Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-06-20 04:14:27 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

improved certificate parsing in Home so that corrupted certs never get accepted

Browse source
This commit is contained in:
csoler 2017-01-22 21:44:26 +01:00
parent 214fbc7957
commit 7da68ff72d
4 changed files with 33 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

17
libretroshare/src/pgp/rscertificate.cc
View file

@ -431,12 +431,25 @@ unsigned short RsCertificate::loc_port_us() const
return (int)ipv4_internal_ip_and_port[4]*256 + (int)ipv4_internal_ip_and_port[5] ; return (int)ipv4_internal_ip_and_port[4]*256 + (int)ipv4_internal_ip_and_port[5] ;
} }
bool RsCertificate::cleanCertificate(const std::string& input,std::string& output,Format& format,int& error_code) bool RsCertificate::cleanCertificate(const std::string& input,std::string& output,Format& format,int& error_code,bool check_content)
{ {
if(cleanCertificate(input,output,error_code)) if(cleanCertificate(input,output,error_code))
{ {
format = RS_CERTIFICATE_RADIX ; format = RS_CERTIFICATE_RADIX ;
return true ;
if(!check_content)
return true ;
try
{
RsCertificate c(input) ;
return true ;
}
catch(uint32_t err_code)
{
error_code = err_code ;
return false;
}
} }
return false ; return false ;

2
libretroshare/src/pgp/rscertificate.h
View file

@ -41,7 +41,7 @@ class RsCertificate
const unsigned char *pgp_key() const { return binary_pgp_key ; } const unsigned char *pgp_key() const { return binary_pgp_key ; }
size_t pgp_key_size() const { return binary_pgp_key_size ; } size_t pgp_key_size() const { return binary_pgp_key_size ; }
static bool cleanCertificate(const std::string& input,std::string& output,RsCertificate::Format& format,int& error_code) ; static bool cleanCertificate(const std::string& input, std::string& output, RsCertificate::Format& format, int& error_code, bool check_content) ;
private: private:
static bool cleanCertificate(const std::string& input,std::string& output,int&) ; // new radix format static bool cleanCertificate(const std::string& input,std::string& output,int&) ; // new radix format

2
libretroshare/src/rsserver/p3peers.cc
View file

@ -1214,7 +1214,7 @@ bool p3Peers::cleanCertificate(const std::string &certstr, std::string &cleanCer
{ {
RsCertificate::Format format ; RsCertificate::Format format ;
return RsCertificate::cleanCertificate(certstr,cleanCert,format,error_code) ; return RsCertificate::cleanCertificate(certstr,cleanCert,format,error_code,true) ;
} }
bool p3Peers::saveCertificateToFile(const RsPeerId &id, const std::string &/*fname*/) bool p3Peers::saveCertificateToFile(const RsPeerId &id, const std::string &/*fname*/)

27
retroshare-gui/src/gui/connect/ConnectFriendWizard.cpp
View file

@ -962,13 +962,14 @@ void ConnectFriendWizard::friendCertChanged()
void ConnectFriendWizard::cleanFriendCert() void ConnectFriendWizard::cleanFriendCert()
{ {
bool certValid = false; bool certValid = false;
QString errorMsg; QString errorMsg ;
std::string cert = ui->friendCertEdit->toPlainText().toUtf8().constData(); std::string cert = ui->friendCertEdit->toPlainText().toUtf8().constData();
if (cert.empty()) { if (cert.empty()) {
ui->friendCertCleanLabel->setPixmap(QPixmap(":/images/delete.png")); ui->friendCertCleanLabel->setPixmap(QPixmap(":/images/delete.png"));
ui->friendCertCleanLabel->setToolTip(""); ui->friendCertCleanLabel->setToolTip("");
ui->friendCertCleanLabel->setStyleSheet(""); ui->friendCertCleanLabel->setStyleSheet("");
errorMsg = tr("");
} else { } else {
std::string cleanCert; std::string cleanCert;
@ -984,23 +985,27 @@ void ConnectFriendWizard::cleanFriendCert()
ui->friendCertCleanLabel->setStyleSheet(""); ui->friendCertCleanLabel->setStyleSheet("");
connect(ui->friendCertEdit, SIGNAL(textChanged()), this, SLOT(friendCertChanged())); connect(ui->friendCertEdit, SIGNAL(textChanged()), this, SLOT(friendCertChanged()));
} }
errorMsg = tr("Certificate appears to be valid");
ui->friendCertCleanLabel->setPixmap(QPixmap(":/images/accepted16.png"));
} else { } else {
if (error_code > 0) { if (error_code > 0) {
switch (error_code) { switch (error_code) {
case RS_PEER_CERT_CLEANING_CODE_NO_BEGIN_TAG: case CERTIFICATE_PARSING_ERROR_CHECKSUM_ERROR :
errorMsg = tr("No or misspelled BEGIN tag found") ; case CERTIFICATE_PARSING_ERROR_WRONG_VERSION :
break ; case CERTIFICATE_PARSING_ERROR_SIZE_ERROR :
case RS_PEER_CERT_CLEANING_CODE_NO_END_TAG: case CERTIFICATE_PARSING_ERROR_INVALID_LOCATION_ID :
errorMsg = tr("No or misspelled END tag found") ; case CERTIFICATE_PARSING_ERROR_INVALID_EXTERNAL_IP :
break ; case CERTIFICATE_PARSING_ERROR_INVALID_LOCAL_IP :
case RS_PEER_CERT_CLEANING_CODE_NO_CHECKSUM: case CERTIFICATE_PARSING_ERROR_INVALID_CHECKSUM_SECTION :
errorMsg = tr("No checksum found (the last 5 chars should be separated by a '=' char), or no newline after tag line (e.g. line beginning with Version:)") ; case CERTIFICATE_PARSING_ERROR_UNKNOWN_SECTION_PTAG :
break ; case CERTIFICATE_PARSING_ERROR_MISSING_CHECKSUM :
default: default:
errorMsg = tr("Fake certificate: take any real certificate, and replace some of the letters randomly") ; errorMsg = tr("Not a valid Retroshare certificate!") ;
ui->friendCertCleanLabel->setStyleSheet("QLabel#friendCertCleanLabel {border: 2px solid red; border-radius: 6px;}"); ui->friendCertCleanLabel->setStyleSheet("QLabel#friendCertCleanLabel {border: 2px solid red; border-radius: 6px;}");
} }
} }
ui->friendCertCleanLabel->setPixmap(QPixmap(":/images/delete.png"));
} }
} }