protocomm_httpd: Restart security session if request is received on a new session

This commit fixes a bug as well as changes a behaviour.

Bugfix: During softap/httpd based provisioning, if a session was closed
midway and a new one started, it would never proceed if the http server
assigns same socket number to the new session (which happens almost always).
Now, if a session is closed, using the http callbacks, the older session
data is cleared so that a new one can be created.

Behavioural change: If a client (mobile app particularly) does not use
persistent http session i.e. all provisioning communication on the same
socket, the provisioning may fail. Earlier, since the session context was
not getting cleared, even if the client closed a session and continued
on a new one, it would go through if the socket number assigned was same
(which happens almost always).

Ideally, from a security perspective, all communication related
to secure provisioning must happen on the same socket, and so, this
change is required.
This commit is contained in:
Piyush Shah 2020-05-06 20:14:52 +05:30
parent ccdd06937f
commit f677655fcb

View File

@ -31,6 +31,17 @@ static uint32_t session_id = PROTOCOMM_NO_SESSION_ID;
#define MAX_REQ_BODY_LEN 4096 #define MAX_REQ_BODY_LEN 4096
static void protocomm_httpd_session_close(void *ctx)
{
if (pc_httpd->sec && pc_httpd->sec->close_transport_session) {
ESP_LOGW(TAG, "Closing session as socket %d was closed", session_id);
if (pc_httpd->sec->close_transport_session((protocomm_security_handle_t)ctx, session_id) != ESP_OK) {
ESP_LOGW(TAG, "Error closing session with ID: %d", session_id);
}
}
session_id = PROTOCOMM_NO_SESSION_ID;
}
static esp_err_t common_post_handler(httpd_req_t *req) static esp_err_t common_post_handler(httpd_req_t *req)
{ {
esp_err_t ret; esp_err_t ret;
@ -42,6 +53,7 @@ static esp_err_t common_post_handler(httpd_req_t *req)
int cur_session_id = httpd_req_to_sockfd(req); int cur_session_id = httpd_req_to_sockfd(req);
if (cur_session_id != session_id) { if (cur_session_id != session_id) {
ESP_LOGI(TAG, "Creating new session: %d", cur_session_id);
/* Initialize new security session */ /* Initialize new security session */
if (session_id != PROTOCOMM_NO_SESSION_ID) { if (session_id != PROTOCOMM_NO_SESSION_ID) {
ESP_LOGD(TAG, "Closing session with ID: %d", session_id); ESP_LOGD(TAG, "Closing session with ID: %d", session_id);
@ -62,6 +74,9 @@ static esp_err_t common_post_handler(httpd_req_t *req)
ret = ESP_FAIL; ret = ESP_FAIL;
goto out; goto out;
} }
req->sess_ctx = pc_httpd->sec_inst;
req->free_ctx = protocomm_httpd_session_close;
} }
session_id = cur_session_id; session_id = cur_session_id;
ESP_LOGD(TAG, "New session with ID: %d", cur_session_id); ESP_LOGD(TAG, "New session with ID: %d", cur_session_id);