From db738e9503b28b306546c05f6286561b15658a8e Mon Sep 17 00:00:00 2001 From: Fred Nicolson Date: Wed, 8 Aug 2018 11:04:23 +0100 Subject: [PATCH] Bug fixes Added missing move/copy constructor deletors to SSLSocket, to prevent the object from becoming invalid. Removed noexcept specifier from some constructors where valid exceptions can be thrown. Exceptions are now thrown from the SSLSocket constructor if it fails to initialise properly, rather than printing something out to stderr and continuing. --- include/frnetlib/SSLContext.h | 17 ++--------------- include/frnetlib/SSLListener.h | 7 +++++-- include/frnetlib/Socket.h | 4 ++-- include/frnetlib/TcpSocket.h | 4 ++-- include/frnetlib/version.h | 8 ++++---- src/SSLListener.cpp | 25 ++++++++++++------------- src/Socket.cpp | 2 +- src/TcpSocket.cpp | 2 +- 8 files changed, 29 insertions(+), 40 deletions(-) diff --git a/include/frnetlib/SSLContext.h b/include/frnetlib/SSLContext.h index 02fbbc1..fa7b940 100644 --- a/include/frnetlib/SSLContext.h +++ b/include/frnetlib/SSLContext.h @@ -51,14 +51,7 @@ namespace fr */ bool load_ca_certs_from_memory(const std::string &ca_certs) { - std::cerr << "Note: load_ca_certs_from_memory() seems to be broken. Please use load_ca_certs_from_file() until this is resolved." << std::endl; - int error = mbedtls_x509_crt_parse(&cacert, (const unsigned char *)ca_certs.c_str(), ca_certs.size()); - if(error < 0) - { - std::cout << "Failed to parse root CA certificates. Parse returned: " << error << std::endl; - return false; - } - return true; + return mbedtls_x509_crt_parse(&cacert, (const unsigned char *)ca_certs.c_str(), ca_certs.size()) == 0; } /*! @@ -69,13 +62,7 @@ namespace fr */ bool load_ca_certs_from_file(const std::string &ca_certs_filepath) { - int error = mbedtls_x509_crt_parse_file(&cacert, ca_certs_filepath.c_str()); - if(error < 0) - { - std::cout << "Failed to parse root CA certificates. Parse returned: " << error << std::endl; - return false; - } - return true; + return mbedtls_x509_crt_parse_file(&cacert, ca_certs_filepath.c_str()) == 0; } mbedtls_entropy_context entropy; diff --git a/include/frnetlib/SSLListener.h b/include/frnetlib/SSLListener.h index 44583cd..2b04702 100644 --- a/include/frnetlib/SSLListener.h +++ b/include/frnetlib/SSLListener.h @@ -22,9 +22,12 @@ namespace fr class SSLListener : public Listener { public: - explicit SSLListener(std::shared_ptr ssl_context, const std::string &pem_path, const std::string &private_key_path) noexcept; + explicit SSLListener(std::shared_ptr ssl_context, const std::string &pem_path, const std::string &private_key_path); virtual ~SSLListener() noexcept; - SSLListener(SSLListener &&o) noexcept = default; + SSLListener(SSLListener &&) = delete; + SSLListener(SSLListener &o) = delete; + void operator=(const SSLListener &) = delete; + void operator=(SSLListener &&) = delete; /*! * Listens to the given port for connections diff --git a/include/frnetlib/Socket.h b/include/frnetlib/Socket.h index c1cb7cd..b23e6ae 100644 --- a/include/frnetlib/Socket.h +++ b/include/frnetlib/Socket.h @@ -43,8 +43,8 @@ namespace fr any = 3 }; - Socket() noexcept; - virtual ~Socket() noexcept = default; + Socket(); + virtual ~Socket() = default; Socket(Socket &&) =delete; Socket(const Socket &) =delete; void operator=(const Socket &) =delete; diff --git a/include/frnetlib/TcpSocket.h b/include/frnetlib/TcpSocket.h index 6a735ce..b75d920 100644 --- a/include/frnetlib/TcpSocket.h +++ b/include/frnetlib/TcpSocket.h @@ -15,7 +15,7 @@ class TcpSocket : public Socket { public: TcpSocket() noexcept; - virtual ~TcpSocket() noexcept; + ~TcpSocket() override; TcpSocket(TcpSocket &&) = delete; TcpSocket(const TcpSocket &) = delete; void operator=(TcpSocket &&)=delete; @@ -98,7 +98,7 @@ protected: /*! * Close the connection. */ - virtual void close_socket(); + void close_socket() override; int32_t socket_descriptor; }; diff --git a/include/frnetlib/version.h b/include/frnetlib/version.h index 3cb1849..5d7c9ac 100644 --- a/include/frnetlib/version.h +++ b/include/frnetlib/version.h @@ -9,10 +9,10 @@ #define FRNETLIB_VERSION_MAJOR 1 #define FRNETLIB_VERSION_MINOR 0 -#define FRNETLIB_VERSION_PATCH 0 +#define FRNETLIB_VERSION_PATCH 1 -#define FRNETLIB_VERSION_NUMBER 0x01000000 -#define FRNETLIB_VERSION_STRING "1.0.0" -#define FRNETLIB_VERSION__STRING_FULL "frnetlib 1.0.0" +#define FRNETLIB_VERSION_NUMBER (FRNETLIB_VERSION_MAJOR * 100*100 + FRNETLIB_VERSION_MINOR * 100 + FRNETLIB_VERSION_PATCH) +#define FRNETLIB_VERSION_STRING "1.0.1" +#define FRNETLIB_VERSION_STRING_FULL "frnetlib 1.0.1" #endif //FRNETLIB_VERSION_H diff --git a/src/SSLListener.cpp b/src/SSLListener.cpp index 7fc6814..5b0a177 100644 --- a/src/SSLListener.cpp +++ b/src/SSLListener.cpp @@ -13,7 +13,7 @@ namespace fr { - SSLListener::SSLListener(std::shared_ptr ssl_context_, const std::string &pem_path, const std::string &private_key_path) noexcept + SSLListener::SSLListener(std::shared_ptr ssl_context_, const std::string &pem_path, const std::string &private_key_path) : ssl_context(std::move(ssl_context_)) { //Initialise SSL objects required @@ -24,33 +24,32 @@ namespace fr int error = 0; - //Load certificates and private key + //Load public key error = mbedtls_x509_crt_parse_file(&srvcert, pem_path.c_str()); if(error != 0) { - std::cout << "Failed to initialise SSL listener. PEM Parse returned: " << error << std::endl; - return; + throw std::runtime_error("mbedtls_x509_crt_parse_file() returned: " + std::to_string(error)); } + //Load private key error = mbedtls_pk_parse_keyfile(&pkey, private_key_path.c_str(), 0); if(error != 0) { - std::cout << "Failed to initialise SSL listener. Private Key Parse returned: " << error << std::endl; - return; + throw std::runtime_error("mbedtls_pk_parse_keyfile() returned: " + std::to_string(error)); } - //Setup data structures - if((error = mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT)) != 0) + //Setup data structures and apply settings + error = mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); + if(error != 0) { - std::cout << "Failed to configure SSL presets: " << error << std::endl; - return; + throw std::runtime_error("mbedtls_ssl_config_defaults() returned: " + std::to_string(error)); } - - //Apply them mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ssl_context->ctr_drbg); mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, nullptr); - if((error = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) + //Apply loaded certs + error = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey); + if(error != 0) { std::cout << "Failed to set certificate: " << error << std::endl; return; diff --git a/src/Socket.cpp b/src/Socket.cpp index bf16c76..328f071 100644 --- a/src/Socket.cpp +++ b/src/Socket.cpp @@ -12,7 +12,7 @@ namespace fr { - Socket::Socket() noexcept + Socket::Socket() : is_blocking(true), ai_family(AF_UNSPEC), max_receive_size(0) diff --git a/src/TcpSocket.cpp b/src/TcpSocket.cpp index a42fe8e..c5d5cd5 100644 --- a/src/TcpSocket.cpp +++ b/src/TcpSocket.cpp @@ -11,7 +11,7 @@ namespace fr { TcpSocket::TcpSocket() noexcept - : socket_descriptor(-1) + : socket_descriptor(-1) { }