diff options
Diffstat (limited to 'src/Mayaqua')
| -rw-r--r-- | src/Mayaqua/FileIO.c | 2 | ||||
| -rw-r--r-- | src/Mayaqua/Network.c | 24 | ||||
| -rw-r--r-- | src/Mayaqua/Network.h | 1 | ||||
| -rw-r--r-- | src/Mayaqua/TcpIp.c | 4 |
4 files changed, 21 insertions, 10 deletions
diff --git a/src/Mayaqua/FileIO.c b/src/Mayaqua/FileIO.c index 49fbec95..02abafb0 100644 --- a/src/Mayaqua/FileIO.c +++ b/src/Mayaqua/FileIO.c @@ -380,13 +380,13 @@ void ZipAddFileStart(ZIP_PACKER *p, char *name, UINT size, UINT64 dt, UINT attri // Add data to the file
UINT ZipAddFileData(ZIP_PACKER *p, void *data, UINT pos, UINT len)
{
- UINT total_size = p->CurrentFile->CurrentSize + len;
UINT ret;
// Validate arguments
if (p == NULL)
{
return 0;
}
+ UINT total_size = p->CurrentFile->CurrentSize + len;
if (total_size > p->CurrentFile->Size)
{
return 0;
diff --git a/src/Mayaqua/Network.c b/src/Mayaqua/Network.c index 609540fd..0737dd9c 100644 --- a/src/Mayaqua/Network.c +++ b/src/Mayaqua/Network.c @@ -155,6 +155,7 @@ #ifdef UNIX_MACOS
#include <sys/event.h>
#endif // UNIX_MACOS
+#include <Cedar/Cedar.h>
#ifdef OS_WIN32
NETWORK_WIN32_FUNCTIONS *w32net;
@@ -12968,15 +12969,24 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch {
if (sock->ServerMode)
{
- if (sock->AcceptOnlyTls == false)
- {
- SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method());
+ SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method());
+ long ssl_opt_flags=0x0L;
+ if (sock->DisableSslVersions & SSL_VERSION_SSL_V2) {
+ ssl_opt_flags |= SSL_OP_NO_SSLv2;
}
- else
- {
- SSL_CTX_set_ssl_version(ssl_ctx, TLSv1_method());
+ if (sock->DisableSslVersions & SSL_VERSION_SSL_V3) {
+ ssl_opt_flags |= SSL_OP_NO_SSLv3;
}
-
+ if (sock->DisableSslVersions & SSL_VERSION_TLS_V1_0) {
+ ssl_opt_flags |= SSL_OP_NO_TLSv1;
+ }
+ if (sock->DisableSslVersions & SSL_VERSION_TLS_V1_1) {
+ ssl_opt_flags |= SSL_OP_NO_TLSv1_1;
+ }
+ if (sock->DisableSslVersions & SSL_VERSION_TLS_V1_2) {
+ ssl_opt_flags |= SSL_OP_NO_TLSv1_2;
+ }
+ SSL_CTX_set_options(ssl_ctx, ssl_opt_flags);
Unlock(openssl_lock);
AddChainSslCertOnDirectory(ssl_ctx);
Lock(openssl_lock);
diff --git a/src/Mayaqua/Network.h b/src/Mayaqua/Network.h index 6d579f8e..fd4c5d52 100644 --- a/src/Mayaqua/Network.h +++ b/src/Mayaqua/Network.h @@ -313,6 +313,7 @@ struct SOCK UINT Reverse_MyServerPort; // Self port number when using the reverse socket
UCHAR Ssl_Init_Async_SendAlert[2]; // Initial state of SSL send_alert
bool AcceptOnlyTls; // Accept only TLS (disable SSLv3)
+ UINT DisableSslVersions; // Bitmap of SSL Version to disable
bool RawIP_HeaderIncludeFlag;
#ifdef ENABLE_SSL_LOGGING
diff --git a/src/Mayaqua/TcpIp.c b/src/Mayaqua/TcpIp.c index 39c43c09..5bed26a7 100644 --- a/src/Mayaqua/TcpIp.c +++ b/src/Mayaqua/TcpIp.c @@ -1834,9 +1834,9 @@ PKT *ParsePacketEx4(UCHAR *buf, UINT size, bool no_l3, UINT vlan_type_id, bool b if ((p->TypeL3 == L3_IPV4 || p->TypeL3 == L3_IPV6) && p->TypeL4 == L4_TCP)
{
TCP_HEADER *tcp = p->L4.TCPHeader;
- if (tcp->DstPort == port_raw || tcp->DstPort == port_raw2)
+ if (tcp != NULL && (!((tcp->Flag & TCP_SYN) || (tcp->Flag & TCP_RST) || (tcp->Flag & TCP_FIN))))
{
- if (tcp != NULL && (!((tcp->Flag & TCP_SYN) || (tcp->Flag & TCP_RST) || (tcp->Flag & TCP_FIN))))
+ if (tcp->DstPort == port_raw || tcp->DstPort == port_raw2)
{
if (p->PayloadSize >= 1)
{
|