Merge pull request #1320 from fatedier/new

add read timeout for TLS check operation
6 years ago · 8e36e2bb67
parent fd336a5503 541ad8d899
commit 8e36e2bb67
4 changed files with 24 additions and 5 deletions
--- a/.github/ISSUE_TEMPLATE
+++ b/.github/ISSUE_TEMPLATE
@ -1,5 +1,7 @@
 Issue is only used for submiting bug report and documents typo. If there are same issues or answers can be found in documents, we will close it directly.
 (为了节约时间，提高处理问题的效率，不按照格式填写的 issue 将会直接关闭。)
+(请不要在 issue 评论中出现无意义的 **加1**，**我也是** 等内容，将会被直接删除。)
+(由于个人精力有限，和系统环境，网络环境等相关的求助问题请转至其他论坛或社交平台。)

 Use the commands below to provide key information from your environment:
 You do NOT have to include this information if this is a FEATURE REQUEST
--- a/server/service.go
+++ b/server/service.go
@ -259,7 +259,16 @@ func (svr *Service) HandleListener(l frpNet.Listener) {
 			log.Warn("Listener for incoming connections from client closed")
 			return
 		}
-		c = frpNet.CheckAndEnableTLSServerConn(c, svr.tlsConfig)
+
+		log.Trace("start check TLS connection...")
+		originConn := c
+		c, err = frpNet.CheckAndEnableTLSServerConnWithTimeout(c, svr.tlsConfig, connReadTimeout)
+		if err != nil {
+			log.Warn("CheckAndEnableTLSServerConnWithTimeout error: %v", err)
+			originConn.Close()
+			continue
+		}
+		log.Trace("success check TLS connection")

 		// Start a new goroutine for dealing connections.
 		go func(frpConn frpNet.Conn) {
--- a/utils/net/tls.go
+++ b/utils/net/tls.go
@ -17,6 +17,7 @@ package net
 import (
 	"crypto/tls"
 	"net"
+	"time"

 	gnet "github.com/fatedier/golib/net"
 )
@ -31,10 +32,17 @@ func WrapTLSClientConn(c net.Conn, tlsConfig *tls.Config) (out Conn) {
 	return
 }

-func CheckAndEnableTLSServerConn(c net.Conn, tlsConfig *tls.Config) (out Conn) {
-	sc, r := gnet.NewSharedConnSize(c, 1)
+func CheckAndEnableTLSServerConnWithTimeout(c net.Conn, tlsConfig *tls.Config, timeout time.Duration) (out Conn, err error) {
+	sc, r := gnet.NewSharedConnSize(c, 2)
 	buf := make([]byte, 1)
-	n, _ := r.Read(buf)
+	var n int
+	c.SetReadDeadline(time.Now().Add(timeout))
+	n, err = r.Read(buf)
+	c.SetReadDeadline(time.Time{})
+	if err != nil {
+		return
+	}
+
 	if n == 1 && int(buf[0]) == FRP_TLS_HEAD_BYTE {
 		out = WrapConn(tls.Server(c, tlsConfig))
 	} else {
--- a/utils/version/version.go
+++ b/utils/version/version.go
@ -19,7 +19,7 @@ import (
 	"strings"
 )

-var version string = "0.27.0"
+var version string = "0.27.1"

 func Full() string {
 	return version