From 6cf120eaad3b92f9d9085e7e8acf9897004fd1f0 Mon Sep 17 00:00:00 2001 From: Min RK Date: Wed, 3 Dec 2014 12:39:28 -0800 Subject: [PATCH] reject old ZMTP connections if auth enabled auth mechanisms were only enabled when ZMTP handshake is latest version, meaning that connections from old sockets would skip authentication altogether --- src/stream_engine.cpp | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/stream_engine.cpp b/src/stream_engine.cpp index 920b8acb..28148bcc 100644 --- a/src/stream_engine.cpp +++ b/src/stream_engine.cpp @@ -534,6 +534,12 @@ bool zmq::stream_engine_t::handshake () // Is the peer using ZMTP/1.0 with no revision number? // If so, we send and receive rest of identity message if (greeting_recv [0] != 0xff || !(greeting_recv [9] & 0x01)) { + if (session->zap_connect () == 0) { + // reject ZMTP 1.0 connections if ZAP is enabled + error (protocol_error); + return false; + } + encoder = new (std::nothrow) v1_encoder_t (out_batch_size); alloc_assert (encoder); @@ -575,6 +581,12 @@ bool zmq::stream_engine_t::handshake () } else if (greeting_recv [revision_pos] == ZMTP_1_0) { + if (session->zap_connect () == 0) { + // reject ZMTP 1.0 connections if ZAP is enabled + error (protocol_error); + return false; + } + encoder = new (std::nothrow) v1_encoder_t ( out_batch_size); alloc_assert (encoder); @@ -585,6 +597,12 @@ bool zmq::stream_engine_t::handshake () } else if (greeting_recv [revision_pos] == ZMTP_2_0) { + if (session->zap_connect () == 0) { + // reject ZMTP 2.0 connections if ZAP is enabled + error (protocol_error); + return false; + } + encoder = new (std::nothrow) v2_encoder_t (out_batch_size); alloc_assert (encoder);