lib/connections: TLS handshake must complete in a timely fashion (fixes #3375)

GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/3376
2024-12-22 19:08:58 +00:00 · 2016-07-02 20:33:31 +00:00 · 2016-07-02 20:33:31 +00:00 · 672824641b
commit 672824641b
parent 6d357211b2
5 changed files with 14 additions and 5 deletions
--- a/lib/connections/relay_dial.go
+++ b/lib/connections/relay_dial.go
@ -52,7 +52,7 @@ func (d *relayDialer) Dial(id protocol.DeviceID, uri *url.URL) (IntermediateConn
 		tc = tls.Client(conn, d.tlsCfg)
 	}

-	err = tc.Handshake()
+	err = tlsTimedHandshake(tc)
 	if err != nil {
 		tc.Close()
 		return IntermediateConnection{}, err
--- a/lib/connections/relay_listen.go
+++ b/lib/connections/relay_listen.go
@ -85,7 +85,7 @@ func (t *relayListener) Serve() {
 				tc = tls.Client(conn, t.tlsCfg)
 			}

-			err = tc.Handshake()
+			err = tlsTimedHandshake(tc)
 			if err != nil {
 				tc.Close()
 				l.Infoln("TLS handshake (BEP/relay):", err)
--- a/lib/connections/service.go
+++ b/lib/connections/service.go
@ -36,7 +36,10 @@ var (
 	listeners = make(map[string]listenerFactory, 0)
 )

-const perDeviceWarningRate = 1.0 / (15 * 60) // Once per 15 minutes
+const (
+	perDeviceWarningRate = 1.0 / (15 * 60) // Once per 15 minutes
+	tlsHandshakeTimeout  = 10 * time.Second
+)

 // Service listens and dials all configured unconnected devices, via supported
 // dialers. Successful connections are handed to the model.
@ -607,3 +610,9 @@ func warningFor(dev protocol.DeviceID, msg string) {
 		l.Warnln(msg)
 	}
 }
+
+func tlsTimedHandshake(tc *tls.Conn) error {
+	tc.SetDeadline(time.Now().Add(tlsHandshakeTimeout))
+	defer tc.SetDeadline(time.Time{})
+	return tc.Handshake()
+}
--- a/lib/connections/tcp_dial.go
+++ b/lib/connections/tcp_dial.go
@ -40,7 +40,7 @@ func (d *tcpDialer) Dial(id protocol.DeviceID, uri *url.URL) (IntermediateConnec
 	}

 	tc := tls.Client(conn, d.tlsCfg)
-	err = tc.Handshake()
+	err = tlsTimedHandshake(tc)
 	if err != nil {
 		tc.Close()
 		return IntermediateConnection{}, err
--- a/lib/connections/tcp_listen.go
+++ b/lib/connections/tcp_listen.go
@ -108,7 +108,7 @@ func (t *tcpListener) Serve() {
 		}

 		tc := tls.Server(conn, t.tlsCfg)
-		err = tc.Handshake()
+		err = tlsTimedHandshake(tc)
 		if err != nil {
 			l.Infoln("TLS handshake (BEP/tcp):", err)
 			tc.Close()