core: set server name when connecting to server with TLS (SNI extension) only if it's not an IPV4/IPv6 (closes #1635)

2021-05-16 14:52:11 +02:00 · 2021-05-16 14:52:11 +02:00 · 89e43eaf40
commit 89e43eaf40
parent e03642e9df
9 changed files with 342 additions and 12 deletions
--- a/ChangeLog.adoc
+++ b/ChangeLog.adoc
@ -46,6 +46,7 @@ New features::

 Bug fixes::

+  * core: set server name when connecting to server with TLS (SNI extension) only if it's not an IPV4/IPv6 (issue #1635)
  * core: use function mallinfo2 instead of mallinfo when available (issue #1636)
  * core: display a warning when the file with certificate authorities is not found (option weechat.network.gnutls_ca_file)
  * core: evaluate left/right part of comparison after split on the comparison operator in ${if:xxx} (issue #1627)
--- a/doc/en/weechat_dev.en.adoc
+++ b/doc/en/weechat_dev.en.adoc
@ -397,12 +397,14 @@ WeeChat "core" is located in following directories:
 |          test-core-arraylist.cpp  | Tests: arraylists.
 |          test-core-calc.cpp       | Tests: calculation of expressions.
 |          test-core-crypto.cpp     | Tests: cryptographic functions.
+|          test-core-dir.cpp        | Tests: directory/file functions.
 |          test-core-eval.cpp       | Tests: evaluation of expressions.
 |          test-core-hashtble.cpp   | Tests: hashtables.
 |          test-core-hdata.cpp      | Tests: hdata.
 |          test-core-hook.cpp       | Tests: hooks.
 |          test-core-infolist.cpp   | Tests: infolists.
 |          test-core-list.cpp       | Tests: lists.
+|          test-core-network.cpp    | Tests: network functions.
 |          test-core-secure.cpp     | Tests: secured data.
 |          test-core-signal.cpp     | Tests: signals.
 |          test-core-string.cpp     | Tests: strings.
--- a/doc/fr/weechat_dev.fr.adoc
+++ b/doc/fr/weechat_dev.fr.adoc
@ -399,12 +399,14 @@ Le cœur de WeeChat est situé dans les répertoires suivants :
 |          test-core-arraylist.cpp  | Tests : listes avec tableau (« arraylists »).
 |          test-core-calc.cpp       | Tests : calcul d'expressions.
 |          test-core-crypto.cpp     | Tests : fonctions cryptographiques.
+|          test-core-dir.cpp        | Tests : répertoires/fichiers.
 |          test-core-eval.cpp       | Tests : évaluation d'expressions.
 |          test-core-hashtble.cpp   | Tests : tables de hachage.
 |          test-core-hdata.cpp      | Tests : hdata.
 |          test-core-hook.cpp       | Tests : hooks.
 |          test-core-infolist.cpp   | Tests : infolists.
 |          test-core-list.cpp       | Tests : listes.
+|          test-core-network.cpp    | Tests : fonctions réseau.
 |          test-core-secure.cpp     | Tests : données sécurisées.
 |          test-core-signal.cpp     | Tests : signaux.
 |          test-core-string.cpp     | Tests : chaînes.
--- a/doc/ja/weechat_dev.ja.adoc
+++ b/doc/ja/weechat_dev.ja.adoc
@ -412,12 +412,16 @@ WeeChat "core" は以下のディレクトリに配置されています:
 |          test-core-calc.cpp       | Tests: calculation of expressions.
 // TRANSLATION MISSING
 |          test-core-crypto.cpp     | Tests: cryptographic functions.
+// TRANSLATION MISSING
+|          test-core-dir.cpp        | Tests: directory/file functions.
 |          test-core-eval.cpp       | テスト: 式の評価
 |          test-core-hashtble.cpp   | テスト: ハッシュテーブル
 |          test-core-hdata.cpp      | テスト: hdata
 |          test-core-hook.cpp       | テスト: フック
 |          test-core-infolist.cpp   | テスト: インフォリスト
 |          test-core-list.cpp       | テスト: リスト
+// TRANSLATION MISSING
+|          test-core-network.cpp    | Tests: network functions.
 |          test-core-secure.cpp     | テスト: データ保護
 // TRANSLATION MISSING
 |          test-core-signal.cpp     | テスト: signals.
--- a/src/core/wee-network.c
+++ b/src/core/wee-network.c
@ -302,6 +302,35 @@ network_end ()
    }
 }

+/*
+ * Checks if a string contains a valid IP address (IPv4 or IPv6).
+ *
+ * Returns:
+ *   1: string is a valid IPv4 or IPv6
+ *   0: string is not a valid IP address
+ */
+
+int
+network_is_ip_address (const char *address)
+{
+    struct sockaddr_in server_addr;
+    struct sockaddr_in6 server_addr6;
+
+    if (!address || !address[0])
+        return 0;
+
+    /* valid IPv4? */
+    if (inet_pton (AF_INET, address, &server_addr.sin_addr))
+        return 1;
+
+    /* valid IPv6? */
+    if (inet_pton (AF_INET6, address, &server_addr6.sin6_addr))
+        return 1;
+
+    /* not a valid IP address */
+    return 0;
+}
+
 /*
 * Sends data on a socket with retry.
 *
@ -1793,19 +1822,23 @@ network_connect_with_fork (struct t_hook *hook_connect)
            unhook (hook_connect);
            return;
        }
-        rc = gnutls_server_name_set (*HOOK_CONNECT(hook_connect, gnutls_sess),
-                                     GNUTLS_NAME_DNS,
-                                     HOOK_CONNECT(hook_connect, address),
-                                     strlen (HOOK_CONNECT(hook_connect, address)));
-        if (rc != GNUTLS_E_SUCCESS)
+        if (!network_is_ip_address (HOOK_CONNECT(hook_connect, address)))
        {
-            (void) (HOOK_CONNECT(hook_connect, callback))
-                (hook_connect->callback_pointer,
-                 hook_connect->callback_data,
-                 WEECHAT_HOOK_CONNECT_GNUTLS_INIT_ERROR,
-                 0, -1, _("set server name indication (SNI) failed"), NULL);
-            unhook (hook_connect);
-            return;
+            /* set the server name (only if it's NOT an IPv4/IPv6) */
+            rc = gnutls_server_name_set (*HOOK_CONNECT(hook_connect, gnutls_sess),
+                                         GNUTLS_NAME_DNS,
+                                         HOOK_CONNECT(hook_connect, address),
+                                         strlen (HOOK_CONNECT(hook_connect, address)));
+            if (rc != GNUTLS_E_SUCCESS)
+            {
+                (void) (HOOK_CONNECT(hook_connect, callback))
+                    (hook_connect->callback_pointer,
+                     hook_connect->callback_data,
+                     WEECHAT_HOOK_CONNECT_GNUTLS_INIT_ERROR,
+                     0, -1, _("set server name indication (SNI) failed"), NULL);
+                unhook (hook_connect);
+                return;
+            }
        }
        rc = gnutls_priority_set_direct (*HOOK_CONNECT(hook_connect, gnutls_sess),
                                         HOOK_CONNECT(hook_connect, gnutls_priorities),
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@ -34,6 +34,7 @@ set(LIB_WEECHAT_UNIT_TESTS_CORE_SRC
  unit/core/test-core-hook.cpp
  unit/core/test-core-infolist.cpp
  unit/core/test-core-list.cpp
+  unit/core/test-core-network.cpp
  unit/core/test-core-secure.cpp
  unit/core/test-core-signal.cpp
  unit/core/test-core-string.cpp
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@ -31,6 +31,7 @@ lib_weechat_unit_tests_core_a_SOURCES = unit/core/test-core-arraylist.cpp \
                                        unit/core/test-core-hook.cpp \
                                        unit/core/test-core-infolist.cpp \
                                        unit/core/test-core-list.cpp \
+                                        unit/core/test-core-network.cpp \
                                        unit/core/test-core-secure.cpp \
                                        unit/core/test-core-signal.cpp \
                                        unit/core/test-core-string.cpp \
--- a/tests/tests.cpp
+++ b/tests/tests.cpp
@ -69,6 +69,7 @@ IMPORT_TEST_GROUP(CoreHdata);
 IMPORT_TEST_GROUP(CoreHook);
 IMPORT_TEST_GROUP(CoreInfolist);
 IMPORT_TEST_GROUP(CoreList);
+IMPORT_TEST_GROUP(CoreNetwork);
 IMPORT_TEST_GROUP(CoreSecure);
 IMPORT_TEST_GROUP(CoreSignal);
 IMPORT_TEST_GROUP(CoreString);
--- a/tests/unit/core/test-core-network.cpp
+++ b/tests/unit/core/test-core-network.cpp
@ -0,0 +1,285 @@
+/*
+ * test-core-network.cpp - test network functions
+ *
+ * Copyright (C) 2021 Sébastien Helleu <flashcode@flashtux.org>
+ *
+ * This file is part of WeeChat, the extensible chat client.
+ *
+ * WeeChat is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * WeeChat is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with WeeChat.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include "CppUTest/TestHarness.h"
+
+extern "C"
+{
+//#include <unistd.h>
+//#include <stdio.h>
+//#include <string.h>
+#include "src/core/wee-network.h"
+
+extern int network_is_ip_address (const char *address);
+}
+
+TEST_GROUP(CoreNetwork)
+{
+};
+
+/*
+ * Tests functions:
+ *   network_init_gcrypt
+ */
+
+TEST(CoreNetwork, InitGcrypt)
+{
+    /* TODO: write tests */
+}
+
+/*
+ * Tests functions:
+ *   network_load_system_ca_file
+ */
+
+TEST(CoreNetwork, LoadSystemCaFile)
+{
+    /* TODO: write tests */
+}
+
+/*
+ * Tests functions:
+ *   network_load_user_ca_files
+ */
+
+TEST(CoreNetwork, LoadUserCaFiles)
+{
+    /* TODO: write tests */
+}
+
+/*
+ * Tests functions:
+ *   network_load_ca_files
+ */
+
+TEST(CoreNetwork, LoadCaFiles)
+{
+    /* TODO: write tests */
+}
+
+/*
+ * Tests functions:
+ *   network_reload_ca_files
+ */
+
+TEST(CoreNetwork, ReloadCaFiles)
+{
+    /* TODO: write tests */
+}
+
+/*
+ * Tests functions:
+ *   network_init_gnutls
+ */
+
+TEST(CoreNetwork, InitGnutls)
+{
+    /* TODO: write tests */
+}
+
+/*
+ * Tests functions:
+ *   network_end
+ */
+
+TEST(CoreNetwork, End)
+{
+    /* TODO: write tests */
+}
+
+/*
+ * Tests functions:
+ *   network_is_ip_address
+ */
+
+TEST(CoreNetwork, IsIpAddress)
+{
+    /* invalid address */
+    LONGS_EQUAL(0, network_is_ip_address (NULL));
+    LONGS_EQUAL(0, network_is_ip_address (""));
+    LONGS_EQUAL(0, network_is_ip_address ("abc"));
+    LONGS_EQUAL(0, network_is_ip_address ("1"));
+    LONGS_EQUAL(0, network_is_ip_address ("1.2"));
+    LONGS_EQUAL(0, network_is_ip_address ("1.2.3"));
+    LONGS_EQUAL(0, network_is_ip_address ("1.2.3.a"));
+    LONGS_EQUAL(0, network_is_ip_address ("1.2.3.4.5"));
+    LONGS_EQUAL(0, network_is_ip_address ("001.002.003.004"));
+
+    /* valid IPv4 */
+    LONGS_EQUAL(1, network_is_ip_address ("127.0.0.1"));
+    LONGS_EQUAL(1, network_is_ip_address ("1.2.3.4"));
+
+    /* valid IPv6 */
+    LONGS_EQUAL(1, network_is_ip_address ("::1"));
+    LONGS_EQUAL(1, network_is_ip_address ("2001:0db8:0000:85a3:0000:0000:ac1f:8001"));
+    LONGS_EQUAL(1, network_is_ip_address ("2001:db8:0:85a3:0:0:ac1f:8001"));
+    LONGS_EQUAL(1, network_is_ip_address ("2001:db8:0:85a3::ac1f:8001"));
+}
+
+/*
+ * Tests functions:
+ *   network_send_with_retry
+ */
+
+TEST(CoreNetwork, SendWithRetry)
+{
+    /* TODO: write tests */
+}
+
+/*
+ * Tests functions:
+ *   network_recv_with_retry
+ */
+
+TEST(CoreNetwork, RecvWithRetry)
+{
+    /* TODO: write tests */
+}
+
+/*
+ * Tests functions:
+ *   network_pass_httpproxy
+ */
+
+TEST(CoreNetwork, PassHttpproxy)
+{
+    /* TODO: write tests */
+}
+
+/*
+ * Tests functions:
+ *   network_resolve
+ */
+
+TEST(CoreNetwork, Resolve)
+{
+    /* TODO: write tests */
+}
+
+/*
+ * Tests functions:
+ *   network_pass_socks4proxy
+ */
+
+TEST(CoreNetwork, PassSock4proxy)
+{
+    /* TODO: write tests */
+}
+
+/*
+ * Tests functions:
+ *   network_pass_socks5proxy
+ */
+
+TEST(CoreNetwork, PassSocks5proxy)
+{
+    /* TODO: write tests */
+}
+
+/*
+ * Tests functions:
+ *   network_pass_proxy
+ */
+
+TEST(CoreNetwork, PassProxy)
+{
+    /* TODO: write tests */
+}
+
+/*
+ * Tests functions:
+ *   network_connect
+ */
+
+TEST(CoreNetwork, Connect)
+{
+    /* TODO: write tests */
+}
+
+/*
+ * Tests functions:
+ *   network_connect_to
+ */
+
+TEST(CoreNetwork, ConnectTo)
+{
+    /* TODO: write tests */
+}
+
+/*
+ * Tests functions:
+ *   network_connect_child
+ */
+
+TEST(CoreNetwork, ConnectChild)
+{
+    /* TODO: write tests */
+}
+
+/*
+ * Tests functions:
+ *   network_connect_child_timer_cb
+ */
+
+TEST(CoreNetwork, ConnectChildTimerCb)
+{
+    /* TODO: write tests */
+}
+
+/*
+ * Tests functions:
+ *   network_connect_gnutls_handshake_fd_cb
+ */
+
+TEST(CoreNetwork, ConnectGnutlsHandshakeFdCb)
+{
+    /* TODO: write tests */
+}
+
+/*
+ * Tests functions:
+ *   network_connect_gnutls_handshake_timer_cb
+ */
+
+TEST(CoreNetwork, ConnectGnutlsHandshakeTimerCb)
+{
+    /* TODO: write tests */
+}
+
+/*
+ * Tests functions:
+ *   network_connect_child_read_cb
+ */
+
+TEST(CoreNetwork, ConnectChildReadCb)
+{
+    /* TODO: write tests */
+}
+
+/*
+ * Tests functions:
+ *   network_connect_with_fork
+ */
+
+TEST(CoreNetwork, ConnectWithFork)
+{
+    /* TODO: write tests */
+}