Inicio Explorar Axuda
Rexistro Iniciar sesión
OpenWrt
/
smartdns
réplica de https://github.com/pymumu/smartdns.git
2
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

dns_client: check whether ssl cert is loaded.

Nick Peng %!s(int64=4) %!d(string=hai) anos
pai
328f44e800
achega
f2fc970561
Modificáronse 5 ficheiros con 27 adicións e 31 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 12 20
      src/dns.c
  2. 9 4
      src/dns_client.c
  3. 1 0
      src/dns_conf.c
  4. 4 6
      src/dns_server.c
  5. 1 1
      src/util.c

+ 12 - 20
src/dns.c
Ver ficheiro 

@@ -253,11 +253,8 @@ static int _dns_add_qr_head(struct dns_data_context *data_context, char *domain,
 
 		return -1;
 
 	}
 
 
-	*((unsigned short *)(data_context->ptr)) = qtype;
 
-	data_context->ptr += 2;
 
-
 
-	*((unsigned short *)(data_context->ptr)) = qclass;
 
-	data_context->ptr += 2;
 
+	_dns_write_short(&data_context->ptr, qtype);
 
+	_dns_write_short(&data_context->ptr, qclass);
 
 
 	return 0;
 
 }
 
@@ -266,6 +263,10 @@ static int _dns_get_qr_head(struct dns_data_context *data_context, char *domain,
 
 {
 
 	int i;
 
 	int is_read_all = 0;
 
+
 
+	if (domain == NULL || data_context == NULL) {
 
+		return -1;
 
+	}
 
 	/* question head */
 
 	/* |domain         |
 
 	 * |qtype | qclass |
 
@@ -296,11 +297,8 @@ static int _dns_get_qr_head(struct dns_data_context *data_context, char *domain,
 
 		return -1;
 
 	}
 
 
-	*qtype = *((unsigned short *)(data_context->ptr));
 
-	data_context->ptr += 2;
 
-
 
-	*qclass = *((unsigned short *)(data_context->ptr));
 
-	data_context->ptr += 2;
 
+	*qtype = _dns_read_short(&data_context->ptr);
 
+	*qclass = _dns_read_short(&data_context->ptr);
 
 
 	return 0;
 
 }
 
@@ -325,11 +323,8 @@ static int _dns_add_rr_head(struct dns_data_context *data_context, char *domain,
 
 		return -1;
 
 	}
 
 
-	*((unsigned int *)(data_context->ptr)) = ttl;
 
-	data_context->ptr += 4;
 
-
 
-	*((unsigned short *)(data_context->ptr)) = rr_len;
 
-	data_context->ptr += 2;
 
+	_dns_write_int(&data_context->ptr, ttl);
 
+	_dns_write_short(&data_context->ptr, rr_len);
 
 
 	return 0;
 
 }
 
@@ -351,11 +346,8 @@ static int _dns_get_rr_head(struct dns_data_context *data_context, char *domain,
 
 		return -1;
 
 	}
 
 
-	*ttl = *((unsigned int *)(data_context->ptr));
 
-	data_context->ptr += 4;
 
-
 
-	*rr_len = *((unsigned short *)(data_context->ptr));
 
-	data_context->ptr += 2;
 
+	*ttl = _dns_read_int(&data_context->ptr);
 
+	*rr_len = _dns_read_short(&data_context->ptr);
 
 
 	return len;
 
 }

+ 9 - 4
src/dns_client.c
Ver ficheiro 

@@ -850,11 +850,15 @@ static int _dns_client_set_trusted_cert(SSL_CTX *ssl_ctx)
 
 	}
 
 
 	if (cafile == NULL && capath == NULL) {
 
-		if (SSL_CTX_set_default_verify_paths(ssl_ctx) == 0) {
 
+		if (SSL_CTX_set_default_verify_paths(ssl_ctx)) {
 
+			cert_path_set = 1;
 
+		}
 
+
 
+		const STACK_OF(X509_NAME) *cas = SSL_CTX_get_client_CA_list(ssl_ctx);
 
+		if (cas && sk_X509_NAME_num(cas) == 0) {
 
 			cafile = "/etc/ssl/certs/ca-certificates.crt";
 
 			capath = "/etc/ssl/certs";
 
-		} else {
 
-			cert_path_set = 1;
 
+			cert_path_set = 0;
 
 		}
 
 	}
 
 
@@ -2362,7 +2366,7 @@ static int _dns_client_tls_verify(struct dns_server_info *server_info)
 
 			pthread_mutex_unlock(&server_info->lock);
 
 			peer_CN[0] = '\0';
 
 			_dns_client_tls_get_cert_CN(cert, peer_CN, sizeof(peer_CN));
 
-			tlog(TLOG_WARN, "peer server %s certificate verify failed", server_info->ip);
 
+			tlog(TLOG_WARN, "peer server %s certificate verify failed, ret = %ld", server_info->ip, res);
 
 			tlog(TLOG_WARN, "peer CN: %s", peer_CN);
 
 			goto errout;
 
 		}
 
@@ -3108,6 +3112,7 @@ static void _dns_client_add_pending_servers(void)
 
 			if (add_success == 0) {
 
 				tlog(TLOG_WARN, "add pending DNS server %s failed.", pending->host);
 
 			}
 
+			list_del_init(&pending->list);
 
 			_dns_client_server_pending_release_lck(pending);
 
 		} else {
 
 			tlog(TLOG_DEBUG, "add pending DNS server %s failed, retry %d...", pending->host, pending->retry_cnt);

+ 1 - 0
src/dns_conf.c
Ver ficheiro 

@@ -516,6 +516,7 @@ static int _config_domain_rule_flag_set(char *domain, unsigned int flag, unsigne
 
 	/* add new rule to domain */
 
 	if (domain_rule->rules[DOMAIN_RULE_FLAGS] == NULL) {
 
 		rule_flags = malloc(sizeof(*rule_flags));
 
+		memset(rule_flags, 0, sizeof(*rule_flags));
 
 		rule_flags->flags = 0;
 
 		domain_rule->rules[DOMAIN_RULE_FLAGS] = rule_flags;
 
 	}

+ 4 - 6
src/dns_server.c
Ver ficheiro 

@@ -2451,16 +2451,14 @@ static int _dns_server_process_cache(struct dns_request *request)
 
 		goto out;
 
 	}
 
 
-	if (request->qtype == DNS_T_A) {
 
-		if (dns_cache_is_soa(dns_cache)) {
 
-			ret = _dns_server_reply_SOA(DNS_RC_NOERROR, request);
 
-			goto out;
 
-		}
 
+	if (dns_cache_is_soa(dns_cache)) {
 
+		ret = _dns_server_reply_SOA(DNS_RC_NOERROR, request);
 
+		goto out;
 
 	}
 
 
 	if (request->dualstack_selection && request->qtype == DNS_T_AAAA) {
 
 		dns_cache_A = dns_cache_lookup(request->domain, DNS_T_A);
 
-		if (dns_cache_A && (dns_cache_A->info.speed > 0)) {
 
+		if (dns_cache_A && dns_cache_is_soa(dns_cache_A) == 0 && (dns_cache_A->info.speed > 0)) {
 
 			if ((dns_cache_A->info.speed + (dns_conf_dualstack_ip_selection_threshold * 10)) < dns_cache->info.speed ||
 
 				dns_cache->info.speed < 0) {
 
 				tlog(TLOG_DEBUG, "Force IPV4 perfered.");

+ 1 - 1
src/util.c
Ver ficheiro 

@@ -936,7 +936,7 @@ void get_compiled_time(struct tm *tm)
 
 	int hour, min, sec;
 
 	static const char *month_names = "JanFebMarAprMayJunJulAugSepOctNovDec";
 
 
-	sscanf(__DATE__, "%5s %d %d", s_month, &day, &year);
 
+	sscanf(__DATE__, "%4s %d %d", s_month, &day, &year);
 
 	month = (strstr(month_names, s_month) - month_names) / 3;
 
 	sscanf(__TIME__, "%d:%d:%d", &hour, &min, &sec);
 
 	tm->tm_year = year - 1900;