reject old ZMTP connections if auth enabled

auth mechanisms were only enabled when ZMTP handshake is latest version, meaning that connections from old sockets would skip authentication altogether
2024-12-12 18:40:27 +01:00 · 2014-12-03 12:39:28 -08:00 · 2014-12-03 12:39:28 -08:00 · 6cf120eaad
commit 6cf120eaad
parent c35c0ca1bb
1 changed files with 18 additions and 0 deletions
--- a/src/stream_engine.cpp
+++ b/src/stream_engine.cpp
@ -534,6 +534,12 @@ bool zmq::stream_engine_t::handshake ()
    //  Is the peer using ZMTP/1.0 with no revision number?
    //  If so, we send and receive rest of identity message
    if (greeting_recv [0] != 0xff || !(greeting_recv [9] & 0x01)) {
+        if (session->zap_connect () == 0) {
+           // reject ZMTP 1.0 connections if ZAP is enabled
+           error (protocol_error);
+           return false;
+        }
+
        encoder = new (std::nothrow) v1_encoder_t (out_batch_size);
        alloc_assert (encoder);

@ -575,6 +581,12 @@ bool zmq::stream_engine_t::handshake ()
    }
    else
    if (greeting_recv [revision_pos] == ZMTP_1_0) {
+        if (session->zap_connect () == 0) {
+           // reject ZMTP 1.0 connections if ZAP is enabled
+           error (protocol_error);
+           return false;
+        }
+
        encoder = new (std::nothrow) v1_encoder_t (
            out_batch_size);
        alloc_assert (encoder);
@ -585,6 +597,12 @@ bool zmq::stream_engine_t::handshake ()
    }
    else
    if (greeting_recv [revision_pos] == ZMTP_2_0) {
+        if (session->zap_connect () == 0) {
+           // reject ZMTP 2.0 connections if ZAP is enabled
+           error (protocol_error);
+           return false;
+        }
+
        encoder = new (std::nothrow) v2_encoder_t (out_batch_size);
        alloc_assert (encoder);