[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r30634 - gnunet/src/gns
From: |
gnunet |
Subject: |
[GNUnet-SVN] r30634 - gnunet/src/gns |
Date: |
Fri, 8 Nov 2013 16:21:52 +0100 |
Author: grothoff
Date: 2013-11-08 16:21:51 +0100 (Fri, 08 Nov 2013)
New Revision: 30634
Modified:
gnunet/src/gns/gnunet-gns-proxy.c
Log:
-do not allow SSL connections if we are only given an IP address by the
browser, as then we cannot check certificates
Modified: gnunet/src/gns/gnunet-gns-proxy.c
===================================================================
--- gnunet/src/gns/gnunet-gns-proxy.c 2013-11-08 15:21:12 UTC (rev 30633)
+++ gnunet/src/gns/gnunet-gns-proxy.c 2013-11-08 15:21:51 UTC (rev 30634)
@@ -2088,7 +2088,7 @@
* Lookup (or create) an SSL MHD instance for a particular domain.
*
* @param domain the domain the SSL daemon has to serve
- * @return NULL on errro
+ * @return NULL on error
*/
static struct MhdHttpList *
lookup_ssl_httpd (const char* domain)
@@ -2096,6 +2096,11 @@
struct MhdHttpList *hd;
struct ProxyGNSCertificate *pgc;
+ if (NULL == domain)
+ {
+ GNUNET_break (0);
+ return NULL;
+ }
for (hd = mhd_httpd_head; NULL != hd; hd = hd->next)
if ( (NULL != hd->domain) &&
(0 == strcmp (hd->domain, domain)) )
@@ -2545,6 +2550,14 @@
struct sockaddr_in *in;
s5r->port = ntohs (*port);
+ if (HTTPS_PORT == s5r->port)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ _("SSL connection to plain IPv4 address requested\n"));
+ signal_socks_failure (s5r,
+ SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE);
+ return;
+ }
alen = sizeof (struct in_addr);
if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) +
alen + sizeof (uint16_t))
@@ -2566,6 +2579,14 @@
struct sockaddr_in6 *in;
s5r->port = ntohs (*port);
+ if (HTTPS_PORT == s5r->port)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ _("SSL connection to plain IPv4 address requested\n"));
+ signal_socks_failure (s5r,
+ SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE);
+ return;
+ }
alen = sizeof (struct in6_addr);
if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) +
alen + sizeof (uint16_t))
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r30634 - gnunet/src/gns,
gnunet <=