diff options
author | Christian Grothoff <christian@grothoff.org> | 2013-11-08 15:21:51 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2013-11-08 15:21:51 +0000 |
commit | 36dba4c39409bdc18575fbdeb09d83e29d71e409 (patch) | |
tree | 898b6e6ef44bdd2c2c2b72cd4ac34c56b1f97741 /src/gns | |
parent | 947c61f3e93b4cd5c3b6b01f699c9bc44fbca86b (diff) | |
download | gnunet-36dba4c39409bdc18575fbdeb09d83e29d71e409.tar.gz gnunet-36dba4c39409bdc18575fbdeb09d83e29d71e409.zip |
-do not allow SSL connections if we are only given an IP address by the browser, as then we cannot check certificates
Diffstat (limited to 'src/gns')
-rw-r--r-- | src/gns/gnunet-gns-proxy.c | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c index 265081e7d..b2c8fc697 100644 --- a/src/gns/gnunet-gns-proxy.c +++ b/src/gns/gnunet-gns-proxy.c | |||
@@ -2088,7 +2088,7 @@ mhd_error_log_callback (void *cls, | |||
2088 | * Lookup (or create) an SSL MHD instance for a particular domain. | 2088 | * Lookup (or create) an SSL MHD instance for a particular domain. |
2089 | * | 2089 | * |
2090 | * @param domain the domain the SSL daemon has to serve | 2090 | * @param domain the domain the SSL daemon has to serve |
2091 | * @return NULL on errro | 2091 | * @return NULL on error |
2092 | */ | 2092 | */ |
2093 | static struct MhdHttpList * | 2093 | static struct MhdHttpList * |
2094 | lookup_ssl_httpd (const char* domain) | 2094 | lookup_ssl_httpd (const char* domain) |
@@ -2096,6 +2096,11 @@ lookup_ssl_httpd (const char* domain) | |||
2096 | struct MhdHttpList *hd; | 2096 | struct MhdHttpList *hd; |
2097 | struct ProxyGNSCertificate *pgc; | 2097 | struct ProxyGNSCertificate *pgc; |
2098 | 2098 | ||
2099 | if (NULL == domain) | ||
2100 | { | ||
2101 | GNUNET_break (0); | ||
2102 | return NULL; | ||
2103 | } | ||
2099 | for (hd = mhd_httpd_head; NULL != hd; hd = hd->next) | 2104 | for (hd = mhd_httpd_head; NULL != hd; hd = hd->next) |
2100 | if ( (NULL != hd->domain) && | 2105 | if ( (NULL != hd->domain) && |
2101 | (0 == strcmp (hd->domain, domain)) ) | 2106 | (0 == strcmp (hd->domain, domain)) ) |
@@ -2545,6 +2550,14 @@ do_s5r_read (void *cls, | |||
2545 | struct sockaddr_in *in; | 2550 | struct sockaddr_in *in; |
2546 | 2551 | ||
2547 | s5r->port = ntohs (*port); | 2552 | s5r->port = ntohs (*port); |
2553 | if (HTTPS_PORT == s5r->port) | ||
2554 | { | ||
2555 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2556 | _("SSL connection to plain IPv4 address requested\n")); | ||
2557 | signal_socks_failure (s5r, | ||
2558 | SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE); | ||
2559 | return; | ||
2560 | } | ||
2548 | alen = sizeof (struct in_addr); | 2561 | alen = sizeof (struct in_addr); |
2549 | if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) + | 2562 | if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) + |
2550 | alen + sizeof (uint16_t)) | 2563 | alen + sizeof (uint16_t)) |
@@ -2566,6 +2579,14 @@ do_s5r_read (void *cls, | |||
2566 | struct sockaddr_in6 *in; | 2579 | struct sockaddr_in6 *in; |
2567 | 2580 | ||
2568 | s5r->port = ntohs (*port); | 2581 | s5r->port = ntohs (*port); |
2582 | if (HTTPS_PORT == s5r->port) | ||
2583 | { | ||
2584 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2585 | _("SSL connection to plain IPv4 address requested\n")); | ||
2586 | signal_socks_failure (s5r, | ||
2587 | SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE); | ||
2588 | return; | ||
2589 | } | ||
2569 | alen = sizeof (struct in6_addr); | 2590 | alen = sizeof (struct in6_addr); |
2570 | if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) + | 2591 | if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) + |
2571 | alen + sizeof (uint16_t)) | 2592 | alen + sizeof (uint16_t)) |