event that is emitted when a renegotation attack
is detected and close the connection.
Fixes test/pummel/test-https-ci-reneg-attack.js
Diffstat (limited to 'lib')
-rw-r--r-- | lib/http.js | 6 | ||||
-rw-r--r-- | lib/https.js | 4 | ||||
-rw-r--r-- | lib/tls.js | 2 |
3 files changed, 10 insertions, 2 deletions
diff --git a/lib/http.js b/lib/http.js index 5f4d842b92..4aa8f5cb40 100644 --- a/lib/http.js +++ b/lib/http.js @@ -1647,6 +1647,10 @@ function Server(requestListener) { this.httpAllowHalfOpen = false; this.addListener('connection', connectionListener); + + this.addListener('clientError', function(err, conn) { + conn.destroy(err); + }); } util.inherits(Server, net.Server); @@ -1705,7 +1709,7 @@ function connectionListener(socket) { } socket.addListener('error', function(e) { - self.emit('clientError', e); + self.emit('clientError', e, this); }); socket.ondata = function(d, start, end) { diff --git a/lib/https.js b/lib/https.js index bc4e8eeea0..0ed653c065 100644 --- a/lib/https.js +++ b/lib/https.js @@ -39,6 +39,10 @@ function Server(opts, requestListener) { if (requestListener) { this.addListener('request', requestListener); } + + this.addListener('clientError', function(err, conn) { + conn.destroy(err); + }); } inherits(Server, tls.Server); diff --git a/lib/tls.js b/lib/tls.js index 7a37b24531..1fe4f78999 100644 --- a/lib/tls.js +++ b/lib/tls.js @@ -1155,7 +1155,7 @@ function Server(/* [options], listener */) { } }); pair.on('error', function(err) { - self.emit('clientError', err); + self.emit('clientError', err, this); }); }); |