Re: [Openvpn-devel] [PATCH v3 1/2] crypto: always reload tls-auth/crypt key contexts

Thu, 05 Jul 2018 19:17:12 -0700 

Hi Steffan and thanks for the review,

On 06/07/18 04:22, Steffan Karger wrote:
>> +struct buffer
>> +keyfile_to_buffer(const char *file, int max_size, struct gc_arena *gc)
>> +{
>> +    size_t size;
>> +    struct buffer in = alloc_buf_gc(max_size, gc);
>> +    int fd = platform_open(file, O_RDONLY, 0);
>> +    if (fd == -1)
>> +    {
>> +        msg(M_ERR, "Cannot open key file '%s'", file);
>> +    }
>> +
>> +    size = read(fd, in.data, in.capacity);
>> +    if (size < 0)
>> +    {
>> +        msg(M_FATAL, "Read error on key file ('%s')", file);
>> +    }
>> +
>> +    if (size == in.capacity)
>> +    {
>> +        msg(M_FATAL, "Key file ('%s') can be a maximum of %d bytes", file,
>> +            (int)in.capacity);
>> +    }
>> +    close(fd);
>> +
>> +    in.len = size;
>> +
>> +    return in;
>> +}
> 
> Hm, I don't really like the FATAL errors in a function that looks
> generic enough for someone to use in non-startup situations.  In that
> case the FATALs might create a DoS vector.  Or, think ahead to the
> connection blocks, a connection starting, then timeing out, then exiting
> because the tls-auth/crypt key of the next connection block doesn't
> exist (instead of just trying the next block).
> 

You're right. I made an assumption about the context where it'll be
used, but you're right, I shouldn't do it. I'll remove the FATAL.

> While reading this, I realize I wrote a very similar function in the
> "tls-crypt-v2: generate client keys" patch.  That one uses
> platform_stat() to figure out the size and get rid of the maxlen
> argument, and doesn't throw fatal errors.  Feel free to use that
> implementation if you like it, or not if you don't (and I'll use yours
> in the latter case).

Oh Right, thanks for pointing this out.
I'll use your implementation as it is relying more on buffer APIs, while
I am dealing directly with the internals (and I prefer your approach).

I'll send v4 of this patch soon.

Thanks!


-- 
Antonio Quartulli

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to