adam/flenser
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Hsts domain list is now a vector...

Browse Source 
I still have to test this.
This commit is contained in:
ADAM David Alan Martin
2025-04-24 09:05:17 -04:00
parent b8bc9d5c44
commit 512e3fbcfd
1 changed files with 21 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
src/hsts.cc
View File

@ -35,6 +35,8 @@
#include "IO/tls.hh" #include "IO/tls.hh"
#include <string> #include <string>
#include <memory>
#include <vector>
struct HstsData_t { struct HstsData_t {
std::string host; std::string host;
@ -46,44 +48,37 @@ struct HstsData_t {
* most likely latest representable time of January 19, 2038. * most likely latest representable time of January 19, 2038.
*/ */
static time_t hsts_latest_representable_time; static time_t hsts_latest_representable_time;
static Dlist *domains; static std::vector< std::unique_ptr< HstsData_t > > domains;
void a_Hsts_freeall(void) void a_Hsts_freeall(void)
{ {
if (prefs.http_strict_transport_security) { if (prefs.http_strict_transport_security) {
HstsData_t *policy; domains.clear();
int i, n = dList_length(domains);
for (i = 0; i < n; i++) {
policy = reinterpret_cast< HstsData_t * >( dList_nth_data(domains, i) );
delete policy;
}
dList_free(domains);
} }
} }
/**
* Compare function for searching a domain node by domain string
*/
static int Domain_node_domain_str_cmp(const void *v1, const void *v2)
{
const HstsData_t *node = reinterpret_cast< const HstsData_t * >( v1 );
const char *host = reinterpret_cast< const char * >( v2 );
return dStrAsciiCasecmp(node->host.c_str(), host);
}
static HstsData_t *Hsts_get_policy(const char *host) static HstsData_t *Hsts_get_policy(const char *host)
{ {
return reinterpret_cast< HstsData_t * >( dList_find_sorted(domains, host, Domain_node_domain_str_cmp) ); auto found= std::find_if( begin( domains ), end( domains ),
[&]( const auto &domain )
{
return not dStrAsciiCasecmp( domain->host.c_str(), host );
} );
if( found != end( domains ) ) return found->get();
return nullptr;
} }
static void Hsts_remove_policy(HstsData_t *policy) static void Hsts_remove_policy(HstsData_t *policy)
{ {
if (policy) { if (policy) {
_MSG("HSTS: removed policy for %s\n", policy->host); _MSG("HSTS: removed policy for %s\n", policy->host);
delete policy; auto found= std::find_if( begin( domains ), end( domains ),
dList_remove(domains, policy); [&]( const auto &domain )
{
return domain.get() == policy;
} );
if( found != end( domains ) ) domains.erase( found );
} }
} }
@ -107,16 +102,6 @@ static time_t Hsts_future_time(long seconds_from_now)
return ret; return ret;
} }
/**
* Compare function for searching domains.
*/
static int Domain_node_cmp(const void *v1, const void *v2)
{
const HstsData_t *node1 = reinterpret_cast< const HstsData_t * >( v1 ), *node2 = reinterpret_cast< const HstsData_t * >( v2 );
return dStrAsciiCasecmp(node1->host.c_str(), node2->host.c_str());
}
static void Hsts_set_policy(const char *host, long max_age, bool_t subdomains) static void Hsts_set_policy(const char *host, long max_age, bool_t subdomains)
{ {
time_t exp = Hsts_future_time(max_age); time_t exp = Hsts_future_time(max_age);
@ -128,7 +113,9 @@ static void Hsts_set_policy(const char *host, long max_age, bool_t subdomains)
if (policy == NULL) { if (policy == NULL) {
policy = new HstsData_t; policy = new HstsData_t;
policy->host = host; policy->host = host;
dList_insert_sorted(domains, policy, Domain_node_cmp); std::unique_ptr< HstsData_t > policy_unique;
policy_unique.reset( policy );
domains.push_back( std::move( policy_unique ) );
} }
policy->subdomains = subdomains; policy->subdomains = subdomains;
policy->expires_at = exp; policy->expires_at = exp;
@ -354,7 +341,6 @@ void a_Hsts_init(FILE *preload_file)
struct tm future_tm = {7, 14, 3, 19, 0, 138, 0, 0, 0, 0, 0}; struct tm future_tm = {7, 14, 3, 19, 0, 138, 0, 0, 0, 0, 0};
hsts_latest_representable_time = mktime(&future_tm); hsts_latest_representable_time = mktime(&future_tm);
domains = dList_new(32);
if (preload_file) { if (preload_file) {
Hsts_preload(preload_file); Hsts_preload(preload_file);