Adapt prototype of net_accept() for explicit size

parent d9e6a3ac
......@@ -45,6 +45,7 @@ API Changes
mbedtls_x509_ctr_verify_info()
mbedtls_x509_crt_verify() (flags, f_vrfy -> needs to be update)
mbedtls_ssl_conf_verify() (f_vrfy -> needs to be updated)
* net_accept() gained new arguments for the size of the client_ip buffer.
* In the threading layer, mbedtls_mutex_init() and mbedtls_mutex_free() now
return void.
* ecdsa_write_signature() gained an addtional md_alg argument and
......
......@@ -62,7 +62,7 @@
* DES 1 0x0032-0x0032
* CTR_DBRG 4 0x0034-0x003A
* ENTROPY 3 0x003C-0x0040
* NET 9 0x0042-0x0052
* NET 9 0x0042-0x0052 0x0043-0x0043
* ENTROPY 1 0x0058-0x0058
* ASN1 7 0x0060-0x006C
* MD2 1 0x0070-0x0070
......
......@@ -44,6 +44,7 @@
#define MBEDTLS_ERR_NET_SEND_FAILED -0x004E /**< Sending information through the socket failed. */
#define MBEDTLS_ERR_NET_CONN_RESET -0x0050 /**< Connection was reset by peer. */
#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /**< Failed to get an IP address for the given hostname. */
#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 /**< Buffer is too small to hold the data. */
#define MBEDTLS_NET_LISTEN_BACKLOG 10 /**< The backlog that listen() should use. */
......@@ -96,17 +97,21 @@ int mbedtls_net_bind( int *fd, const char *bind_ip, int port, int proto );
* \param bind_fd Relevant socket
* \param client_fd Will contain the connected client socket
* \param client_ip Will contain the client IP address
* Must be at least 4 bytes, or 16 if IPv6 is supported
* \param buf_size Size of the client_ip buffer
* \param ip_len Will receive the size of the client IP written
*
* \return 0 if successful, MBEDTLS_ERR_NET_ACCEPT_FAILED, or
* MBEDTLS_ERR_SSL_WANT_READ is bind_fd was set to
* \return 0 if successful, or
* MBEDTLS_ERR_NET_ACCEPT_FAILED, or
* MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small,
* MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
* non-blocking and accept() is blocking.
*
* \note With UDP, connects the bind_fd to the client and just copy
* its descriptor to client_fd. New clients will not be able
* to connect until you close the socket and bind a new one.
*/
int mbedtls_net_accept( int bind_fd, int *client_fd, void *client_ip );
int mbedtls_net_accept( int bind_fd, int *client_fd,
void *client_ip, size_t buf_size, size_t *ip_len );
/**
* \brief Set the socket blocking
......
......@@ -683,6 +683,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
mbedtls_snprintf( buf, buflen, "NET - Connection was reset by peer" );
if( use_ret == -(MBEDTLS_ERR_NET_UNKNOWN_HOST) )
mbedtls_snprintf( buf, buflen, "NET - Failed to get an IP address for the given hostname" );
if( use_ret == -(MBEDTLS_ERR_NET_BUFFER_TOO_SMALL) )
mbedtls_snprintf( buf, buflen, "NET - Buffer is too small to hold the data" );
#endif /* MBEDTLS_NET_C */
#if defined(MBEDTLS_OID_C)
......
......@@ -293,7 +293,8 @@ static int net_would_block( int fd )
/*
* Accept a connection from a remote client
*/
int mbedtls_net_accept( int bind_fd, int *client_fd, void *client_ip )
int mbedtls_net_accept( int bind_fd, int *client_fd,
void *client_ip, size_t buf_size, size_t *ip_len )
{
int ret;
int type;
......@@ -353,14 +354,22 @@ int mbedtls_net_accept( int bind_fd, int *client_fd, void *client_ip )
if( client_addr.ss_family == AF_INET )
{
struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr;
memcpy( client_ip, &addr4->sin_addr.s_addr,
sizeof( addr4->sin_addr.s_addr ) );
*ip_len = sizeof( addr4->sin_addr.s_addr );
if( buf_size < *ip_len )
return( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL );
memcpy( client_ip, &addr4->sin_addr.s_addr, *ip_len );
}
else
{
struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &client_addr;
memcpy( client_ip, &addr6->sin6_addr.s6_addr,
sizeof( addr6->sin6_addr.s6_addr ) );
*ip_len = sizeof( addr6->sin6_addr.s6_addr );
if( buf_size < *ip_len )
return( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL );
memcpy( client_ip, &addr6->sin6_addr.s6_addr, *ip_len);
}
}
......
......@@ -173,7 +173,8 @@ int main( void )
goto exit;
}
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd,
NULL, 0, NULL ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
goto exit;
......
......@@ -94,6 +94,7 @@ int main( void )
unsigned char buf[1024];
const char *pers = "dtls_server";
unsigned char client_ip[16] = { 0 };
size_t cliip_len;
mbedtls_ssl_cookie_ctx cookie_ctx;
mbedtls_entropy_context entropy;
......@@ -263,7 +264,8 @@ reset:
printf( " . Waiting for a remote connection ..." );
fflush( stdout );
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, client_ip ) ) != 0 )
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd,
client_ip, sizeof( client_ip ), &cliip_len ) ) != 0 )
{
printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
goto exit;
......@@ -277,8 +279,8 @@ reset:
}
/* For HelloVerifyRequest cookies */
if( ( ret = mbedtls_ssl_set_client_transport_id( &ssl, client_ip,
sizeof( client_ip ) ) ) != 0 )
if( ( ret = mbedtls_ssl_set_client_transport_id( &ssl,
client_ip, cliip_len ) ) != 0 )
{
printf( " failed\n ! "
"mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", -ret );
......
......@@ -220,7 +220,8 @@ int main( void )
mbedtls_printf( " . Waiting for a remote connection ..." );
fflush( stdout );
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd,
NULL, 0, NULL ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
goto exit;
......
......@@ -472,7 +472,8 @@ reset:
mbedtls_printf( " [ main ] Waiting for a remote connection\n" );
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd,
NULL, 0, NULL ) ) != 0 )
{
mbedtls_printf( " [ main ] failed: mbedtls_net_accept returned -0x%04x\n", ret );
goto exit;
......
......@@ -246,7 +246,8 @@ reset:
mbedtls_printf( " . Waiting for a remote connection ..." );
fflush( stdout );
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd,
NULL, 0, NULL ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
goto exit;
......
......@@ -710,6 +710,7 @@ int main( int argc, char *argv[] )
#endif
const char *pers = "ssl_server2";
unsigned char client_ip[16] = { 0 };
size_t cliip_len;
#if defined(MBEDTLS_SSL_COOKIE_C)
mbedtls_ssl_cookie_ctx cookie_ctx;
#endif
......@@ -1787,7 +1788,8 @@ reset:
mbedtls_printf( " . Waiting for a remote connection ..." );
fflush( stdout );
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, client_ip ) ) != 0 )
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd,
client_ip, sizeof( client_ip ), &cliip_len ) ) != 0 )
{
#if !defined(_WIN32)
if( received_sigterm )
......@@ -1817,8 +1819,8 @@ reset:
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
if( ( ret = mbedtls_ssl_set_client_transport_id( &ssl, client_ip,
sizeof( client_ip ) ) ) != 0 )
if( ( ret = mbedtls_ssl_set_client_transport_id( &ssl,
client_ip, cliip_len ) ) != 0 )
{
mbedtls_printf( " failed\n ! "
"mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", -ret );
......
......@@ -534,7 +534,8 @@ accept:
mbedtls_printf( " . Waiting for a remote connection ..." );
fflush( stdout );
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd,
NULL, 0, NULL ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
goto exit;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment