blob: ab121b2166cb0574a33428242d55d3a14dd080e5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
// $Id$
#include "orbsvcs/SSLIOP/SSLIOP_Accept_Strategy.h"
TAO_BEGIN_VERSIONED_NAMESPACE_DECL
TAO::SSLIOP::Accept_Strategy::Accept_Strategy (
TAO_ORB_Core * orb_core,
const ACE_Time_Value & timeout)
: TAO_Accept_Strategy<TAO::SSLIOP::Connection_Handler,
ACE_SSL_SOCK_Acceptor> (orb_core),
timeout_ (timeout)
{
}
int
TAO::SSLIOP::Accept_Strategy::accept_svc_handler (handler_type * svc_handler)
{
ACE_TRACE ("TAO::SSLIOP::Accept_Strategy::accept_svc_handler");
// The following code is basically the same code found in
// ACE_Accept_Strategy::accept_svc_handler(). The only difference
// is that a timeout value is passed to the peer acceptor's accept()
// method. A timeout is necessary to prevent malicious or
// misbehaved clients from only completing the TCP handshake and not
// the SSL handshake. Without the timeout, a denial-of-service
// vulnerability would exist where multiple incomplete SSL passive
// connections (i.e. where only the TCP handshake is completed)
// could result in the server process running out of file
// descriptors. That would be due to the SSL handshaking process
// blocking/waiting for the handshake to complete.
// The timeout value will be modified. Make a copy.
ACE_Time_Value timeout (this->timeout_);
// Try to find out if the implementation of the reactor that we are
// using requires us to reset the event association for the newly
// created handle. This is because the newly created handle will
// inherit the properties of the listen handle, including its event
// associations.
int const reset_new_handle = this->reactor_->uses_event_associations ();
if (this->peer_acceptor_.accept (svc_handler->peer (), // stream
0, // remote address
&timeout, // timeout
1, // restart
reset_new_handle // reset new handler
) == -1)
{
// Ensure that errno is preserved in case the svc_handler
// close() method resets it.
ACE_Errno_Guard error (errno);
// It doesn't make sense to close the handler since it didn't open.
svc_handler->transport ()->remove_reference ();
// #REFCOUNT# is zero at this point.
return -1;
}
else
return 0;
}
TAO_END_VERSIONED_NAMESPACE_DECL
|