/mandos/trunk : revision 1242

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

Committer: Teddy Hogeborn
Date: 2021-03-21 19:51:15 UTC
Revision ID: teddy@recompile.se-20210321195115-qe6g0fyj1kabwlav

Fix theoretical GnuTLS bug

Fix "NameError: global name '_error_code' is not defined" error if
GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN was ever returned from
gnutls_record_send().

* mandos (gnutls._retry_on_error): Import "_error_code" from outer
class scope to local function scope via a keyword argument.

Show diffs side-by-side

added added

removed removed

mandos

# "AvahiService" class, and some lines in "main".

# Everything else is

# This file is part of Mandos.

143

if sys.version_info < (3, 2):

144

configparser.Configparser = configparser.SafeConfigParser

145

146

version = "1.8.11"

146

version = "1.8.14"

147

stored_state_file = "clients.pickle"

148

149

logger = logging.getLogger()

524

class AvahiServiceToSyslog(AvahiService):

525

def rename(self, *args, **kwargs):

526

"""Add the new name to the syslog messages"""

527

ret = super(AvahiServiceToSyslog, self).rename(*args, **kwargs)

527

ret = super(AvahiServiceToSyslog, self).rename(*args,

528

**kwargs)

528

529

syslogger.setFormatter(logging.Formatter(

529

530

'Mandos ({}) [%(process)d]: %(levelname)s: %(message)s'

530

531

.format(self.name)))

660

661

raise gnutls.CertificateSecurityError(code=result)

661

662

raise gnutls.Error(code=result)

662

663

def _retry_on_error(result, func, arguments):

664

def _retry_on_error(result, func, arguments,

665

_error_code=_error_code):

664

666

"""A function to retry on some errors, suitable

665

667

for the 'errcheck' attribute on ctypes functions"""

666

668

while result < 0:

774

776

775

777

x509_crt_fmt_t = ctypes.c_int

776

778

777

# All the function declarations below are from gnutls/abstract.h

779

# All the function declarations below are from

780

# gnutls/abstract.h

778

781

pubkey_init = _library.gnutls_pubkey_init

779

782

pubkey_init.argtypes = [ctypes.POINTER(pubkey_t)]

780

783

pubkey_init.restype = _error_code

794

797

pubkey_deinit.argtypes = [pubkey_t]

795

798

pubkey_deinit.restype = None

796

799

else:

797

# All the function declarations below are from gnutls/openpgp.h

800

# All the function declarations below are from

801

# gnutls/openpgp.h

798

802

799

803

openpgp_crt_init = _library.gnutls_openpgp_crt_init

800

804

openpgp_crt_init.argtypes = [ctypes.POINTER(openpgp_crt_t)]

806

810

openpgp_crt_fmt_t]

807

811

openpgp_crt_import.restype = _error_code

808

812

809

openpgp_crt_verify_self = _library.gnutls_openpgp_crt_verify_self

810

openpgp_crt_verify_self.argtypes = [openpgp_crt_t, ctypes.c_uint,

811

ctypes.POINTER(ctypes.c_uint)]

813

openpgp_crt_verify_self = \

814

_library.gnutls_openpgp_crt_verify_self

815

openpgp_crt_verify_self.argtypes = [

816

openpgp_crt_t,

817

ctypes.c_uint,

818

ctypes.POINTER(ctypes.c_uint),

819

]

812

820

openpgp_crt_verify_self.restype = _error_code

813

821

814

822

openpgp_crt_deinit = _library.gnutls_openpgp_crt_deinit

2468

2476

buf = ctypes.create_string_buffer(32)

2469

2477

buf_len = ctypes.c_size_t(len(buf))

2470

2478

# Get the key ID from the raw public key into the buffer

2471

gnutls.pubkey_get_key_id(pubkey,

2472

gnutls.KEYID_USE_SHA256,

2473

ctypes.cast(ctypes.byref(buf),

2474

ctypes.POINTER(ctypes.c_ubyte)),

2475

ctypes.byref(buf_len))

2479

gnutls.pubkey_get_key_id(

2480

pubkey,

2481

gnutls.KEYID_USE_SHA256,

2482

ctypes.cast(ctypes.byref(buf),

2483

ctypes.POINTER(ctypes.c_ubyte)),

2484

ctypes.byref(buf_len))

2476

2485

# Deinit the certificate

2477

2486

gnutls.pubkey_deinit(pubkey)

2478

2487

2723

2732

address = request[3]

2724

2733

2725

2734

for c in self.clients.values():

2726

if key_id == "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855":

2735

if key_id == ("E3B0C44298FC1C149AFBF4C8996FB924"

2736

"27AE41E4649B934CA495991B7852B855"):

2727

2737

continue

2728

2738

if key_id and c.key_id == key_id:

2729

2739

client = c

2781

2791

def rfc3339_duration_to_delta(duration):

2782

2792

"""Parse an RFC 3339 "duration" and return a datetime.timedelta

2783

2793

2784

>>> rfc3339_duration_to_delta("P7D") == datetime.timedelta(7)

2785

True

2786

>>> rfc3339_duration_to_delta("PT60S") == datetime.timedelta(0, 60)

2787

True

2788

>>> rfc3339_duration_to_delta("PT60M") == datetime.timedelta(0, 3600)

2789

True

2790

>>> rfc3339_duration_to_delta("PT24H") == datetime.timedelta(1)

2791

True

2792

>>> rfc3339_duration_to_delta("P1W") == datetime.timedelta(7)

2793

True

2794

>>> rfc3339_duration_to_delta("PT5M30S") == datetime.timedelta(0, 330)

2795

True

2796

>>> rfc3339_duration_to_delta("P1DT3M20S") == datetime.timedelta(1, 200)

2797

True

2794

>>> timedelta = datetime.timedelta

2795

>>> rfc3339_duration_to_delta("P7D") == timedelta(7)

2796

True

2797

>>> rfc3339_duration_to_delta("PT60S") == timedelta(0, 60)

2798

True

2799

>>> rfc3339_duration_to_delta("PT60M") == timedelta(0, 3600)

2800

True

2801

>>> rfc3339_duration_to_delta("PT24H") == timedelta(1)

2802

True

2803

>>> rfc3339_duration_to_delta("P1W") == timedelta(7)

2804

True

2805

>>> rfc3339_duration_to_delta("PT5M30S") == timedelta(0, 330)

2806

True

2807

>>> rfc3339_duration_to_delta("P1DT3M20S") == timedelta(1, 200)

2808

True

2809

>>> del timedelta

2798

2810

"""

2799

2811

2800

2812

# Parsing an RFC 3339 duration with regular expressions is not

Older »