diff options
| author | Christian Grothoff <christian@grothoff.org> | 2013-11-08 15:21:51 +0000 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2013-11-08 15:21:51 +0000 |
| commit | 36dba4c39409bdc18575fbdeb09d83e29d71e409 (patch) | |
| tree | 898b6e6ef44bdd2c2c2b72cd4ac34c56b1f97741 /src/gns | |
| parent | 947c61f3e93b4cd5c3b6b01f699c9bc44fbca86b (diff) | |
| download | gnunet-36dba4c39409bdc18575fbdeb09d83e29d71e409.tar.gz gnunet-36dba4c39409bdc18575fbdeb09d83e29d71e409.zip | |
-do not allow SSL connections if we are only given an IP address by the browser, as then we cannot check certificates
Diffstat (limited to 'src/gns')
| -rw-r--r-- | src/gns/gnunet-gns-proxy.c | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c index 265081e7d..b2c8fc697 100644 --- a/src/gns/gnunet-gns-proxy.c +++ b/src/gns/gnunet-gns-proxy.c | |||
| @@ -2088,7 +2088,7 @@ mhd_error_log_callback (void *cls, | |||
| 2088 | * Lookup (or create) an SSL MHD instance for a particular domain. | 2088 | * Lookup (or create) an SSL MHD instance for a particular domain. |
| 2089 | * | 2089 | * |
| 2090 | * @param domain the domain the SSL daemon has to serve | 2090 | * @param domain the domain the SSL daemon has to serve |
| 2091 | * @return NULL on errro | 2091 | * @return NULL on error |
| 2092 | */ | 2092 | */ |
| 2093 | static struct MhdHttpList * | 2093 | static struct MhdHttpList * |
| 2094 | lookup_ssl_httpd (const char* domain) | 2094 | lookup_ssl_httpd (const char* domain) |
| @@ -2096,6 +2096,11 @@ lookup_ssl_httpd (const char* domain) | |||
| 2096 | struct MhdHttpList *hd; | 2096 | struct MhdHttpList *hd; |
| 2097 | struct ProxyGNSCertificate *pgc; | 2097 | struct ProxyGNSCertificate *pgc; |
| 2098 | 2098 | ||
| 2099 | if (NULL == domain) | ||
| 2100 | { | ||
| 2101 | GNUNET_break (0); | ||
| 2102 | return NULL; | ||
| 2103 | } | ||
| 2099 | for (hd = mhd_httpd_head; NULL != hd; hd = hd->next) | 2104 | for (hd = mhd_httpd_head; NULL != hd; hd = hd->next) |
| 2100 | if ( (NULL != hd->domain) && | 2105 | if ( (NULL != hd->domain) && |
| 2101 | (0 == strcmp (hd->domain, domain)) ) | 2106 | (0 == strcmp (hd->domain, domain)) ) |
| @@ -2545,6 +2550,14 @@ do_s5r_read (void *cls, | |||
| 2545 | struct sockaddr_in *in; | 2550 | struct sockaddr_in *in; |
| 2546 | 2551 | ||
| 2547 | s5r->port = ntohs (*port); | 2552 | s5r->port = ntohs (*port); |
| 2553 | if (HTTPS_PORT == s5r->port) | ||
| 2554 | { | ||
| 2555 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
| 2556 | _("SSL connection to plain IPv4 address requested\n")); | ||
| 2557 | signal_socks_failure (s5r, | ||
| 2558 | SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE); | ||
| 2559 | return; | ||
| 2560 | } | ||
| 2548 | alen = sizeof (struct in_addr); | 2561 | alen = sizeof (struct in_addr); |
| 2549 | if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) + | 2562 | if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) + |
| 2550 | alen + sizeof (uint16_t)) | 2563 | alen + sizeof (uint16_t)) |
| @@ -2566,6 +2579,14 @@ do_s5r_read (void *cls, | |||
| 2566 | struct sockaddr_in6 *in; | 2579 | struct sockaddr_in6 *in; |
| 2567 | 2580 | ||
| 2568 | s5r->port = ntohs (*port); | 2581 | s5r->port = ntohs (*port); |
| 2582 | if (HTTPS_PORT == s5r->port) | ||
| 2583 | { | ||
| 2584 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
| 2585 | _("SSL connection to plain IPv4 address requested\n")); | ||
| 2586 | signal_socks_failure (s5r, | ||
| 2587 | SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE); | ||
| 2588 | return; | ||
| 2589 | } | ||
| 2569 | alen = sizeof (struct in6_addr); | 2590 | alen = sizeof (struct in6_addr); |
| 2570 | if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) + | 2591 | if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) + |
| 2571 | alen + sizeof (uint16_t)) | 2592 | alen + sizeof (uint16_t)) |