From 67bb910d82cb6366f0b1303f68a36d0e70163927 Mon Sep 17 00:00:00 2001
From: Roman Khlopkov <roman.khlopkov@demlabs.net>
Date: Wed, 15 Jul 2020 16:05:14 +0300
Subject: [PATCH] [*] Small changes in ACL behavior
---
dap-sdk/net/client/dap_client_pvt.c | 5 +++++
dap-sdk/net/server/enc_server/dap_enc_http.c | 4 ----
dap-sdk/net/stream/stream/dap_stream_ctl.c | 6 ++++++
modules/net/dap_chain_net.c | 8 --------
4 files changed, 11 insertions(+), 12 deletions(-)
diff --git a/dap-sdk/net/client/dap_client_pvt.c b/dap-sdk/net/client/dap_client_pvt.c
index 47a67a2d84..1bb6f9708e 100644
--- a/dap-sdk/net/client/dap_client_pvt.c
+++ b/dap-sdk/net/client/dap_client_pvt.c
@@ -399,6 +399,11 @@ static void s_stage_status_after(dap_client_pvt_t * a_client_pvt)
case STAGE_ENC_INIT: {
log_it(L_INFO, "Go to stage ENC: prepare the request");
a_client_pvt->session_key_open = dap_enc_key_new_generate(DAP_ENC_KEY_TYPE_MSRLN, NULL, 0, NULL, 0, 0);
+ if (!a_client_pvt->session_key_open) {
+ log_it(L_ERROR, "Insufficient memory! May be a huge memory leak present");
+ a_client_pvt->stage_status = STAGE_STATUS_ERROR;
+ break;
+ }
size_t l_key_size = a_client_pvt->session_key_open->pub_key_data_size;
dap_cert_t *l_cert = a_client_pvt->auth_cert;
dap_sign_t *l_sign = NULL;
diff --git a/dap-sdk/net/server/enc_server/dap_enc_http.c b/dap-sdk/net/server/enc_server/dap_enc_http.c
index d7cd6c7122..c04ddf05f1 100644
--- a/dap-sdk/net/server/enc_server/dap_enc_http.c
+++ b/dap-sdk/net/server/enc_server/dap_enc_http.c
@@ -122,10 +122,6 @@ void enc_http_proc(struct dap_http_simple *cl_st, void * arg)
dap_enc_ks_key_t * key_ks = dap_enc_ks_new();
if (s_acl_callback) {
key_ks->acl_list = s_acl_callback(&l_sign_hash);
- if (!key_ks->acl_list) {
- *return_code = Http_Status_Unauthorized;
- return;
- }
} else {
log_it(L_WARNING, "Callback for ACL is not set, pass anauthorized");
}
diff --git a/dap-sdk/net/stream/stream/dap_stream_ctl.c b/dap-sdk/net/stream/stream/dap_stream_ctl.c
index e42b474d79..21bd39eb99 100644
--- a/dap-sdk/net/stream/stream/dap_stream_ctl.c
+++ b/dap-sdk/net/stream/stream/dap_stream_ctl.c
@@ -149,6 +149,11 @@ void s_proc(struct dap_http_simple *a_http_simple, void * a_arg)
dap_http_header_t *l_hdr_key_id = dap_http_header_find(a_http_simple->http->in_headers, "KeyID");
if (l_hdr_key_id) {
dap_enc_ks_key_t *l_ks_key = dap_enc_ks_find(l_hdr_key_id->value);
+ if (!l_ks_key) {
+ log_it(L_WARNING, "Key with ID %s not found", l_hdr_key_id->value);
+ *return_code = Http_Status_BadRequest;
+ return;
+ }
ss->acl = l_ks_key->acl_list;
}
enc_http_reply_f(l_dg,"%u %s",ss->id,key_str);
@@ -160,6 +165,7 @@ void s_proc(struct dap_http_simple *a_http_simple, void * a_arg)
}else{
log_it(L_ERROR,"Wrong request: \"%s\"",l_dg->in_query);
*return_code = Http_Status_BadRequest;
+ return;
}
unsigned int conn_t = 0;
diff --git a/modules/net/dap_chain_net.c b/modules/net/dap_chain_net.c
index 2b6fa7859e..5a9025d903 100644
--- a/modules/net/dap_chain_net.c
+++ b/modules/net/dap_chain_net.c
@@ -2607,18 +2607,10 @@ static uint8_t *dap_chain_net_set_acl(dap_chain_hash_fast_t *a_pkey_hash)
{
uint16_t l_net_count;
dap_chain_net_t **l_net_list = dap_chain_net_list(&l_net_count);
- bool l_accessible = false;
if (l_net_count) {
uint8_t *l_ret = DAP_NEW_SIZE(uint8_t, l_net_count);
for (uint16_t i = 0; i < l_net_count; i++) {
l_ret[i] = s_net_check_acl(l_net_list[i], a_pkey_hash);
- if (l_ret[i]) {
- l_accessible = true;
- }
- }
- if (!l_accessible) { // No one network can be accessed with this key
- DAP_DELETE(l_ret);
- l_ret = NULL;
}
return l_ret;
}
--
GitLab