aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2018-11-12 20:55:33 +0100
committerChristian Grothoff <christian@grothoff.org>2018-11-12 20:55:33 +0100
commit21eec1db5fa782ab36dbc250317dbe117bc52af8 (patch)
tree293d631ed465c29213056400296a7441dc2de7bf /src
parentb26dc73654be36d70f1b3c06e23fec42330db4f6 (diff)
downloadgnunet-21eec1db5fa782ab36dbc250317dbe117bc52af8.tar.gz
gnunet-21eec1db5fa782ab36dbc250317dbe117bc52af8.zip
trying to fix #5472
Diffstat (limited to 'src')
-rw-r--r--src/cadet/test_cadet.conf4
-rw-r--r--src/gns/gnunet-gns-proxy.c48
-rw-r--r--src/gns/test_gns_defaults.conf12
3 files changed, 49 insertions, 15 deletions
diff --git a/src/cadet/test_cadet.conf b/src/cadet/test_cadet.conf
index 5ad67fec2..30e496aff 100644
--- a/src/cadet/test_cadet.conf
+++ b/src/cadet/test_cadet.conf
@@ -98,3 +98,7 @@ START_ON_DEMAND = NO
98[topology] 98[topology]
99IMMEDIATE_START = NO 99IMMEDIATE_START = NO
100START_ON_DEMAND = NO 100START_ON_DEMAND = NO
101
102[rps]
103IMMEDIATE_START = NO
104START_ON_DEMAND = NO
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c
index a9013390e..e1997e215 100644
--- a/src/gns/gnunet-gns-proxy.c
+++ b/src/gns/gnunet-gns-proxy.c
@@ -59,6 +59,12 @@
59#define MAX_HTTP_URI_LENGTH 2048 59#define MAX_HTTP_URI_LENGTH 2048
60 60
61/** 61/**
62 * Maximum number of DANE records we support
63 * per domain name (and port and protocol).
64 */
65#define MAX_DANES 32
66
67/**
62 * Size of the buffer for the data upload / download. Must be 68 * Size of the buffer for the data upload / download. Must be
63 * enough for curl, thus CURL_MAX_WRITE_SIZE is needed here (16k). 69 * enough for curl, thus CURL_MAX_WRITE_SIZE is needed here (16k).
64 */ 70 */
@@ -543,9 +549,9 @@ struct Socks5Request
543 char *leho; 549 char *leho;
544 550
545 /** 551 /**
546 * Payload of the (last) DANE record encountered. 552 * Payload of the DANE records encountered.
547 */ 553 */
548 char *dane_data; 554 char *dane_data[MAX_DANES + 1];
549 555
550 /** 556 /**
551 * The URL to fetch 557 * The URL to fetch
@@ -575,7 +581,13 @@ struct Socks5Request
575 /** 581 /**
576 * Number of bytes in @e dane_data. 582 * Number of bytes in @e dane_data.
577 */ 583 */
578 size_t dane_data_len; 584 int dane_data_len[MAX_DANES + 1];
585
586 /**
587 * Number of entries used in @e dane_data_len
588 * and @e dane_data.
589 */
590 unsigned int num_danes;
579 591
580 /** 592 /**
581 * Number of bytes already in read buffer 593 * Number of bytes already in read buffer
@@ -816,7 +828,8 @@ cleanup_s5r (struct Socks5Request *s5r)
816 GNUNET_free_non_null (s5r->domain); 828 GNUNET_free_non_null (s5r->domain);
817 GNUNET_free_non_null (s5r->leho); 829 GNUNET_free_non_null (s5r->leho);
818 GNUNET_free_non_null (s5r->url); 830 GNUNET_free_non_null (s5r->url);
819 GNUNET_free_non_null (s5r->dane_data); 831 for (unsigned int i=0;i<s5r->num_danes;i++)
832 GNUNET_free (s5r->dane_data[i]);
820 GNUNET_free (s5r); 833 GNUNET_free (s5r);
821} 834}
822 835
@@ -989,10 +1002,8 @@ check_ssl_certificate (struct Socks5Request *s5r)
989 } 1002 }
990 /* check for TLSA/DANE records */ 1003 /* check for TLSA/DANE records */
991#if HAVE_GNUTLS_DANE 1004#if HAVE_GNUTLS_DANE
992 if (NULL != s5r->dane_data) 1005 if (0 != s5r->num_danes)
993 { 1006 {
994 char *dd[] = { s5r->dane_data, NULL };
995 int dlen[] = { s5r->dane_data_len, 0};
996 dane_state_t dane_state; 1007 dane_state_t dane_state;
997 dane_query_t dane_query; 1008 dane_query_t dane_query;
998 unsigned int verify; 1009 unsigned int verify;
@@ -1010,10 +1021,12 @@ check_ssl_certificate (struct Socks5Request *s5r)
1010 gnutls_x509_crt_deinit (x509_cert); 1021 gnutls_x509_crt_deinit (x509_cert);
1011 return GNUNET_SYSERR; 1022 return GNUNET_SYSERR;
1012 } 1023 }
1024 s5r->dane_data[s5r->num_danes] = NULL;
1025 s5r->dane_data_len[s5r->num_danes] = 0;
1013 if (0 != (rc = dane_raw_tlsa (dane_state, 1026 if (0 != (rc = dane_raw_tlsa (dane_state,
1014 &dane_query, 1027 &dane_query,
1015 dd, 1028 s5r->dane_data,
1016 dlen, 1029 s5r->dane_data_len,
1017 GNUNET_YES, 1030 GNUNET_YES,
1018 GNUNET_NO))) 1031 GNUNET_NO)))
1019 { 1032 {
@@ -3070,12 +3083,17 @@ handle_gns_result (void *cls,
3070 (ntohs (box->protocol) != IPPROTO_TCP) || 3083 (ntohs (box->protocol) != IPPROTO_TCP) ||
3071 (ntohs (box->service) != s5r->port) ) 3084 (ntohs (box->service) != s5r->port) )
3072 break; /* BOX record does not apply */ 3085 break; /* BOX record does not apply */
3073 GNUNET_free_non_null (s5r->dane_data); 3086 if (s5r->num_danes >= MAX_DANES)
3074 s5r->dane_data_len = r->data_size - sizeof (struct GNUNET_GNSRECORD_BoxRecord); 3087 {
3075 s5r->dane_data = GNUNET_malloc (s5r->dane_data_len); 3088 GNUNET_break (0); /* MAX_DANES too small */
3076 GNUNET_memcpy (s5r->dane_data, 3089 break;
3077 &box[1], 3090 }
3078 s5r->dane_data_len); 3091 s5r->dane_data_len[s5r->num_danes]
3092 = r->data_size - sizeof (struct GNUNET_GNSRECORD_BoxRecord);
3093 s5r->dane_data[s5r->num_danes]
3094 = GNUNET_memdup (&box[1],
3095 s5r->dane_data_len);
3096 s5r->num_danes++;
3079 break; 3097 break;
3080 } 3098 }
3081 default: 3099 default:
diff --git a/src/gns/test_gns_defaults.conf b/src/gns/test_gns_defaults.conf
index 19ba01ebb..80a2f3c44 100644
--- a/src/gns/test_gns_defaults.conf
+++ b/src/gns/test_gns_defaults.conf
@@ -20,3 +20,15 @@ PLUGINS = tcp
20[transport-tcp] 20[transport-tcp]
21BINDTO = 127.0.0.1 21BINDTO = 127.0.0.1
22 22
23
24[fs]
25IMMEDIATE_START = NO
26START_ON_DEMAND = NO
27
28[rps]
29IMMEDIATE_START = NO
30START_ON_DEMAND = NO
31
32[topology]
33IMMEDIATE_START = NO
34START_ON_DEMAND = NO