[git] GnuPG - branch, master, updated. gnupg-2.1.21-114-ge7fc6e3

by Justus Winter cvs at cvs.gnupg.org
Wed Jul 19 17:04:09 CEST 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  e7fc6e3bf0eb6ffe53e1f099d28ce45cef4a8a87 (commit)
      from  2e5459457473eb4b3e7b2b14815cb94faa66e8bb (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e7fc6e3bf0eb6ffe53e1f099d28ce45cef4a8a87
Author: Justus Winter <justus at g10code.com>
Date:   Wed Jul 19 16:02:05 2017 +0200

    dirmngr: Forbid redirects from .onion to clearnet URIs.
    
    * dirmngr/ks-engine-hkp.c (send_request): Forbid redirects from .onion
    to clearnet URIs.
    * dirmngr/ks-engine-http.c (ks_http_fetch): Likewise.
    --
    This protects users from misconfigured .onion services.
    
    GnuPG-bug-id: 3087
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index aa98b37..4a0b08f 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -1162,9 +1162,16 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
   int redirects_left = MAX_REDIRECTS;
   estream_t fp = NULL;
   char *request_buffer = NULL;
+  parsed_uri_t uri = NULL;
+  int is_onion;
 
   *r_fp = NULL;
 
+  err = http_parse_uri (&uri, request, 0);
+  if (err)
+    goto leave;
+  is_onion = uri->onion;
+
   err = http_session_new (&session, httphost,
                           ((ctrl->http_no_crl? HTTP_FLAG_NO_CRL : 0)
                            | HTTP_FLAG_TRUST_DEF),
@@ -1250,6 +1257,23 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
                   request, s?s:"[none]", http_get_status_code (http));
         if (s && *s && redirects_left-- )
           {
+            if (is_onion)
+              {
+                /* Make sure that an onion address only redirects to
+                 * another onion address.  */
+                http_release_parsed_uri (uri);
+                uri = NULL;
+                err = http_parse_uri (&uri, s, 0);
+                if (err)
+                  goto leave;
+
+                if (! uri->onion)
+                  {
+                    err = gpg_error (GPG_ERR_FORBIDDEN);
+                    goto leave;
+                  }
+              }
+
             xfree (request_buffer);
             request_buffer = xtrystrdup (s);
             if (request_buffer)
@@ -1298,6 +1322,7 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
   http_close (http, 0);
   http_session_release (session);
   xfree (request_buffer);
+  http_release_parsed_uri (uri);
   return err;
 }
 
diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c
index 95fa34c..7fb7731 100644
--- a/dirmngr/ks-engine-http.c
+++ b/dirmngr/ks-engine-http.c
@@ -72,6 +72,13 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
   int redirects_left = MAX_REDIRECTS;
   estream_t fp = NULL;
   char *request_buffer = NULL;
+  parsed_uri_t uri = NULL;
+  int is_onion;
+
+  err = http_parse_uri (&uri, url, 0);
+  if (err)
+    goto leave;
+  is_onion = uri->onion;
 
  once_more:
   /* Note that we only use the system provided certificates with the
@@ -145,6 +152,23 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
                   url, s?s:"[none]", http_get_status_code (http));
         if (s && *s && redirects_left-- )
           {
+            if (is_onion)
+              {
+                /* Make sure that an onion address only redirects to
+                 * another onion address.  */
+                http_release_parsed_uri (uri);
+                uri = NULL;
+                err = http_parse_uri (&uri, s, 0);
+                if (err)
+                  goto leave;
+
+                if (! uri->onion)
+                  {
+                    err = gpg_error (GPG_ERR_FORBIDDEN);
+                    goto leave;
+                  }
+              }
+
             xfree (request_buffer);
             request_buffer = xtrystrdup (s);
             if (request_buffer)
@@ -186,5 +210,6 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
   http_close (http, 0);
   http_session_release (session);
   xfree (request_buffer);
+  http_release_parsed_uri (uri);
   return err;
 }

-----------------------------------------------------------------------

Summary of changes:
 dirmngr/ks-engine-hkp.c  | 25 +++++++++++++++++++++++++
 dirmngr/ks-engine-http.c | 25 +++++++++++++++++++++++++
 2 files changed, 50 insertions(+)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list