NAMESTORE: Prevent storing records under invalid labels

author: Martin Schanzenbach <schanzen@gnunet.org> 2022-03-15 08:42:42 +0100
committer: Martin Schanzenbach <schanzen@gnunet.org> 2022-03-15 08:42:42 +0100
commit: cfd3db44a82330272752ab3da08f1823c9867652 (patch)
tree: 1ee581fcb185407b513828e796d4e7441e608c11
parent: aa033d45165394bde735dcd19495fd420f5cd963 (diff)
4 files changed, 54 insertions, 19 deletions
diff --git a/src/gnsrecord/gnsrecord_misc.c b/src/gnsrecord/gnsrecord_misc.c
index 3298168f4..54d8fb860 100644
--- a/src/gnsrecord/gnsrecord_misc.c
+++ b/src/gnsrecord/gnsrecord_misc.c
@@ -44,6 +44,22 @@ GNUNET_GNSRECORD_string_normalize (const char *src)
   return GNUNET_STRINGS_utf8_normalize (src);
 }
 
+enum GNUNET_GenericReturnValue
+GNUNET_GNSRECORD_label_check (const char*label, char **emsg)
+{
+  if (NULL == label)
+  {
+    *emsg = GNUNET_strdup (_ ("Label is NULL which is not allowed\n"));
+    return GNUNET_NO;
+  }
+  if (0 != strchr (label, '.'))
+  {
+    *emsg = GNUNET_strdup (_ ("Label  contains `.' which is not allowed\n"));
+    return GNUNET_NO;
+  }
+  return GNUNET_OK;
+}
+
 /**
  * Convert a zone key to a string (for printing debug messages).
  * This is one of the very few calls in the entire API that is
diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h
index 590d83476..51dd5972d 100644
--- a/src/include/gnunet_gnsrecord_lib.h
+++ b/src/include/gnunet_gnsrecord_lib.h
@@ -761,6 +761,16 @@ GNUNET_GNSRECORD_convert_records_for_export (const char *label,
                                              struct GNUNET_TIME_Absolute *expiry,
                                              char **emsg);
 
+/**
+ * Check label for invalid characters.
+ *
+ * @param label the label to check
+ * @param emsg an error message (NULL if label is valid). Will be allocated.
+ * @return GNUNET_OK if label is valid.
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_GNSRECORD_label_check (const char*label, char **emsg);
+
 #if 0 /* keep Emacsens' auto-indent happy */
 {
 #endif
diff --git a/src/namestore/gnunet-namestore.c b/src/namestore/gnunet-namestore.c
index dd24e9b05..af40f2dbe 100644
--- a/src/namestore/gnunet-namestore.c
+++ b/src/namestore/gnunet-namestore.c
@@ -1236,15 +1236,6 @@ identity_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego)
   const struct GNUNET_CONFIGURATION_Handle *cfg = cls;
 
   el = NULL;
-  if ((NULL != name) && (0 != strchr (name, '.')))
-  {
-    fprintf (stderr,
-             _ ("Label `%s' contains `.' which is not allowed\n"),
-             name);
-    GNUNET_SCHEDULER_shutdown ();
-    ret = -1;
-    return;
-  }
 
   if (NULL == ego)
   {
diff --git a/src/namestore/gnunet-service-namestore.c b/src/namestore/gnunet-service-namestore.c
index 6c6f5f4b6..2a3a006e8 100644
--- a/src/namestore/gnunet-service-namestore.c
+++ b/src/namestore/gnunet-service-namestore.c
@@ -1543,25 +1543,43 @@ handle_record_store (void *cls, const struct RecordStoreMessage *rp_msg)
   rd_ser = &name_tmp[name_len];
   {
     struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL (rd_count)];
-
-    if (GNUNET_OK !=
-        GNUNET_GNSRECORD_records_deserialize (rd_ser_len, rd_ser, rd_count, rd))
-    {
-      GNUNET_break (0);
-      GNUNET_SERVICE_client_drop (nc->client);
-      return;
-    }
+    char *emsg;
 
     /* Extracting and converting private key */
     conv_name = GNUNET_GNSRECORD_string_normalize (name_tmp);
     if (NULL == conv_name)
     {
       GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                  "Error converting name `%s'\n",
+                  "Error normalizing name `%s'\n",
                   name_tmp);
-      GNUNET_SERVICE_client_drop (nc->client);
+      send_store_response (nc, GNUNET_SYSERR, _("Error normalizing name."), rid);
+      GNUNET_SERVICE_client_continue (nc->client);
+      return;
+    }
+
+    /* Check name for validity */
+    if (GNUNET_OK != GNUNET_GNSRECORD_label_check (conv_name, &emsg))
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "Label invalid: `%s'\n",
+                  emsg);
+      send_store_response (nc, GNUNET_SYSERR, emsg, rid);
+      GNUNET_free (emsg);
+      GNUNET_free (conv_name);
+      GNUNET_SERVICE_client_continue (nc->client);
+      return;
+    }
+
+    if (GNUNET_OK !=
+        GNUNET_GNSRECORD_records_deserialize (rd_ser_len, rd_ser, rd_count, rd))
+    {
+      send_store_response (nc, GNUNET_SYSERR,
+                           _("Error deserializing records."), rid);
+      GNUNET_free (conv_name);
+      GNUNET_SERVICE_client_continue (nc->client);
       return;
     }
+
     GNUNET_STATISTICS_update (statistics,
                               "Well-formed store requests received",
                               1,
author	Martin Schanzenbach <schanzen@gnunet.org>	2022-03-15 08:42:42 +0100
committer	Martin Schanzenbach <schanzen@gnunet.org>	2022-03-15 08:42:42 +0100
commit	cfd3db44a82330272752ab3da08f1823c9867652 (patch)
tree	1ee581fcb185407b513828e796d4e7441e608c11
parent	aa033d45165394bde735dcd19495fd420f5cd963 (diff)