X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?a=blobdiff_plain;f=site.c;h=c2a230383bc3ad45020091726364f26130d849c2;hb=0009e60a914ef5239ba2f8cc19e07ab5368e49b1;hp=9df0a2b13d1aec1ac2e70a24858adf614c6a640f;hpb=fe5e9cc422cd72526ccfceffbc7e5af8ac83b407;p=secnet.git diff --git a/site.c b/site.c index 9df0a2b..c2a2303 100644 --- a/site.c +++ b/site.c @@ -197,7 +197,7 @@ struct site { static void slog(struct site *st, uint32_t event, cstring_t msg, ...) { va_list ap; - uint8_t buf[240]; + char buf[240]; uint32_t class; va_start(ap,msg); @@ -260,7 +260,7 @@ struct msg { static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what) { void *hst; - uint8_t *hash=alloca(st->hash->len); + uint8_t *hash; string_t dhpub, sig; st->retries=st->setup_retries; @@ -276,15 +276,20 @@ static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what) if (type==LABEL_MSG1) return True; memcpy(buf_append(&st->buffer,NONCELEN),st->remoteN,NONCELEN); if (type==LABEL_MSG2) return True; + + if (hacky_par_mid_failnow()) return False; + dhpub=st->dh->makepublic(st->dh->st,st->dhsecret,st->dh->len); buf_append_string(&st->buffer,dhpub); free(dhpub); + hash=safe_malloc(st->hash->len, "generate_msg"); hst=st->hash->init(); st->hash->update(hst,st->buffer.start,st->buffer.size); st->hash->final(hst,hash); sig=st->privkey->sign(st->privkey->st,hash,st->hash->len); buf_append_string(&st->buffer,sig); free(sig); + free(hash); return True; } @@ -417,7 +422,7 @@ static bool_t process_msg3(struct site *st, struct buffer_if *msg3, struct sockaddr_in *src) { struct msg m; - uint8_t *hash=alloca(st->hash->len); + uint8_t *hash; void *hst; cstring_t err; @@ -428,6 +433,7 @@ static bool_t process_msg3(struct site *st, struct buffer_if *msg3, } /* Check signature and store g^x mod m */ + hash=safe_malloc(st->hash->len, "process_msg3"); hst=st->hash->init(); st->hash->update(hst,m.hashstart,m.hashlen); st->hash->final(hst,hash); @@ -435,8 +441,10 @@ static bool_t process_msg3(struct site *st, struct buffer_if *msg3, m.sig[m.siglen]=0; if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m.sig)) { slog(st,LOG_SEC,"msg3 signature failed check!"); + free(hash); return False; } + free(hash); /* Terminate their DH public key with a '0' */ m.pk[m.pklen]=0; @@ -465,7 +473,7 @@ static bool_t process_msg4(struct site *st, struct buffer_if *msg4, struct sockaddr_in *src) { struct msg m; - uint8_t *hash=alloca(st->hash->len); + uint8_t *hash; void *hst; cstring_t err; @@ -476,6 +484,7 @@ static bool_t process_msg4(struct site *st, struct buffer_if *msg4, } /* Check signature and store g^x mod m */ + hash=safe_malloc(st->hash->len, "process_msg4"); hst=st->hash->init(); st->hash->update(hst,m.hashstart,m.hashlen); st->hash->final(hst,hash); @@ -483,8 +492,10 @@ static bool_t process_msg4(struct site *st, struct buffer_if *msg4, m.sig[m.siglen]=0; if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m.sig)) { slog(st,LOG_SEC,"msg4 signature failed check!"); + free(hash); return False; } + free(hash); /* Terminate their DH public key with a '0' */ m.pk[m.pklen]=0; @@ -664,9 +675,9 @@ static void dump_packet(struct site *st, struct buffer_if *buf, uint32_t msgtype=ntohl(*(uint32_t *)(buf->start+8)); if (st->log_events & LOG_DUMP) - log(st->log,M_DEBUG,"%s: %s: %08x<-%08x: %08x:", - st->tunname,incoming?"incoming":"outgoing", - dest,source,msgtype); + slilog(st->log,M_DEBUG,"%s: %s: %08x<-%08x: %08x:", + st->tunname,incoming?"incoming":"outgoing", + dest,source,msgtype); } static uint32_t site_status(void *st) @@ -821,6 +832,8 @@ static bool_t enter_state_resolve(struct site *st) static bool_t enter_new_state(struct site *st, uint32_t next) { bool_t (*gen)(struct site *st); + int r; + slog(st,LOG_STATE,"entering state %s",state_name(next)); switch(next) { case SITE_SENTMSG1: @@ -858,7 +871,15 @@ static bool_t enter_new_state(struct site *st, uint32_t next) break; } - if (gen(st) && send_msg(st)) { + if (hacky_par_start_failnow()) return False; + + r= gen(st) && send_msg(st); + + hacky_par_end(&r, + st->setup_retries, st->setup_timeout, + send_msg, st); + + if (r) { st->state=next; if (next==SITE_RUN) { BUF_FREE(&st->buffer); /* Never reused */ @@ -915,7 +936,8 @@ static inline void site_settimeout(uint64_t timeout, uint64_t *now, int *timeout_io) { if (timeout) { - uint64_t offset=timeout-*now; + int64_t offset=timeout-*now; + if (offset<0) offset=0; if (offset>INT_MAX) offset=INT_MAX; if (*timeout_io<0 || offset<*timeout_io) *timeout_io=offset; @@ -949,9 +971,10 @@ static void site_afterpoll(void *sst, struct pollfd *fds, int nfds, st->now=*now; if (st->timeout && *now>st->timeout) { st->timeout=0; - if (st->state>=SITE_SENTMSG1 && st->state<=SITE_SENTMSG5) - send_msg(st); - else if (st->state==SITE_WAIT) { + if (st->state>=SITE_SENTMSG1 && st->state<=SITE_SENTMSG5) { + if (!hacky_par_start_failnow()) + send_msg(st); + } else if (st->state==SITE_WAIT) { enter_state_run(st); } else { slog(st,LOG_ERROR,"site_afterpoll: unexpected timeout, state=%d", @@ -1244,6 +1267,8 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context, sprintf(st->tunname,"%s<->%s",st->localname,st->remotename); /* The information we expect to see in incoming messages of type 1 */ + /* fixme: lots of unchecked overflows here, but the results are only + corrupted packets rather than undefined behaviour */ st->setupsiglen=strlen(st->remotename)+strlen(st->localname)+8; st->setupsig=safe_malloc(st->setupsiglen,"site_apply"); put_uint32(st->setupsig+0,LABEL_MSG1); @@ -1286,7 +1311,6 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context, return new_closure(&st->cl); } -init_module site_module; void site_module(dict_t *dict) { add_closure(dict,"site",site_apply);