From 768606906ee35773f6d3e8d71681545eb9256ed7 Mon Sep 17 00:00:00 2001
From: Michael Rash <mbr@cipherdyne.org>
Date: Tue, 11 Aug 2009 03:11:57 +0000
Subject: [PATCH] updated SPA over HTTP packets to always begin the a slash
 right after the GET string, updated to print SPA packets over HTTP to stderr
 in test/verbose mode

git-svn-id: file:///home/mbr/svn/fwknop/trunk@134 510a4753-2344-4c79-9c09-4d669213fbeb
---
 client/fwknop.c   | 30 ++++++++++-------------
 client/spa_comm.c | 61 ++++++++++++++++++++++++++++++++++++++---------
 2 files changed, 63 insertions(+), 28 deletions(-)

diff --git a/client/fwknop.c b/client/fwknop.c
index 7fc1d798..ca4db7e2 100644
--- a/client/fwknop.c
+++ b/client/fwknop.c
@@ -270,26 +270,22 @@ main(int argc, char **argv)
     if (options.verbose)
         dump_transmit_options(&options);
 
-    /* If not in test mode, send the SPA data across the wire with a
-     * protocol/port specified on the command line (default is UDP/62201).
-     * Otherwise, run through a decode cycle (--DSS XXX: This test/decode
-     * portion should be moved elsewhere).
-    */
-    if (!options.test)
+    res = send_spa_packet(ctx, &options);
+    if(res < 0)
     {
-        res = send_spa_packet(ctx, &options);
-        if(res < 0)
-        {
-            fprintf(stderr, "[*] send_spa_packet: packet not sent.\n");
-            return(EXIT_FAILURE);
-        }
-        else
-        {
-            if(options.verbose)
-                fprintf(stderr, "[+] send_spa_packet: bytes sent: %i\n", res);
-        }
+        fprintf(stderr, "[*] send_spa_packet: packet not sent.\n");
+        return(EXIT_FAILURE);
     }
     else
+    {
+        if(options.verbose)
+            fprintf(stderr, "[+] send_spa_packet: bytes sent: %i\n", res);
+    }
+
+    /* Run through a decode cycle in test mode (--DSS XXX: This test/decode
+     * portion should be moved elsewhere).
+    */
+    if (options.test)
     {
         /************** Decoding now *****************/
 
diff --git a/client/spa_comm.c b/client/spa_comm.c
index 760cfae2..ad53bda5 100644
--- a/client/spa_comm.c
+++ b/client/spa_comm.c
@@ -74,10 +74,17 @@ static int is_ip(char *str)
 int
 send_spa_packet_tcp_or_udp(char *spa_data, int sd_len, fko_cli_options_t *options)
 {
-    int     sock, res, error;
+    int     sock, res=0, error;
     struct  addrinfo *result, *rp, hints;
     char    port_str[MAX_PORT_STR_LEN];
 
+    if (options->test)
+    {
+        fprintf(stderr,
+            "[+] test mode enabled, SPA packet not actually sent.\n");
+        return res;
+    }
+
     memset(&hints, 0, sizeof(struct addrinfo));
 
     hints.ai_family   = AF_UNSPEC; /* Allow IPv4 or IPv6 */
@@ -165,7 +172,7 @@ send_spa_packet_tcp_raw(char *spa_data, int sd_len, struct sockaddr_in *saddr,
         "[*] send_spa_packet_tcp_raw: raw packets are not yet supported.\n");
     return(-1);
 #else
-    int  sock, res;
+    int  sock, res = 0;
     char pkt_data[2048] = {0}; /* Should be enough for our purposes */
 
     struct iphdr  *iph  = (struct iphdr *) pkt_data;
@@ -178,6 +185,13 @@ send_spa_packet_tcp_raw(char *spa_data, int sd_len, struct sockaddr_in *saddr,
     int         one     = 1;
     const int  *so_val  = &one;
 
+    if (options->test)
+    {
+        fprintf(stderr,
+            "[+] test mode enabled, SPA packet not actually sent.\n");
+        return res;
+    }
+
     sock = socket (PF_INET, SOCK_RAW, IPPROTO_RAW);
     if (sock < 0)
     {
@@ -269,7 +283,7 @@ send_spa_packet_icmp(char *spa_data, int sd_len, struct sockaddr_in *saddr,
     fprintf(stderr, "[*] send_spa_packet_icmp: raw packets are not yet supported.\n");
     return(-1);
 #else
-    int res;
+    int res = 0, sock;
     char pkt_data[2048] = {0};
 
     struct iphdr  *iph    = (struct iphdr *) pkt_data;
@@ -282,7 +296,14 @@ send_spa_packet_icmp(char *spa_data, int sd_len, struct sockaddr_in *saddr,
     int         one     = 1;
     const int  *so_val  = &one;
 
-    int sock = socket (PF_INET, SOCK_RAW, IPPROTO_RAW);
+    if (options->test)
+    {
+        fprintf(stderr,
+            "[+] test mode enabled, SPA packet not actually sent.\n");
+        return res;
+    }
+
+    sock = socket (PF_INET, SOCK_RAW, IPPROTO_RAW);
 
     if (sock < 0)
     {
@@ -353,30 +374,48 @@ send_spa_packet_icmp(char *spa_data, int sd_len, struct sockaddr_in *saddr,
 int
 send_spa_packet_http(char *spa_data, int sd_len, fko_cli_options_t *options)
 {
-    char http_buf[HTTP_MAX_REQUEST_LEN];
+    char http_buf[HTTP_MAX_REQUEST_LEN], *spa_data_copy = NULL;
     int  i;
 
+    spa_data_copy = malloc(sd_len+1);
+    if (spa_data_copy == NULL)
+    {
+        exit(EXIT_FAILURE);
+    }
+    memcpy(spa_data_copy, spa_data, sd_len+1);
+
     /* change "+" chars to "-", and "/" to "_" for HTTP requests (the server
      * side will translate these back before decrypting) */
     for (i=0; i < sd_len; i++) {
-        if (spa_data[i] == '+') {
-            spa_data[i] = '-';
+        if (spa_data_copy[i] == '+') {
+            spa_data_copy[i] = '-';
         }
-        else if (spa_data[i] == '/') {
-            spa_data[i] = '_';
+        else if (spa_data_copy[i] == '/') {
+            spa_data_copy[i] = '_';
         }
     }
 
     snprintf(http_buf, HTTP_MAX_REQUEST_LEN,
         "%s%s%s%s%s%s%s",
-        "GET ",
-        spa_data,
+        "GET /",
+        spa_data_copy,
         " HTTP/1.0\r\nUser-Agent: ",
         options->http_user_agent,
         "\r\nAccept: */*\r\nHost: ",
         options->spa_server_str,  /* hostname or IP */
         "\r\nConnection: Keep-Alive\r\n\r\n"
     );
+    free(spa_data_copy);
+
+    if (options->test)
+    {
+        if (options->verbose)
+           fprintf(stderr, "%s\n", http_buf);
+
+        fprintf(stderr,
+            "[+] test mode enabled, SPA packet not actually sent.\n");
+        return 0;
+    }
 
     return send_spa_packet_tcp_or_udp(http_buf, strlen(http_buf), options);
 }