Fixed PB-TNC error handling

diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20.c b/src/libtnccs/plugins/tnccs_20/tnccs_20.c
index d8daf9a9e4a77f25efc14715323e010ea6343ac5..a1a95733f5aac931fd96258c507f284ee9c261cb 100644 (file)
--- a/src/libtnccs/plugins/tnccs_20/tnccs_20.c
+++ b/src/libtnccs/plugins/tnccs_20/tnccs_20.c
@@ -172,7 +172,7 @@ METHOD(tls_t, process, status_t,
        private_tnccs_20_t *this, void *buf, size_t buflen)
 {
        pb_tnc_batch_t *batch;
-       bool from_server;
+       bool from_server, fatal_header_error = FALSE;
        status_t status;
        chunk_t data;
 
@@ -198,7 +198,11 @@ METHOD(tls_t, process, status_t,
        batch = pb_tnc_batch_create_from_data(data);
        status = batch->process_header(batch, !this->mutual, this->is_server,
                                                                   &from_server);
-
+       if (status == FAILED)
+       {
+               fatal_header_error = TRUE;
+               status = VERIFY_ERROR;
+       }
        this->to_server = this->mutual ? from_server : !this->is_server;
 
        /* In the mutual case, first batch from TNC server requires a TNC client */
@@ -229,7 +233,8 @@ METHOD(tls_t, process, status_t,
        }
        if (status == VERIFY_ERROR)
        {
-               this->tnccs_handler->handle_errors(this->tnccs_handler, batch);
+               this->tnccs_handler->handle_errors(this->tnccs_handler, batch,
+                                                                                  fatal_header_error);
                status = NEED_MORE;
        }
        batch->destroy(batch);

diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20_client.c b/src/libtnccs/plugins/tnccs_20/tnccs_20_client.c
index 9bfadcb66ab618302778e88d39f6be1fb847a362..80ae4b64ef1d57ee9aac25a10b7cfa86c86e0da9 100644 (file)
--- a/src/libtnccs/plugins/tnccs_20/tnccs_20_client.c
+++ b/src/libtnccs/plugins/tnccs_20/tnccs_20_client.c
@@ -456,9 +456,7 @@ static void build_retry_batch(private_tnccs_20_client_t *this)
 METHOD(tnccs_20_handler_t, process, status_t,
        private_tnccs_20_client_t *this, pb_tnc_batch_t *batch)
 {
-       pb_tnc_msg_t *msg;
        pb_tnc_batch_type_t batch_type;
-       enumerator_t *enumerator;
        status_t status;
 
        batch_type = batch->get_type(batch);
@@ -507,20 +505,9 @@ METHOD(tnccs_20_handler_t, process, status_t,
        {
                case FAILED:
                        this->fatal_error = TRUE;
-                       this->mutex->lock(this->mutex);
-                       change_batch_type(this, PB_BATCH_CLOSE);
-                       this->mutex->unlock(this->mutex);
                        status = VERIFY_ERROR;
-                       /* fall through to add error messages to outbound batch */
+                       break;
                case VERIFY_ERROR:
-                       enumerator = batch->create_error_enumerator(batch);
-                       while (enumerator->enumerate(enumerator, &msg))
-                       {
-                               this->mutex->lock(this->mutex);
-                               this->messages->insert_last(this->messages, msg->get_ref(msg));
-                               this->mutex->unlock(this->mutex);
-                       }
-                       enumerator->destroy(enumerator);
                        break;
                case SUCCESS:
                default:
@@ -728,11 +715,19 @@ METHOD(tnccs_20_handler_t, add_msg, void,
 }
 
 METHOD(tnccs_20_handler_t, handle_errors, void,
-       private_tnccs_20_client_t *this, pb_tnc_batch_t *batch)
+       private_tnccs_20_client_t *this, pb_tnc_batch_t *batch,
+       bool fatal_header_error)
 {
        pb_tnc_msg_t *msg;
        enumerator_t *enumerator;
 
+       if (fatal_header_error || this->fatal_error)
+       {
+               this->mutex->lock(this->mutex);
+               change_batch_type(this, PB_BATCH_CLOSE);
+               this->mutex->unlock(this->mutex);
+       }
+
        enumerator = batch->create_error_enumerator(batch);
        while (enumerator->enumerate(enumerator, &msg))
        {

diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20_handler.h b/src/libtnccs/plugins/tnccs_20/tnccs_20_handler.h
index d0adb2489f7378e2bf5690a2e3434426160cc6f9..5c4d7a7b4a474b43a522eb78b4d8da7cb0c5ffb6 100644 (file)
--- a/src/libtnccs/plugins/tnccs_20/tnccs_20_handler.h
+++ b/src/libtnccs/plugins/tnccs_20/tnccs_20_handler.h
@@ -90,9 +90,11 @@ struct tnccs_20_handler_t {
        /**
         * Handle errors that occurred during PB-TNC batch header processing
         *
-        * @param batch                 batch where a fatal error occurred
+        * @param batch                                 batch where a fatal error occurred
+        * @param fatal_header_error    TRUE if fatal error in batch header
         */
-       void (*handle_errors)(tnccs_20_handler_t *this, pb_tnc_batch_t *batch);
+       void (*handle_errors)(tnccs_20_handler_t *this, pb_tnc_batch_t *batch,
+                                                 bool fatal_header_error);
 
        /**
         * Destroys a tnccs_20_handler_t object.

diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c b/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c
index c75ecdc393f2cc4c1e6bac47265e0ab6367b7fa1..e6ac21ac14a8a00b2b0138a5221ebc43d283219a 100644 (file)
--- a/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c
+++ b/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c
@@ -285,9 +285,7 @@ static void build_retry_batch(private_tnccs_20_server_t *this)
 METHOD(tnccs_20_handler_t, process, status_t,
        private_tnccs_20_server_t *this, pb_tnc_batch_t *batch)
 {
-       pb_tnc_msg_t *msg;
        pb_tnc_batch_type_t batch_type;
-       enumerator_t *enumerator;
        status_t status;
 
        batch_type = batch->get_type(batch);
@@ -333,20 +331,9 @@ METHOD(tnccs_20_handler_t, process, status_t,
        {
                case FAILED:
                        this->fatal_error = TRUE;
-                       this->mutex->lock(this->mutex);
-                       change_batch_type(this, PB_BATCH_CLOSE);
-                       this->mutex->unlock(this->mutex);
                        status = VERIFY_ERROR;
-                       /* fall through to add error messages to outbound batch */
+                       break;
                case VERIFY_ERROR:
-                       enumerator = batch->create_error_enumerator(batch);
-                       while (enumerator->enumerate(enumerator, &msg))
-                       {
-                               this->mutex->lock(this->mutex);
-                               this->messages->insert_last(this->messages, msg->get_ref(msg));
-                               this->mutex->unlock(this->mutex);
-                       }
-                       enumerator->destroy(enumerator);
                        break;
                case SUCCESS:
                default:
@@ -601,11 +588,19 @@ METHOD(tnccs_20_handler_t, add_msg, void,
 }
 
 METHOD(tnccs_20_handler_t, handle_errors, void,
-       private_tnccs_20_server_t *this,  pb_tnc_batch_t *batch)
+       private_tnccs_20_server_t *this,  pb_tnc_batch_t *batch,
+       bool fatal_header_error)
 {
        pb_tnc_msg_t *msg;
        enumerator_t *enumerator;
 
+       if (fatal_header_error || this->fatal_error)
+       {
+               this->mutex->lock(this->mutex);
+               change_batch_type(this, PB_BATCH_CLOSE);
+               this->mutex->unlock(this->mutex);
+       }
+
        enumerator = batch->create_error_enumerator(batch);
        while (enumerator->enumerate(enumerator, &msg))
        {