[Asterisk-code-review] res_stir_shaken: Implemented signature verification. (asterisk[master])

Kevin Harwell asteriskteam at digium.com
Wed Apr 22 17:59:51 CDT 2020 

Kevin Harwell has posted comments on this change. ( https://gerrit.asterisk.org/c/asterisk/+/14220 )

Change subject: res_stir_shaken: Implemented signature verification.
......................................................................


Patch Set 4: Code-Review-1

(19 comments)

https://gerrit.asterisk.org/c/asterisk/+/14220/4/res/res_stir_shaken.c 
File res/res_stir_shaken.c:

https://gerrit.asterisk.org/c/asterisk/+/14220/4/res/res_stir_shaken.c@97 
PS4, Line 97: struct curl_cb_data *data)
looks like data is unmodified in this function. I recommend making it const


https://gerrit.asterisk.org/c/asterisk/+/14220/4/res/res_stir_shaken.c@106 
PS4, Line 106: 	value = ast_strdup(curl_cb_data_get_cache_control(data));
value is leaked. Actually no reason to dupe the string here as it's not modified.


https://gerrit.asterisk.org/c/asterisk/+/14220/4/res/res_stir_shaken.c@118 
PS4, Line 118: (sscanf(equal + 1, "%30u", &max_age) == 1)
replace this with a call to "ast_str_to_uint" instead.


https://gerrit.asterisk.org/c/asterisk/+/14220/4/res/res_stir_shaken.c@123 
PS4, Line 123: 		value = ast_strdup(curl_cb_data_get_expires(data));
value is leaked here too. Actually it appears value is not modified after this so probably don't need to dupe the string at all.


https://gerrit.asterisk.org/c/asterisk/+/14220/4/res/res_stir_shaken.c@160 
PS4, Line 160: if (sscanf(expiration, "%lu", &expires.tv_sec) != 1) {
             : 		return 1;
             : 	}
can probably use "ast_str_to_ulong" or ast_str_to_umax" here instead? If not maybe as a separate patch add a new conversion?


https://gerrit.asterisk.org/c/asterisk/+/14220/4/res/res_stir_shaken.c@278 
PS4, Line 278: 	ast_base64decode(decoded_signature, signature, decoded_signature_length);
The return value here would should be the actual written length, so can probably set decoded_signature_length to it and then pass it as the length below.


https://gerrit.asterisk.org/c/asterisk/+/14220/4/res/res_stir_shaken.c@280 
PS4, Line 280: strlen((const char *)decoded_signature)
Can you just pass "decoded_signature_length" here?


https://gerrit.asterisk.org/c/asterisk/+/14220/4/res/res_stir_shaken.c@363 
PS4, Line 363: 	snprintf(stir_shaken_dir, sizeof(stir_shaken_dir), "%s/keys/%s", ast_config_AST_DATA_DIR, STIR_SHAKEN_DIR_NAME);
             : 	filename = basename(public_key_url);
             : 	snprintf(default_path, sizeof(default_path), "%s/%s", stir_shaken_dir, filename);
Move this after checking the db. If in db no reason to retrieve and copy the default path.


https://gerrit.asterisk.org/c/asterisk/+/14220/4/res/res_stir_shaken.c@377 
PS4, Line 377: 	snprintf(file_path, sizeof(file_path), "%s", get_path_to_public_key(public_key_url));
This leaks the returned value from get_path_to_public_key. Does this need to even be copied? If so why not just strdup?


https://gerrit.asterisk.org/c/asterisk/+/14220/4/res/res_stir_shaken.c@395 
PS4, Line 395: snprintf(file_path, sizeof(file_path), "%s", default_path);
             : 
             : 		/* We should have a successful download at this point, so
             : 		 * add an entry to the database.
             : 		 */
             : 		add_public_key_to_astdb(public_key_url, file_path);
No reason to duplicate the file_path here as you can just pass the default directly to the "add_public_key_to_astdb" function. Or is file_path suppose to have appended something to the default_path?


https://gerrit.asterisk.org/c/asterisk/+/14220/4/res/res_stir_shaken.c@479 
PS4, Line 479: 	json_header = ast_json_pack(header);
If you wanted you could just set ret_payload->header = ast_json_(...), and remove the extra variable.

Also does passing in the base string only work here? I thought you always had to pass a format specifier as the first parameter?


https://gerrit.asterisk.org/c/asterisk/+/14220/4/res/res_stir_shaken.c@487 
PS4, Line 487: 	json_payload = ast_json_pack(payload);
If you wanted you could just set ret_payload->payload = ast_json_(...), and remove the extra variable.

Also does passing in the base string only work here? I thought you always had to pass a format specifier as the first parameter?


https://gerrit.asterisk.org/c/asterisk/+/14220/4/res/res_stir_shaken.c@495 
PS4, Line 495: 	ret_payload->signature = (unsigned char *)ast_strdupa(signature);
             : 	ret_payload->algorithm = ast_strdupa(algorithm);
             : 	ret_payload->public_key_url = ast_strdupa(public_key_url)
These should all use ast_strdup, and not ast_strdupa.


https://gerrit.asterisk.org/c/asterisk/+/14220/4/res/res_stir_shaken.c@893 
PS4, Line 893: #undef AST_BUILDOPT_SUM
             : #define AST_BUILDOPT_SUM ""
Just noticed this too. But I _think_ this is not needed, and can be safely deleted.


https://gerrit.asterisk.org/c/asterisk/+/14220/4/res/res_stir_shaken.c@896 
PS4, Line 896: AST_MODULE_INFO(ASTERISK_GPL_KEY, AST_MODFLAG_GLOBAL_SYMBOLS | AST_MODFLAG_LOAD_ORDER,
             : 				"STIR/SHAKEN Module for Asterisk",
             : 	.support_level = AST_MODULE_SUPPORT_CORE,
             : 	.load = load_module,
             : 	.unload = unload_module,
             : 	.reload = reload_module,
             : 	.load_pri = AST_MODPRI_CHANNEL_DEPEND - 1,
             : );
this needs a: .requires = "res_curl"


https://gerrit.asterisk.org/c/asterisk/+/14220/4/res/res_stir_shaken/curl.c 
File res/res_stir_shaken/curl.c:

https://gerrit.asterisk.org/c/asterisk/+/14220/4/res/res_stir_shaken/curl.c@112 
PS4, Line 112: 		cb_data->cache_control = ast_strdupa(value);
This should be ast_strdup.


https://gerrit.asterisk.org/c/asterisk/+/14220/4/res/res_stir_shaken/curl.c@113 
PS4, Line 113: 	} else if (!strcasecmp(header, "Expires")) {
             : 		cb_data->cache_control = ast_strdupa(value);
This should be ->expires = ast_strdup(value)


https://gerrit.asterisk.org/c/asterisk/+/14220/4/res/res_stir_shaken/curl.c@180 
PS4, Line 180: 		return -1;
I believe you need to call cur_easy_cleanup here.


https://gerrit.asterisk.org/c/asterisk/+/14220/4/res/res_stir_shaken/stir_shaken.h 
File res/res_stir_shaken/stir_shaken.h:

https://gerrit.asterisk.org/c/asterisk/+/14220/4/res/res_stir_shaken/stir_shaken.h@53 
PS4, Line 53: EVP_PKEY *read_key(const char *path, int priv);
rename this to stir_shaken_read_key to avoid potential name collision and easier searching.



-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/14220
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: I3ba4c63880493bf8c7d17a9cfca1af0e934d1a1c
Gerrit-Change-Number: 14220
Gerrit-PatchSet: 4
Gerrit-Owner: Benjamin Keith Ford <bford at digium.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
Gerrit-CC: Joshua Colp <jcolp at sangoma.com>
Gerrit-Comment-Date: Wed, 22 Apr 2020 22:59:51 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20200422/7ee6d72f/attachment-0001.html>

More information about the asterisk-code-review mailing list