diff options
author | Carlo von lynX <lynX@time.to.get.psyced.org> | 2016-08-09 15:33:26 +0000 |
---|---|---|
committer | Carlo von lynX <lynX@time.to.get.psyced.org> | 2016-08-09 15:33:26 +0000 |
commit | 922318150433906dafd11adb5185a6ff664573db (patch) | |
tree | 61e5bba5d93ced0c26a1e24f1226f50c997f3a02 /src/cadet/gnunet-cadet.c | |
parent | 2c915e1775603c6bad5b78fe5c5e01984054958b (diff) | |
download | gnunet-922318150433906dafd11adb5185a6ff664573db.tar.gz gnunet-922318150433906dafd11adb5185a6ff664573db.zip |
protect CLI from port scanning: use string ports
Diffstat (limited to 'src/cadet/gnunet-cadet.c')
-rw-r--r-- | src/cadet/gnunet-cadet.c | 44 |
1 files changed, 28 insertions, 16 deletions
diff --git a/src/cadet/gnunet-cadet.c b/src/cadet/gnunet-cadet.c index ae8829cd9..5afb64e24 100644 --- a/src/cadet/gnunet-cadet.c +++ b/src/cadet/gnunet-cadet.c | |||
@@ -67,7 +67,7 @@ static char *channel_id; | |||
67 | /** | 67 | /** |
68 | * Port to listen on (-o). | 68 | * Port to listen on (-o). |
69 | */ | 69 | */ |
70 | static uint32_t listen_port; | 70 | static char *listen_port; |
71 | 71 | ||
72 | /** | 72 | /** |
73 | * Request echo service | 73 | * Request echo service |
@@ -97,7 +97,7 @@ static char *target_id; | |||
97 | /** | 97 | /** |
98 | * Port to connect to | 98 | * Port to connect to |
99 | */ | 99 | */ |
100 | static uint32_t target_port; | 100 | static char *target_port = "default"; |
101 | 101 | ||
102 | /** | 102 | /** |
103 | * Data pending in netcat mode. | 103 | * Data pending in netcat mode. |
@@ -120,6 +120,11 @@ static struct GNUNET_CADET_Channel *ch; | |||
120 | static struct GNUNET_CADET_TransmitHandle *th; | 120 | static struct GNUNET_CADET_TransmitHandle *th; |
121 | 121 | ||
122 | /** | 122 | /** |
123 | * HashCode of the given port string | ||
124 | */ | ||
125 | static struct GNUNET_HashCode porthash; | ||
126 | |||
127 | /** | ||
123 | * Data structure for ongoing reception of incoming virtual circuits. | 128 | * Data structure for ongoing reception of incoming virtual circuits. |
124 | */ | 129 | */ |
125 | struct GNUNET_CADET_Port *lp; | 130 | struct GNUNET_CADET_Port *lp; |
@@ -200,8 +205,7 @@ conn_2s (uint16_t status) | |||
200 | 205 | ||
201 | 206 | ||
202 | /** | 207 | /** |
203 | * Task run in monitor mode when the user presses CTRL-C to abort. | 208 | * Task to shut down this application. |
204 | * Stops monitoring activity. | ||
205 | * | 209 | * |
206 | * @param cls Closure (unused). | 210 | * @param cls Closure (unused). |
207 | */ | 211 | */ |
@@ -220,6 +224,12 @@ shutdown_task (void *cls) | |||
220 | GNUNET_CADET_channel_destroy (ch); | 224 | GNUNET_CADET_channel_destroy (ch); |
221 | ch = NULL; | 225 | ch = NULL; |
222 | } | 226 | } |
227 | else if (NULL != target_id) { | ||
228 | // FIXME: would be nicer to have proper NACK support from cadet_api | ||
229 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
230 | "Connection refused to %s\n", | ||
231 | target_id); | ||
232 | } | ||
223 | if (NULL != mh) | 233 | if (NULL != mh) |
224 | { | 234 | { |
225 | GNUNET_CADET_disconnect (mh); | 235 | GNUNET_CADET_disconnect (mh); |
@@ -419,7 +429,7 @@ channel_incoming (void *cls, | |||
419 | GNUNET_SCHEDULER_shutdown(); | 429 | GNUNET_SCHEDULER_shutdown(); |
420 | return NULL; | 430 | return NULL; |
421 | } | 431 | } |
422 | if (0 == listen_port) | 432 | if (NULL == listen_port) |
423 | { | 433 | { |
424 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Not listening to channels\n"); | 434 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Not listening to channels\n"); |
425 | return NULL; | 435 | return NULL; |
@@ -505,7 +515,8 @@ create_channel (void *cls) | |||
505 | } | 515 | } |
506 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connecting to `%s'\n", target_id); | 516 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connecting to `%s'\n", target_id); |
507 | opt = GNUNET_CADET_OPTION_DEFAULT | GNUNET_CADET_OPTION_RELIABLE; | 517 | opt = GNUNET_CADET_OPTION_DEFAULT | GNUNET_CADET_OPTION_RELIABLE; |
508 | ch = GNUNET_CADET_channel_create (mh, NULL, &pid, GC_u2h (target_port), opt); | 518 | GNUNET_CRYPTO_hash (target_port, strlen(target_port), &porthash); |
519 | ch = GNUNET_CADET_channel_create (mh, NULL, &pid, &porthash, opt); | ||
509 | if (GNUNET_NO == echo) | 520 | if (GNUNET_NO == echo) |
510 | listen_stdio (); | 521 | listen_stdio (); |
511 | else | 522 | else |
@@ -529,9 +540,9 @@ create_channel (void *cls) | |||
529 | */ | 540 | */ |
530 | static int | 541 | static int |
531 | data_callback (void *cls, | 542 | data_callback (void *cls, |
532 | struct GNUNET_CADET_Channel *channel, | 543 | struct GNUNET_CADET_Channel *channel, |
533 | void **channel_ctx, | 544 | void **channel_ctx, |
534 | const struct GNUNET_MessageHeader *message) | 545 | const struct GNUNET_MessageHeader *message) |
535 | { | 546 | { |
536 | uint16_t len; | 547 | uint16_t len; |
537 | ssize_t done; | 548 | ssize_t done; |
@@ -542,7 +553,7 @@ data_callback (void *cls, | |||
542 | 553 | ||
543 | if (GNUNET_YES == echo) | 554 | if (GNUNET_YES == echo) |
544 | { | 555 | { |
545 | if (0 != listen_port) | 556 | if (NULL != listen_port) |
546 | { | 557 | { |
547 | /* Just listening to echo incoming messages*/ | 558 | /* Just listening to echo incoming messages*/ |
548 | if (NULL != th) | 559 | if (NULL != th) |
@@ -868,7 +879,8 @@ run (void *cls, | |||
868 | /* FIXME add option to monitor apps */ | 879 | /* FIXME add option to monitor apps */ |
869 | 880 | ||
870 | target_id = args[0]; | 881 | target_id = args[0]; |
871 | target_port = args[0] && args[1] ? atoi(args[1]) : 0; | 882 | if (target_id && args[1]) target_port = args[1]; |
883 | |||
872 | if ( (0 != (request_peers | request_tunnels) | 884 | if ( (0 != (request_peers | request_tunnels) |
873 | || 0 != monitor_mode | 885 | || 0 != monitor_mode |
874 | || NULL != tunnel_id | 886 | || NULL != tunnel_id |
@@ -925,7 +937,7 @@ run (void *cls, | |||
925 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Show all tunnels\n"); | 937 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Show all tunnels\n"); |
926 | job = GNUNET_SCHEDULER_add_now (&get_tunnels, NULL); | 938 | job = GNUNET_SCHEDULER_add_now (&get_tunnels, NULL); |
927 | } | 939 | } |
928 | else if (0 == listen_port) | 940 | else if (NULL == listen_port) |
929 | { | 941 | { |
930 | FPRINTF (stderr, "No action requested\n"); | 942 | FPRINTF (stderr, "No action requested\n"); |
931 | return; | 943 | return; |
@@ -941,11 +953,11 @@ run (void *cls, | |||
941 | else | 953 | else |
942 | sd = GNUNET_SCHEDULER_add_shutdown (&shutdown_task, NULL); | 954 | sd = GNUNET_SCHEDULER_add_shutdown (&shutdown_task, NULL); |
943 | 955 | ||
944 | if (0 != listen_port) | 956 | if (NULL != listen_port) |
945 | { | 957 | { |
946 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Opening CADET listen port\n"); | 958 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Opening CADET listen port\n"); |
947 | lp = GNUNET_CADET_open_port (mh, GC_u2h (listen_port), | 959 | GNUNET_CRYPTO_hash (listen_port, strlen(listen_port), &porthash); |
948 | &channel_incoming, NULL); | 960 | lp = GNUNET_CADET_open_port (mh, &porthash, &channel_incoming, NULL); |
949 | } | 961 | } |
950 | } | 962 | } |
951 | 963 | ||
@@ -980,7 +992,7 @@ main (int argc, char *const *argv) | |||
980 | // GNUNET_NO, &GNUNET_GETOPT_set_one, &monitor_mode}, | 992 | // GNUNET_NO, &GNUNET_GETOPT_set_one, &monitor_mode}, |
981 | {'o', "open-port", NULL, | 993 | {'o', "open-port", NULL, |
982 | gettext_noop ("port to listen to"), | 994 | gettext_noop ("port to listen to"), |
983 | GNUNET_YES, &GNUNET_GETOPT_set_uint, &listen_port}, | 995 | GNUNET_YES, &GNUNET_GETOPT_set_string, &listen_port}, |
984 | {'p', "peer", "PEER_ID", | 996 | {'p', "peer", "PEER_ID", |
985 | gettext_noop ("provide information about a patricular peer"), | 997 | gettext_noop ("provide information about a patricular peer"), |
986 | GNUNET_YES, &GNUNET_GETOPT_set_string, &peer_id}, | 998 | GNUNET_YES, &GNUNET_GETOPT_set_string, &peer_id}, |