Fix issue 1446: honor ports given in SRV responses.

* common/http.c (send_request, connect_server, http_open): Use a struct srv instead of a single srvtag so we can pass the chosen host and port back to the caller. (connect_server): Use the proper port in the HAVE_GETADDRINFO case. * keyserver/curl-shim.c (curl_easy_perform): Use struct srv and log chosen host and port. * keyserver/gpgkeys_hkp.c (main): Properly take the port given by SRV.
2025-07-02 22:46:30 +02:00 · 2012-12-15 10:11:11 -05:00 · 2012-12-15 10:11:11 -05:00 · ba9e974f1f
commit ba9e974f1f
parent 3e7cc25d4a
4 changed files with 79 additions and 36 deletions
--- a/keyserver/curl-shim.c
+++ b/keyserver/curl-shim.c
@ -1,7 +1,8 @@
 /* curl-shim.c - Implement a small subset of the curl API in terms of
 * the iobuf HTTP API
 *
- * Copyright (C) 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+ * Copyright (C) 2005, 2006, 2007, 2008, 2009,
+ *               2012 Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -174,6 +175,9 @@ curl_easy_perform(CURL *curl)
  CURLcode err=CURLE_OK;
  const char *errstr=NULL;
  char *proxy=NULL;
+  struct http_srv srv;
+
+  memset(&srv,0,sizeof(srv));

  /* Emulate the libcurl proxy behavior.  If the calling program set a
     proxy, use it.  If it didn't set a proxy or set it to NULL, check
@ -186,10 +190,17 @@ curl_easy_perform(CURL *curl)
  else
    proxy=getenv(HTTP_PROXY_ENV);

+  if(curl->srvtag)
+    srv.srvtag=curl->srvtag;
+
  if(curl->flags.verbose)
    {
      fprintf(curl->errors,"* HTTP proxy is \"%s\"\n",proxy?proxy:"null");
      fprintf(curl->errors,"* HTTP URL is \"%s\"\n",curl->url);
+      if(srv.srvtag)
+	fprintf(curl->errors,
+		"* SRV tag is \"%s\": host and port may be overridden\n",
+		srv.srvtag);
      fprintf(curl->errors,"* HTTP auth is \"%s\"\n",
 	      curl->auth?curl->auth:"null");
      fprintf(curl->errors,"* HTTP method is %s\n",
@ -199,12 +210,16 @@ curl_easy_perform(CURL *curl)
  if(curl->flags.post)
    {
      rc = http_open (&curl->hd, HTTP_REQ_POST, curl->url, curl->auth,
-                      0, proxy, NULL, curl->srvtag,
+                      0, proxy, NULL, &srv,
 		      curl->headers?curl->headers->list:NULL);
      if (!rc)
 	{
 	  unsigned int post_len = strlen(curl->postfields);

+	  if(curl->flags.verbose && srv.used_server && srv.used_port)
+	    fprintf (curl->errors, "* HTTP host:port post-SRV is \"%s:%hu\"\n",
+		     srv.used_server, srv.used_port);
+
 	  es_fprintf (http_get_write_ptr (curl->hd),
                      "Content-Type: application/x-www-form-urlencoded\r\n"
                      "Content-Length: %u\r\n", post_len);
@ -223,10 +238,14 @@ curl_easy_perform(CURL *curl)
  else
    {
      rc = http_open (&curl->hd, HTTP_REQ_GET, curl->url, curl->auth,
-                      0, proxy, NULL, curl->srvtag,
+                      0, proxy, NULL, &srv,
 		      curl->headers?curl->headers->list:NULL);
      if (!rc)
 	{
+	  if(curl->flags.verbose && srv.used_server && srv.used_port)
+	    fprintf (curl->errors, "* HTTP host:port post-SRV is \"%s:%hu\"\n",
+		     srv.used_server, srv.used_port);
+
 	  rc = http_wait_response (curl->hd);
          curl->status = http_get_status_code (curl->hd);
 	  if (!rc)
@ -268,6 +287,8 @@ curl_easy_perform(CURL *curl)
 	}
    }

+  xfree(srv.used_server);
+
  switch(gpg_err_code (rc))
    {
    case 0:
--- a/keyserver/gpgkeys_hkp.c
+++ b/keyserver/gpgkeys_hkp.c
@ -1,6 +1,6 @@
 /* gpgkeys_hkp.c - talk to an HKP keyserver
 * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
- *               2009 Free Software Foundation, Inc.
+ *               2009, 2012 Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -693,6 +693,7 @@ main(int argc,char *argv[])
      goto fail;
    }

+  /* Defaults */
  if(ks_strcasecmp(opt->scheme,"hkps")==0)
    {
      proto="https";
@ -725,11 +726,9 @@ main(int argc,char *argv[])
      goto fail;
    }

-  /* If the user gives a :port, then disable SRV.  The semantics of a
-     specified port and SRV do not play well together. */
-  if(opt->port)
-    port=opt->port;
-  else if(try_srv)
+  /* Only use SRV if the user does not provide a :port.  The semantics
+     of a specified port and SRV do not play well together. */
+  if(!opt->port && try_srv)
    {
      char *srvtag;

@ -754,6 +753,11 @@ main(int argc,char *argv[])
 #endif
    }

+  /* If the user provided a port (or it came in via SRV, above),
+     replace the default. */
+  if(opt->port)
+    port=opt->port;
+
  curl_easy_setopt(curl,CURLOPT_ERRORBUFFER,errorbuffer);

  if(opt->auth)