X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=multipass.rs;h=629d07e851e468e8f7673ccc809f5e89cb37959f;hb=6b181a6bfdc3556cdf40d52268c26ff67caa3714;hp=958d18955d3aacaca3279f8481097420587db52e;hpb=d247b11a05b2671e087c011b84499b3493f731a0;p=linux-dallas-multipass

diff --git a/multipass.rs b/multipass.rs
index 958d189..629d07e 100644
--- a/multipass.rs
+++ b/multipass.rs
@@ -7,10 +7,7 @@ extern crate simple_error;
 
 use pcsc::*;
 use core::task::{Context, Poll};
-use futures_util::{
-    future::TryFutureExt,
-    stream::{Stream, StreamExt, TryStreamExt},
-};
+use futures_util::stream::{Stream, StreamExt};
 use hyper::service::{make_service_fn, service_fn};
 use hyper::{Body, Method, Request, Response, Server, StatusCode};
 use hyper::header::HeaderValue;
@@ -64,18 +61,25 @@ async fn run_server() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
 
     // Create a TCP listener via tokio.
     let mut tcp = TcpListener::bind(&addr).await?;
-    let tls_acceptor = TlsAcceptor::from(tls_cfg);
+    let tls_acceptor = &TlsAcceptor::from(tls_cfg);
     // Prepare a long-running future stream to accept and serve cients.
     let incoming_tls_stream = tcp
         .incoming()
-        .map_err(|e| error(format!("Incoming failed: {:?}", e)))
-        .and_then(move |s| {
-            tls_acceptor.accept(s).map_err(|e| {
-                println!("[!] Voluntary server halt due to client-connection error...");
-                // Errors could be handled here, instead of server aborting.
-       //         println!("TLS Error: {:?}", e);
-		 error(format!("TLS Error: {:?}", e))
-            })
+        .filter_map(move |s| async move {
+            let client = match s {
+                Ok(x) => x,
+                Err(e) => {
+                    println!("Failed to accept a client, should probably back off");
+                    return Some(Err(e));
+                }
+            };
+            match tls_acceptor.accept(client).await {
+                Ok(x) => Some(Ok(x)),
+                Err(e) => {
+                    println!("[!] Client connection error: {}", e);
+                    None
+                }
+            }
         })
         .boxed();
 
@@ -251,7 +255,7 @@ fn get_readers() -> Result<hyper::Body, Box<dyn std::error::Error>>
 }
 
 fn transmit_apdu(card: &Card, mut apdu: &[u8]) -> Result<String, Box<dyn std::error::Error>> {
-        if apdu[0] == 0xff && apdu[1] == 0xff && apdu[2] == 0x01 && apdu[3] == 0x04 {
+        if apdu.len() >= 11 && apdu[0] == 0xff && apdu[1] == 0xff && apdu[2] == 0x01 && apdu[3] == 0x04 {
             // APDUs with PIN codes are obfuscated (see /getref/ above)
             // with a special extension header used only in scproxy. The format seems to be:
             //
@@ -305,7 +309,7 @@ fn apdureq(reader_name: &str, req: String) -> Result<hyper::Body, Box<dyn std::e
         let apdus = get_apducommands(req.clone())?;
 	let mut any_sensitive = false;
 	for apdu in &apdus {
-		if apdu[0] == 0xff && apdu[1] == 0xff {
+		if apdu.len() >= 2 && apdu[0] == 0xff && apdu[1] == 0xff {
 			any_sensitive = true;
 		}
 	}