From ce6bc8b4d5c49fee3bbf2feea0e4577b43d46ec7 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Mon, 25 Sep 2006 23:14:21 +0000
Subject: [PATCH] Fix a problem in the StartTLS extended operation processing that could cause problems with clients due to a race condition.  Previously, the success response was sent to the client before TLS negotiation was started (because the StartTLS response must be sent in the clear), and it was possible that if a client was able to receive that response and send a subsequent TLS-protected request before the was able to begin the TLS negotiation, then the server would try to handle the client request as if it were in the clear and would not be able to decode it.  The server now prepares to perform the TLS negotiation before sending the response to the client to eliminate that race condition.

---
 opendj-sdk/opends/src/server/org/opends/server/extensions/StartTLSExtendedOperation.java |   33 ++++++++++++++++++++++++---------
 1 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/opendj-sdk/opends/src/server/org/opends/server/extensions/StartTLSExtendedOperation.java b/opendj-sdk/opends/src/server/org/opends/server/extensions/StartTLSExtendedOperation.java
index 66992dc..bfddb37 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/extensions/StartTLSExtendedOperation.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/extensions/StartTLSExtendedOperation.java
@@ -36,6 +36,7 @@
 import org.opends.server.core.DirectoryServer;
 import org.opends.server.core.ExtendedOperation;
 import org.opends.server.core.InitializationException;
+import org.opends.server.types.DisconnectReason;
 import org.opends.server.types.ErrorLogCategory;
 import org.opends.server.types.ErrorLogSeverity;
 import org.opends.server.types.ResultCode;
@@ -176,15 +177,6 @@
     }
 
 
-    // If we've gotten here, then we are going to enable TLS protection or
-    // close the client connection if an error occurs.  But we have to send the
-    // response to the client now before enabling TLS.  Note that by doing this,
-    // we forfeit the ability to send and error response if a failure occurs
-    // later (e.g., in a post-operation plugin).
-    operation.setResultCode(ResultCode.SUCCESS);
-    operation.sendExtendedResponse();
-
-
     // Actually enable TLS protection on the client connection.  This may fail,
     // but if it does then the connection will be closed so we'll just need to
     // log it.
@@ -200,6 +192,29 @@
                MSGID_STARTTLS_ERROR_ON_ENABLE,
                stackTraceToSingleLineString(de));
     }
+
+
+    // TLS was successfully enabled on the client connection, but we need to
+    // send the response in the clear.
+    operation.setResultCode(ResultCode.SUCCESS);
+
+    try
+    {
+      tlsCapableConnection.sendClearResponse(operation);
+      operation.setResponseSent();
+    }
+    catch (Exception e)
+    {
+      assert debugException(CLASS_NAME, "processExtendedOperation", e);
+
+      logError(ErrorLogCategory.CORE_SERVER, ErrorLogSeverity.MILD_ERROR,
+               MSGID_STARTTLS_ERROR_SENDING_CLEAR_RESPONSE,
+               stackTraceToSingleLineString(e));
+
+      clientConnection.disconnect(DisconnectReason.SECURITY_PROBLEM, false,
+                                  MSGID_STARTTLS_ERROR_SENDING_CLEAR_RESPONSE,
+                                  stackTraceToSingleLineString(e));
+    }
   }
 }
 

--
Gitblit v1.10.0