Serious bug silently bypassing SSL context fixed. Previous versions do not really support SSL!

2020-04-17 16:20:34 +02:00 · 2020-04-17 16:20:34 +02:00 · 54e5e0fc3b
commit 54e5e0fc3b
parent 57d3efc3b5
3 changed files with 13 additions and 6 deletions
--- a/filebridging/init.py
+++ b/filebridging/init.py
@ -13,6 +13,6 @@ __author__ = "Davide Testa"
 __email__ = "davide@davte.it"
 __credits__ = []
 __license__ = "GNU General Public License v3.0"
-__version__ = "0.0.3"
+__version__ = "0.0.4"
 __maintainer__ = "Davide Testa"
 __contact__ = "t.me/davte"
--- a/filebridging/client.py
+++ b/filebridging/client.py
@ -59,7 +59,6 @@ class Client:
        self._working = False
        self._token = token
        self._password = password
-        self._ssl_context = None
        self._encryption_complete = False
        self._file_name = None
        self._file_size = None
@ -199,11 +198,16 @@ class Client:
                reader, writer = await asyncio.open_connection(
                    host=self.host,
                    port=self.port,
-                    ssl=self.ssl_context
+                    ssl=self.ssl_context,
+                    ssl_handshake_timeout=5
                )
-            except (ConnectionRefusedError, ConnectionResetError) as exception:
+            except (ConnectionRefusedError, ConnectionResetError,
+                    ConnectionAbortedError) as exception:
                logging.error(f"Connection error: {exception}")
                return
+            except ssl.SSLCertVerificationError as exception:
+                logging.error(f"SSL error: {exception}")
+                return
            await self.connect(reader=reader, writer=writer)

    async def _connect(self, reader: asyncio.StreamReader,
--- a/filebridging/server.py
+++ b/filebridging/server.py
@ -33,7 +33,6 @@ class Server:
        self._buffer_length_limit = buffer_length_limit
        self._working = False
        self._server = None
-        self._ssl_context = None

    @property
    def host(self) -> str:
@ -130,7 +129,11 @@ class Server:
        Decide whether client is sender or receiver and start transmission.
        """
        client_hello = await reader.readline()
-        client_hello = client_hello.decode('utf-8').strip('\n').split('|')
+        try:
+            client_hello = client_hello.decode('utf-8').strip('\n').split('|')
+        except UnicodeDecodeError:
+            logging.error("Invalid client hello.")
+            return
        if len(client_hello) != 4:
            await self.refuse_connection(writer=writer,
                                         message="Invalid client_hello!")