From: Scott Cantor <cantor.2@osu.edu>
Date: Wed, 20 May 2009 17:41:42 +0000 (+0000)
Subject: https://issues.shibboleth.net/jira/browse/SSPCPP-207
X-Git-Tag: 2.2.0~63
X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;h=1ff02ba5c737f884bb6e361933ef651941cbf829;p=shibboleth%2Fcpp-sp.git

https://issues.shibboleth.net/jira/browse/SSPCPP-207
---

diff --git a/shibsp/remoting/impl/SocketListener.cpp b/shibsp/remoting/impl/SocketListener.cpp
index 870d0e3..06dd49c 100644
--- a/shibsp/remoting/impl/SocketListener.cpp
+++ b/shibsp/remoting/impl/SocketListener.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2007 Internet2
+ *  Copyright 2001-2009 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -234,8 +234,10 @@ bool SocketListener::run(bool* shutdown)
             {
                 // Accept the connection.
                 SocketListener::ShibSocket newsock;
-                if (!accept(m_socket, newsock))
+                if (!accept(m_socket, newsock)) {
                     log->crit("failed to accept incoming socket connection");
+                    continue;
+                }
 
                 // We throw away the result because the children manage themselves...
                 try {
diff --git a/shibsp/remoting/impl/TCPListener.cpp b/shibsp/remoting/impl/TCPListener.cpp
index 0c860f5..05f2f90 100644
--- a/shibsp/remoting/impl/TCPListener.cpp
+++ b/shibsp/remoting/impl/TCPListener.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2007 Internet2
+ *  Copyright 2001-2009 Internet2
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -75,7 +75,7 @@ namespace shibsp {
 
         string m_address;
         unsigned short m_port;
-        vector<string> m_acl;
+        set<string> m_acl;
     };
 
     ListenerService* SHIBSP_DLLLOCAL TCPListenerServiceFactory(const DOMElement* const & e)
@@ -108,15 +108,15 @@ TCPListener::TCPListener(const DOMElement* e) : SocketListener(e), m_address("12
             int j = 0;
             for (unsigned int i=0;  i < sockacl.length();  i++) {
                 if (sockacl.at(i)==' ') {
-                    m_acl.push_back(sockacl.substr(j, i-j));
+                    m_acl.insert(sockacl.substr(j, i-j));
                     j = i+1;
                 }
             }
-            m_acl.push_back(sockacl.substr(j, sockacl.length()-j));
+            m_acl.insert(sockacl.substr(j, sockacl.length()-j));
         }
     }
     else
-        m_acl.push_back("127.0.0.1");
+        m_acl.insert("127.0.0.1");
 }
 
 void TCPListener::setup_tcp_sockaddr(struct sockaddr_in* addr) const
@@ -205,12 +205,11 @@ bool TCPListener::accept(ShibSocket& listener, ShibSocket& s) const
 #endif
         return log_error();
     char* client=inet_ntoa(addr.sin_addr);
-    for (vector<string>::const_iterator i=m_acl.begin(); i!=m_acl.end(); i++) {
-        if (*i==client)
-            return true;
+    if (m_acl.count(client) == 0) {
+        close(s);
+        s=-1;
+        log->error("accept() rejected client at %s", client);
+        return false;
     }
-    close(s);
-    s=-1;
-    log->error("accept() rejected client at %s\n",client);
-    return false;
+    return true;
 }