From e09fef5c741c0f67604881814d90a27f7225051d Mon Sep 17 00:00:00 2001 From: benshadwick Date: Tue, 6 Oct 2015 22:39:22 -0700 Subject: [PATCH] HZ13: Add support for user-configurable SSL error response code --- README.md | 1 + pixelserv.c | 6 ++++++ socket_handler.c | 16 +++++++++------- socket_handler.h | 1 + util.h | 4 +++- 5 files changed, 20 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index a727f6c..8a6ef83 100755 --- a/README.md +++ b/README.md @@ -66,3 +66,4 @@ Sources * https://github.com/flexiondotorg/nullserv (defunct) * http://www.linksysinfo.org/index.php?threads/pixelserv-compiled-to-run-on-router-wrt54g.30509/page-3#post-229342 * http://www.dd-wrt.com/phpBB2/viewtopic.php?p=685201 +* https://en.wikipedia.org/wiki/Transport_Layer_Security#Alert_protocol diff --git a/pixelserv.c b/pixelserv.c index 38cd642..9aea5c2 100755 --- a/pixelserv.c +++ b/pixelserv.c @@ -116,6 +116,7 @@ int main (int argc, char* argv[]) // program start #ifdef DEBUG int warning_time = 0; #endif //DEBUG + char ssl_alert = DEFAULT_SSL_ALERT; SET_LINE_NUMBER(__LINE__); @@ -139,6 +140,9 @@ int main (int argc, char* argv[]) // program start if ((i + 1) < argc) { // switch on parameter letter and process subsequent argument switch (argv[i++][1]) { + case 'c': + ssl_alert = (char)strtol(argv[i], NULL, 10); + continue; #ifdef IF_MODE case 'n': ifname = argv[i]; @@ -192,6 +196,7 @@ int main (int argc, char* argv[]) // program start printf("Usage:%s" " [IP No/hostname (all)]" " [-2 (disables HTTP 204 reply to generate_204 URLs)]" + " [-c ssl_alert_code (49 - access denied)]" #ifndef TEST " [-f (stay in foreground - don't daemonize)]" #endif // !TEST @@ -565,6 +570,7 @@ int main (int argc, char* argv[]) // program start ,argv[0] ,do_204 ,do_redirect + ,ssl_alert #ifdef DEBUG ,warning_time #endif //DEBUG diff --git a/socket_handler.c b/socket_handler.c index 9797340..fb0e2a7 100755 --- a/socket_handler.c +++ b/socket_handler.c @@ -214,13 +214,6 @@ static const char httpnull_ico[] = "\x00\x00\x00\x00" // XOR B G R "\x80\xF8\x9C\x41"; // AND ? -static const char SSL_no[] = - "\x15" // Alert (21) - "\x03\x00" // Version 3.0 - "\x00\x02" // length 2 - "\x02" // fatal - "\x31"; // 0 close notify, 0x28 Handshake failure 40, 0x31 TLS access denied 49 - // private functions for socket_handler() use #ifdef HEX_DUMP // from http://sws.dett.de/mini/hexdump-c/ @@ -395,6 +388,7 @@ void socket_handler(int argc ,const char* const program_name ,const int do_204 ,const int do_redirect + ,const char ssl_alert #ifdef DEBUG ,const int warning_time #endif //DEBUG @@ -414,6 +408,14 @@ void socket_handler(int argc char* version_string = NULL; char* stat_string = NULL; struct timespec start_time = {0, 0}; + const char SSL_no[] = { + '\x15' // Alert (21) + ,'\x03','\x00' // Version 3.0 + ,'\x00','\x02' // length 02 + ,'\x02' // fatal + ,ssl_alert // 0 close notify, 0x28 Handshake failure 40, 0x31 TLS access denied 49 + ,'\x00' // string terminator (not part of actual response) + }; #ifdef DEBUG double time_msec = 0.0; int do_warning = (warning_time > 0); diff --git a/socket_handler.h b/socket_handler.h index 37475b9..3c5b2dd 100755 --- a/socket_handler.h +++ b/socket_handler.h @@ -43,6 +43,7 @@ void socket_handler(int argc ,const char* const program_name ,const int do_204 ,const int do_redirect + ,const char ssl_alert #ifdef DEBUG ,const int warning_time #endif //DEBUG diff --git a/util.h b/util.h index 0142d03..482621d 100755 --- a/util.h +++ b/util.h @@ -22,7 +22,7 @@ #include // struct timespec, clock_gettime(), difftime() // preprocessor defines -#define VERSION "V35.HZ12" +#define VERSION "V35.HZ13" #define BACKLOG SOMAXCONN // how many pending connections queue will hold #define CHAR_BUF_SIZE 4095 // surprising how big requests can be with cookies and lengthy yahoo url! @@ -63,6 +63,8 @@ static unsigned long LINE_NUMBER = __LINE__; # define SET_LINE_NUMBER(x) #endif //DEBUG +#define DEFAULT_SSL_ALERT (char)49 + // cross-thread count variables extern volatile sig_atomic_t count; // req extern volatile sig_atomic_t avg; // cumulative moving average request size