mirrors/dragonfly
1
0
Fork 0
mirror of https://github.com/dragonflydb/dragonfly.git synced 2025-05-10 18:05:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

chore: reject TLS handshake when our listener is plain TCP (#2882)

Browse source 
Signed-off-by: Roman Gershman <roman@dragonflydb.io>
This commit is contained in:
Roman Gershman 2024-04-11 08:05:01 +03:00 committed by GitHub
parent da5c51d1dd
commit f2b6daa3c5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/facade/dragonfly_connection.cc
View file

@ -801,7 +801,14 @@ io::Result<bool> Connection::CheckForHttpProto(FiberSocketBase* peer) {
return make_unexpected(recv_sz.error());
}
io_buf_.CommitWrite(*recv_sz);
string_view ib = ToSV(io_buf_.InputBuffer().subspan(last_len));
string_view ib = ToSV(io_buf_.InputBuffer());
if (ib.size() >= 2 && ib[0] == 22 && ib[1] == 3) {
// We matched the TLS handshake raw data, which means "peer" is a TCP socket.
// Reject the connection.
return make_unexpected(make_error_code(errc::protocol_not_supported));
}
ib = ib.substr(last_len);
size_t pos = ib.find('\n');
if (pos != string_view::npos) {
ib = ToSV(io_buf_.InputBuffer().first(last_len + pos));

3
src/server/dflycmd.cc
View file

@ -336,6 +336,9 @@ void DflyCmd::StartStable(CmdArgList args, ConnectionContext* cntx) {
return rb->SendOk();
}
// DFLY TAKEOVER [timeout_sec] [SAVE]
// timeout_sec - number of seconds to wait for TAKEOVER to converge. A float.
// SAVE if create a snapshot before shutting down.
void DflyCmd::TakeOver(CmdArgList args, ConnectionContext* cntx) {
RedisReplyBuilder* rb = static_cast<RedisReplyBuilder*>(cntx->reply_builder());
CmdArgParser parser{args};