Disable HTTP fallback via "/plain" URL (CVE-2015-8400)

* Disabled all methods of HTTP fallback when HTTPS is enabled. This is enforced on server side so that even modified client code (JS) can not redirect client from HTTPS to HTTP, like it was possible before (issue #355). * Current solution unfortunately also disables automatic upgrade from HTTP to HTTPS (when available), since all non-SSL connections are droped immediately.
2015-12-03 17:44:31 +01:00 · 2015-12-03 17:44:31 +01:00 · 4aa0eb97e4
commit 4aa0eb97e4
parent aaa00551bf
7 changed files with 25 additions and 6 deletions
--- a/libhttp/http.h
+++ b/libhttp/http.h
@ -102,7 +102,7 @@ short serverConnectionSetEvents(Server *server, ServerConnection *connection,
 void serverExitLoop(Server *server, int exitAll);
 void serverLoop(Server *server);
 int  serverSupportsSSL();
-void serverEnableSSL(Server *server, int flag);
+void serverSetupSSL(Server *server, int enable, int force);
 void serverSetCertificate(Server *server, const char *filename,
                          int autoGenerateMissing);
 void serverSetCertificateFd(Server *server, int fd);
--- a/libhttp/httpconnection.c
+++ b/libhttp/httpconnection.c
@ -1480,6 +1480,13 @@ int httpHandleConnection(struct ServerConnection *connection, void *http_,
          *events                   |= POLLIN;
          continue;
        }
+      } else {
+        if (http->ssl && http->ssl->enabled && http->ssl->force) {
+          debug("[http] Non-SSL connections not allowed!");
+          httpCloseRead(http);
+          bytes                      = 0;
+          eof                        = 1;
+        }
      }
    }

--- a/libhttp/server.c
+++ b/libhttp/server.c
@ -670,11 +670,12 @@ void serverLoop(struct Server *server) {
  server->looping                         = loopDepth - 1;
 }

-void serverEnableSSL(struct Server *server, int flag) {
-  if (flag) {
+void serverSetupSSL(struct Server *server, int enable, int force) {
+  if (enable) {
    check(serverSupportsSSL());
  }
-  sslEnable(&server->ssl, flag);
+  sslEnable(&server->ssl, enable);
+  sslForce(&server->ssl, force);
 }

 void serverSetCertificate(struct Server *server, const char *filename,
--- a/libhttp/server.h
+++ b/libhttp/server.h
@ -118,7 +118,7 @@ short serverConnectionSetEvents(struct Server *server,
                                short events);
 void serverExitLoop(struct Server *server, int exitAll);
 void serverLoop(struct Server *server);
-void serverEnableSSL(struct Server *server, int flag);
+void serverSetupSSL(struct Server *server, int enable, int force);
 void serverSetCertificate(struct Server *server, const char *filename,
                          int autoGenerateMissing);
 void serverSetCertificateFd(struct Server *server, int fd);
--- a/libhttp/ssl.c
+++ b/libhttp/ssl.c
@ -167,6 +167,7 @@ struct SSLSupport *newSSL(void) {

 void initSSL(struct SSLSupport *ssl) {
  ssl->enabled               = serverSupportsSSL();
+  ssl->force                 = 0;
  ssl->sslContext            = NULL;
  ssl->sniCertificatePattern = NULL;
  ssl->generateMissing       = 0;
@ -894,6 +895,12 @@ int sslEnable(struct SSLSupport *ssl, int enabled) {
  return old;
 }

+int sslForce(struct SSLSupport *ssl, int force) {
+  int old      = ssl->force;
+  ssl->force   = force;
+  return old;
+}
+
 void sslBlockSigPipe(void) {
  sigset_t set;
  sigemptyset(&set);
--- a/libhttp/ssl.h
+++ b/libhttp/ssl.h
@ -198,6 +198,7 @@ extern void   *(*x_SSL_COMP_get_compression_methods)(void);

 struct SSLSupport {
  int         enabled;
+  int         force;
  SSL_CTX     *sslContext;
  char        *sniCertificatePattern;
  int         generateMissing;
@ -214,6 +215,7 @@ void sslSetCertificate(struct SSLSupport *ssl, const char *filename,
                       int autoGenerateMissing);
 void sslSetCertificateFd(struct SSLSupport *ssl, int fd);
 int  sslEnable(struct SSLSupport *ssl, int enabled);
+int  sslForce(struct SSLSupport *ssl, int force);
 void sslBlockSigPipe();
 int  sslUnblockSigPipe();
 int  sslPromoteToSSL(struct SSLSupport *ssl, SSL **sslHndl, int fd,
--- a/shellinabox/shellinaboxd.c
+++ b/shellinabox/shellinaboxd.c
@ -112,6 +112,7 @@ static int            noBeep            = 0;
 static int            numericHosts      = 0;
 static int            enableSSL         = 1;
 static int            enableSSLMenu     = 1;
+static int            forceSSL          = 1; // TODO enable http fallback with commandline option
 int                   enableUtmpLogging = 1;
 static char           *messagesOrigin   = NULL;
 static int            linkifyURLs       = 1;
@ -1302,7 +1303,8 @@ static void removeLimits() {
 }

 static void setUpSSL(Server *server) {
-  serverEnableSSL(server, enableSSL);
+
+  serverSetupSSL(server, enableSSL, forceSSL);

  // Enable SSL support (if available)
  if (enableSSL) {