diff options
author | Bernd Fix <brf@hoi-polloi.org> | 2023-01-24 11:46:09 +0100 |
---|---|---|
committer | Bernd Fix <brf@hoi-polloi.org> | 2023-01-24 11:46:09 +0100 |
commit | 5ea40b971a196afd4783d64ea1932864c9688030 (patch) | |
tree | 76a238dbdce76c2335afe06e627eebe8b0390d92 | |
parent | 1a7284815bb2a63aac6b726e9167baed4813aa95 (diff) | |
download | gnunet-go-5ea40b971a196afd4783d64ea1932864c9688030.tar.gz gnunet-go-5ea40b971a196afd4783d64ea1932864c9688030.zip |
Changes based on security audit "ngie-gnunetr5n".v0.1.40
-rw-r--r-- | src/gnunet/service/dht/blocks/filters.go | 5 | ||||
-rw-r--r-- | src/gnunet/service/dht/blocks/gns.go | 7 | ||||
-rw-r--r-- | src/gnunet/service/dht/blocks/hello.go | 8 | ||||
-rw-r--r-- | src/gnunet/service/dht/messages.go | 77 | ||||
-rw-r--r-- | src/gnunet/service/dht/module.go | 4 | ||||
-rw-r--r-- | src/gnunet/service/dht/routingtable.go | 9 | ||||
-rw-r--r-- | src/gnunet/service/dht/service.go | 7 | ||||
-rw-r--r-- | src/gnunet/transport/endpoint.go | 21 | ||||
-rw-r--r-- | src/gnunet/util/peer.go | 10 |
9 files changed, 81 insertions, 67 deletions
diff --git a/src/gnunet/service/dht/blocks/filters.go b/src/gnunet/service/dht/blocks/filters.go index e7d961f..273b082 100644 --- a/src/gnunet/service/dht/blocks/filters.go +++ b/src/gnunet/service/dht/blocks/filters.go | |||
@@ -37,10 +37,13 @@ type PeerFilter struct { | |||
37 | BF *BloomFilter | 37 | BF *BloomFilter |
38 | } | 38 | } |
39 | 39 | ||
40 | // PeerFilterSize is 128 bytes (fixed). | ||
41 | const PeerFilterSize = 128 | ||
42 | |||
40 | // NewPeerFilter creates an empty peer filter instance. | 43 | // NewPeerFilter creates an empty peer filter instance. |
41 | func NewPeerFilter() *PeerFilter { | 44 | func NewPeerFilter() *PeerFilter { |
42 | return &PeerFilter{ | 45 | return &PeerFilter{ |
43 | BF: NewBloomFilter(128), | 46 | BF: NewBloomFilter(PeerFilterSize), |
44 | } | 47 | } |
45 | } | 48 | } |
46 | 49 | ||
diff --git a/src/gnunet/service/dht/blocks/gns.go b/src/gnunet/service/dht/blocks/gns.go index e419279..e08488c 100644 --- a/src/gnunet/service/dht/blocks/gns.go +++ b/src/gnunet/service/dht/blocks/gns.go | |||
@@ -39,6 +39,9 @@ var ( | |||
39 | ErrBlockCantDecrypt = errors.New("can't decrypt block type") | 39 | ErrBlockCantDecrypt = errors.New("can't decrypt block type") |
40 | ) | 40 | ) |
41 | 41 | ||
42 | // GNSContext for key derivation | ||
43 | const GNSContext = "gns" | ||
44 | |||
42 | //---------------------------------------------------------------------- | 45 | //---------------------------------------------------------------------- |
43 | // Query key for GNS lookups | 46 | // Query key for GNS lookups |
44 | //---------------------------------------------------------------------- | 47 | //---------------------------------------------------------------------- |
@@ -62,7 +65,7 @@ func (q *GNSQuery) Verify(b Block) (err error) { | |||
62 | // verify derived key | 65 | // verify derived key |
63 | dkey := blk.DerivedKeySig.ZoneKey | 66 | dkey := blk.DerivedKeySig.ZoneKey |
64 | var dkey2 *crypto.ZoneKey | 67 | var dkey2 *crypto.ZoneKey |
65 | if dkey2, _, err = q.Zone.Derive(q.Label, "gns"); err != nil { | 68 | if dkey2, _, err = q.Zone.Derive(q.Label, GNSContext); err != nil { |
66 | return | 69 | return |
67 | } | 70 | } |
68 | if !dkey.Equal(dkey2) { | 71 | if !dkey.Equal(dkey2) { |
@@ -102,7 +105,7 @@ func NewGNSQuery(zkey *crypto.ZoneKey, label string) *GNSQuery { | |||
102 | // derive a public key from (pkey,label) and set the repository | 105 | // derive a public key from (pkey,label) and set the repository |
103 | // key as the SHA512 hash of the binary key representation. | 106 | // key as the SHA512 hash of the binary key representation. |
104 | // (key blinding) | 107 | // (key blinding) |
105 | pd, _, err := zkey.Derive(label, "gns") | 108 | pd, _, err := zkey.Derive(label, GNSContext) |
106 | if err != nil { | 109 | if err != nil { |
107 | logger.Printf(logger.ERROR, "[NewGNSQuery] failed: %s", err.Error()) | 110 | logger.Printf(logger.ERROR, "[NewGNSQuery] failed: %s", err.Error()) |
108 | return nil | 111 | return nil |
diff --git a/src/gnunet/service/dht/blocks/hello.go b/src/gnunet/service/dht/blocks/hello.go index 5b14aa1..da67521 100644 --- a/src/gnunet/service/dht/blocks/hello.go +++ b/src/gnunet/service/dht/blocks/hello.go | |||
@@ -123,13 +123,13 @@ func ParseHelloBlockFromURL(u string, checkExpiry bool) (h *HelloBlock, err erro | |||
123 | 123 | ||
124 | // (1) parse peer public key (peer ID) | 124 | // (1) parse peer public key (peer ID) |
125 | var buf []byte | 125 | var buf []byte |
126 | if buf, err = util.DecodeStringToBinary(p[0], 32); err != nil { | 126 | if buf, err = util.DecodeStringToBinary(p[0], util.PeerPublicKeySize); err != nil { |
127 | return | 127 | return |
128 | } | 128 | } |
129 | h.PeerID = util.NewPeerID(buf) | 129 | h.PeerID = util.NewPeerID(buf) |
130 | 130 | ||
131 | // (2) parse signature | 131 | // (2) parse signature |
132 | if buf, err = util.DecodeStringToBinary(p[1], 64); err != nil { | 132 | if buf, err = util.DecodeStringToBinary(p[1], util.PeerSignatureSize); err != nil { |
133 | return | 133 | return |
134 | } | 134 | } |
135 | h.Signature = util.NewPeerSignature(buf) | 135 | h.Signature = util.NewPeerSignature(buf) |
@@ -315,12 +315,14 @@ type _SignedData struct { | |||
315 | AddrHash *crypto.HashCode // address hash | 315 | AddrHash *crypto.HashCode // address hash |
316 | } | 316 | } |
317 | 317 | ||
318 | const _SignedDataSize = 80 // (8 + 8 + 64) | ||
319 | |||
318 | // SignedData assembles a data block for sign and verify operations. | 320 | // SignedData assembles a data block for sign and verify operations. |
319 | func (h *HelloBlock) SignedData() []byte { | 321 | func (h *HelloBlock) SignedData() []byte { |
320 | // assemble signed data | 322 | // assemble signed data |
321 | sd := &_SignedData{ | 323 | sd := &_SignedData{ |
322 | Purpose: &crypto.SignaturePurpose{ | 324 | Purpose: &crypto.SignaturePurpose{ |
323 | Size: 80, | 325 | Size: _SignedDataSize, |
324 | Purpose: enums.SIG_HELLO, | 326 | Purpose: enums.SIG_HELLO, |
325 | }, | 327 | }, |
326 | Expire: h.Expire_, | 328 | Expire: h.Expire_, |
diff --git a/src/gnunet/service/dht/messages.go b/src/gnunet/service/dht/messages.go index 9fedd10..912203d 100644 --- a/src/gnunet/service/dht/messages.go +++ b/src/gnunet/service/dht/messages.go | |||
@@ -37,6 +37,9 @@ import ( | |||
37 | // Handle DHT messages from the network | 37 | // Handle DHT messages from the network |
38 | //---------------------------------------------------------------------- | 38 | //---------------------------------------------------------------------- |
39 | 39 | ||
40 | // MaxSortResults is the max. number of sorted results | ||
41 | const MaxSortResults = 10 | ||
42 | |||
40 | // HandleMessage handles a DHT request/response message. Responses are sent | 43 | // HandleMessage handles a DHT request/response message. Responses are sent |
41 | // to the specified responder. | 44 | // to the specified responder. |
42 | // | 45 | // |
@@ -154,12 +157,12 @@ func (m *Module) HandleMessage(ctx context.Context, sender *util.PeerID, msgIn m | |||
154 | // create total result list | 157 | // create total result list |
155 | if len(results) == 0 { | 158 | if len(results) == 0 { |
156 | results = lclResults | 159 | results = lclResults |
157 | } else if len(results)+len(lclResults) <= 10 { | 160 | } else if len(results)+len(lclResults) <= MaxSortResults { |
158 | // handle few results directly | 161 | // handle few results directly |
159 | results = append(results, lclResults...) | 162 | results = append(results, lclResults...) |
160 | } else { | 163 | } else { |
161 | // compile a new sorted list from results. | 164 | // compile a new sorted list from results. |
162 | list := store.NewSortedDHTResults(10) | 165 | list := store.NewSortedDHTResults(MaxSortResults) |
163 | for pos, res := range results { | 166 | for pos, res := range results { |
164 | list.Add(res, pos) | 167 | list.Add(res, pos) |
165 | } | 168 | } |
@@ -313,24 +316,7 @@ func (m *Module) HandleMessage(ctx context.Context, sender *util.PeerID, msgIn m | |||
313 | // if the put is for a HELLO block, add the sender to the | 316 | // if the put is for a HELLO block, add the sender to the |
314 | // routing table (9.3.2.9) | 317 | // routing table (9.3.2.9) |
315 | if msg.BType == enums.BLOCK_TYPE_DHT_HELLO { | 318 | if msg.BType == enums.BLOCK_TYPE_DHT_HELLO { |
316 | // get addresses from HELLO block | 319 | m.addSender(msg.Block, label, sender) |
317 | hello, err := blocks.ParseHelloBlockFromBytes(msg.Block) | ||
318 | if err != nil { | ||
319 | logger.Printf(logger.ERROR, "[%s] failed to parse HELLO block: %s", label, err.Error()) | ||
320 | } else { | ||
321 | // check state of bucket for given address | ||
322 | if m.rtable.Check(NewPeerAddress(hello.PeerID)) == 0 { | ||
323 | // we could add the sender to the routing table | ||
324 | for _, addr := range hello.Addresses() { | ||
325 | if transport.CanHandleAddress(addr) { | ||
326 | // try to connect to peer (triggers EV_CONNECTED on success) | ||
327 | if err := m.core.TryConnect(sender, addr); err != nil { | ||
328 | logger.Printf(logger.ERROR, "[%s] try-connection to %s failed: %s", label, addr.URI(), err.Error()) | ||
329 | } | ||
330 | } | ||
331 | } | ||
332 | } | ||
333 | } | ||
334 | } | 320 | } |
335 | //-------------------------------------------------------------- | 321 | //-------------------------------------------------------------- |
336 | // check if we need to forward | 322 | // check if we need to forward |
@@ -418,24 +404,7 @@ func (m *Module) HandleMessage(ctx context.Context, sender *util.PeerID, msgIn m | |||
418 | // if the put is for a HELLO block, add the originator to the | 404 | // if the put is for a HELLO block, add the originator to the |
419 | // routing table (9.5.2.5) | 405 | // routing table (9.5.2.5) |
420 | if btype == enums.BLOCK_TYPE_DHT_HELLO { | 406 | if btype == enums.BLOCK_TYPE_DHT_HELLO { |
421 | // get addresses from HELLO block | 407 | m.addSender(msg.Block, label, sender) |
422 | hello, err := blocks.ParseHelloBlockFromBytes(msg.Block) | ||
423 | if err != nil { | ||
424 | logger.Printf(logger.ERROR, "[%s] failed to parse HELLO block: %s", label, err.Error()) | ||
425 | } else { | ||
426 | // check state of bucket for given address | ||
427 | if m.rtable.Check(NewPeerAddress(hello.PeerID)) == 0 { | ||
428 | // we could add the originator to the routing table | ||
429 | for _, addr := range hello.Addresses() { | ||
430 | if transport.CanHandleAddress(addr) { | ||
431 | // try to connect to peer (triggers EV_CONNECTED on success) | ||
432 | if err := m.core.TryConnect(sender, addr); err != nil { | ||
433 | logger.Printf(logger.ERROR, "[%s] try-connection to %s failed: %s", label, addr.URI(), err.Error()) | ||
434 | } | ||
435 | } | ||
436 | } | ||
437 | } | ||
438 | } | ||
439 | } | 408 | } |
440 | // message forwarding to responder | 409 | // message forwarding to responder |
441 | logger.Printf(logger.DBG, "[%s] result key = %s", label, msg.Query.Short()) | 410 | logger.Printf(logger.DBG, "[%s] result key = %s", label, msg.Query.Short()) |
@@ -451,12 +420,10 @@ func (m *Module) HandleMessage(ctx context.Context, sender *util.PeerID, msgIn m | |||
451 | logger.Printf(logger.DBG, "[%s] Result handler not suitable (%s != %s) -- skipped", label, rh.Type(), btype) | 420 | logger.Printf(logger.DBG, "[%s] Result handler not suitable (%s != %s) -- skipped", label, rh.Type(), btype) |
452 | continue | 421 | continue |
453 | } | 422 | } |
454 | /* | 423 | if rh.Flags()&enums.DHT_RO_FIND_APPROXIMATE == 0 && msg.Flags&enums.DHT_RO_FIND_APPROXIMATE != 0 { |
455 | if rh.Flags()&enums.DHT_RO_FIND_APPROXIMATE != msg.Flags&enums.DHT_RO_FIND_APPROXIMATE { | 424 | logger.Printf(logger.DBG, "[%s] Result handler asked for match, got approx -- ignored", label) |
456 | logger.Printf(logger.DBG, "[%s] Result handler asked for match, got approx -- ignored", label) | 425 | continue |
457 | continue | 426 | } |
458 | } | ||
459 | */ | ||
460 | //-------------------------------------------------------------- | 427 | //-------------------------------------------------------------- |
461 | // check task list for handler (9.5.2.6) | 428 | // check task list for handler (9.5.2.6) |
462 | if rh.Flags()&enums.DHT_RO_FIND_APPROXIMATE == 0 && blkKey != nil && !blkKey.Equal(rh.Key()) { | 429 | if rh.Flags()&enums.DHT_RO_FIND_APPROXIMATE == 0 && blkKey != nil && !blkKey.Equal(rh.Key()) { |
@@ -588,6 +555,28 @@ func (m *Module) HandleMessage(ctx context.Context, sender *util.PeerID, msgIn m | |||
588 | // Helpers | 555 | // Helpers |
589 | //---------------------------------------------------------------------- | 556 | //---------------------------------------------------------------------- |
590 | 557 | ||
558 | // add a HELLO block sender to routing table | ||
559 | func (m *Module) addSender(block []byte, label string, sender *util.PeerID) { | ||
560 | // get addresses from HELLO block | ||
561 | hello, err := blocks.ParseHelloBlockFromBytes(block) | ||
562 | if err != nil { | ||
563 | logger.Printf(logger.ERROR, "[%s] failed to parse HELLO block: %s", label, err.Error()) | ||
564 | } else { | ||
565 | // check state of bucket for given address | ||
566 | if m.rtable.Check(NewPeerAddress(hello.PeerID)) == 0 { | ||
567 | // we could add the sender to the routing table | ||
568 | for _, addr := range hello.Addresses() { | ||
569 | if transport.CanHandleAddress(addr) { | ||
570 | // try to connect to peer (triggers EV_CONNECTED on success) | ||
571 | if err := m.core.TryConnect(sender, addr); err != nil { | ||
572 | logger.Printf(logger.ERROR, "[%s] try-connection to %s failed: %s", label, addr.URI(), err.Error()) | ||
573 | } | ||
574 | } | ||
575 | } | ||
576 | } | ||
577 | } | ||
578 | } | ||
579 | |||
591 | // send a result back to caller | 580 | // send a result back to caller |
592 | func (m *Module) sendResult(ctx context.Context, query blocks.Query, blk blocks.Block, pth *path.Path, back transport.Responder) error { | 581 | func (m *Module) sendResult(ctx context.Context, query blocks.Query, blk blocks.Block, pth *path.Path, back transport.Responder) error { |
593 | // assemble result message | 582 | // assemble result message |
diff --git a/src/gnunet/service/dht/module.go b/src/gnunet/service/dht/module.go index 9f3aaa0..a954a37 100644 --- a/src/gnunet/service/dht/module.go +++ b/src/gnunet/service/dht/module.go | |||
@@ -142,7 +142,7 @@ func NewModule(ctx context.Context, c *core.Core, cfg *config.DHTConfig) (m *Mod | |||
142 | c.Register("dht", listener) | 142 | c.Register("dht", listener) |
143 | 143 | ||
144 | // run periodic tasks (8.2. peer discovery) | 144 | // run periodic tasks (8.2. peer discovery) |
145 | ticker := time.NewTicker(5 * time.Minute) | 145 | ticker := time.NewTicker(DiscoveryPeriod) |
146 | key := crypto.Hash(m.core.PeerID().Bytes()) | 146 | key := crypto.Hash(m.core.PeerID().Bytes()) |
147 | flags := uint16(enums.DHT_RO_FIND_APPROXIMATE | enums.DHT_RO_DEMULTIPLEX_EVERYWHERE | enums.DHT_RO_DISCOVERY) | 147 | flags := uint16(enums.DHT_RO_FIND_APPROXIMATE | enums.DHT_RO_DEMULTIPLEX_EVERYWHERE | enums.DHT_RO_DISCOVERY) |
148 | var resCh <-chan blocks.Block | 148 | var resCh <-chan blocks.Block |
@@ -230,7 +230,7 @@ func (m *Module) Get(ctx context.Context, query blocks.Query) <-chan blocks.Bloc | |||
230 | ttl, ok := util.GetParam[time.Duration](query.Params(), "timeout") | 230 | ttl, ok := util.GetParam[time.Duration](query.Params(), "timeout") |
231 | if !ok { | 231 | if !ok { |
232 | // defaults to 10 minutes | 232 | // defaults to 10 minutes |
233 | ttl = 10 * time.Minute | 233 | ttl = DefaultGetTTL |
234 | } | 234 | } |
235 | lctx, cancel := context.WithTimeout(ctx, ttl) | 235 | lctx, cancel := context.WithTimeout(ctx, ttl) |
236 | 236 | ||
diff --git a/src/gnunet/service/dht/routingtable.go b/src/gnunet/service/dht/routingtable.go index a119bbe..d08433d 100644 --- a/src/gnunet/service/dht/routingtable.go +++ b/src/gnunet/service/dht/routingtable.go | |||
@@ -36,7 +36,8 @@ import ( | |||
36 | 36 | ||
37 | // Routing table constants | 37 | // Routing table constants |
38 | const ( | 38 | const ( |
39 | numK = 20 // number of entries per k-bucket | 39 | numK = 20 // number of entries per k-bucket |
40 | numBits = 512 // number of bits in SHA-512 value | ||
40 | ) | 41 | ) |
41 | 42 | ||
42 | //====================================================================== | 43 | //====================================================================== |
@@ -86,7 +87,7 @@ func (addr *PeerAddress) Equal(p *PeerAddress) bool { | |||
86 | // bucket index (smaller index = less distant). | 87 | // bucket index (smaller index = less distant). |
87 | func (addr *PeerAddress) Distance(p *PeerAddress) (*math.Int, int) { | 88 | func (addr *PeerAddress) Distance(p *PeerAddress) (*math.Int, int) { |
88 | r := util.Distance(addr.Key.Data, p.Key.Data) | 89 | r := util.Distance(addr.Key.Data, p.Key.Data) |
89 | return r, 512 - r.BitLen() | 90 | return r, numBits - r.BitLen() |
90 | } | 91 | } |
91 | 92 | ||
92 | //====================================================================== | 93 | //====================================================================== |
@@ -115,7 +116,7 @@ func NewRoutingTable(ref *PeerAddress, cfg *config.RoutingConfig) *RoutingTable | |||
115 | rt := &RoutingTable{ | 116 | rt := &RoutingTable{ |
116 | ref: ref, | 117 | ref: ref, |
117 | list: util.NewMap[string, *PeerAddress](), | 118 | list: util.NewMap[string, *PeerAddress](), |
118 | buckets: make([]*Bucket, 512), | 119 | buckets: make([]*Bucket, numBits), |
119 | l2nse: -1, | 120 | l2nse: -1, |
120 | inProcess: make(map[int]struct{}), | 121 | inProcess: make(map[int]struct{}), |
121 | cfg: cfg, | 122 | cfg: cfg, |
@@ -368,7 +369,7 @@ func (rt *RoutingTable) heartbeat(ctx context.Context) { | |||
368 | func (rt *RoutingTable) LookupHello(addr *PeerAddress, rf blocks.ResultFilter, approx bool, label string) (results []*store.DHTResult) { | 369 | func (rt *RoutingTable) LookupHello(addr *PeerAddress, rf blocks.ResultFilter, approx bool, label string) (results []*store.DHTResult) { |
369 | // iterate over cached HELLOs to find matches; | 370 | // iterate over cached HELLOs to find matches; |
370 | // approximate search is guided by distance | 371 | // approximate search is guided by distance |
371 | list := store.NewSortedDHTResults(10) | 372 | list := store.NewSortedDHTResults(MaxSortResults) |
372 | _ = rt.helloCache.ProcessRange(func(key string, hb *blocks.HelloBlock, _ int) error { | 373 | _ = rt.helloCache.ProcessRange(func(key string, hb *blocks.HelloBlock, _ int) error { |
373 | // check if block is excluded by result filter | 374 | // check if block is excluded by result filter |
374 | if !rf.Contains(hb) { | 375 | if !rf.Contains(hb) { |
diff --git a/src/gnunet/service/dht/service.go b/src/gnunet/service/dht/service.go index f5b6abd..b2e067a 100644 --- a/src/gnunet/service/dht/service.go +++ b/src/gnunet/service/dht/service.go | |||
@@ -22,6 +22,7 @@ import ( | |||
22 | "context" | 22 | "context" |
23 | "fmt" | 23 | "fmt" |
24 | "io" | 24 | "io" |
25 | "time" | ||
25 | 26 | ||
26 | "gnunet/config" | 27 | "gnunet/config" |
27 | "gnunet/core" | 28 | "gnunet/core" |
@@ -37,6 +38,12 @@ var ( | |||
37 | ErrInvalidResponseType = fmt.Errorf("invald response type") | 38 | ErrInvalidResponseType = fmt.Errorf("invald response type") |
38 | ) | 39 | ) |
39 | 40 | ||
41 | // Time constants | ||
42 | var ( | ||
43 | DefaultGetTTL = 10 * time.Minute // timeout for GET requests | ||
44 | DiscoveryPeriod = 5 * time.Minute // time between peer discovery runs | ||
45 | ) | ||
46 | |||
40 | //---------------------------------------------------------------------- | 47 | //---------------------------------------------------------------------- |
41 | // "GNUnet R5N DHT" service implementation | 48 | // "GNUnet R5N DHT" service implementation |
42 | //---------------------------------------------------------------------- | 49 | //---------------------------------------------------------------------- |
diff --git a/src/gnunet/transport/endpoint.go b/src/gnunet/transport/endpoint.go index 83a3cc8..095e642 100644 --- a/src/gnunet/transport/endpoint.go +++ b/src/gnunet/transport/endpoint.go | |||
@@ -24,8 +24,8 @@ import ( | |||
24 | "errors" | 24 | "errors" |
25 | "gnunet/message" | 25 | "gnunet/message" |
26 | "gnunet/util" | 26 | "gnunet/util" |
27 | "io" | ||
27 | "net" | 28 | "net" |
28 | "strings" | ||
29 | "sync" | 29 | "sync" |
30 | "time" | 30 | "time" |
31 | 31 | ||
@@ -41,6 +41,7 @@ var ( | |||
41 | ErrEndpNoConnection = errors.New("no connection on endpoint") | 41 | ErrEndpNoConnection = errors.New("no connection on endpoint") |
42 | ErrEndpMaybeSent = errors.New("message may have been sent - can't know") | 42 | ErrEndpMaybeSent = errors.New("message may have been sent - can't know") |
43 | ErrEndpWriteShort = errors.New("write too short") | 43 | ErrEndpWriteShort = errors.New("write too short") |
44 | ErrEndpReadShort = errors.New("read too short") | ||
44 | ) | 45 | ) |
45 | 46 | ||
46 | // Endpoint represents a local endpoint that can send and receive messages. | 47 | // Endpoint represents a local endpoint that can send and receive messages. |
@@ -120,16 +121,13 @@ func (ep *PaketEndpoint) Run(ctx context.Context, hdlr chan *Message) (err error | |||
120 | // read next message | 121 | // read next message |
121 | tm, err := ep.read() | 122 | tm, err := ep.read() |
122 | if err != nil { | 123 | if err != nil { |
123 | // leave go routine if already dead | 124 | // leave go routine if already dead or closed by client |
124 | if !active { | 125 | if !active || err == io.EOF { |
125 | return | 126 | break |
126 | } | 127 | } |
127 | logger.Println(logger.WARN, "[pkt_ep] read failed: "+err.Error()) | 128 | logger.Println(logger.WARN, "[pkt_ep] read failed: "+err.Error()) |
128 | // gracefully ignore unknown message types | 129 | // gracefully ignore failed messages |
129 | if strings.HasPrefix(err.Error(), "unknown message type") { | 130 | continue |
130 | continue | ||
131 | } | ||
132 | break | ||
133 | } | 131 | } |
134 | // label message | 132 | // label message |
135 | tm.Label = ep.addr.String() | 133 | tm.Label = ep.addr.String() |
@@ -158,6 +156,11 @@ func (ep *PaketEndpoint) read() (tm *Message, err error) { | |||
158 | ) | 156 | ) |
159 | switch ep.addr.Network() { | 157 | switch ep.addr.Network() { |
160 | case "ip+udp": | 158 | case "ip+udp": |
159 | // check for minimum size (32 byte peer id + 4 byte header) | ||
160 | if n < 36 { | ||
161 | err = ErrEndpReadShort | ||
162 | return | ||
163 | } | ||
161 | // parse peer id and message in sequence | 164 | // parse peer id and message in sequence |
162 | peer = util.NewPeerID(ep.buf[:32]) | 165 | peer = util.NewPeerID(ep.buf[:32]) |
163 | rdr := bytes.NewBuffer(util.Clone(ep.buf[32:n])) | 166 | rdr := bytes.NewBuffer(util.Clone(ep.buf[32:n])) |
diff --git a/src/gnunet/util/peer.go b/src/gnunet/util/peer.go index 9646966..0064e96 100644 --- a/src/gnunet/util/peer.go +++ b/src/gnunet/util/peer.go | |||
@@ -33,6 +33,9 @@ type PeerPublicKey struct { | |||
33 | Data []byte `size:"(Size)"` // Ed25519 public key data | 33 | Data []byte `size:"(Size)"` // Ed25519 public key data |
34 | } | 34 | } |
35 | 35 | ||
36 | // PeerPublicKeySize is the size of a binary representation | ||
37 | const PeerPublicKeySize = 32 | ||
38 | |||
36 | // NewPeerPublicKey creates a key instance from binary data | 39 | // NewPeerPublicKey creates a key instance from binary data |
37 | func NewPeerPublicKey(data []byte) *PeerPublicKey { | 40 | func NewPeerPublicKey(data []byte) *PeerPublicKey { |
38 | pk := new(PeerPublicKey) | 41 | pk := new(PeerPublicKey) |
@@ -51,7 +54,7 @@ func NewPeerPublicKey(data []byte) *PeerPublicKey { | |||
51 | 54 | ||
52 | // Size returns the length of the binary data | 55 | // Size returns the length of the binary data |
53 | func (pk *PeerPublicKey) Size() uint { | 56 | func (pk *PeerPublicKey) Size() uint { |
54 | return 32 | 57 | return PeerPublicKeySize |
55 | } | 58 | } |
56 | 59 | ||
57 | // Verify peer signature | 60 | // Verify peer signature |
@@ -115,6 +118,9 @@ type PeerSignature struct { | |||
115 | Data []byte `size:"(Size)"` | 118 | Data []byte `size:"(Size)"` |
116 | } | 119 | } |
117 | 120 | ||
121 | // PeerSignatureSize is the size of the binary representation | ||
122 | const PeerSignatureSize = 64 | ||
123 | |||
118 | // NewPeerSignature is a EdDSA signatre with the private peer key | 124 | // NewPeerSignature is a EdDSA signatre with the private peer key |
119 | func NewPeerSignature(data []byte) *PeerSignature { | 125 | func NewPeerSignature(data []byte) *PeerSignature { |
120 | s := new(PeerSignature) | 126 | s := new(PeerSignature) |
@@ -133,7 +139,7 @@ func NewPeerSignature(data []byte) *PeerSignature { | |||
133 | 139 | ||
134 | // Size returns the length of the binary data | 140 | // Size returns the length of the binary data |
135 | func (s *PeerSignature) Size() uint { | 141 | func (s *PeerSignature) Size() uint { |
136 | return 64 | 142 | return PeerSignatureSize |
137 | } | 143 | } |
138 | 144 | ||
139 | // Bytes returns the binary representation of a peer signature. | 145 | // Bytes returns the binary representation of a peer signature. |