From patchwork Mon Apr 26 07:44:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 1776 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id oHiRGVP8hmDSSwAAIUCqbw (envelope-from ) for ; Mon, 26 Apr 2021 13:45:55 -0400 Received: from proxy15.mail.iad3b.rsapps.net ([172.31.255.6]) by director11.mail.ord1d.rsapps.net with LMTP id iPgpGVP8hmDuUQAAvGGmqA (envelope-from ) for ; Mon, 26 Apr 2021 13:45:55 -0400 Received: from smtp35.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy15.mail.iad3b.rsapps.net with LMTPS id oKqDE1P8hmAHUQAAhyf7VQ (envelope-from ) for ; Mon, 26 Apr 2021 13:45:55 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp35.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=greenie.muc.de X-Suspicious-Flag: YES X-Classification-ID: 3f39c6f2-a6b7-11eb-b6de-525400503131-1-1 Received: from [216.105.38.7] ([216.105.38.7:45368] helo=lists.sourceforge.net) by smtp35.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id D4/D3-26326-15CF6806; Mon, 26 Apr 2021 13:45:54 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1lb5I2-0005Ti-Qb; Mon, 26 Apr 2021 17:44:58 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lb5I1-0005Tb-Av for openvpn-devel@lists.sourceforge.net; Mon, 26 Apr 2021 17:44:57 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=IKgCQr72q+ax+8Ffwc0DcakUM8rgtW4nh6TtBvFgFdQ=; b=CuVoShVhsjIxWdY1VFmA0LMOWS PH79romHSDiRnjBCp2isqgCXq0yIXWDaRwuoypi4VfIsOZ4YUheRAC2DRd3ZyCRBf0F485DTNzoVo UdrdejTq+LWsfccQ2Pr4idkySXfF8H3PM+6o1/Ca7hxvj3kKPkCs3kSzfa5Ay2cdt3AU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=IKgCQr72q+ax+8Ffwc0DcakUM8rgtW4nh6TtBvFgFdQ=; b=C Ieir84jhxnFbI1ENOTLmRxgsgotzE//B3q0lAwPOafMaaa9jni8qxDLz5BXHhv7TnlCXdU4GRXZXI P8UoogteUVwyc6vYdpaWWxZebdHvNbZ5dFRXI1Ghq4+weLscdEvgB/6hPzXzRCfgLkd964mS54ikH 2Kc6ylmK6DEKLxn8=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1lb5Hr-0005bQ-GC for openvpn-devel@lists.sourceforge.net; Mon, 26 Apr 2021 17:44:58 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.15.2/8.14.9) with ESMTP id 13QHibCA026258 for ; Mon, 26 Apr 2021 19:44:37 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.15.2/8.14.9/Submit) id 13QHibdx026257 for openvpn-devel@lists.sourceforge.net; Mon, 26 Apr 2021 19:44:37 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 26 Apr 2021 19:44:36 +0200 Message-Id: <20210426174436.26210-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.26.3 MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1lb5Hr-0005bQ-GC Subject: [Openvpn-devel] [PATCH] rewrite parse_hash_fingerprint() X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox The existing code was doing far too much work for too little gain - copying the string segment for scanf(), checking extra for spaces, making the result quite unreadable. Verify each segment with (short-circuited) isxdigit() checks, then feed directly to scanf(), which will stop parsing on ':' or end-of-string. Rewrite error message to differenciate "hash too short" (including number of bytes read) and "hash too long" (it did not terminate when we had enough bytes). While at it, add an option printer for the resulting o->verify_hash list to show_settings(). Signed-off-by: Gert Doering --- src/openvpn/options.c | 64 +++++++++++++++++++++---------------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 2a5b1393..15472878 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1082,56 +1082,43 @@ string_substitute(const char *src, int from, int to, struct gc_arena *gc) static struct verify_hash_list * parse_hash_fingerprint(const char *str, int nbytes, int msglevel, struct gc_arena *gc) { - int i; + int i=0; const char *cp = str; struct verify_hash_list *ret; ALLOC_OBJ_CLEAR_GC(ret, struct verify_hash_list, gc); - char term = 1; + char term = 0; int byte; - char bs[3]; - for (i = 0; i < nbytes; ++i) + while (*cp && i < nbytes) { - if (strlen(cp) < 2) + /* valid segments consist of exactly two hex digits, then ':' or EOS */ + if (!isxdigit(cp[0]) + || !isxdigit(cp[1]) + || (cp[2] != ':' && cp[2] != '\0') + || sscanf(cp, "%x", &byte) != 1) { msg(msglevel, "format error in hash fingerprint: %s", str); + break; } - bs[0] = *cp++; - bs[1] = *cp++; - bs[2] = 0; - /* the format string "%x" passed to sscanf will ignore any space and - * will still try to parse the other character. However, this is not - * expected format for a fingerprint, therefore explictly check for - * blanks in the string and error out if any is found - */ - if (bs[0] == ' ' || bs[1] == ' ') - { - msg(msglevel, "format error in hash fingerprint unexpected blank: %s", - str); - } + ret->hash[i++] = (uint8_t)byte; - byte = 0; - if (sscanf(bs, "%x", &byte) != 1) - { - msg(msglevel, "format error in hash fingerprint hex byte: %s", str); - } - ret->hash[i] = (uint8_t)byte; - term = *cp++; - if (term != ':' && term != 0) - { - msg(msglevel, "format error in hash fingerprint delimiter: %s", str); - } - if (term == 0) + term = cp[2]; + if (term == '\0') { break; } + cp += 3; } - if (term != 0 || i != nbytes-1) + if (i < nbytes) { - msg(msglevel, "hash fingerprint is different length than expected (%d bytes): %s", nbytes, str); + msg(msglevel, "hash fingerprint is wrong length - expected %d bytes, got %d: %s", nbytes, i, str); + } + else if (term != '\0') + { + msg(msglevel, "hash fingerprint too long - expected only %d bytes: %s", nbytes, str); } return ret; } @@ -1791,6 +1778,19 @@ show_settings(const struct options *o) } } SHOW_STR(remote_cert_eku); + if (o->verify_hash) + { + struct gc_arena gc = gc_new(); + struct verify_hash_list *hl = o->verify_hash; + while (hl) + { + char *s = format_hex_ex(hl->hash, sizeof(hl->hash), 0, + 1, ":", &gc); + SHOW_PARM(verify_hash, s, "%s"); + hl = hl->next; + } + gc_free(&gc); + } SHOW_INT(ssl_flags); SHOW_INT(tls_timeout);