Possible bug in using 'recv-key' facility via a HTTP proxy

Steven Murdoch sjmurdoch at bigfoot.com
Sat Apr 14 20:18:01 CEST 2001

Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

A few weeks ago I mailed gnupg-devel about a problem I had importing
keys from a key-server via a proxy server. I initially thought this was
because gpg did not terminate the request with \r\n\r\n so Werner
Koch mailed me a patch to fix this however this did not allow me to
download keys since there seems to be an additional problem.

Below is a patch which seems to fix or at least work around the
problem however I am not confident that it is the best solution or
even correct. The reason I am sending this in is that I hope the patch
will help someone more experienced with socket programming to locate
and properly diagnose what is going on.

Everything is fine at the HTTP level, but all is not well at the TCP
level. Using the Ethereal network sniffer I can see that after sending
the request and the \r\n\r\n the final packet has the FIN bit set and
so my proxy server closes the connection. My socket programming skills
consist of no more than a 30 minute lecture so I cannot guarantee this
is correct however I think the FIN is sent from the 'shutdown()'
system call at line 132 of version gnupg-1.0.4 (function
http_wait_response()). When I took this out the FIN was not sent
however neither were the \r and \n sent to hd->fp_write (line 113,
http_start_data()), it was as if the buffer was never flushed, but I
have no idea why omitting shutdown should cause this. I therefore
moved outputting the extra \r\n from http_start_data to appending this
to the HTTP request itself. This sends data to the socket using
'write' rather than 'iobuf_put' and seems to workaround the problem.

For reference I am using Redhat 6.2 with the Linux 2.2.14-5.0 kernel.

Thank you,
Steven Murdoch.

--- gnupg-1.0.4/util/http.c	Fri Oct  8 19:34:56 1999
+++ gnupg-1.0.4_updated/util/http.c	Wed Mar 28 20:52:35 2001
@@ -110,7 +110,15 @@
 http_start_data( HTTP_HD hd )
     if( !hd->in_data ) {
+      /*The following lines have been commented out since the fp_write
+       *buffer does not seem to be flushed and these characters seem never
+       *to be sent over the network, now that 'shutdown' has been
+       *removed so I have put these in the HTTP request itself.
+       */
+      /*
+	iobuf_put( hd->fp_write, '\r' );
 	iobuf_put( hd->fp_write, '\n' );
+      */
 	hd->in_data = 1;
@@ -129,7 +137,11 @@
 	return G10ERR_GENERAL;
     iobuf_close( hd->fp_write );
     hd->fp_write = NULL;
-    shutdown( hd->sock, 1 );
+    /*The following line has been commented out since the shutdown
+     *function seems to send a TCP packet 'FIN' set and so closes
+     *the connection
+     */
+    /*shutdown( hd->sock, 1 );*/
     hd->in_data = 0;
     hd->fp_read = iobuf_fdopen( hd->sock , "r" );
@@ -452,15 +464,18 @@
     p = build_rel_path( hd->uri );
     request = m_alloc( strlen(server) + strlen(p) + 50 );
+    /*http_start_data no longer sends the blank line (\r\n) so
+     *I add this on here
+     */
     if( http_proxy ) {
-	sprintf( request, "%s http://%s:%hu%s%s HTTP/1.0\r\n",
+	sprintf( request, "%s http://%s:%hu%s%s HTTP/1.0\r\n\r\n",
 			  hd->req_type == HTTP_REQ_GET ? "GET" :
 			  hd->req_type == HTTP_REQ_HEAD? "HEAD":
 			  hd->req_type == HTTP_REQ_POST? "POST": "OOPS",
 			  server, port,  *p == '/'? "":"/", p );
     else {
-	sprintf( request, "%s %s%s HTTP/1.0\r\n",
+	sprintf( request, "%s %s%s HTTP/1.0\r\n\r\n",
 			  hd->req_type == HTTP_REQ_GET ? "GET" :
 			  hd->req_type == HTTP_REQ_HEAD? "HEAD":
 			  hd->req_type == HTTP_REQ_POST? "POST": "OOPS",

Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org


email: sjmurdoch at bigfoot.com
web: http://www.dcs.gla.ac.uk/~murdocsj/
PGP/GnuPG keys: http://www.bigfoot.com/~sjmurdoch/keys.html

More information about the Gnupg-devel mailing list