Context Navigation

gnutls_io.c @ 72b669e

Visit:

debian/masterproxy-ticket

Last change on this file since 72b669e was 72b669e, checked in by Fiona Klute <fiona.klute@…>, 23 months ago

Refuse to send or receive over a failed TLS connection

On a failed connection (e.g. after a refused handshake) the
input/output filters would pass data unprocessed to the next filter in
the chain. On a normal server this just led to odd log messages
(because the HTTP handler couldn't process whatever the client was
sending), but for proxy HTTPS connections it caused a security issue:
The proxy request would be sent unencrypted after the failed
handshake, and the connection only closed when mod_proxy didn't
receive a valid response.

The fix is to refuse any send or receive operations through the
filters if the TLS connection failed.

Property mode set to 100644

File size: 31.1 KB

Line
1	/*
2	* Copyright 2004-2005 Paul Querna
3	* Copyright 2008 Nikos Mavrogiannopoulos
4	* Copyright 2011 Dash Shendy
5	* Copyright 2015-2017 Fiona Klute
6	*
7	* Licensed under the Apache License, Version 2.0 (the "License");
8	* you may not use this file except in compliance with the License.
9	* You may obtain a copy of the License at
10	*
11	* http://www.apache.org/licenses/LICENSE-2.0
12	*
13	* Unless required by applicable law or agreed to in writing, software
14	* distributed under the License is distributed on an "AS IS" BASIS,
15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16	* See the License for the specific language governing permissions and
17	* limitations under the License.
18	*/
19
20	#include "mod_gnutls.h"
21
22	#ifdef APLOG_USE_MODULE
23	APLOG_USE_MODULE(gnutls);
24	#endif
25
26	#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
27	#include <inttypes.h>
28	#endif
29
30	/**
31	* @file
32	* Describe how the GnuTLS Filter system works here
33	* - Basicly the same as what mod_ssl does with OpenSSL.
34	*
35	*/
36
37	#define HTTP_ON_HTTPS_PORT \
38	"GET /" CRLF
39
40	#define HTTP_ON_HTTPS_PORT_BUCKET(alloc) \
41	apr_bucket_immortal_create(HTTP_ON_HTTPS_PORT, \
42	sizeof(HTTP_ON_HTTPS_PORT) - 1, \
43	alloc)
44
45	#define IS_PROXY_STR(c) \
46	((c->is_proxy == GNUTLS_ENABLED_TRUE) ? "proxy " : "")
47
48	/**
49	* Convert `APR_EINTR` or `APR_EAGAIN` to the matching errno. Needed
50	* to pass the status on to GnuTLS from the pull and push functions.
51	*/
52	#define EAI_APR_TO_RAW(s) (APR_STATUS_IS_EAGAIN(s) ? EAGAIN : EINTR)
53
54
55
56	static apr_status_t gnutls_io_filter_error(ap_filter_t * f,
57	apr_bucket_brigade * bb,
58	apr_status_t status) {
59	mgs_handle_t ctxt = (mgs_handle_t ) f->ctx;
60	apr_bucket *bucket;
61
62	switch (status) {
63	case HTTP_BAD_REQUEST:
64	/* log the situation */
65	ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c,
66	"GnuTLS handshake failed: HTTP spoken on HTTPS port; "
67	"trying to send HTML error page");
68	ctxt->status = -1;
69
70	/* fake the request line */
71	bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc);
72	break;
73
74	default:
75	return status;
76	}
77
78	APR_BRIGADE_INSERT_TAIL(bb, bucket);
79	bucket = apr_bucket_eos_create(f->c->bucket_alloc);
80	APR_BRIGADE_INSERT_TAIL(bb, bucket);
81
82	return APR_SUCCESS;
83	}
84
85	static int char_buffer_read(mgs_char_buffer_t * buffer, char *in, int inl) {
86	if (!buffer->length) {
87	return 0;
88	}
89
90	if (buffer->length > inl) {
91	/* we have have enough to fill the caller's buffer */
92	memmove(in, buffer->value, inl);
93	buffer->value += inl;
94	buffer->length -= inl;
95	} else {
96	/* swallow remainder of the buffer */
97	memmove(in, buffer->value, buffer->length);
98	inl = buffer->length;
99	buffer->value = NULL;
100	buffer->length = 0;
101	}
102
103	return inl;
104	}
105
106	static int char_buffer_write(mgs_char_buffer_t * buffer, char *in, int inl) {
107	buffer->value = in;
108	buffer->length = inl;
109	return inl;
110	}
111
112	/**
113	* From mod_ssl / ssl_engine_io.c
114	* This function will read from a brigade and discard the read buckets as it
115	* proceeds. It will read at most *len bytes.
116	*/
117	static apr_status_t brigade_consume(apr_bucket_brigade * bb,
118	apr_read_type_e block,
119	char c, apr_size_t len) {
120	apr_size_t actual = 0;
121	apr_status_t status = APR_SUCCESS;
122
123	while (!APR_BRIGADE_EMPTY(bb)) {
124	apr_bucket *b = APR_BRIGADE_FIRST(bb);
125	const char *str;
126	apr_size_t str_len;
127	apr_size_t consume;
128
129	/* Justin points out this is an http-ism that might
130	* not fit if brigade_consume is added to APR. Perhaps
131	* apr_bucket_read(eos_bucket) should return APR_EOF?
132	* Then this becomes mainline instead of a one-off.
133	*/
134	if (APR_BUCKET_IS_EOS(b)) {
135	status = APR_EOF;
136	break;
137	}
138
139	/* The reason I'm not offering brigade_consume yet
140	* across to apr-util is that the following call
141	* illustrates how borked that API really is. For
142	* this sort of case (caller provided buffer) it
143	* would be much more trivial for apr_bucket_consume
144	* to do all the work that follows, based on the
145	* particular characteristics of the bucket we are
146	* consuming here.
147	*/
148	status = apr_bucket_read(b, &str, &str_len, block);
149
150	if (status != APR_SUCCESS) {
151	if (APR_STATUS_IS_EOF(status)) {
152	/* This stream bucket was consumed */
153	apr_bucket_delete(b);
154	continue;
155	}
156	break;
157	}
158
159	if (str_len > 0) {
160	/* Do not block once some data has been consumed */
161	block = APR_NONBLOCK_READ;
162
163	/* Assure we don't overflow. */
164	consume =
165	(str_len + actual >
166	len) ? len - actual : str_len;
167
168	memcpy(c, str, consume);
169
170	c += consume;
171	actual += consume;
172
173	if (consume >= b->length) {
174	/* This physical bucket was consumed */
175	apr_bucket_delete(b);
176	} else {
177	/* Only part of this physical bucket was consumed */
178	b->start += consume;
179	b->length -= consume;
180	}
181	} else if (b->length == 0) {
182	apr_bucket_delete(b);
183	}
184
185	/* This could probably be actual == *len, but be safe from stray
186	* photons. */
187	if (actual >= *len) {
188	break;
189	}
190	}
191
192	*len = actual;
193	return status;
194	}
195
196	static apr_status_t gnutls_io_input_read(mgs_handle_t * ctxt,
197	char buf, apr_size_t len)
198	{
199	apr_size_t wanted = *len;
200	apr_size_t bytes = 0;
201	int rc;
202
203	*len = 0;
204
205	/* If we have something leftover from last time, try that first. */
206	if ((bytes = char_buffer_read(&ctxt->input_cbuf, buf, wanted))) {
207	*len = bytes;
208	if (ctxt->input_mode == AP_MODE_SPECULATIVE) {
209	/* We want to rollback this read. */
210	if (ctxt->input_cbuf.length > 0) {
211	ctxt->input_cbuf.value -= bytes;
212	ctxt->input_cbuf.length += bytes;
213	} else {
214	char_buffer_write(&ctxt->input_cbuf, buf,
215	(int) bytes);
216	}
217	return APR_SUCCESS;
218	}
219	/* This could probably be *len == wanted, but be safe from stray
220	* photons.
221	*/
222	if (*len >= wanted) {
223	return APR_SUCCESS;
224	}
225	if (ctxt->input_mode == AP_MODE_GETLINE) {
226	if (memchr(buf, APR_ASCII_LF, *len)) {
227	return APR_SUCCESS;
228	}
229	} else {
230	/* Down to a nonblock pattern as we have some data already
231	*/
232	ctxt->input_block = APR_NONBLOCK_READ;
233	}
234	}
235
236	if (ctxt->session == NULL) {
237	ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, ctxt->c,
238	"%s: GnuTLS session is NULL!", __func__);
239	return APR_EGENERAL;
240	}
241
242	while (1)
243	{
244	rc = gnutls_record_recv(ctxt->session, buf + bytes, wanted - bytes);
245
246	if (rc == GNUTLS_E_INTERRUPTED)
247	ctxt->input_rc = APR_EINTR;
248	else if (rc == GNUTLS_E_AGAIN)
249	ctxt->input_rc = APR_EAGAIN;
250
251	if (rc > 0) {
252	*len += rc;
253	if (ctxt->input_mode == AP_MODE_SPECULATIVE) {
254	/* We want to rollback this read. */
255	char_buffer_write(&ctxt->input_cbuf, buf,
256	rc);
257	}
258	return ctxt->input_rc;
259	} else if (rc == 0) {
260	/* If EAGAIN, we will loop given a blocking read,
261	* otherwise consider ourselves at EOF.
262	*/
263	if (APR_STATUS_IS_EAGAIN(ctxt->input_rc)
264	\|\| APR_STATUS_IS_EINTR(ctxt->input_rc)) {
265	/* Already read something, return APR_SUCCESS instead.
266	* On win32 in particular, but perhaps on other kernels,
267	* a blocking call isn't 'always' blocking.
268	*/
269	if (*len > 0) {
270	ctxt->input_rc = APR_SUCCESS;
271	break;
272	}
273	if (ctxt->input_block == APR_NONBLOCK_READ) {
274	break;
275	}
276	} else {
277	if (*len > 0) {
278	ctxt->input_rc = APR_SUCCESS;
279	} else {
280	ctxt->input_rc = APR_EOF;
281	}
282	break;
283	}
284	} else { /* (rc < 0) */
285
286	if (rc == GNUTLS_E_REHANDSHAKE) {
287	/* A client has asked for a new Hankshake. Currently, we don't do it */
288	ap_log_cerror(APLOG_MARK, APLOG_INFO,
289	ctxt->input_rc,
290	ctxt->c,
291	"GnuTLS: Error reading data. Client Requested a New Handshake."
292	" (%d) '%s'", rc,
293	gnutls_strerror(rc));
294	} else if (rc == GNUTLS_E_WARNING_ALERT_RECEIVED) {
295	rc = gnutls_alert_get(ctxt->session);
296	ap_log_cerror(APLOG_MARK, APLOG_INFO,
297	ctxt->input_rc,
298	ctxt->c,
299	"GnuTLS: Warning Alert From Client: "
300	" (%d) '%s'", rc,
301	gnutls_alert_get_name(rc));
302	} else if (rc == GNUTLS_E_FATAL_ALERT_RECEIVED) {
303	rc = gnutls_alert_get(ctxt->session);
304	ap_log_cerror(APLOG_MARK, APLOG_INFO,
305	ctxt->input_rc,
306	ctxt->c,
307	"GnuTLS: Fatal Alert From Client: "
308	"(%d) '%s'", rc,
309	gnutls_alert_get_name(rc));
310	ctxt->input_rc = APR_EGENERAL;
311	break;
312	} else {
313	/* Some Other Error. Report it. Die. */
314	if (gnutls_error_is_fatal(rc)) {
315	ap_log_cerror(APLOG_MARK,
316	APLOG_INFO,
317	ctxt->input_rc,
318	ctxt->c,
319	"GnuTLS: Error reading data. (%d) '%s'",
320	rc,
321	gnutls_strerror(rc));
322	} else if (*len > 0) {
323	ctxt->input_rc = APR_SUCCESS;
324	break;
325	}
326	}
327
328	if (ctxt->input_rc == APR_SUCCESS) {
329	ap_log_cerror(APLOG_MARK, APLOG_INFO, ctxt->input_rc, ctxt->c,
330	"%s: GnuTLS error: %s (%d)",
331	__func__, gnutls_strerror(rc), rc);
332	ctxt->input_rc = APR_EGENERAL;
333	}
334	break;
335	}
336	}
337	return ctxt->input_rc;
338	}
339
340	static apr_status_t gnutls_io_input_getline(mgs_handle_t * ctxt,
341	char buf, apr_size_t len) {
342	const char *pos = NULL;
343	apr_status_t status;
344	apr_size_t tmplen = len, buflen = len, offset = 0;
345
346	*len = 0;
347
348	while (tmplen > 0) {
349	status = gnutls_io_input_read(ctxt, buf + offset, &tmplen);
350
351	if (status != APR_SUCCESS) {
352	return status;
353	}
354
355	*len += tmplen;
356
357	if ((pos = memchr(buf, APR_ASCII_LF, *len))) {
358	break;
359	}
360
361	offset += tmplen;
362	tmplen = buflen - offset;
363	}
364
365	if (pos) {
366	char *value;
367	int length;
368	apr_size_t bytes = pos - buf;
369
370	bytes += 1;
371	value = buf + bytes;
372	length = *len - bytes;
373
374	char_buffer_write(&ctxt->input_cbuf, value, length);
375
376	*len = bytes;
377	}
378
379	return APR_SUCCESS;
380	}
381
382	#define HANDSHAKE_MAX_TRIES 1024
383
384	static int gnutls_do_handshake(mgs_handle_t * ctxt) {
385	int ret;
386	int errcode;
387	int maxtries = HANDSHAKE_MAX_TRIES;
388
389	if (ctxt->status != 0 \|\| ctxt->session == NULL) {
390	return -1;
391	}
392
393	/* Enable SNI for proxy connections */
394	if (ctxt->is_proxy == GNUTLS_ENABLED_TRUE)
395	{
396	/* Get peer hostname from note left by mod_proxy */
397	const char *peer_hostname =
398	apr_table_get(ctxt->c->notes, PROXY_SNI_NOTE);
399	/* Used only as target for apr_ipsubnet_create() */
400	apr_ipsubnet_t *probe;
401	/* Check if the note is present (!= NULL) and NOT an IP
402	* address */
403	if ((peer_hostname) != NULL
404	&& (apr_ipsubnet_create(&probe, peer_hostname, NULL, ctxt->c->pool)
405	!= APR_SUCCESS))
406	{
407	ret = gnutls_server_name_set(ctxt->session, GNUTLS_NAME_DNS,
408	peer_hostname, strlen(peer_hostname));
409	if (ret != GNUTLS_E_SUCCESS)
410	ap_log_cerror(APLOG_MARK, APLOG_ERR, ret, ctxt->c,
411	"Could not set SNI '%s' for proxy connection: "
412	"%s (%d)",
413	peer_hostname, gnutls_strerror(ret), ret);
414	}
415	}
416
417	tryagain:
418	do {
419	ret = gnutls_handshake(ctxt->session);
420	maxtries--;
421	} while ((ret == GNUTLS_E_INTERRUPTED \|\| ret == GNUTLS_E_AGAIN)
422	&& maxtries > 0);
423
424	if (maxtries < 1) {
425	ctxt->status = -1;
426	ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, ctxt->c,
427	"GnuTLS: Handshake Failed. Hit Maximum Attempts");
428	if (ctxt->session) {
429	gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL,
430	gnutls_error_to_alert
431	(GNUTLS_E_INTERNAL_ERROR, NULL));
432	gnutls_deinit(ctxt->session);
433	}
434	ctxt->session = NULL;
435	return -1;
436	}
437
438	if (ret < 0) {
439	if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
440	\|\| ret == GNUTLS_E_FATAL_ALERT_RECEIVED) {
441	errcode = gnutls_alert_get(ctxt->session);
442	ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, ctxt->c,
443	"GnuTLS: Handshake Alert (%d) '%s'.",
444	errcode, gnutls_alert_get_name(errcode));
445	}
446
447	if (!gnutls_error_is_fatal(ret)) {
448	ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, ctxt->c,
449	"GnuTLS: Non-Fatal Handshake Error: (%d) '%s'",
450	ret, gnutls_strerror(ret));
451	goto tryagain;
452	}
453	ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, ctxt->c,
454	"GnuTLS: Handshake Failed (%d) '%s'", ret,
455	gnutls_strerror(ret));
456	ctxt->status = -1;
457	if (ctxt->session) {
458	gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL,
459	gnutls_error_to_alert(ret,
460	NULL));
461	gnutls_deinit(ctxt->session);
462	}
463	ctxt->session = NULL;
464	return ret;
465	} else {
466	/* all done with the handshake */
467	ctxt->status = 1;
468	if (gnutls_session_is_resumed(ctxt->session))
469	{
470	ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, ctxt->c,
471	"%s: TLS session resumed.", __func__);
472	}
473	return GNUTLS_E_SUCCESS;
474	}
475	}
476
477	int mgs_rehandshake(mgs_handle_t * ctxt) {
478	int rv;
479
480	if (ctxt->session == NULL)
481	return -1;
482
483	rv = gnutls_rehandshake(ctxt->session);
484
485	if (rv != 0) {
486	/* the client did not want to rehandshake. goodbye */
487	ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, ctxt->c,
488	"GnuTLS: Client Refused Rehandshake request.");
489	return -1;
490	}
491
492	ctxt->status = 0;
493
494	rv = gnutls_do_handshake(ctxt);
495
496	return rv;
497	}
498
499
500
501	/**
502	* Close the TLS session associated with the given connection
503	* structure and free its resources
504	*
505	* @param ctxt the mod_gnutls session context
506	*
507	* @return a GnuTLS status code, hopefully `GNUTLS_E_SUCCESS`
508	*/
509	static int mgs_bye(mgs_handle_t* ctxt)
510	{
511	int ret = GNUTLS_E_SUCCESS;
512	/* End Of Connection */
513	if (ctxt->session != NULL)
514	{
515	/* Try A Clean Shutdown */
516	do {
517	ret = gnutls_bye(ctxt->session, GNUTLS_SHUT_WR);
518	} while (ret == GNUTLS_E_INTERRUPTED \|\| ret == GNUTLS_E_AGAIN);
519	if (ret != GNUTLS_E_SUCCESS)
520	ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_EGENERAL, ctxt->c,
521	"%s: Error while closing TLS %sconnection: "
522	"'%s' (%d)",
523	__func__, IS_PROXY_STR(ctxt),
524	gnutls_strerror(ret), (int) ret);
525	else
526	ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, ctxt->c,
527	"%s: TLS %sconnection closed.",
528	__func__, IS_PROXY_STR(ctxt));
529	/* De-Initialize Session */
530	gnutls_deinit(ctxt->session);
531	ctxt->session = NULL;
532	}
533	return ret;
534	}
535
536
537
538	apr_status_t mgs_filter_input(ap_filter_t * f,
539	apr_bucket_brigade * bb,
540	ap_input_mode_t mode,
541	apr_read_type_e block, apr_off_t readbytes)
542	{
543	apr_status_t status = APR_SUCCESS;
544	mgs_handle_t ctxt = (mgs_handle_t ) f->ctx;
545	apr_size_t len = sizeof (ctxt->input_buffer);
546
547	if (f->c->aborted) {
548	apr_bucket *bucket =
549	apr_bucket_eos_create(f->c->bucket_alloc);
550	APR_BRIGADE_INSERT_TAIL(bb, bucket);
551	ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, ctxt->c,
552	"%s: %sconnection aborted",
553	__func__, IS_PROXY_STR(ctxt));
554	return APR_ECONNABORTED;
555	}
556
557	if (ctxt->status == 0) {
558	int ret = gnutls_do_handshake(ctxt);
559	if (ret == GNUTLS_E_SUCCESS)
560	ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, ctxt->c,
561	"%s: TLS %sconnection opened.",
562	__func__, IS_PROXY_STR(ctxt));
563	}
564
565	if (ctxt->status < 0)
566	{
567	ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, ctxt->c,
568	"%s: %sconnection failed, cannot provide data!",
569	__func__, IS_PROXY_STR(ctxt));
570	apr_bucket *bucket =
571	apr_bucket_eos_create(f->c->bucket_alloc);
572	APR_BRIGADE_INSERT_TAIL(bb, bucket);
573	return APR_ECONNABORTED;
574	}
575
576	/* XXX: we don't currently support anything other than these modes. */
577	if (mode != AP_MODE_READBYTES && mode != AP_MODE_GETLINE &&
578	mode != AP_MODE_SPECULATIVE && mode != AP_MODE_INIT) {
579	return APR_ENOTIMPL;
580	}
581
582	ctxt->input_mode = mode;
583	ctxt->input_block = block;
584
585	if (ctxt->input_mode == AP_MODE_READBYTES \|\|
586	ctxt->input_mode == AP_MODE_SPECULATIVE) {
587	if (readbytes < 0) {
588	/* you're asking us to speculatively read a negative number of bytes! */
589	return APR_ENOTIMPL;
590	}
591	/* 'readbytes' and 'len' are of different integer types, which
592	* might have different lengths. Read sizes should be too
593	* small for 32 or 64 bit to matter, but we have to make
594	* sure. */
595	#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
596	if ((apr_size_t) readbytes < len)
597	{
598	/* If readbytes is negative the function fails in the
599	* check above, but the compiler doesn't get that. */
600	if (__builtin_expect(imaxabs(readbytes) > SIZE_MAX, 0))
601	{
602	ap_log_cerror(APLOG_MARK, APLOG_CRIT, APR_EINVAL, ctxt->c,
603	"%s: prevented buffer length overflow",
604	__func__);
605	return APR_EINVAL;
606	}
607	len = (apr_size_t) readbytes;
608	}
609	#else
610	if ((apr_size_t) readbytes < len
611	&& __builtin_add_overflow(readbytes, 0, &len))
612	{
613	ap_log_cerror(APLOG_MARK, APLOG_CRIT, APR_EINVAL, ctxt->c,
614	"%s: prevented buffer length overflow",
615	__func__);
616	return APR_EINVAL;
617	}
618	#endif
619	status =
620	gnutls_io_input_read(ctxt, ctxt->input_buffer, &len);
621	} else if (ctxt->input_mode == AP_MODE_GETLINE) {
622	status =
623	gnutls_io_input_getline(ctxt, ctxt->input_buffer,
624	&len);
625	} else {
626	/* We have no idea what you are talking about, so return an error. */
627	return APR_ENOTIMPL;
628	}
629
630	if (status != APR_SUCCESS)
631	{
632	/* no data for nonblocking read, return APR_EAGAIN */
633	if ((block == APR_NONBLOCK_READ) && APR_STATUS_IS_EINTR(status))
634	return APR_EAGAIN;
635
636	/* Close TLS session and free resources on EOF,
637	* gnutls_io_filter_error will add an EOS bucket */
638	if (APR_STATUS_IS_EOF(status))
639	mgs_bye(ctxt);
640
641	return gnutls_io_filter_error(f, bb, status);
642	}
643
644	/* Create a transient bucket out of the decrypted data. */
645	if (len > 0) {
646	apr_bucket *bucket =
647	apr_bucket_transient_create(ctxt->input_buffer, len,
648	f->c->bucket_alloc);
649	APR_BRIGADE_INSERT_TAIL(bb, bucket);
650	}
651
652	return status;
653	}
654
655	/**
656	* Try to flush the output bucket brigade.
657	*
658	* @param ctxt the mod_gnutls session context
659	*
660	* @return `1` on success, `-1` on failure.
661	*/
662	static ssize_t write_flush(mgs_handle_t * ctxt) {
663	apr_bucket *e;
664
665	if (!(ctxt->output_blen \|\| ctxt->output_length)) {
666	ctxt->output_rc = APR_SUCCESS;
667	return 1;
668	}
669
670	if (ctxt->output_blen) {
671	e = apr_bucket_transient_create(ctxt->output_buffer,
672	ctxt->output_blen,
673	ctxt->output_bb->
674	bucket_alloc);
675	/* we filled this buffer first so add it to the
676	* * head of the brigade
677	* */
678	APR_BRIGADE_INSERT_HEAD(ctxt->output_bb, e);
679	ctxt->output_blen = 0;
680	}
681
682	ctxt->output_length = 0;
683	e = apr_bucket_flush_create(ctxt->output_bb->bucket_alloc);
684	APR_BRIGADE_INSERT_TAIL(ctxt->output_bb, e);
685
686	ctxt->output_rc = ap_pass_brigade(ctxt->output_filter->next,
687	ctxt->output_bb);
688	/* clear the brigade to be ready for next time */
689	apr_brigade_cleanup(ctxt->output_bb);
690
691	return (ctxt->output_rc == APR_SUCCESS) ? 1 : -1;
692	}
693
694	apr_status_t mgs_filter_output(ap_filter_t * f, apr_bucket_brigade * bb) {
695	int ret;
696	mgs_handle_t ctxt = (mgs_handle_t ) f->ctx;
697	apr_status_t status = APR_SUCCESS;
698	apr_read_type_e rblock = APR_NONBLOCK_READ;
699
700	if (f->c->aborted) {
701	apr_brigade_cleanup(bb);
702	return APR_ECONNABORTED;
703	}
704
705	if (ctxt->status == 0) {
706	ret = gnutls_do_handshake(ctxt);
707	if (ret == GNUTLS_E_SUCCESS)
708	ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, ctxt->c,
709	"%s: TLS %sconnection opened.",
710	__func__, IS_PROXY_STR(ctxt));
711	}
712
713	if (ctxt->status < 0)
714	{
715	ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, ctxt->c,
716	"%s: %sconnection failed, refusing to send.",
717	__func__, IS_PROXY_STR(ctxt));
718	if (ctxt->is_proxy)
719	{
720	/* If mod_proxy receives an error while trying to send its
721	* request it sends an "invalid request" error to the
722	* client. By pretending we could send the request
723	* mod_proxy continues its processing and sends a proper
724	* "proxy error" message when there's no response to read. */
725	apr_bucket *bucket = apr_bucket_eos_create(f->c->bucket_alloc);
726	APR_BRIGADE_INSERT_TAIL(bb, bucket);
727	return APR_SUCCESS;
728	}
729	else
730	return APR_ECONNABORTED;
731	}
732
733	while (!APR_BRIGADE_EMPTY(bb)) {
734	apr_bucket *bucket = APR_BRIGADE_FIRST(bb);
735
736	if (APR_BUCKET_IS_EOS(bucket)) {
737	return ap_pass_brigade(f->next, bb);
738	} else if (APR_BUCKET_IS_FLUSH(bucket)) {
739	/* Try Flush */
740	if (write_flush(ctxt) < 0) {
741	/* Flush Error */
742	return ctxt->output_rc;
743	}
744	/* cleanup! */
745	apr_bucket_delete(bucket);
746	} else if (AP_BUCKET_IS_EOC(bucket)) {
747	/* End Of Connection, close TLS session and free
748	* resources */
749	mgs_bye(ctxt);
750	/* cleanup! */
751	apr_bucket_delete(bucket);
752	/* Pass next brigade! */
753	return ap_pass_brigade(f->next, bb);
754	} else {
755	/* filter output */
756	const char *data;
757	apr_size_t len;
758
759	status = apr_bucket_read(bucket, &data, &len, rblock);
760
761	if (APR_STATUS_IS_EAGAIN(status)) {
762	/* No data available so Flush! */
763	if (write_flush(ctxt) < 0) {
764	return ctxt->output_rc;
765	}
766	/* Try again with a blocking read. */
767	rblock = APR_BLOCK_READ;
768	continue;
769	}
770
771	rblock = APR_NONBLOCK_READ;
772
773	if (!APR_STATUS_IS_EOF(status)
774	&& (status != APR_SUCCESS)) {
775	return status;
776	}
777
778	if (len > 0) {
779
780	if (ctxt->session == NULL) {
781	ret = GNUTLS_E_INVALID_REQUEST;
782	} else {
783	do {
784	ret =
785	gnutls_record_send
786	(ctxt->session, data,
787	len);
788	} while (ret == GNUTLS_E_INTERRUPTED
789	\|\| ret == GNUTLS_E_AGAIN);
790	}
791
792	if (ret < 0) {
793	/* error sending output */
794	ap_log_cerror(APLOG_MARK, APLOG_INFO, ctxt->output_rc,
795	ctxt->c,
796	"GnuTLS: Error writing data. (%d) '%s'",
797	ret, gnutls_strerror(ret));
798	if (ctxt->output_rc == APR_SUCCESS) {
799	ctxt->output_rc =
800	APR_EGENERAL;
801	return ctxt->output_rc;
802	}
803	} else if ((apr_size_t)(ret) != len) {
804	/* we know the above cast is OK because len > 0 and ret >= 0 */
805	/* Not able to send the entire bucket,
806	split it and send it again. */
807	apr_bucket_split(bucket, ret);
808	}
809	}
810
811	apr_bucket_delete(bucket);
812	}
813	}
814
815	return status;
816	}
817
818	/**
819	* Pull function for GnuTLS
820	*
821	* Generic errnos used for `gnutls_transport_set_errno()`:
822	* * `EAGAIN`: no data available at the moment, try again (maybe later)
823	* * `EINTR`: read was interrupted, try again
824	* * `EIO`: Unknown I/O error
825	* * `ECONNABORTED`: Input BB does not exist (`NULL`)
826	*
827	* The reason we are not using `APR_TO_OS_ERROR` to map `apr_status_t`
828	* to errnos is this warning [in the APR documentation][apr-warn]:
829	*
830	* > If the statcode was not created by apr_get_os_error or
831	* > APR_FROM_OS_ERROR, the results are undefined.
832	*
833	* We cannot know if this applies to any error we might encounter.
834	*
835	* @param ptr GnuTLS session data pointer (the mod_gnutls context
836	* structure)
837	*
838	* @param buffer buffer for the read data
839	*
840	* @param len maximum number of bytes to read (must fit into the
841	* buffer)
842	*
843	* @return The number of bytes read (may be zero on EOF), or `-1` on
844	* error. Note that some errors may warrant another try (see above).
845	*
846	* [apr-warn]: https://apr.apache.org/docs/apr/1.4/group__apr__errno.html#ga2385cae04b04afbdcb65f1a45c4d8506 "Apache Portable Runtime: Error Codes"
847	*/
848	ssize_t mgs_transport_read(gnutls_transport_ptr_t ptr,
849	void *buffer, size_t len)
850	{
851	mgs_handle_t *ctxt = ptr;
852	apr_status_t rc;
853	apr_size_t in = len;
854	apr_read_type_e block = ctxt->input_block;
855
856	ctxt->input_rc = APR_SUCCESS;
857
858	/* If Len = 0, we don't do anything. */
859	if (!len \|\| buffer == NULL)
860	{
861	return 0;
862	}
863	/* Input bucket brigade is missing, EOF */
864	if (!ctxt->input_bb)
865	{
866	ctxt->input_rc = APR_EOF;
867	gnutls_transport_set_errno(ctxt->session, ECONNABORTED);
868	return -1;
869	}
870
871	if (APR_BRIGADE_EMPTY(ctxt->input_bb))
872	{
873	rc = ap_get_brigade(ctxt->input_filter->next,
874	ctxt->input_bb, AP_MODE_READBYTES,
875	ctxt->input_block, in);
876
877	/* Not a problem, there was simply no data ready yet.
878	*/
879	if (APR_STATUS_IS_EAGAIN(rc) \|\| APR_STATUS_IS_EINTR(rc)
880	\|\| (rc == APR_SUCCESS
881	&& APR_BRIGADE_EMPTY(ctxt->input_bb)))
882	{
883	if (APR_STATUS_IS_EOF(ctxt->input_rc))
884	{
885	return 0;
886	}
887	else
888	{
889	gnutls_transport_set_errno(ctxt->session,
890	EAI_APR_TO_RAW(ctxt->input_rc));
891	return -1;
892	}
893	}
894
895	if (rc != APR_SUCCESS)
896	{
897	/* Unexpected errors discard the brigade */
898	apr_brigade_cleanup(ctxt->input_bb);
899	ctxt->input_bb = NULL;
900	gnutls_transport_set_errno(ctxt->session, EIO);
901	return -1;
902	}
903	}
904
905	ctxt->input_rc = brigade_consume(ctxt->input_bb, block, buffer, &len);
906
907	if (ctxt->input_rc == APR_SUCCESS)
908	{
909	return (ssize_t) len;
910	}
911
912	if (APR_STATUS_IS_EAGAIN(ctxt->input_rc)
913	\|\| APR_STATUS_IS_EINTR(ctxt->input_rc))
914	{
915	if (len == 0)
916	{
917	gnutls_transport_set_errno(ctxt->session,
918	EAI_APR_TO_RAW(ctxt->input_rc));
919	return -1;
920	}
921
922	return (ssize_t) len;
923	}
924
925	/* Unexpected errors and APR_EOF clean out the brigade.
926	* Subsequent calls will return APR_EOF. */
927	apr_brigade_cleanup(ctxt->input_bb);
928	ctxt->input_bb = NULL;
929
930	if (APR_STATUS_IS_EOF(ctxt->input_rc) && len)
931	{
932	/* Some data has been received before EOF, return it. */
933	return (ssize_t) len;
934	}
935
936	gnutls_transport_set_errno(ctxt->session, EIO);
937	return -1;
938	}
939
940	/**
941	* Push function for GnuTLS
942	*
943	* `gnutls_transport_set_errno()` will be called with `EAGAIN` or
944	* `EINTR` on recoverable errors, or `EIO` in case of unexpected
945	* errors. See the description of mgs_transport_read() for details on
946	* possible error codes.
947	*
948	* @param ptr GnuTLS session data pointer (the mod_gnutls context
949	* structure)
950	*
951	* @param buffer buffer containing the data to send
952	*
953	* @param len length of the data
954	* buffer)
955	*
956	* @return The number of written bytes, or `-1` on error. Note that
957	* some errors may warrant another try (see above).
958	*/
959	ssize_t mgs_transport_write(gnutls_transport_ptr_t ptr,
960	const void *buffer, size_t len)
961	{
962	mgs_handle_t *ctxt = ptr;
963
964	/* pass along the encrypted data
965	* need to flush since we're using SSL's malloc-ed buffer
966	* which will be overwritten once we leave here
967	*/
968	apr_bucket *bucket = apr_bucket_transient_create(buffer, len,
969	ctxt->output_bb->
970	bucket_alloc);
971	ctxt->output_length += len;
972	APR_BRIGADE_INSERT_TAIL(ctxt->output_bb, bucket);
973
974	if (write_flush(ctxt) < 0)
975	{
976	/* We encountered an error. APR_EINTR or APR_EAGAIN can be
977	* handled, treat everything else as a generic I/O error. */
978	int err = EIO;
979	if (APR_STATUS_IS_EAGAIN(ctxt->output_rc)
980	\|\| APR_STATUS_IS_EINTR(ctxt->output_rc))
981	err = EAI_APR_TO_RAW(ctxt->output_rc);
982
983	gnutls_transport_set_errno(ctxt->session, err);
984	return -1;
985	}
986	return len;
987	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: mod_gnutls/src/gnutls_io.c @ 72b669e

Download in other formats: