✘"\x07ntske/1"

Wed Jul 24 19:19:59 UTC 2019

Achim Gratz via devel writes:
> The disagreement probably was about how the server code compares the
> strings.  The API description is pretty clear on that the "in" parameter
> is just the char array of "inlen" characters (the counted string is
> already split), so indeed the code (which Hal changed from what Christer
> had originally committed seems wrong.

I misread that description, out/outlen is a single protocol and
in/ionlen is a protos list.  :-P 

Anyway, this or something very close to it should implement the required
matching algorithm:

--8<---------------cut here---------------start------------->8---
Subject: [PATCH] ntpd/nts_server.c: ALPN protocol matching

---
 ntpd/nts_server.c | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/ntpd/nts_server.c b/ntpd/nts_server.c
index 20ea8a02b..00570771c 100644
--- a/ntpd/nts_server.c
+++ b/ntpd/nts_server.c
@@ -56,29 +56,29 @@ static int alpn_select_cb(SSL *ssl,
 			  void *arg)
 {
   static const unsigned char alpn[] = { 7, 'n', 't', 's', 'k', 'e', '/', '1' };
-  unsigned i, len;
+  unsigned i, j, initemlen, alpnitemlen;
 
   UNUSED_ARG(ssl);
   UNUSED_ARG(arg);
 
-  for (i = 0; i < inlen; i += len) {
-    len = in[i]+1;  /* includes length byte */
-#if 0
-    char foo[256];
-    strlcpy(foo, (const char*)in+i+1, len);
-    msyslog(LOG_DEBUG, "DEBUG: alpn_select_cb:  %u, %u, %s", inlen-i, len, foo);
-#endif
-    if (len > inlen-i)
-      /* bogus arg: length overlaps end of in buffer */
-      return SSL_TLSEXT_ERR_ALERT_FATAL;
-    if (len == sizeof(alpn) && !memcmp(in+i, alpn, len)) {
-      *out = in+i;
-      *outlen = len;
-      return SSL_TLSEXT_ERR_OK;
+  /* iterate over input protos list */
+  for (i = 0; i < inlen; i += initemlen) {
+    initemlen   = in[i++];   /* consume length byte */
+    /* iterate over server protos list */
+    for (j = 0; j < sizeof(alpn); j += alpnitemlen) {
+      alpnitemlen = alpn[j++]; /* consume length byte */
+      if (initemlen == alpnitemlen
+	  && !memcmp(in+i, alpn+j, initemlen)) {
+	*out = in+i;
+	*outlen = initemlen;
+	return SSL_TLSEXT_ERR_OK;
+      }
+      /* check next entry in alpn */
     }
+    /* check next entry in in */
   }
-
-  return SSL_TLSEXT_ERR_NOACK;
+  /* input and server protos list have no common entry */
+  return SSL_TLSEXT_ERR_ALERT_FATAL;
 }
 #endif
 
-- 
2.22.0
--8<---------------cut here---------------end--------------->8---

The inner loop does nothing as long as we only have one protocol in the
server protos list, but since that will eventually change I've already
put the code in place.  Both protos lists need to sort the preferred
protocols towards the beginning of the list.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Samples for the Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#BlofeldSamplesExtra

