gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] r30634 - gnunet/src/gns

From: gnunet
Subject: [GNUnet-SVN] r30634 - gnunet/src/gns
Date: Fri, 8 Nov 2013 16:21:52 +0100 
Author: grothoff
Date: 2013-11-08 16:21:51 +0100 (Fri, 08 Nov 2013)
New Revision: 30634

Modified:
   gnunet/src/gns/gnunet-gns-proxy.c
Log:
-do not allow SSL connections if we are only given an IP address by the 
browser, as then we cannot check certificates

Modified: gnunet/src/gns/gnunet-gns-proxy.c
===================================================================
--- gnunet/src/gns/gnunet-gns-proxy.c   2013-11-08 15:21:12 UTC (rev 30633)
+++ gnunet/src/gns/gnunet-gns-proxy.c   2013-11-08 15:21:51 UTC (rev 30634)
@@ -2088,7 +2088,7 @@
  * Lookup (or create) an SSL MHD instance for a particular domain.
  *
  * @param domain the domain the SSL daemon has to serve
- * @return NULL on errro
+ * @return NULL on error
  */
 static struct MhdHttpList *
 lookup_ssl_httpd (const char* domain)
@@ -2096,6 +2096,11 @@
   struct MhdHttpList *hd;
   struct ProxyGNSCertificate *pgc;
 
+  if (NULL == domain)
+  {
+    GNUNET_break (0);
+    return NULL;
+  }
   for (hd = mhd_httpd_head; NULL != hd; hd = hd->next)
     if ( (NULL != hd->domain) &&
         (0 == strcmp (hd->domain, domain)) )
@@ -2545,6 +2550,14 @@
        struct sockaddr_in *in;
 
        s5r->port = ntohs (*port);
+        if (HTTPS_PORT == s5r->port)
+        {
+          GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                      _("SSL connection to plain IPv4 address requested\n"));
+          signal_socks_failure (s5r,
+                                SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE);
+          return;
+        }
        alen = sizeof (struct in_addr);
        if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) +
            alen + sizeof (uint16_t))
@@ -2566,6 +2579,14 @@
        struct sockaddr_in6 *in;
 
        s5r->port = ntohs (*port);
+        if (HTTPS_PORT == s5r->port)
+        {
+          GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                      _("SSL connection to plain IPv4 address requested\n"));
+          signal_socks_failure (s5r,
+                                SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE);
+          return;
+        }
        alen = sizeof (struct in6_addr);
        if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) +
            alen + sizeof (uint16_t))
reply via email to
[Prev in Thread] Current Thread [Next in Thread]