From 3a18658cf9196ecd8e55d5231818e6ee3b242a43 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 6 Jan 2018 18:50:58 +0100 Subject: check return value --- src/set/gnunet-service-set_union.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/set/gnunet-service-set_union.c b/src/set/gnunet-service-set_union.c index 9586dcf27..219cc6235 100644 --- a/src/set/gnunet-service-set_union.c +++ b/src/set/gnunet-service-set_union.c @@ -389,10 +389,11 @@ get_ibf_key (const struct GNUNET_HashCode *src) struct IBF_Key key; uint16_t salt = 0; - GNUNET_CRYPTO_kdf (&key, sizeof (key), - src, sizeof *src, - &salt, sizeof (salt), - NULL, 0); + GNUNET_assert (GNUNET_OK == + GNUNET_CRYPTO_kdf (&key, sizeof (key), + src, sizeof *src, + &salt, sizeof (salt), + NULL, 0)); return key; } -- cgit v1.2.3 From 8dea30580ceaa571c9d85b5e8a563201ed622ed7 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 6 Jan 2018 21:05:03 +0100 Subject: fix potential use of uninitialized key --- src/fs/fs_search.c | 19 ++++++++++++++++--- src/fs/fs_uri.c | 25 ++++++++++++++++++------- src/include/gnunet_fs_service.h | 3 ++- 3 files changed, 36 insertions(+), 11 deletions(-) diff --git a/src/fs/fs_search.c b/src/fs/fs_search.c index 8c6f5edcf..83aae2fc5 100644 --- a/src/fs/fs_search.c +++ b/src/fs/fs_search.c @@ -568,7 +568,13 @@ process_ksk_result (struct GNUNET_FS_SearchContext *sc, /* check if new */ GNUNET_assert (NULL != sc); - GNUNET_FS_uri_to_key (uri, &key); + if (GNUNET_OK != + GNUNET_FS_uri_to_key (uri, + &key)) + { + GNUNET_break_op (0); + return; + } if (GNUNET_SYSERR == GNUNET_CONTAINER_multihashmap_get_multiple (ent->results, &key, @@ -680,8 +686,15 @@ process_sks_result (struct GNUNET_FS_SearchContext *sc, /* check if new */ GNUNET_assert (NULL != sc); - GNUNET_FS_uri_to_key (uri, &key); - GNUNET_CRYPTO_hash_xor (&uri->data.chk.chk.key, &uri->data.chk.chk.query, + if (GNUNET_OK != + GNUNET_FS_uri_to_key (uri, + &key)) + { + GNUNET_break (0); + return; + } + GNUNET_CRYPTO_hash_xor (&uri->data.chk.chk.key, + &uri->data.chk.chk.query, &key); if (GNUNET_SYSERR == GNUNET_CONTAINER_multihashmap_get_multiple (sc->master_result_map, &key, diff --git a/src/fs/fs_uri.c b/src/fs/fs_uri.c index 11968b750..b90c75981 100644 --- a/src/fs/fs_uri.c +++ b/src/fs/fs_uri.c @@ -96,8 +96,9 @@ * * @param uri uri to convert to a unique key * @param key where to store the unique key + * @return #GNUNET_OK on success */ -void +int GNUNET_FS_uri_to_key (const struct GNUNET_FS_Uri *uri, struct GNUNET_HashCode *key) { @@ -105,25 +106,35 @@ GNUNET_FS_uri_to_key (const struct GNUNET_FS_Uri *uri, { case GNUNET_FS_URI_CHK: *key = uri->data.chk.chk.query; - return; + return GNUNET_OK; case GNUNET_FS_URI_SKS: GNUNET_CRYPTO_hash (uri->data.sks.identifier, - strlen (uri->data.sks.identifier), key); - break; + strlen (uri->data.sks.identifier), + key); + return GNUNET_OK; case GNUNET_FS_URI_KSK: if (uri->data.ksk.keywordCount > 0) + { GNUNET_CRYPTO_hash (uri->data.ksk.keywords[0], - strlen (uri->data.ksk.keywords[0]), key); + strlen (uri->data.ksk.keywords[0]), + key); + return GNUNET_OK; + } + else + { + memset (key, 0, sizeof (struct GNUNET_HashCode)); + return GNUNET_SYSERR; + } break; case GNUNET_FS_URI_LOC: GNUNET_CRYPTO_hash (&uri->data.loc.fi, sizeof (struct FileIdentifier) + sizeof (struct GNUNET_PeerIdentity), key); - break; + return GNUNET_OK; default: memset (key, 0, sizeof (struct GNUNET_HashCode)); - break; + return GNUNET_SYSERR; } } diff --git a/src/include/gnunet_fs_service.h b/src/include/gnunet_fs_service.h index ac418072e..cbad374b5 100644 --- a/src/include/gnunet_fs_service.h +++ b/src/include/gnunet_fs_service.h @@ -109,8 +109,9 @@ typedef int * * @param uri uri to convert to a unique key * @param key wherer to store the unique key + * @return #GNUNET_OK on success */ -void +int GNUNET_FS_uri_to_key (const struct GNUNET_FS_Uri *uri, struct GNUNET_HashCode *key); -- cgit v1.2.3 From 6532ac1037b448508642d4d97d21ab103bd6735c Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 6 Jan 2018 21:22:23 +0100 Subject: internally assert that asprintf size allocation never fails --- src/transport/plugin_transport_tcp.c | 7 ++++--- src/util/common_allocation.c | 1 + src/util/configuration.c | 1 - 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/transport/plugin_transport_tcp.c b/src/transport/plugin_transport_tcp.c index c5d6e6d34..8b00543c3 100644 --- a/src/transport/plugin_transport_tcp.c +++ b/src/transport/plugin_transport_tcp.c @@ -3351,9 +3351,10 @@ handle_tcp_data (void *cls, void *vaddr = NULL; size_t alen; - GNUNET_SERVER_client_get_address (client, - &vaddr, - &alen); + GNUNET_assert (GNUNET_OK == + GNUNET_SERVER_client_get_address (client, + &vaddr, + &alen)); LOG (GNUNET_ERROR_TYPE_ERROR, "Received unexpected %u bytes of type %u from `%s'\n", (unsigned int) ntohs (message->size), diff --git a/src/util/common_allocation.c b/src/util/common_allocation.c index be2538c3f..80047bb52 100644 --- a/src/util/common_allocation.c +++ b/src/util/common_allocation.c @@ -484,6 +484,7 @@ GNUNET_asprintf (char **buf, va_start (args, format); ret = VSNPRINTF (NULL, 0, format, args); va_end (args); + GNUNET_assert (ret >= 0); *buf = GNUNET_malloc (ret + 1); va_start (args, format); ret = VSPRINTF (*buf, format, args); diff --git a/src/util/configuration.c b/src/util/configuration.c index 7f1d98902..25eeaf80f 100644 --- a/src/util/configuration.c +++ b/src/util/configuration.c @@ -421,7 +421,6 @@ GNUNET_CONFIGURATION_serialize (const struct GNUNET_CONFIGURATION_Handle *cfg, size_t m_size; size_t c_size; - /* Pass1 : calculate the buffer size required */ m_size = 0; for (sec = cfg->sections; NULL != sec; sec = sec->next) -- cgit v1.2.3 From 0762a75464f424c5669e96f76c7ab1cf76b8e7a5 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 6 Jan 2018 21:33:13 +0100 Subject: fix log call: wait until pid is initialized --- src/peerinfo/gnunet-service-peerinfo.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/peerinfo/gnunet-service-peerinfo.c b/src/peerinfo/gnunet-service-peerinfo.c index bdb6e5e0d..6b39149be 100644 --- a/src/peerinfo/gnunet-service-peerinfo.c +++ b/src/peerinfo/gnunet-service-peerinfo.c @@ -1146,12 +1146,12 @@ handle_hello (void *cls, struct GNUNET_SERVICE_Client *client = cls; struct GNUNET_PeerIdentity pid; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "HELLO message received for peer `%s'\n", - GNUNET_i2s (&pid)); GNUNET_assert (GNUNET_OK == GNUNET_HELLO_get_id (hello, &pid)); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "HELLO message received for peer `%s'\n", + GNUNET_i2s (&pid)); add_host_to_known_hosts (&pid); update_hello (&pid, hello); -- cgit v1.2.3 From f3ea2e1338054ec0143ac7054e5e91373bcbd558 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 6 Jan 2018 21:36:15 +0100 Subject: handle error properly, do not just log but continue gracefully --- src/gns/gnunet-dns2gns.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/src/gns/gnunet-dns2gns.c b/src/gns/gnunet-dns2gns.c index 424677d14..bf7cca042 100644 --- a/src/gns/gnunet-dns2gns.c +++ b/src/gns/gnunet-dns2gns.c @@ -533,14 +533,21 @@ read_dns4 (void *cls) } { char buf[size + 1]; + ssize_t sret; addrlen = sizeof (v4); - GNUNET_break (size == - GNUNET_NETWORK_socket_recvfrom (listen_socket4, - buf, - size + 1, - (struct sockaddr *) &v4, - &addrlen)); + sret = GNUNET_NETWORK_socket_recvfrom (listen_socket4, + buf, + size + 1, + (struct sockaddr *) &v4, + &addrlen); + if (0 > sret) + { + GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, + "recvfrom"); + return; + } + GNUNET_break (size == (size_t) sret); handle_request (listen_socket4, &v4, addrlen, -- cgit v1.2.3 From 328aade82c1f698ac7b93894a4bd659e14f41e4d Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 6 Jan 2018 21:37:27 +0100 Subject: handle error properly, do not just log but continue gracefully -- v6 also --- src/gns/gnunet-dns2gns.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/src/gns/gnunet-dns2gns.c b/src/gns/gnunet-dns2gns.c index bf7cca042..2f0de030d 100644 --- a/src/gns/gnunet-dns2gns.c +++ b/src/gns/gnunet-dns2gns.c @@ -586,16 +586,26 @@ read_dns6 (void *cls) } { char buf[size]; + ssize_t sret; addrlen = sizeof (v6); - GNUNET_break (size == - GNUNET_NETWORK_socket_recvfrom (listen_socket6, - buf, - size, - (struct sockaddr *) &v6, - &addrlen)); - handle_request (listen_socket6, &v6, addrlen, - buf, size); + sret = GNUNET_NETWORK_socket_recvfrom (listen_socket6, + buf, + size, + (struct sockaddr *) &v6, + &addrlen); + if (0 > sret) + { + GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, + "recvfrom"); + return; + } + GNUNET_break (size == (size_t) sret); + handle_request (listen_socket6, + &v6, + addrlen, + buf, + size); } } -- cgit v1.2.3 From 9a558c93bd51152121c4c15dad0a5a66e8e87c96 Mon Sep 17 00:00:00 2001 From: ng0 Date: Sat, 6 Jan 2018 23:37:16 +0000 Subject: doc/documentation: developer,philosophy,user: suggestions by Amirouche Boubekki via gnunet-developers@gnu.org, with some minor additions. --- AUTHORS | 1 + doc/documentation/chapters/developer.texi | 12 +++++++----- doc/documentation/chapters/philosophy.texi | 11 ++++++----- doc/documentation/chapters/user.texi | 6 +++++- 4 files changed, 19 insertions(+), 11 deletions(-) diff --git a/AUTHORS b/AUTHORS index e49319ac0..136848e3f 100644 --- a/AUTHORS +++ b/AUTHORS @@ -33,6 +33,7 @@ Contributions also came from: Adam Warrington [ UPnP ] Adriano Peluso [ Documentation export to Texinfo ] Alex Harper [ OS X CPU load ] +Amirouche Boubekki Andrew McDonald [ SHA-512] Andy Green Antti Salonen diff --git a/doc/documentation/chapters/developer.texi b/doc/documentation/chapters/developer.texi index ada6d37a0..a99f6a481 100644 --- a/doc/documentation/chapters/developer.texi +++ b/doc/documentation/chapters/developer.texi @@ -94,6 +94,7 @@ following links: @c ** FIXME: Link to files in source, not online. @c ** FIXME: Where is the Java tutorial? @itemize @bullet +@c broken link @item @uref{https://gnunet.org/git/gnunet.git/plain/doc/gnunet-c-tutorial.pdf, GNUnet C tutorial} @item GNUnet Java tutorial @end itemize @@ -273,7 +274,7 @@ library is a wapper around block plugins which provide the necessary functions for each block type. @item @file{statistics/} --- statistics service The statistics service enables associating -values (of type uint64_t) with a componenet name and a string. The main +values (of type uint64_t) with a component name and a string. The main uses is debugging (counting events), performance tracking and user entertainment (what did my peer do today?). @item @file{arm/} --- Automatic Restart Manager (ARM) @@ -2450,7 +2451,7 @@ memcpy (tbuf, nameTrans, strlen (nameTrans) + 1); Note that, here the functions @code{htonl}, @code{htons} and @code{GNUNET_TIME_absolute_hton} are applied to convert little endian -into big endian, about the usage of the big/small edian order and the +into big endian, about the usage of the big/small endian order and the corresponding conversion function please refer to Introduction of Big Endian and Little Endian. @@ -7027,6 +7028,7 @@ bandwidth consumption. @c %**end of header +@c inconsistent use of ``must'' above it's written ``MUST'' In contrast to GET operations, developers @strong{must} manually re-run PUT operations periodically (if they intend the content to continue to be available). Content stored in the DHT expires or might be lost due to @@ -7055,7 +7057,7 @@ Using the monitoring API, applications can choose to monitor these requests, possibly limiting themselves to requests for a particular block type. -The monitoring API is not only usefu only for diagnostics, it can also be +The monitoring API is not only useful for diagnostics, it can also be used to trigger application operations based on PUT operations. For example, an application may use PUTs to distribute work requests to other peers. @@ -7149,7 +7151,7 @@ already knows more than about a thousand blocks may need to send several of these messages. Naturally, the client should transmit these messages as quickly as possible after the original GET request such that the DHT can filter those results in the network early on. Naturally, as -these messages are send after the original request, it is conceivalbe +these messages are sent after the original request, it is conceivalbe that the DHT service may return blocks that match those already known to the client anyway. @@ -7240,7 +7242,7 @@ A peer can search the DHT by sending @code{struct PeerGetMessage}s of type @code{GNUNET_MESSAGE_TYPE_DHT_P2P_GET} to other peers. In addition to the usual information about the request (type, routing options, desired replication level for the request, the key and the extended query), a GET -request also again contains a hop counter, a Bloom filter over the peers +request also contains a hop counter, a Bloom filter over the peers that have processed the request already and depending on the routing options the full path traversed by the GET. Finally, a GET request includes a variable-size second Bloom filter and a diff --git a/doc/documentation/chapters/philosophy.texi b/doc/documentation/chapters/philosophy.texi index c8e2651c3..681d5acc3 100644 --- a/doc/documentation/chapters/philosophy.texi +++ b/doc/documentation/chapters/philosophy.texi @@ -47,7 +47,9 @@ Refer to @uref{https://www.gnu.org/philosophy/free-sw.html, https://www.gnu.org/ @item GNUnet must only disclose the minimal amount of information necessary. @c TODO: Explain 'fully' in the terminology section. -@item GNUnet must be fully distributed and survive Byzantine failures +@item GNUnet must be fully distributed and survive +@uref{https://en.wikipedia.org/wiki/Byzantine_fault_tolerance, Byzantine failures} +@footnote{@uref{https://en.wikipedia.org/wiki/Byzantine_fault_tolerance, https://en.wikipedia.org/wiki/Byzantine_fault_tolerance}} at any position in the network. @item GNUnet must make it explicit to the user which entities are considered to be trustworthy when establishing secured communications. @@ -163,7 +165,7 @@ DH (Diffie---Hellman) key exchange using ephemeral eliptic curve cryptography. The ephemeral ECC (Eliptic Curve Cryptography) keys are signed using ECDSA (@uref{http://en.wikipedia.org/wiki/ECDSA, ECDSA}). The shared secret from ECDHE is used to create a pair of session keys -@c FIXME: LOng word for HKDF +@c FIXME: LOng word for HKDF. More FIXMEs: Explain MITM etc. (using HKDF) which are then used to encrypt the communication between the two peers using both 256-bit AES (Advanced Encryption Standard) and 256-bit Twofish (with independently derived secret keys). @@ -173,8 +175,6 @@ without requiring signatures each time. GNUnet uses SHA-512 (Secure Hash Algorithm) hash codes to verify the integrity of messages. In GNUnet, the identity of a host is its public key. For that reason, -@c FIXME: is it clear to the average reader what a man-in-the-middle -@c attack is? man-in-the-middle attacks will not break the authentication or accounting goals. Essentially, for GNUnet, the IP of the host has nothing to do with the identity of the host. As the public key is the only thing that truly @@ -420,8 +420,9 @@ public key first. @node Egos @subsection Egos +@c what is the difference between peer identity and egos? It seems +@c like both are linked to public-private key pair. Egos are your "identities" in GNUnet. Any user can assume multiple identities, for example to separate their activities online. Egos can correspond to pseudonyms or real-world identities. Technically, an ego is first of all a public-private key pair. - diff --git a/doc/documentation/chapters/user.texi b/doc/documentation/chapters/user.texi index 4159a6b32..1a30a7336 100644 --- a/doc/documentation/chapters/user.texi +++ b/doc/documentation/chapters/user.texi @@ -1183,6 +1183,8 @@ shared under the keyword "Das Kapital". Search results are printed by gnunet-search like this: +@c it will be better the avoid the ellipsis altogether because I don't +@c understand the explanation below that @example $ gnunet-download -o "COPYING" --- gnunet://fs/chk/N8...C92.17992 => The GNU Public License <= (mimetype: text/plain) @@ -1192,6 +1194,7 @@ $ gnunet-download -o "COPYING" --- gnunet://fs/chk/N8...C92.17992 The first line is the command you would have to enter to download the file. The argument passed to @code{-o} is the suggested filename (you may change it to whatever you like). +@c except it's triple dash in the above example --- The @code{--} is followed by key for decrypting the file, the query for searching the file, a checksum (in hexadecimal) finally the size of the file in bytes. @@ -1235,6 +1238,7 @@ GNUnet's file-encoding mechanism will ensure file integrity, even if the existing file was not downloaded from GNUnet in the first place. You may want to use the @command{-V} switch (must be added before +@c Same as above it's triple dash the @command{--}) to turn on verbose reporting. In this case, @command{gnunet-download} will print the current number of bytes downloaded whenever new data was received. @@ -1301,7 +1305,7 @@ unavailable. @c %**end of header Each namespace is associated with meta-data that describes -the namespace. This meta data is provided by the user at +the namespace. This meta-data is provided by the user at the time that the namespace is advertised. Advertisements are published under keywords so that they can be found using normal keyword-searches. This way, users can learn about new -- cgit v1.2.3