From d36b80070d9b96b757d413a0a151be63e0800129 Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Thu, 7 Sep 2017 10:50:43 +0100 Subject: [PATCH] proxy/tripe-mitm.c: Don't try to interpret the keys. The plan to attack the cryptography never really materialized. This program's understanding of the crypto is now seriously out of date and would need a major overhaul. Instead, just check that the arguments are vaguely right and get on with shovelling packets about. --- proxy/tripe-mitm.8.in | 1 + proxy/tripe-mitm.c | 11 ++--------- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/proxy/tripe-mitm.8.in b/proxy/tripe-mitm.8.in index 40390bdb..cab0fb2b 100644 --- a/proxy/tripe-mitm.8.in +++ b/proxy/tripe-mitm.8.in @@ -97,6 +97,7 @@ on The .I name identifies the public key which that peer uses to authenticate itself. +(Currently this is checked, but not used for anything.) Both .I local-port and diff --git a/proxy/tripe-mitm.c b/proxy/tripe-mitm.c index 74739539..bd57306d 100644 --- a/proxy/tripe-mitm.c +++ b/proxy/tripe-mitm.c @@ -72,7 +72,6 @@ typedef struct peer { sel_file sf; - dh_pub kpub; const char *name; struct filter *f; } peer; @@ -117,26 +116,20 @@ static void dopacket(int fd, unsigned mode, void *vv) static void addpeer(unsigned ac, char **av) { - key_packstruct kps[DH_PUBFETCHSZ]; - key_packdef *kp; struct hostent *h; struct sockaddr_in sin; int len = PKBUFSZ; peer *p; int fd; - int e; if (ac != 4) die(1, "syntax: peer:NAME:PORT:ADDR:PORT"); if (npeer >= 2) die(1, "enough peers already"); + if (!key_bytag(&keys, av[0])) + die(1, "no key named `%s'", av[0]); p = &peers[npeer++]; p->name = xstrdup(av[0]); - kp = key_fetchinit(dh_pubfetch, kps, &p->kpub); - e = key_fetchbyname(kp, &keys, av[0]); - key_fetchdone(kp); - if (e) - die(1, "key_fetch `%s': %s", av[0], key_strerror(e)); if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) < 0) die(1, "socket: %s", strerror(errno)); fdflags(fd, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC); -- 2.11.0