diff options
author | Christian Grothoff <christian@grothoff.org> | 2018-11-12 20:55:33 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2018-11-12 20:55:33 +0100 |
commit | 21eec1db5fa782ab36dbc250317dbe117bc52af8 (patch) | |
tree | 293d631ed465c29213056400296a7441dc2de7bf /src/gns | |
parent | b26dc73654be36d70f1b3c06e23fec42330db4f6 (diff) | |
download | gnunet-21eec1db5fa782ab36dbc250317dbe117bc52af8.tar.gz gnunet-21eec1db5fa782ab36dbc250317dbe117bc52af8.zip |
trying to fix #5472
Diffstat (limited to 'src/gns')
-rw-r--r-- | src/gns/gnunet-gns-proxy.c | 48 | ||||
-rw-r--r-- | src/gns/test_gns_defaults.conf | 12 |
2 files changed, 45 insertions, 15 deletions
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c index a9013390e..e1997e215 100644 --- a/src/gns/gnunet-gns-proxy.c +++ b/src/gns/gnunet-gns-proxy.c | |||
@@ -59,6 +59,12 @@ | |||
59 | #define MAX_HTTP_URI_LENGTH 2048 | 59 | #define MAX_HTTP_URI_LENGTH 2048 |
60 | 60 | ||
61 | /** | 61 | /** |
62 | * Maximum number of DANE records we support | ||
63 | * per domain name (and port and protocol). | ||
64 | */ | ||
65 | #define MAX_DANES 32 | ||
66 | |||
67 | /** | ||
62 | * Size of the buffer for the data upload / download. Must be | 68 | * Size of the buffer for the data upload / download. Must be |
63 | * enough for curl, thus CURL_MAX_WRITE_SIZE is needed here (16k). | 69 | * enough for curl, thus CURL_MAX_WRITE_SIZE is needed here (16k). |
64 | */ | 70 | */ |
@@ -543,9 +549,9 @@ struct Socks5Request | |||
543 | char *leho; | 549 | char *leho; |
544 | 550 | ||
545 | /** | 551 | /** |
546 | * Payload of the (last) DANE record encountered. | 552 | * Payload of the DANE records encountered. |
547 | */ | 553 | */ |
548 | char *dane_data; | 554 | char *dane_data[MAX_DANES + 1]; |
549 | 555 | ||
550 | /** | 556 | /** |
551 | * The URL to fetch | 557 | * The URL to fetch |
@@ -575,7 +581,13 @@ struct Socks5Request | |||
575 | /** | 581 | /** |
576 | * Number of bytes in @e dane_data. | 582 | * Number of bytes in @e dane_data. |
577 | */ | 583 | */ |
578 | size_t dane_data_len; | 584 | int dane_data_len[MAX_DANES + 1]; |
585 | |||
586 | /** | ||
587 | * Number of entries used in @e dane_data_len | ||
588 | * and @e dane_data. | ||
589 | */ | ||
590 | unsigned int num_danes; | ||
579 | 591 | ||
580 | /** | 592 | /** |
581 | * Number of bytes already in read buffer | 593 | * Number of bytes already in read buffer |
@@ -816,7 +828,8 @@ cleanup_s5r (struct Socks5Request *s5r) | |||
816 | GNUNET_free_non_null (s5r->domain); | 828 | GNUNET_free_non_null (s5r->domain); |
817 | GNUNET_free_non_null (s5r->leho); | 829 | GNUNET_free_non_null (s5r->leho); |
818 | GNUNET_free_non_null (s5r->url); | 830 | GNUNET_free_non_null (s5r->url); |
819 | GNUNET_free_non_null (s5r->dane_data); | 831 | for (unsigned int i=0;i<s5r->num_danes;i++) |
832 | GNUNET_free (s5r->dane_data[i]); | ||
820 | GNUNET_free (s5r); | 833 | GNUNET_free (s5r); |
821 | } | 834 | } |
822 | 835 | ||
@@ -989,10 +1002,8 @@ check_ssl_certificate (struct Socks5Request *s5r) | |||
989 | } | 1002 | } |
990 | /* check for TLSA/DANE records */ | 1003 | /* check for TLSA/DANE records */ |
991 | #if HAVE_GNUTLS_DANE | 1004 | #if HAVE_GNUTLS_DANE |
992 | if (NULL != s5r->dane_data) | 1005 | if (0 != s5r->num_danes) |
993 | { | 1006 | { |
994 | char *dd[] = { s5r->dane_data, NULL }; | ||
995 | int dlen[] = { s5r->dane_data_len, 0}; | ||
996 | dane_state_t dane_state; | 1007 | dane_state_t dane_state; |
997 | dane_query_t dane_query; | 1008 | dane_query_t dane_query; |
998 | unsigned int verify; | 1009 | unsigned int verify; |
@@ -1010,10 +1021,12 @@ check_ssl_certificate (struct Socks5Request *s5r) | |||
1010 | gnutls_x509_crt_deinit (x509_cert); | 1021 | gnutls_x509_crt_deinit (x509_cert); |
1011 | return GNUNET_SYSERR; | 1022 | return GNUNET_SYSERR; |
1012 | } | 1023 | } |
1024 | s5r->dane_data[s5r->num_danes] = NULL; | ||
1025 | s5r->dane_data_len[s5r->num_danes] = 0; | ||
1013 | if (0 != (rc = dane_raw_tlsa (dane_state, | 1026 | if (0 != (rc = dane_raw_tlsa (dane_state, |
1014 | &dane_query, | 1027 | &dane_query, |
1015 | dd, | 1028 | s5r->dane_data, |
1016 | dlen, | 1029 | s5r->dane_data_len, |
1017 | GNUNET_YES, | 1030 | GNUNET_YES, |
1018 | GNUNET_NO))) | 1031 | GNUNET_NO))) |
1019 | { | 1032 | { |
@@ -3070,12 +3083,17 @@ handle_gns_result (void *cls, | |||
3070 | (ntohs (box->protocol) != IPPROTO_TCP) || | 3083 | (ntohs (box->protocol) != IPPROTO_TCP) || |
3071 | (ntohs (box->service) != s5r->port) ) | 3084 | (ntohs (box->service) != s5r->port) ) |
3072 | break; /* BOX record does not apply */ | 3085 | break; /* BOX record does not apply */ |
3073 | GNUNET_free_non_null (s5r->dane_data); | 3086 | if (s5r->num_danes >= MAX_DANES) |
3074 | s5r->dane_data_len = r->data_size - sizeof (struct GNUNET_GNSRECORD_BoxRecord); | 3087 | { |
3075 | s5r->dane_data = GNUNET_malloc (s5r->dane_data_len); | 3088 | GNUNET_break (0); /* MAX_DANES too small */ |
3076 | GNUNET_memcpy (s5r->dane_data, | 3089 | break; |
3077 | &box[1], | 3090 | } |
3078 | s5r->dane_data_len); | 3091 | s5r->dane_data_len[s5r->num_danes] |
3092 | = r->data_size - sizeof (struct GNUNET_GNSRECORD_BoxRecord); | ||
3093 | s5r->dane_data[s5r->num_danes] | ||
3094 | = GNUNET_memdup (&box[1], | ||
3095 | s5r->dane_data_len); | ||
3096 | s5r->num_danes++; | ||
3079 | break; | 3097 | break; |
3080 | } | 3098 | } |
3081 | default: | 3099 | default: |
diff --git a/src/gns/test_gns_defaults.conf b/src/gns/test_gns_defaults.conf index 19ba01ebb..80a2f3c44 100644 --- a/src/gns/test_gns_defaults.conf +++ b/src/gns/test_gns_defaults.conf | |||
@@ -20,3 +20,15 @@ PLUGINS = tcp | |||
20 | [transport-tcp] | 20 | [transport-tcp] |
21 | BINDTO = 127.0.0.1 | 21 | BINDTO = 127.0.0.1 |
22 | 22 | ||
23 | |||
24 | [fs] | ||
25 | IMMEDIATE_START = NO | ||
26 | START_ON_DEMAND = NO | ||
27 | |||
28 | [rps] | ||
29 | IMMEDIATE_START = NO | ||
30 | START_ON_DEMAND = NO | ||
31 | |||
32 | [topology] | ||
33 | IMMEDIATE_START = NO | ||
34 | START_ON_DEMAND = NO | ||