Browse code
Ensure key state is authenticated before sending push reply
This ensures that the key state is authenticated when sending
a push reply.
Arne Schwabe authored on 2021/04/06 07:05:21Showing 1 changed files
| ... | ... |
@@ -652,6 +652,7 @@ int |
| 652 | 652 |
process_incoming_push_request(struct context *c) |
| 653 | 653 |
{
|
| 654 | 654 |
int ret = PUSH_MSG_ERROR; |
| 655 |
+ struct key_state *ks = &c->c2.tls_multi->session[TM_ACTIVE].key[KS_PRIMARY]; |
|
| 655 | 656 |
|
| 656 | 657 |
#ifdef ENABLE_ASYNC_PUSH |
| 657 | 658 |
c->c2.push_request_received = true; |
| ... | ... |
@@ -662,7 +663,12 @@ process_incoming_push_request(struct context *c) |
| 662 | 662 |
send_auth_failed(c, client_reason); |
| 663 | 663 |
ret = PUSH_MSG_AUTH_FAILURE; |
| 664 | 664 |
} |
| 665 |
- else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED) |
|
| 665 |
+ else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED |
|
| 666 |
+ && ks->authenticated |
|
| 667 |
+ #ifdef ENABLE_DEF_AUTH |
|
| 668 |
+ && !ks->auth_deferred |
|
| 669 |
+ #endif |
|
| 670 |
+ ) |
|
| 666 | 671 |
{
|
| 667 | 672 |
time_t now; |
| 668 | 673 |
|