Commit e93800c7 authored by Andre Freyssinet's avatar Andre Freyssinet

JORAM-342: handles connection from with bad protocol (errors or attacks).

parent 577148cc
......@@ -129,7 +129,10 @@ public class TcpConnectionListener extends Daemon {
try {
acceptConnection();
} catch (Exception exc) {
logger.log(BasicLevel.INFO, "TcpConnectionListener.run()", exc);
if (logger.isLoggable(BasicLevel.DEBUG))
logger.log(BasicLevel.INFO, "TcpConnectionListener.run()", exc);
else
logger.log(BasicLevel.INFO, "TcpConnectionListener.run()");
}
}
}
......@@ -188,17 +191,25 @@ public class TcpConnectionListener extends Daemon {
InputStream is = sock.getInputStream();
NetOutputStream nos = new NetOutputStream(sock);
byte[] magic = StreamUtil.readByteArrayFrom(is, 8);
byte[] magic = null;
try {
magic = StreamUtil.readByteArrayFrom(is, 8);
} catch (IOException exc) {
String errorMsg = "Connection from " + sock.getInetAddress() + ':' + sock.getPort() + " cannot read magic number. Client is not compatible with JORAM.";
protocolErrorCount++;
throw new IllegalAccessException(errorMsg);
}
for (int i = 0; i < 5; i++) {
if (magic.length == i || magic[i] != MetaData.joramMagic[i] && magic[i] > 0) {
String errorMsg = "Bad magic number. Client is not compatible with JORAM.";
String errorMsg = "Connection from " + sock.getInetAddress() + ':' + sock.getPort() + " bad magic number. Client is not compatible with JORAM.";
protocolErrorCount++;
throw new IllegalAccessException(errorMsg);
}
}
if (magic[7] != MetaData.joramMagic[7]) {
if (magic[7] > 0 && MetaData.joramMagic[7] > 0) {
String errorMsg = "Bad protocol version number " + magic[7] + " != " + MetaData.joramMagic[7];
String errorMsg = "Connection from " + sock.getInetAddress() + ':' + sock.getPort() + " bad protocol version number " + magic[7] + " != " + MetaData.joramMagic[7];
protocolErrorCount++;
throw new IllegalAccessException(errorMsg);
}
......@@ -297,13 +308,17 @@ public class TcpConnectionListener extends Daemon {
TcpConnection tcpConnection = new TcpConnection(ioctrl, ctx, proxyId, proxyService, identity);
tcpConnection.start();
} catch (IllegalAccessException exc) {
if (logger.isLoggable(BasicLevel.ERROR))
if (logger.isLoggable(BasicLevel.DEBUG))
logger.log(BasicLevel.ERROR, "TcpConnectionListener: close connection", exc);
else
logger.log(BasicLevel.ERROR, "TcpConnectionListener: close connection, " + exc.getMessage());
sock.close();
throw exc;
} catch (IOException exc) {
if (logger.isLoggable(BasicLevel.WARN))
logger.log(BasicLevel.WARN, "TcpConnectionListener: close socket", exc);
if (logger.isLoggable(BasicLevel.DEBUG))
logger.log(BasicLevel.WARN, "TcpConnectionListener: close connection", exc);
else
logger.log(BasicLevel.WARN, "TcpConnectionListener: close connection, " + exc.getMessage());
sock.close();
throw exc;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment