X-Git-Url: https://bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=tools%2Fserver.c;h=c6978cf86fe960b825a3c3bc9cf634c196aaac5c;hp=89d529b832d1e161046f606df4cc1d1094475a3d;hb=3b044d4296b1dffa5586658e152e1c7bd8144410;hpb=6b4cd8609450f294071b38f478bec3b6b8c48ce5

diff --git a/tools/server.c b/tools/server.c
index 89d529b..c6978cf 100644
--- a/tools/server.c
+++ b/tools/server.c
@@ -27,6 +27,7 @@
 #include <string.h>
 #include <stdint.h>
 #include <errno.h>
+#include <signal.h>
 
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -62,7 +63,6 @@ host_bind(const char *host, const char *port, int verbose)
 		struct sockaddr_in6 sa6;
 		size_t sa_len;
 		void *addr;
-		char tmp[INET6_ADDRSTRLEN + 50];
 		int opt;
 
 		sa = (struct sockaddr *)p->ai_addr;
@@ -86,13 +86,19 @@ host_bind(const char *host, const char *port, int verbose)
 			addr = NULL;
 			sa_len = p->ai_addrlen;
 		}
-		if (addr != NULL) {
-			inet_ntop(p->ai_family, addr, tmp, sizeof tmp);
-		} else {
-			sprintf(tmp, "<unknown family: %d>",
-				(int)sa->sa_family);
-		}
 		if (verbose) {
+			char tmp[INET6_ADDRSTRLEN + 50];
+
+			if (addr != NULL) {
+				if (!inet_ntop(p->ai_family, addr,
+					tmp, sizeof tmp))
+				{
+					strcpy(tmp, "<invalid>");
+				}
+			} else {
+				sprintf(tmp, "<unknown family: %d>",
+					(int)sa->sa_family);
+			}
 			fprintf(stderr, "binding to: %s\n", tmp);
 		}
 		fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol);
@@ -161,8 +167,8 @@ accept_client(int server_fd, int verbose)
 				tmp, sizeof tmp);
 			break;
 		case AF_INET6:
-			name = inet_ntop(AF_INET,
-				&((struct sockaddr_in *)&sa)->sin_addr,
+			name = inet_ntop(AF_INET6,
+				&((struct sockaddr_in6 *)&sa)->sin6_addr,
 				tmp, sizeof tmp);
 			break;
 		}
@@ -328,6 +334,9 @@ sp_choose(const br_ssl_server_policy_class **pctx,
 		case BR_SSLKEYX_ECDHE_RSA:
 			if (pc->sk->key_type == BR_KEYTYPE_RSA) {
 				choices->cipher_suite = st[u][0];
+				if (cc->eng.session.version < BR_TLS12) {
+					hash_id = 0;
+				}
 				choices->hash_id = hash_id;
 				goto choose_ok;
 			}
@@ -335,6 +344,9 @@ sp_choose(const br_ssl_server_policy_class **pctx,
 		case BR_SSLKEYX_ECDHE_ECDSA:
 			if (pc->sk->key_type == BR_KEYTYPE_EC) {
 				choices->cipher_suite = st[u][0];
+				if (cc->eng.session.version < BR_TLS12) {
+					hash_id = br_sha1_ID;
+				}
 				choices->hash_id = hash_id;
 				goto choose_ok;
 			}
@@ -637,7 +649,11 @@ do_server(int argc, char *argv[])
 				usage_server();
 				goto server_exit_error;
 			}
-			iobuf_len = strtoul(arg, 0, 10);
+			iobuf_len = parse_size(arg);
+			if (iobuf_len == (size_t)-1) {
+				usage_server();
+				goto server_exit_error;
+			}
 		} else if (eqstr(arg, "-cache")) {
 			if (++ i >= argc) {
 				fprintf(stderr,
@@ -652,7 +668,11 @@ do_server(int argc, char *argv[])
 				usage_server();
 				goto server_exit_error;
 			}
-			cache_len = strtoul(arg, 0, 10);
+			cache_len = parse_size(arg);
+			if (cache_len == (size_t)-1) {
+				usage_server();
+				goto server_exit_error;
+			}
 		} else if (eqstr(arg, "-cert")) {
 			if (++ i >= argc) {
 				fprintf(stderr,
@@ -991,6 +1011,11 @@ do_server(int argc, char *argv[])
 
 	br_ssl_engine_set_buffer(&cc.eng, iobuf, iobuf_len, bidi);
 
+	/*
+	 * We need to ignore SIGPIPE.
+	 */
+	signal(SIGPIPE, SIG_IGN);
+
 	/*
 	 * Open the server socket.
 	 */