diff options
| -rw-r--r-- | net/Socket.cpp | 12 | ||||
| -rw-r--r-- | net/Socket.hpp | 3 | ||||
| -rw-r--r-- | wsd/LOOLWSD.cpp | 14 |
3 files changed, 29 insertions, 0 deletions
diff --git a/net/Socket.cpp b/net/Socket.cpp index 208efc3c9c..44f5d18a40 100644 --- a/net/Socket.cpp +++ b/net/Socket.cpp @@ -607,6 +607,18 @@ namespace HttpHelper } } +bool StreamSocket::sniffSSL() const +{ + // Only sniffing the first bytes of a sockte. + if (_bytesSent > 0 || _bytesRecvd != _inBuffer.size() || _bytesRecvd < 6) + return false; + + // 0x0000 16 03 01 02 00 01 00 01 + return (_inBuffer[0] == 0x16 && // HANDSHAKE + _inBuffer[1] == 0x03 && // SSL 3.0 / TLS 1.x + _inBuffer[5] == 0x01); // Handshake: CLIENT_HELLO +} + #endif // !MOBILEAPP /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/net/Socket.hpp b/net/Socket.hpp index e62b010392..db4f587606 100644 --- a/net/Socket.hpp +++ b/net/Socket.hpp @@ -1073,6 +1073,9 @@ public: while (!_outBuffer.empty()); } + /// Does it look like we have some TLS / SSL where we don't expect it ? + bool sniffSSL() const; + protected: /// Override to handle reading of socket data differently. virtual int readData(char* buf, int len) diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp index 2c31e88c6e..85040f13eb 100644 --- a/wsd/LOOLWSD.cpp +++ b/wsd/LOOLWSD.cpp @@ -2005,6 +2005,20 @@ private: std::shared_ptr<StreamSocket> socket = _socket.lock(); #ifndef MOBILEAPP + if (socket->sniffSSL()) + { + LOG_ERR("Looks like SSL/TLS traffic on plain http port"); + std::ostringstream oss; + oss << "HTTP/1.1 400\r\n" + << "Date: " << Poco::DateTimeFormatter::format(Poco::Timestamp(), Poco::DateTimeFormat::HTTP_FORMAT) << "\r\n" + << "User-Agent: " << WOPI_AGENT_STRING << "\r\n" + << "Content-Length: 0\r\n" + << "\r\n"; + socket->send(oss.str()); + socket->shutdown(); + return; + } + Poco::MemoryInputStream message(&socket->getInBuffer()[0], socket->getInBuffer().size());; Poco::Net::HTTPRequest request; |