I try to use boost ssl socket server. I get the example from https://www.boost.org/doc/libs/1_69_0/doc/html/boost_asio/example/cpp11/ssl/server.cpp and try to cout receive data:
#include <cstdlib>
#include <functional>
#include <iostream>
#include <boost/asio.hpp>
#include <boost/asio/ssl.hpp>
using boost::asio::ip::tcp;
class session : public std::enable_shared_from_this<session>
{
public:
session(tcp::socket socket, boost::asio::ssl::context& context)
: socket_(std::move(socket), context)
{
}
void start()
{
do_handshake();
}
private:
void do_handshake()
{
auto self(shared_from_this());
socket_.async_handshake(boost::asio::ssl::stream_base::server,
[this, self](const boost::system::error_code& error)
{
if (!error)
{
do_read();
}
});
}
void do_read()
{
auto self(shared_from_this());
socket_.async_read_some(boost::asio::buffer(data_),
[this, self](const boost::system::error_code& ec, std::size_t length)
{
if (!ec)
{
std::cout << std::string(data_) << std::endl;
do_write(length);
}
});
}
void do_write(std::size_t length)
{
auto self(shared_from_this());
boost::asio::async_write(socket_, boost::asio::buffer(data_, length),
[this, self](const boost::system::error_code& ec,
std::size_t /*length*/)
{
if (!ec)
{
do_read();
}
});
}
boost::asio::ssl::stream<tcp::socket> socket_;
char data_[1024];
};
class server
{
public:
server(boost::asio::io_context& io_context, unsigned short port)
: acceptor_(io_context, tcp::endpoint(tcp::v4(), port)),
context_(boost::asio::ssl::context::sslv23)
{
context_.set_options(
boost::asio::ssl::context::default_workarounds
| boost::asio::ssl::context::no_sslv2
| boost::asio::ssl::context::single_dh_use);
context_.set_password_callback(std::bind(&server::get_password, this));
context_.use_certificate_chain_file("/home/chiffa/SOAP/CRT/Server.crt");
context_.use_private_key_file("/home/chiffa/SOAP/CRT/Server.key", boost::asio::ssl::context::pem);
context_.use_tmp_dh_file("/home/chiffa/SOAP/CRT/dh2048.pem");
do_accept();
}
private:
std::string get_password() const
{
return "test";
}
void do_accept()
{
acceptor_.async_accept(
[this](const boost::system::error_code& error, tcp::socket socket)
{
if (!error)
{
std::make_shared<session>(std::move(socket), context_)->start();
}
do_accept();
});
}
tcp::acceptor acceptor_;
boost::asio::ssl::context context_;
};
int main(int argc, char* argv[])
{
try
{
boost::asio::io_context io_context;
using namespace std; // For atoi.
server s(io_context, atoi("4443"));
io_context.run();
}
catch (std::exception& e)
{
std::cerr << "Exception: " << e.what() << "\n";
}
return 0;
}
Then I send from POSTMAN some JSON data, like:
{
"cmd": "alerts",
"endpoint": "ref/alerts",
"lng_id": 1
}
But on cout I get this:
POST /ref/alerts HTTP/1.1 Content-Type: application/json cache-control: no-cache Postman-Token: 545be9f7-8d3f-4f7e-ba44-e3a38d648031 User-Agent: PostmanRuntime/7.6.0 Accept: */* Host: 192.168.1.229:4443 accept-encoding: gzip, deflate content-length: 70 Connection: keep-alive { "cmd": "alerts", "endpoint": "ref/alerts", "lng_id": 1 }flate, br Content-Length: 51 FHaIuRqCKdojreapq3ziIChnhxJ5Lllt1kgJbhSVxQbnpB5967wNASYNyM glcGRtZfQW7Ymb03WyroD7GoKNKQEo5JYBmOf8I1AQKBgQDTbvwifdNySWVybKIn wXPdHYJpcQ/E3pP1SCtmHxTMpU6fdPaM3K53o4YCIOdgA2Lu6yMyVsrqJfiBID5Z tu8Q2cd1YwAUeM2iiDNriYyP3ZEt7bzZQ5GRV95aOeiLlGTuqEhi0/u9OiDNCWnQ 03IDqZeloMd1OiT0heN5NNKVOwKBgQDKxvd9ntlfzACxlltR86T/E0b6tL84X0IS kvCHuZNLs5Ls+lZALKu4cuMfxOgxqI65qxgsUqFqFzjWHhi8NVVW1bLP0Yq0+r8a Yz17mz0L6iUBnW5kUs7yIGxT6ww+ski7JJY0h8EtBi7gNyET/lZyafLFoRYI9Lsb tqMB+9/3QQKBgHoMnAExDwju81+c8/HtCvv919UUDd0/+rrhYSP/FxuW5Q7JDrV7 gj7Pp0C9S7Kx4b82/sdFMLb/Gjc3rKZPIitg+3F4p4gpv9Jtuvj9mqVFalPP426r QXFb/p+ow+Mm0yis/bQG2E+AKYUSRQHlvO/+SuqyJ9E0sjZwv0GtS!
Can anyone explain why it adds flate, br Content-Length: 51 FHaIuRqCKdojreapq3z......
and how to fix it?
In your session
class, the data_
member is a simple char[]
array, thus when do_read()
calls std::string(data_)
, the std::string
constructor treats data_
as a null-terminated C string, reading until it finds a '\0'
char in memory.
But, data_
is not a null-terminated C string. If a '\0'
char is not found within the bytes that async_read_some()
wrote into data_
(which will never be found in this example), then the std::string
will simply read into the rest of the data_
memory and you end up outputting whatever was already present in data_
that async_read_some()
did not overwrite. But worse, if no '\0'
is found before the end of data_
is reached, the std::string
will keep reading into surrounding memory, and now you have a buffer overflow.
The length
parameter of the async_read_some()
predicate is the actual number of bytes saved into data_
. Use the std::string
constructor that accepts a length as an input parameter:
std:::cout << std::string(data_, length);
Or, you can get rid of the std::string
altogether by using the ostream::write()
method instead:
std::cout.write(data_, length);