diff options
| author | Michael Brown | 2015-10-02 08:54:51 +0200 |
|---|---|---|
| committer | Michael Brown | 2015-10-02 08:54:51 +0200 |
| commit | 3bd0d340f41683055c077eacbefd250b026cb649 (patch) | |
| tree | 6d27e02b1b0c8cbdafda7e396bc9050c8622014c /src/net/tcp | |
| parent | [peerdist] Avoid NULL pointer dereference for plaintext blocks (diff) | |
| download | ipxe-3bd0d340f41683055c077eacbefd250b026cb649.tar.gz ipxe-3bd0d340f41683055c077eacbefd250b026cb649.tar.xz ipxe-3bd0d340f41683055c077eacbefd250b026cb649.zip | |
[http] Verify server port when reusing a pooled connection
Reported-by: Allen <allen@gtf.org>
Reported-by: Andreas Hammarskjöld <junior@2PintSoftware.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/net/tcp')
| -rw-r--r-- | src/net/tcp/httpconn.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/src/net/tcp/httpconn.c b/src/net/tcp/httpconn.c index 7e4877b7..a2c01a41 100644 --- a/src/net/tcp/httpconn.c +++ b/src/net/tcp/httpconn.c @@ -237,6 +237,7 @@ int http_connect ( struct interface *xfer, struct uri *uri ) { struct http_scheme *scheme; struct sockaddr_tcpip server; struct interface *socket; + unsigned int port; int rc; /* Identify scheme */ @@ -248,6 +249,9 @@ int http_connect ( struct interface *xfer, struct uri *uri ) { if ( ! uri->host ) return -EINVAL; + /* Identify port */ + port = uri_port ( uri, scheme->port ); + /* Look for a reusable connection in the pool */ list_for_each_entry ( conn, &http_connection_pool, pool.list ) { @@ -257,15 +261,16 @@ int http_connect ( struct interface *xfer, struct uri *uri ) { /* Reuse connection, if possible */ if ( ( scheme == conn->scheme ) && - ( strcmp ( uri->host, conn->uri->host ) == 0 ) ) { + ( strcmp ( uri->host, conn->uri->host ) == 0 ) && + ( port == uri_port ( conn->uri, scheme->port ) ) ) { /* Remove from connection pool, stop timer, * attach to parent interface, and return. */ pool_del ( &conn->pool ); intf_plug_plug ( &conn->xfer, xfer ); - DBGC2 ( conn, "HTTPCONN %p reused %s://%s\n", - conn, conn->scheme->name, conn->uri->host ); + DBGC2 ( conn, "HTTPCONN %p reused %s://%s:%d\n", conn, + conn->scheme->name, conn->uri->host, port ); return 0; } } @@ -281,7 +286,7 @@ int http_connect ( struct interface *xfer, struct uri *uri ) { /* Open socket */ memset ( &server, 0, sizeof ( server ) ); - server.st_port = htons ( uri_port ( uri, scheme->port ) ); + server.st_port = htons ( port ); socket = &conn->socket; if ( scheme->filter && ( ( rc = scheme->filter ( socket, uri->host, &socket ) ) != 0 ) ) @@ -296,13 +301,13 @@ int http_connect ( struct interface *xfer, struct uri *uri ) { ref_put ( &conn->refcnt ); DBGC2 ( conn, "HTTPCONN %p created %s://%s:%d\n", conn, - conn->scheme->name, conn->uri->host, ntohs ( server.st_port ) ); + conn->scheme->name, conn->uri->host, port ); return 0; err_open: err_filter: - DBGC2 ( conn, "HTTPCONN %p could not create %s://%s: %s\n", - conn, conn->scheme->name, conn->uri->host, strerror ( rc ) ); + DBGC2 ( conn, "HTTPCONN %p could not create %s://%s:%d: %s\n", conn, + conn->scheme->name, conn->uri->host, port, strerror ( rc ) ); http_conn_close ( conn, rc ); ref_put ( &conn->refcnt ); return rc; |