[git] GnuPG - branch, master, updated. gnupg-2.1.17-63-g76fb2fe

by Werner Koch cvs at cvs.gnupg.org
Wed Jan 11 16:47:01 CET 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  76fb2febde10da8237bbe7613830b51af2a45139 (commit)
       via  09aeac41c97bc8ecb44a09886c7fdbd9a6ec5c7f (commit)
      from  915864e7f0315b0c96315d0bcd48b1b93592353a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 76fb2febde10da8237bbe7613830b51af2a45139
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jan 11 16:43:30 2017 +0100

    dirmngr: Mark hosts dead on ENETDOWN.
    
    * dirmngr/ks-engine-hkp.c (handle_send_request_error): Take care of
    ENETDOWN.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 5f6e5f4..ddeba45 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -1132,10 +1132,14 @@ handle_send_request_error (gpg_error_t err, const char *request,
 {
   int retry = 0;
 
+  /* Fixme: Should we disable all hosts of a protocol family if a
+   * request for an address of that familiy returned ENETDOWN?  */
+
   switch (gpg_err_code (err))
     {
     case GPG_ERR_ECONNREFUSED:
     case GPG_ERR_ENETUNREACH:
+    case GPG_ERR_ENETDOWN:
     case GPG_ERR_UNKNOWN_HOST:
     case GPG_ERR_NETWORK:
       if (mark_host_dead (request) && *tries_left)
@@ -1148,6 +1152,7 @@ handle_send_request_error (gpg_error_t err, const char *request,
           log_info ("selecting a different host due to a timeout\n");
           retry = 1;
         }
+      break;
 
     default:
       break;

commit 09aeac41c97bc8ecb44a09886c7fdbd9a6ec5c7f
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jan 11 16:41:15 2017 +0100

    dirmngr: Fix Tor access for v6 addresses.
    
    * dirmngr/http.c (use_socks): New.
    (my_sock_new_for_addr): New.
    (connect_server): Replace assuan_sock_new by my_sock_new_for_addr.
    --
    
    Libassuan always uses 127.0.0.1 to connect to the local Tor proxy.
    https.c used to create a socket for the actual address family and thus
    the connect call in Libassuan fails when it tries to connect to a v6
    address using a v4 socket.
    
    It would be cleaner to have the my_sock_new_for_addr function as a
    public interface in Libassuan; for now we need to duplicate some code.
    from Libassuan.
    
    GnuPG-bug-id: 2902
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/http.c b/dirmngr/http.c
index c1a60be..75701ec 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -2337,6 +2337,68 @@ start_server ()
 }
 #endif
 
+
+
+/* Return true if SOCKS shall be used.  This is the case if tor_mode
+ * is enabled and the desired address is not the loopback address.
+ * This function is basically a copy of the same internal fucntion in
+ * Libassuan.  */
+static int
+use_socks (struct sockaddr *addr)
+{
+  int mode;
+
+  if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
+    return 0;  /* Not in Tor mode.  */
+  else if (addr->sa_family == AF_INET6)
+    {
+      struct sockaddr_in6 *addr_in6 = (struct sockaddr_in6 *)addr;
+      const unsigned char *s;
+      int i;
+
+      s = (unsigned char *)&addr_in6->sin6_addr.s6_addr;
+      if (s[15] != 1)
+        return 1;   /* Last octet is not 1 - not the loopback address.  */
+      for (i=0; i < 15; i++, s++)
+        if (*s)
+          return 1; /* Non-zero octet found - not the loopback address.  */
+
+      return 0; /* This is the loopback address.  */
+    }
+  else if (addr->sa_family == AF_INET)
+    {
+      struct sockaddr_in *addr_in = (struct sockaddr_in *)addr;
+
+      if (*(unsigned char*)&addr_in->sin_addr.s_addr == 127)
+        return 0; /* Loopback (127.0.0.0/8) */
+
+      return 1;
+    }
+  else
+    return 0;
+}
+
+
+/* Wrapper around assuan_sock_new which takes the domain from an
+ * address parameter.  */
+static assuan_fd_t
+my_sock_new_for_addr (struct sockaddr *addr, int type, int proto)
+{
+  int domain;
+
+  if (use_socks (addr))
+    {
+      /* Libassaun always uses 127.0.0.1 to connect to the socks
+       * server (i.e. the Tor daemon).  */
+      domain = AF_INET;
+    }
+  else
+    domain = addr->sa_family;
+
+  return assuan_sock_new (domain, type, proto);
+}
+
+
 /* Actually connect to a server.  Returns the file descriptor or -1 on
    error.  ERRNO is set on error. */
 static assuan_fd_t
@@ -2436,7 +2498,7 @@ connect_server (const char *server, unsigned short port,
 
           if (sock != ASSUAN_INVALID_FD)
             assuan_sock_close (sock);
-          sock = assuan_sock_new (ai->family, ai->socktype, ai->protocol);
+          sock = my_sock_new_for_addr (ai->addr, ai->socktype, ai->protocol);
           if (sock == ASSUAN_INVALID_FD)
             {
               int save_errno = errno;

-----------------------------------------------------------------------

Summary of changes:
 dirmngr/http.c          | 64 ++++++++++++++++++++++++++++++++++++++++++++++++-
 dirmngr/ks-engine-hkp.c |  5 ++++
 2 files changed, 68 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list