From e279b81dba5901ad6ed7fa73901acab10f1d4a63 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sat, 17 Sep 2011 20:59:01 +0200 Subject: [PATCH] src/connection.c: Move code to get proxy certificate path to verify.c. Moved to new function proxy_certificate_path() in verify.c. --- src/connection.c | 24 +++--------------------- src/verify.c | 32 ++++++++++++++++++++++++++++++++ src/verify.h | 2 ++ 3 files changed, 37 insertions(+), 21 deletions(-) diff --git a/src/connection.c b/src/connection.c index 1fb74cc..42b8ac3 100644 --- a/src/connection.c +++ b/src/connection.c @@ -359,28 +359,10 @@ static int initialize_tls_session_client(int peer_socket, * certificate to let the client know something is wrong. */ use_invalid_cert = 0 == strcmp(hostname, "invalid"); - /* Hostname too long. */ - if (sizeof(path) - strlen(PROXY_SERVER_CERT_FORMAT) <= strlen(hostname)) { - LOG(LOG_WARNING, - "initialize_tls_session_client(): hostname too long: '%s'", - hostname); - return -1; - } - /* Try to prevent path traversals in hostnames. */ - if (NULL != strstr(hostname, "..")) { - LOG(LOG_WARNING, - "initialize_tls_session_client(): possible path traversal: '%s'", - hostname); - return -1; - } - result = snprintf(path, sizeof(path), PROXY_SERVER_CERT_FORMAT, hostname); - if (result < 0) { - LOG_PERROR(LOG_ERROR, - "initialize_tls_session_client(): snprintf failed"); - return -1; - } else if ((size_t)result >= sizeof(path)) { + if (0 != proxy_certificate_path(hostname, path, sizeof(path))) { LOG(LOG_ERROR, - "initialize_tls_session_client(): snprintf buffer too short"); + "initialize_tls_session_client(): \ +failed to get proxy certificate path"); return -1; } diff --git a/src/verify.c b/src/verify.c index 63ca6da..e3a8629 100644 --- a/src/verify.c +++ b/src/verify.c @@ -155,6 +155,38 @@ int verify_tls_connection(gnutls_session_t session, const char *hostname) { return 0; } + +int proxy_certificate_path(const char *hostname, char *path, size_t size) { + int result; + + /* Hostname too long. */ + if (size - strlen(PROXY_SERVER_CERT_FORMAT) <= strlen(hostname)) { + LOG(LOG_WARNING, + "proxy_certificate_path(): hostname too long: '%s'", + hostname); + return -1; + } + /* Try to prevent path traversals in hostnames. */ + if (NULL != strstr(hostname, "..")) { + LOG(LOG_WARNING, + "proxy_certificate_path(): possible path traversal: '%s'", + hostname); + return -1; + } + result = snprintf(path, size, PROXY_SERVER_CERT_FORMAT, hostname); + if (result < 0) { + LOG_PERROR(LOG_ERROR, + "proxy_certificate_path(): snprintf failed"); + return -1; + } else if ((size_t)result >= size) { + LOG(LOG_ERROR, + "proxy_certificate_path(): snprintf buffer too short"); + return -1; + } + + return 0; +} + int server_certificate_path(FILE **file, const char *hostname, char *path, size_t size) { int result; diff --git a/src/verify.h b/src/verify.h index 2e986db..ebcd993 100644 --- a/src/verify.h +++ b/src/verify.h @@ -20,8 +20,10 @@ #ifndef VERIFY_H #define VERIFY_H +int proxy_certificate_path(const char *hostname, char *path, size_t size); int server_certificate_path(FILE **file, const char *hostname, char *path, size_t size); + int verify_tls_connection(gnutls_session_t session, const char *hostname); #endif -- 2.44.1