X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol.c;h=bf165a7d39dd2d0a84df2539e5032df6a1ae7290;hb=72091d5c770856870bb8cd51bcc5641078c7562c;hp=7de75b931a868690861d355e194e58e46801f5b7;hpb=3a149f7521dfff67e6a790c1a830afc649ae083e;p=tinc

diff --git a/src/protocol.c b/src/protocol.c
index 7de75b93..bf165a7d 100644
--- a/src/protocol.c
+++ b/src/protocol.c
@@ -1,7 +1,7 @@
 /*
     protocol.c -- handle the meta-protocol, basic functions
     Copyright (C) 1999-2005 Ivo Timmermans,
-                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2022 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -22,47 +22,68 @@
 
 #include "conf.h"
 #include "connection.h"
+#include "crypto.h"
 #include "logger.h"
 #include "meta.h"
 #include "protocol.h"
+#include "utils.h"
 #include "xalloc.h"
 
 bool tunnelserver = false;
 bool strictsubnets = false;
 bool experimental = true;
 
-/* Jumptable for the request handlers */
-
-static bool (*request_handlers[])(connection_t *, const char *) = {
-	id_h, metakey_h, challenge_h, chal_reply_h, ack_h,
-	NULL, NULL, termreq_h,
-	ping_h, pong_h,
-	add_subnet_h, del_subnet_h,
-	add_edge_h, del_edge_h,
-	key_changed_h, req_key_h, ans_key_h, tcppacket_h, control_h,
-	NULL, NULL, /* Not "real" requests (yet) */
-	sptps_tcppacket_h,
-	udp_info_h, mtu_info_h,
-};
+static inline bool is_valid_request(request_t req) {
+	return req > ALL && req < LAST;
+}
 
-/* Request names */
+/* Request handlers */
+const request_entry_t *get_request_entry(request_t req) {
+	if(!is_valid_request(req)) {
+		logger(DEBUG_ALWAYS, LOG_ERR, "Invalid request %d", req);
+		return NULL;
+	}
 
-static char (*request_name[]) = {
-	"ID", "METAKEY", "CHALLENGE", "CHAL_REPLY", "ACK",
-	"STATUS", "ERROR", "TERMREQ",
-	"PING", "PONG",
-	"ADD_SUBNET", "DEL_SUBNET",
-	"ADD_EDGE", "DEL_EDGE", "KEY_CHANGED", "REQ_KEY", "ANS_KEY", "PACKET", "CONTROL",
-	"REQ_PUBKEY", "ANS_PUBKEY", "SPTPS_PACKET", "UDP_INFO", "MTU_INFO",
-};
+	// Prevent user from accessing the table directly to always have bound checks
+	static const request_entry_t request_entries[] = {
+		[ID] = {id_h, "ID"},
+		[METAKEY] = {metakey_h, "METAKEY"},
+		[CHALLENGE] = {challenge_h, "CHALLENGE"},
+		[CHAL_REPLY] = {chal_reply_h, "CHAL_REPLY"},
+		[ACK] = {ack_h, "ACK"},
+		[STATUS] = {NULL, "STATUS"},
+		[ERROR] = {NULL, "ERROR"},
+		[TERMREQ] = {termreq_h, "TERMREQ"},
+		[PING] = {ping_h, "PING"},
+		[PONG] = {pong_h, "PONG"},
+		[ADD_SUBNET] = {add_subnet_h, "ADD_SUBNET"},
+		[DEL_SUBNET] = {del_subnet_h, "DEL_SUBNET"},
+		[ADD_EDGE] = {add_edge_h, "ADD_EDGE"},
+		[DEL_EDGE] = {del_edge_h, "DEL_EDGE"},
+		[KEY_CHANGED] = {key_changed_h, "KEY_CHANGED"},
+		[REQ_KEY] = {req_key_h, "REQ_KEY"},
+		[ANS_KEY] = {ans_key_h, "ANS_KEY"},
+		[PACKET] = {tcppacket_h, "PACKET"},
+		[CONTROL] = {control_h, "CONTROL"},
+		/* Not "real" requests yet */
+		[REQ_PUBKEY] = {NULL, "REQ_PUBKEY"},
+		[ANS_PUBKEY] = {NULL, "ANS_PUBKEY"},
+		[SPTPS_PACKET] = {sptps_tcppacket_h, "SPTPS_PACKET"},
+		[UDP_INFO] = {udp_info_h, "UDP_INFO"},
+		[MTU_INFO] = {mtu_info_h, "MTU_INFO"},
+	};
+	return &request_entries[req];
+}
 
 static int past_request_compare(const past_request_t *a, const past_request_t *b) {
 	return strcmp(a->request, b->request);
 }
 
 static void free_past_request(past_request_t *r) {
-	free((char *)r->request);
-	free(r);
+	if(r) {
+		free((char *)r->request);
+		free(r);
+	}
 }
 
 static splay_tree_t past_request_tree = {
@@ -94,7 +115,7 @@ bool send_request(connection_t *c, const char *format, ...) {
 	}
 
 	int id = atoi(request);
-	logger(DEBUG_META, LOG_DEBUG, "Sending %s to %s (%s): %s", request_name[id], c->name, c->hostname, request);
+	logger(DEBUG_META, LOG_DEBUG, "Sending %s to %s (%s): %s", get_request_entry(id)->name, c->name, c->hostname, request);
 
 	request[len++] = '\n';
 
@@ -112,14 +133,15 @@ bool send_request(connection_t *c, const char *format, ...) {
 }
 
 void forward_request(connection_t *from, const char *request) {
-	logger(DEBUG_META, LOG_DEBUG, "Forwarding %s from %s (%s): %s", request_name[atoi(request)], from->name, from->hostname, request);
+	logger(DEBUG_META, LOG_DEBUG, "Forwarding %s from %s (%s): %s", get_request_entry(atoi(request))->name, from->name, from->hostname, request);
 
 	// Create a temporary newline-terminated copy of the request
 	size_t len = strlen(request);
-	char tmp[len + 1];
+	const size_t tmplen = len + 1;
+	char *tmp = alloca(tmplen);
 	memcpy(tmp, request, len);
 	tmp[len] = '\n';
-	broadcast_meta(from, tmp, sizeof(tmp));
+	broadcast_meta(from, tmp, tmplen);
 }
 
 bool receive_request(connection_t *c, const char *request) {
@@ -142,23 +164,24 @@ bool receive_request(connection_t *c, const char *request) {
 	int reqno = atoi(request);
 
 	if(reqno || *request == '0') {
-		if((reqno < 0) || (reqno >= LAST) || !request_handlers[reqno]) {
+		if(!is_valid_request(reqno) || !get_request_entry(reqno)->handler) {
 			logger(DEBUG_META, LOG_DEBUG, "Unknown request from %s (%s): %s", c->name, c->hostname, request);
 			return false;
-		} else {
-			logger(DEBUG_META, LOG_DEBUG, "Got %s from %s (%s): %s", request_name[reqno], c->name, c->hostname, request);
 		}
 
+		const request_entry_t *entry = get_request_entry(reqno);
+		logger(DEBUG_META, LOG_DEBUG, "Got %s from %s (%s): %s", entry->name, c->name, c->hostname, request);
+
 		if((c->allow_request != ALL) && (c->allow_request != reqno)) {
 			logger(DEBUG_ALWAYS, LOG_ERR, "Unauthorized request from %s (%s)", c->name, c->hostname);
 			return false;
 		}
 
-		if(!request_handlers[reqno](c, request)) {
+		if(!entry->handler(c, request)) {
 			/* Something went wrong. Probably scriptkiddies. Terminate. */
 
 			if(reqno != TERMREQ) {
-				logger(DEBUG_ALWAYS, LOG_ERR, "Error while processing %s from %s (%s)", request_name[reqno], c->name, c->hostname);
+				logger(DEBUG_ALWAYS, LOG_ERR, "Error while processing %s from %s (%s)", entry->name, c->name, c->hostname);
 			}
 
 			return false;
@@ -191,7 +214,7 @@ static void age_past_requests(void *data) {
 
 	if(left)
 		timeout_set(&past_request_timeout, &(struct timeval) {
-		10, rand() % 100000
+		10, jitter()
 	});
 }
 
@@ -209,7 +232,7 @@ bool seen_request(const char *request) {
 		new->firstseen = now.tv_sec;
 		splay_insert(&past_request_tree, new);
 		timeout_add(&past_request_timeout, age_past_requests, NULL, &(struct timeval) {
-			10, rand() % 100000
+			10, jitter()
 		});
 		return false;
 	}