From e2351f98490794db3e04c83106899781feb3edf2 Mon Sep 17 00:00:00 2001
From: "Schanzenbach, Martin" <mschanzenbach@posteo.de>
Date: Mon, 5 Dec 2016 21:34:22 +0100
Subject: [PATCH] -fix verifymessage

---
 src/credential/credential.h                | 10 +++++++
 src/credential/credential_api.c            |  6 ++--
 src/credential/gnunet-service-credential.c | 32 ++++++++++------------
 3 files changed, 28 insertions(+), 20 deletions(-)

diff --git a/src/credential/credential.h b/src/credential/credential.h
index 2acaf73a5..8b5cf6db9 100644
--- a/src/credential/credential.h
+++ b/src/credential/credential.h
@@ -49,6 +49,16 @@ struct VerifyMessage
    */
   struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
 
+  /**
+   * Length of the issuer attribute
+   */
+  uint16_t issuer_attribute_len;
+
+  /**
+   * Length of the subject attribute
+   */
+  uint16_t subject_attribute_len;
+
   /**
    * Unique identifier for this request (for key collisions).
    */
diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c
index 344bb6e63..b6c585c72 100644
--- a/src/credential/credential_api.c
+++ b/src/credential/credential_api.c
@@ -378,7 +378,7 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle,
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "Trying to verify `%s' in CREDENTIAL\n",
        issuer_attribute);
-  nlen = strlen (issuer_attribute) + 1 + strlen (subject_attribute) + 1;
+  nlen = strlen (issuer_attribute) + strlen (subject_attribute) + 1;
   if (nlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*vr))
   {
     GNUNET_break (0);
@@ -395,10 +395,12 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle,
   v_msg->id = htonl (vr->r_id);
   v_msg->subject_key = *subject_key;
   v_msg->issuer_key =  *issuer_key;
+  v_msg->issuer_attribute_len = htons(strlen(issuer_attribute));
+  v_msg->subject_attribute_len = htons(strlen(subject_attribute));
   GNUNET_memcpy (&v_msg[1],
                  issuer_attribute,
                  strlen (issuer_attribute));
-  GNUNET_memcpy (((char*)&v_msg[1]) + strlen (issuer_attribute) + 1,
+  GNUNET_memcpy (((char*)&v_msg[1]) + strlen (issuer_attribute),
                  subject_attribute,
                  strlen (subject_attribute));
   GNUNET_CONTAINER_DLL_insert (handle->verify_head,
diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c
index aa3c02003..117156379 100644
--- a/src/credential/gnunet-service-credential.c
+++ b/src/credential/gnunet-service-credential.c
@@ -217,9 +217,7 @@ check_verify (void *cls,
 		    const struct VerifyMessage *v_msg)
 {
   size_t msg_size;
-  size_t attr_len;
-  const char* s_attr;
-  const char* i_attr;
+  const char* attrs;
 
   msg_size = ntohs (v_msg->header.size);
   if (msg_size < sizeof (struct VerifyMessage))
@@ -227,17 +225,16 @@ check_verify (void *cls,
     GNUNET_break (0);
     return GNUNET_SYSERR;
   }
-  i_attr = (const char *) &v_msg[1];
-  if ( ('\0' != i_attr[v_msg->header.size - sizeof (struct VerifyMessage) - 1]) ||
-       (strlen (i_attr) > GNUNET_CREDENTIAL_MAX_LENGTH) )
+  if ((ntohs (v_msg->issuer_attribute_len) > GNUNET_CREDENTIAL_MAX_LENGTH) ||
+      (ntohs (v_msg->subject_attribute_len) > GNUNET_CREDENTIAL_MAX_LENGTH))
   {
     GNUNET_break (0);
     return GNUNET_SYSERR;
   }
-  attr_len = strlen (i_attr);
-  s_attr = ((const char *) &v_msg[1]) + attr_len + 1;
-  if ( ('\0' != s_attr[v_msg->header.size - sizeof (struct VerifyMessage) - 1]) ||
-       (strlen (s_attr) > GNUNET_CREDENTIAL_MAX_LENGTH) )
+  attrs = (const char *) &v_msg[1];
+  
+  if ( ('\0' != attrs[ntohs(v_msg->header.size) - sizeof (struct VerifyMessage) - 1]) ||
+       (strlen (attrs) > GNUNET_CREDENTIAL_MAX_LENGTH * 2) )
   {
     GNUNET_break (0);
     return GNUNET_SYSERR;
@@ -266,7 +263,6 @@ send_lookup_response (void* cls,
   struct VerifyResultMessage *rmsg;
   const struct GNUNET_CREDENTIAL_CredentialRecordData *crd;
   struct CredentialRecordEntry *cr_entry;
-  int cred_verified;
 
   cred_record_count = 0;
   for (i=0; i < rd_count; i++)
@@ -293,7 +289,6 @@ send_lookup_response (void* cls,
                                                &crd->purpose,
                                                &crd->sig, &crd->issuer_key))
     {   
-      cred_verified = GNUNET_YES;
       break;
     }
 
@@ -372,12 +367,12 @@ static void
 handle_verify (void *cls,
                const struct VerifyMessage *v_msg) 
 {
+  char attrs[GNUNET_CREDENTIAL_MAX_LENGTH*2 + 1];
   char issuer_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1];
   char subject_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1];
-  size_t issuer_attribute_len;
   struct VerifyRequestHandle *vrh;
   struct GNUNET_SERVICE_Client *client = cls;
-  char *attrptr = issuer_attribute;
+  char *attrptr = attrs;
   const char *utf_in;
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -385,10 +380,11 @@ handle_verify (void *cls,
 
   utf_in = (const char *) &v_msg[1];
   GNUNET_STRINGS_utf8_tolower (utf_in, attrptr);
-  issuer_attribute_len = strlen (utf_in);
-  utf_in = (const char *) (&v_msg[1] + issuer_attribute_len + 1);
-  attrptr = subject_attribute;
-  GNUNET_STRINGS_utf8_tolower (utf_in, attrptr);
+
+  GNUNET_memcpy (issuer_attribute, attrs, ntohs (v_msg->issuer_attribute_len));
+  issuer_attribute[ntohs (v_msg->issuer_attribute_len)] = '\0';
+  GNUNET_memcpy (subject_attribute, attrs+strlen(issuer_attribute), ntohs (v_msg->subject_attribute_len));
+  subject_attribute[ntohs (v_msg->subject_attribute_len)] = '\0';
   vrh = GNUNET_new (struct VerifyRequestHandle);
   GNUNET_CONTAINER_DLL_insert (vrh_head, vrh_tail, vrh);
   vrh->client = client;
-- 
2.25.1