some security improvements

conn.c

@@ -276,6 +276,7 @@ int conn_activate_ssl(int server_role)
 	char *ssl_keyfile;
 	char *ssl_certfile;
 	int err;
+	int handshake_repeat = 0;
 
 	if (csync_conn_usessl)
 		return 0;
@@ -333,40 +334,46 @@ int conn_activate_ssl(int server_role)
 		(gnutls_transport_ptr_t)(long)conn_fd_out
 	);
 
-	err = gnutls_handshake(conn_tls_session);
-	switch(err) {
-	case GNUTLS_E_SUCCESS:
-		break;
-
-	case GNUTLS_E_WARNING_ALERT_RECEIVED:
-		alrt = gnutls_alert_get(conn_tls_session);
-		fprintf(
-			csync_debug_out,
-			"SSL: warning alert received from peer: %d (%s).\n",
-			alrt, gnutls_alert_get_name(alrt)
-		);
-		break;
-
-	case GNUTLS_E_FATAL_ALERT_RECEIVED:
-		alrt = gnutls_alert_get(conn_tls_session);
-		fprintf(
-			csync_debug_out,
-			"SSL: fatal alert received from peer: %d (%s).\n",
-			alrt, gnutls_alert_get_name(alrt)
-		);
 
-	default:
-		gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR);
-		gnutls_deinit(conn_tls_session);
-		gnutls_certificate_free_credentials(conn_x509_cred);
-		gnutls_global_deinit();
+	do {
+		handshake_repeat = 0;
+		err = gnutls_handshake(conn_tls_session);
+		switch(err) {
+		case GNUTLS_E_SUCCESS:
+			break;
 
-		csync_fatal(
-			"SSL: handshake failed: %s (%s)\n",
-			gnutls_strerror(err),
-			gnutls_strerror_name(err)
-		);
-	}
+		case GNUTLS_E_WARNING_ALERT_RECEIVED:
+			alrt = gnutls_alert_get(conn_tls_session);
+			fprintf(
+				csync_debug_out,
+				"SSL: warning alert received from peer: %d (%s).\n",
+				alrt, gnutls_alert_get_name(alrt)
+			);
+			handshake_repeat = 1;
+			break;
+
+		case GNUTLS_E_FATAL_ALERT_RECEIVED:
+			alrt = gnutls_alert_get(conn_tls_session);
+			fprintf(
+				csync_debug_out,
+				"SSL: fatal alert received from peer: %d (%s).\n",
+				alrt, gnutls_alert_get_name(alrt)
+			);
+			// fall-through!
+
+		default:
+			gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR);
+			gnutls_deinit(conn_tls_session);
+			gnutls_certificate_free_credentials(conn_x509_cred);
+			gnutls_global_deinit();
+
+			csync_fatal(
+				"SSL: handshake failed: %s (%s)\n",
+				gnutls_strerror(err),
+				gnutls_strerror_name(err)
+			);
+		}
+	} while (handshake_repeat);
 
 	csync_conn_usessl = 1;
 

daemon.c

@@ -77,7 +77,7 @@ void csync_file_update(const char *filename, const char *peername)
 	struct stat st;
 	SQL("Removing file from dirty db",
 			"delete from dirty where filename = '%s' and peername = '%s'",
-			url_encode(filename), peername);
+			url_encode(filename), url_encode(peername));
 	if ( lstat_strict(prefixsubst(filename), &st) != 0 || csync_check_pure(filename) ) {
 		SQL("Removing file from file db",
 			"delete from file where filename = '%s'",
@@ -747,6 +747,7 @@ void csync_daemon_session()
 						goto conn_without_ssl_ok;
 				}
 				cmd_error = conn_response(CR_ERR_SSL_EXPECTED);
+				peer = NULL;
 			}
 conn_without_ssl_ok:;
 #endif

update.c

@@ -1156,11 +1156,12 @@ void csync_remove_old()
 		const struct csync_group_host *h;
 
 		const char *filename = url_decode(SQL_V(0));
+		const char *peername = url_decode(SQL_V(2));
 
 		while ((g=csync_find_next(g, filename)) != 0) {
 			if (!strcmp(g->myname, SQL_V(1)))
 				for (h = g->host; h; h = h->next) {
-					if (!strcmp(h->hostname, SQL_V(2)))
+					if (!strcmp(h->hostname, peername))
 						goto this_dirty_record_is_ok;
 				}
 		}