Merge branch 'master' into webui

libretroshare/src/pqi/authssl.cc

@@ -334,6 +334,13 @@ static  int initLib = 0;
 	sslctx = SSL_CTX_new(SSLv23_method());
 	SSL_CTX_set_options(sslctx,SSL_OP_NO_SSLv3) ;
 
+	//SSL_OP_SINGLE_DH_USE 	CVE-2016-0701
+	//https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html
+	//If "strong" primes were used, it is not strictly necessary to generate a new DH key during each handshake but it is also recommended. SSL_OP_SINGLE_DH_USE should therefore be enabled whenever temporary/ephemeral DH parameters are used.
+	//SSL_CTX_set_options() adds the options set via bitmask in options to ctx. Options already set before are not cleared!
+        SSL_CTX_set_options(sslctx,SSL_OP_SINGLE_DH_USE) ;
+
+
 	// Setup cipher lists:
 	//
 	//       std::string cipherString = "HIGH:!DSS:!aNULL:!3DES";

libretroshare/src/pqi/p3peermgr.cc

@@ -64,8 +64,6 @@ const uint32_t MIN_TIME_BETWEEN_NET_RESET = 		5;
 
 const uint32_t PEER_IP_CONNECT_STATE_MAX_LIST_SIZE =     	4;
 
-#define VERY_OLD_PEER  (90 * 24 * 3600)      // 90 days.
-
 /****
  * #define PEER_DEBUG 1
  ***/
@@ -2751,7 +2749,7 @@ bool p3PeerMgrIMPL::removeUnusedLocations()
 		std::map<RsPeerId, peerState>::iterator it;
 		for(it = mFriendList.begin(); it != mFriendList.end(); ++it)
 		{
-			if (now - it->second.lastcontact > VERY_OLD_PEER)
+			if (now > it->second.lastcontact + RS_PEER_OFFLINE_DELETE)
 			{
 				toRemove.push_back(it->first);
 

libretroshare/src/pqi/p3peermgr.h

@@ -65,6 +65,13 @@ const uint32_t RS_NET_FLAGS_EXTERNAL_ADDR	= 0x0008;
 const uint32_t RS_NET_FLAGS_STABLE_UDP		= 0x0010;
 const uint32_t RS_NET_FLAGS_TRUSTS_ME 		= 0x0020;
 
+/*
+ * remove locations offline since 90 days
+ * stopt sending locations via discovery when offline for +30 days
+ */
+const time_t RS_PEER_OFFLINE_DELETE  = (90 * 24 * 3600);
+const time_t RS_PEER_OFFLINE_NO_DISC = (30 * 24 * 3600);
+
 class peerState
 {
 	public:

libretroshare/src/services/p3discovery2.cc

@@ -24,6 +24,7 @@
  */
 
 #include "services/p3discovery2.h"
+#include "pqi/p3peermgr.h"
 #include "util/rsversioninfo.h"
 
 #include "retroshare/rsiface.h"
@@ -930,7 +931,10 @@ void p3discovery2::processContactInfo(const SSLID &fromId, const RsDiscContactIt
             // We pass RS_NODE_PERM_ALL because the PGP id is already a friend, so we should keep the existing
             // permission flags. Therefore the mask needs to be 0xffff.
 
-            mPeerMgr->addFriend(item->sslId, item->pgpId, item->netMode, RS_VS_DISC_OFF, RS_VS_DHT_FULL,(time_t)0,RS_NODE_PERM_ALL);
+			// set last seen to RS_PEER_OFFLINE_NO_DISC minus 1 so that it won't be shared with other friends
+			// until a first connection is established
+
+			mPeerMgr->addFriend(item->sslId, item->pgpId, item->netMode, RS_VS_DISC_OFF, RS_VS_DHT_FULL, time(NULL) - RS_PEER_OFFLINE_NO_DISC - 1, RS_NODE_PERM_ALL);
 			updatePeerAddresses(item);
 		}
 	}

libretroshare/src/services/p3gxschannels.cc

@@ -353,7 +353,18 @@ bool p3GxsChannels::getPostData(const uint32_t &token, std::vector<RsGxsChannelP
 				}
 				else
 				{
-					std::cerr << "Not a GxsChannelPostItem, deleting!" << std::endl;
+					RsGxsCommentItem* cmt = dynamic_cast<RsGxsCommentItem*>(*vit);
+					if(!cmt)
+					{
+						RsGxsMsgItem* msg = (*vit);
+						//const uint16_t RS_SERVICE_GXS_TYPE_CHANNELS    = 0x0217;
+						//const uint8_t RS_PKT_SUBTYPE_GXSCHANNEL_POST_ITEM = 0x03;
+						//const uint8_t RS_PKT_SUBTYPE_GXSCOMMENT_COMMENT_ITEM = 0xf1;
+						std::cerr << "Not a GxsChannelPostItem neither a RsGxsCommentItem"
+											<< " PacketService=" << std::hex << (int)msg->PacketService() << std::dec
+											<< " PacketSubType=" << std::hex << (int)msg->PacketSubType() << std::dec
+											<< " , deleting!" << std::endl;
+					}
 					delete *vit;
 				}
 			}
@@ -401,7 +412,18 @@ bool p3GxsChannels::getRelatedPosts(const uint32_t &token, std::vector<RsGxsChan
 				}
 				else
 				{
-					std::cerr << "Not a GxsChannelPostItem, deleting!" << std::endl;
+					RsGxsCommentItem* cmt = dynamic_cast<RsGxsCommentItem*>(*vit);
+					if(!cmt)
+					{
+						RsGxsMsgItem* msg = (*vit);
+						//const uint16_t RS_SERVICE_GXS_TYPE_CHANNELS    = 0x0217;
+						//const uint8_t RS_PKT_SUBTYPE_GXSCHANNEL_POST_ITEM = 0x03;
+						//const uint8_t RS_PKT_SUBTYPE_GXSCOMMENT_COMMENT_ITEM = 0xf1;
+						std::cerr << "Not a GxsChannelPostItem neither a RsGxsCommentItem"
+											<< " PacketService=" << std::hex << (int)msg->PacketService() << std::dec
+											<< " PacketSubType=" << std::hex << (int)msg->PacketSubType() << std::dec
+											<< " , deleting!" << std::endl;
+					}
 					delete *vit;
 				}
 			}
@@ -1560,7 +1582,7 @@ void p3GxsChannels::handle_event(uint32_t event_type, const std::string &elabel)
 
 		default:
 			/* error */
-			std::cerr << "p3GxsChannels::handle_event() Unknown Event Type: " << event_type;
+			std::cerr << "p3GxsChannels::handle_event() Unknown Event Type: " << event_type << " elabel:" << elabel;
 			std::cerr << std::endl;
 			break;
 	}

libretroshare/src/turtle/p3turtle.cc

@@ -845,13 +845,24 @@ int p3turtle::handleIncoming()
 void p3turtle::handleSearchRequest(RsTurtleSearchRequestItem *item)
 {
 	RsStackMutex stack(mTurtleMtx); /********** STACK LOCKED MTX ******/
-	// take a look at the item:
+    
+	// take a look at the item and test against inconsistent values
 	// 	- If the item destimation is
 
 #ifdef P3TURTLE_DEBUG
 	std::cerr << "Received search request from peer " << item->PeerId() << ": " << std::endl ;
 	item->print(std::cerr,0) ;
 #endif
+    
+	if(item->serial_size() > TURTLE_MAX_SEARCH_REQ_ACCEPTED_SERIAL_SIZE)
+	{
+#ifdef P3TURTLE_DEBUG
+		std::cerr << "  Dropping, because the serial size exceeds the accepted limit." << std::endl ;
+#endif
+		std::cerr << "  Caught a turtle search item with arbitrary large size from " << item->PeerId() << " of size " << item->serial_size() << ". This is not allowed => dropping." << std::endl;
+		return ;
+	}
+    
 	if(_search_requests_origins.size() > MAX_ALLOWED_SR_IN_CACHE)
 	{
 #ifdef P3TURTLE_DEBUG

libretroshare/src/turtle/p3turtle.h

@@ -161,6 +161,7 @@ class ftDataMultiplex;
 class RsSerialiser;
 
 static const int TURTLE_MAX_SEARCH_DEPTH = 6 ;
+static const int TURTLE_MAX_SEARCH_REQ_ACCEPTED_SERIAL_SIZE = 200 ;
 
 // This class is used to keep trace of requests (searches and tunnels).
 //