diff options
author | Christian Grothoff <christian@grothoff.org> | 2018-05-13 21:17:12 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2018-05-13 21:17:12 +0200 |
commit | 98ac2b34f979cf10da24c984e690dabf7b34794b (patch) | |
tree | ed4fd15409066b5403f02c23aab9e14b179bc874 /src/gnsrecord/gnsrecord_crypto.c | |
parent | fa2978883e1585b1eeff3a22b7a9b4f174a45ca3 (diff) | |
download | gnunet-98ac2b34f979cf10da24c984e690dabf7b34794b.tar.gz gnunet-98ac2b34f979cf10da24c984e690dabf7b34794b.zip |
add some extra GNS-record well-formedness checks if logging is enabled
Diffstat (limited to 'src/gnsrecord/gnsrecord_crypto.c')
-rw-r--r-- | src/gnsrecord/gnsrecord_crypto.c | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c index cebc842f3..6d59a545a 100644 --- a/src/gnsrecord/gnsrecord_crypto.c +++ b/src/gnsrecord/gnsrecord_crypto.c | |||
@@ -1,6 +1,6 @@ | |||
1 | /* | 1 | /* |
2 | This file is part of GNUnet. | 2 | This file is part of GNUnet. |
3 | Copyright (C) 2009-2013 GNUnet e.V. | 3 | Copyright (C) 2009-2013, 2018 GNUnet e.V. |
4 | 4 | ||
5 | GNUnet is free software; you can redistribute it and/or modify | 5 | GNUnet is free software; you can redistribute it and/or modify |
6 | it under the terms of the GNU General Public License as published | 6 | it under the terms of the GNU General Public License as published |
@@ -94,7 +94,7 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
94 | struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey; | 94 | struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey; |
95 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | 95 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; |
96 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; | 96 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; |
97 | struct GNUNET_GNSRECORD_Data rdc[rd_count]; | 97 | struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL(rd_count)]; |
98 | uint32_t rd_count_nbo; | 98 | uint32_t rd_count_nbo; |
99 | struct GNUNET_TIME_Absolute now; | 99 | struct GNUNET_TIME_Absolute now; |
100 | 100 | ||
@@ -246,6 +246,7 @@ GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
246 | GNUNET_CRYPTO_ecdsa_key_get_public (key, | 246 | GNUNET_CRYPTO_ecdsa_key_get_public (key, |
247 | &line->pkey); | 247 | &line->pkey); |
248 | } | 248 | } |
249 | #undef CSIZE | ||
249 | return block_create (key, | 250 | return block_create (key, |
250 | &line->pkey, | 251 | &line->pkey, |
251 | expire, | 252 | expire, |
@@ -304,18 +305,21 @@ GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block, | |||
304 | GNUNET_break_op (0); | 305 | GNUNET_break_op (0); |
305 | return GNUNET_SYSERR; | 306 | return GNUNET_SYSERR; |
306 | } | 307 | } |
307 | derive_block_aes_key (&iv, &skey, label, zone_key); | 308 | derive_block_aes_key (&iv, |
309 | &skey, | ||
310 | label, | ||
311 | zone_key); | ||
308 | { | 312 | { |
309 | char payload[payload_len]; | 313 | char payload[payload_len]; |
310 | uint32_t rd_count; | 314 | uint32_t rd_count; |
311 | 315 | ||
312 | GNUNET_break (payload_len == | 316 | GNUNET_break (payload_len == |
313 | GNUNET_CRYPTO_symmetric_decrypt (&block[1], payload_len, | 317 | GNUNET_CRYPTO_symmetric_decrypt (&block[1], payload_len, |
314 | &skey, &iv, | 318 | &skey, &iv, |
315 | payload)); | 319 | payload)); |
316 | GNUNET_memcpy (&rd_count, | 320 | GNUNET_memcpy (&rd_count, |
317 | payload, | 321 | payload, |
318 | sizeof (uint32_t)); | 322 | sizeof (uint32_t)); |
319 | rd_count = ntohl (rd_count); | 323 | rd_count = ntohl (rd_count); |
320 | if (rd_count > 2048) | 324 | if (rd_count > 2048) |
321 | { | 325 | { |
@@ -324,7 +328,7 @@ GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block, | |||
324 | return GNUNET_SYSERR; | 328 | return GNUNET_SYSERR; |
325 | } | 329 | } |
326 | { | 330 | { |
327 | struct GNUNET_GNSRECORD_Data rd[rd_count]; | 331 | struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL(rd_count)]; |
328 | unsigned int j; | 332 | unsigned int j; |
329 | struct GNUNET_TIME_Absolute now; | 333 | struct GNUNET_TIME_Absolute now; |
330 | 334 | ||
@@ -359,10 +363,13 @@ GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block, | |||
359 | continue; | 363 | continue; |
360 | if (rd[i].expiration_time < now.abs_value_us) | 364 | if (rd[i].expiration_time < now.abs_value_us) |
361 | include_record = GNUNET_NO; /* Shadow record is expired */ | 365 | include_record = GNUNET_NO; /* Shadow record is expired */ |
362 | if ((rd[k].record_type == rd[i].record_type) | 366 | if ( (rd[k].record_type == rd[i].record_type) && |
363 | && (rd[k].expiration_time >= now.abs_value_us) | 367 | (rd[k].expiration_time >= now.abs_value_us) && |
364 | && (0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD))) | 368 | (0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD)) ) |
369 | { | ||
365 | include_record = GNUNET_NO; /* We have a non-expired, non-shadow record of the same type */ | 370 | include_record = GNUNET_NO; /* We have a non-expired, non-shadow record of the same type */ |
371 | break; | ||
372 | } | ||
366 | } | 373 | } |
367 | if (GNUNET_YES == include_record) | 374 | if (GNUNET_YES == include_record) |
368 | { | 375 | { |