kekePower/rdesktop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Don't use assert() for error handling

Browse Source 
It is excessively harsh in its output, and it can be completely
compiled out which will give an incorrect behaviour.
This commit is contained in:
Pierre Ossman 2019-06-04 16:51:30 +02:00
parent aa5164ede4
commit e7bc37918c
1 changed files with 33 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
tcp.c
View File

@ -40,9 +40,6 @@
#include "ssl.h" #include "ssl.h"
#include "asn.h" #include "asn.h"
#define CHECK(x) assert((x)>=0)
#ifdef _WIN32 #ifdef _WIN32
#define socklen_t int #define socklen_t int
#define TCP_CLOSE(_sck) closesocket(_sck) #define TCP_CLOSE(_sck) closesocket(_sck)
@ -328,6 +325,17 @@ cert_verify_callback(gnutls_session_t session)
return utils_cert_handle_exception(session, status, hostname_mismatch, g_last_server_name); return utils_cert_handle_exception(session, status, hostname_mismatch, g_last_server_name);
} }
static void
gnutls_fatal(const char *text, int status)
{
logger(Core, Error, "%s: %s", text, gnutls_strerror(status));
/* TODO: Lookup if exit(1) is just plain wrong, its used here to breakout of
fallback code path for connection, eg. if TLS fails, a retry with plain
RDP is made.
*/
exit(1);
}
/* Establish a SSL/TLS 1.0 connection */ /* Establish a SSL/TLS 1.0 connection */
RD_BOOL RD_BOOL
tcp_tls_connect(void) tcp_tls_connect(void)
@ -340,18 +348,33 @@ tcp_tls_connect(void)
if (!g_ssl_initialized) if (!g_ssl_initialized)
{ {
gnutls_global_init(); gnutls_global_init();
CHECK(gnutls_init(&g_tls_session, GNUTLS_CLIENT)); err = gnutls_init(&g_tls_session, GNUTLS_CLIENT);
if (err < 0) {
gnutls_fatal("Could not initialize GnuTLS", err);
}
g_ssl_initialized = True; g_ssl_initialized = True;
} }
/* It is recommended to use the default priorities */ /* It is recommended to use the default priorities */
//CHECK(gnutls_set_default_priority(g_tls_session)); //err = gnutls_set_default_priority(g_tls_session);
// Use compatible priority to overcome key validation error // Use compatible priority to overcome key validation error
// THIS IS TEMPORARY // THIS IS TEMPORARY
CHECK(gnutls_priority_set_direct(g_tls_session, "NORMAL:%COMPAT", NULL)); err = gnutls_priority_set_direct(g_tls_session, "NORMAL:%COMPAT", NULL);
CHECK(gnutls_certificate_allocate_credentials(&xcred)); if (err < 0) {
CHECK(gnutls_credentials_set(g_tls_session, GNUTLS_CRD_CERTIFICATE, xcred)); gnutls_fatal("Could not set GnuTLS priority setting", err);
CHECK(gnutls_certificate_set_x509_system_trust(xcred)); }
err = gnutls_certificate_allocate_credentials(&xcred);
if (err < 0) {
gnutls_fatal("Could not allocate TLS certificate structure", err);
}
err = gnutls_credentials_set(g_tls_session, GNUTLS_CRD_CERTIFICATE, xcred);
if (err < 0) {
gnutls_fatal("Could not set TLS certificate structure", err);
}
err = gnutls_certificate_set_x509_system_trust(xcred);
if (err < 0) {
gnutls_fatal("Could not load system trust database", err);
}
gnutls_certificate_set_verify_function(xcred, cert_verify_callback); gnutls_certificate_set_verify_function(xcred, cert_verify_callback);
gnutls_transport_set_int(g_tls_session, g_sock); gnutls_transport_set_int(g_tls_session, g_sock);
gnutls_handshake_set_timeout(g_tls_session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); gnutls_handshake_set_timeout(g_tls_session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
@ -366,13 +389,7 @@ tcp_tls_connect(void)
if (err == GNUTLS_E_CERTIFICATE_ERROR) if (err == GNUTLS_E_CERTIFICATE_ERROR)
{ {
logger(Core, Error, "%s(): Certificate error during TLS handshake", __func__); gnutls_fatal("Certificate error during TLS handshake", err);
/* TODO: Lookup if exit(1) is just plain wrong, its used here to breakout of
fallback code path for connection, eg. if TLS fails, a retry with plain
RDP is made.
*/
exit(1);
} }
/* Handshake failed with unknown error, lets log */ /* Handshake failed with unknown error, lets log */