DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix corrupted hostname from partial connection read

Browse source
This commit is contained in:
Chotiwat Chawannakul 2023-09-27 20:14:24 -07:00
parent dc3acbd786
commit 8d99af1872
1 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
pkg/tcpproxy/tcp.go
View file

@ -62,7 +62,15 @@ func (p *TCPProxy) Handle(conn net.Conn) {
// See: https://www.ibm.com/docs/en/ztpf/1.1.0.15?topic=sessions-ssl-record-format
data := make([]byte, 16384)
length, err := conn.Read(data)
// read the tls header first
_, err := io.ReadFull(conn, data[:parser.TLSHeaderLength])
if err != nil {
klog.V(4).ErrorS(err, "Error reading TLS header from the connection")
return
}
// get the total data length then read the rest
length := int(data[3])<<8 + int(data[4]) + parser.TLSHeaderLength
_, err = io.ReadFull(conn, data[parser.TLSHeaderLength:length])
if err != nil {
klog.V(4).ErrorS(err, "Error reading data from the connection")
return
@ -115,7 +123,7 @@ func (p *TCPProxy) Handle(conn net.Conn) {
} else {
_, err = clientConn.Write(data[:length])
if err != nil {
klog.Errorf("Error writing the first 4k of proxy data: %v", err)
klog.Errorf("Error writing the first %d bytes of proxy data: %v", length, err)
clientConn.Close()
}
}