Re: [dev] tlsrp: a simple TLS reverse proxy

From: Michael Forney <mforney_AT_mforney.org>
Date: Sun, 5 Jul 2020 16:10:35 -0700

On 2020-07-05, Nihal Jere <nihal_AT_nihaljere.xyz> wrote:
> I wrote a very simple TLS reverse proxy which can be used as a companion
> to quark. Essentially, it just turns quark's HTTP into HTTPS. It depends
> only on libtls (from LibreSSL) and libbsd (for strlcpy).

Seems like a neat project. Have you considered using memccpy instead
of strlcpy? I don't think it's worth adding a dependency on libbsd
over such a simple function, and memccpy is POSIX (XSI) and accepted
for C2x.

I think it even simplifies things a bit:

diff --git a/tlsrp.c b/tlsrp.c
index 2766f32..c8d5d39 100644
--- a/tlsrp.c
+++ b/tlsrp.c
_AT_@ -1,6 +1,5 @@
 #include <stdio.h>
 #include <string.h>
-#include <bsd/string.h>
 #include <stdarg.h>
 #include <stdlib.h>
 #include <unistd.h>
_AT_@ -70,13 +69,11 @@ dounixconnect(const char *sockname)
     int sfd;
     struct sockaddr_un saddr = {0};

- if (strlen(sockname) > SUN_PATH_LENGTH-1)
+ if (!memccpy(saddr.sun_path, sockname, '\0', SUN_PATH_LENGTH))
         die("unix socket path too long");

     saddr.sun_family = AF_UNIX;

- strlcpy((char *) &saddr.sun_path, sockname, SUN_PATH_LENGTH);
-
     if ((sfd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1)
         die("failed to create unix socket:");

Some other things I noticed:
- You should probably use sizeof(saddr.sun_path) instead of a
hard-coded assumed minimum size.
- The tlsrp Makefile rule is missing a dependency on tlsrp.c and util.c.
- It might be useful to have separate options for the hostname to
listen on and the hostname to connect to.
- I think the way to include the libtls header is #include <tls.h>.
Some systems (including OpenBSD) don't install it in
/usr/include/libressl, and the .pc file should add the appropriate
include directory.
Received on Mon Jul 06 2020 - 01:10:35 CEST