From be90709b114b6f1cd84b70b58b989a3f46712da4 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Tue, 6 Aug 2013 01:02:29 -0700
Subject: fix crash when fetched key is rejected (e.g. too short, etc), report
 errors in the request, prevent most crashes by catching exceptions.

---
 lib/nickserver/hkp/fetch_key.rb      |  2 +-
 lib/nickserver/hkp/fetch_key_info.rb | 30 +++++++++++++++++++-----------
 lib/nickserver/server.rb             |  2 ++
 3 files changed, 22 insertions(+), 12 deletions(-)

(limited to 'lib')

diff --git a/lib/nickserver/hkp/fetch_key.rb b/lib/nickserver/hkp/fetch_key.rb
index 6f91d8c..c24b2c7 100644
--- a/lib/nickserver/hkp/fetch_key.rb
+++ b/lib/nickserver/hkp/fetch_key.rb
@@ -36,7 +36,7 @@ module Nickserver; module HKP
         end
       }
       http.errback {
-        self.fail 0, http.error
+        self.fail 500, http.error
       }
     end
 
diff --git a/lib/nickserver/hkp/fetch_key_info.rb b/lib/nickserver/hkp/fetch_key_info.rb
index b341aad..2cfff43 100644
--- a/lib/nickserver/hkp/fetch_key_info.rb
+++ b/lib/nickserver/hkp/fetch_key_info.rb
@@ -17,12 +17,17 @@ module Nickserver; module HKP
       params = {:op => 'vindex', :search => uid, :exact => 'on', :options => 'mr', :fingerprint => 'on'}
       EventMachine::HttpRequest.new(Config.hkp_url).get(:query => params).callback {|http|
         if http.response_header.status != 200
-          self.fail http.response_header.status, "Could net fetch keyinfo"
+          self.fail http.response_header.status, "Could net fetch keyinfo."
         else
-          self.succeed parse(uid, http.response)
+          keys, errors = parse(uid, http.response)
+          if keys.empty?
+            self.fail 500, errors.join("\n")
+          else
+            self.succeed keys
+          end
         end
       }.errback {|http|
-        self.fail 0, http.error
+        self.fail 500, http.error
       }
       self
     end
@@ -33,33 +38,36 @@ module Nickserver; module HKP
     #  vindex_result -- raw output from a vindex hkp query (machine readable)
     #
     # returns:
-    #   an array of eligible keys (as HKPKeyInfo objects) matching uid.
+    #   an array of:
+    #   [0] -- array of eligible keys (as HKPKeyInfo objects) matching uid.
+    #   [1] -- array of error messages
     #
     # keys are eliminated from eligibility for a number of reasons, including expiration,
     # revocation, uid match, key length, and so on...
     #
     def parse(uid, vindex_result)
       keys = []
+      errors = []
       now = Time.now
       vindex_result.scan(MATCH_PUB_KEY).each do |match|
         key_info = KeyInfo.new(match[0])
         if key_info.uids.include?(uid)
-          if key_info.keylen <= 1024
-            #puts 'key length is too short'
+          if key_info.keylen < 2048
+            errors << "Ignoring key #{key_info.keyid} for #{uid}: key length is too short."
           elsif key_info.expired?
-            #puts 'ignoring expired key'
+            errors << "Ignoring key #{key_info.keyid} for #{uid}: key expired."
           elsif key_info.revoked?
-            #puts 'ignoring revoked key'
+            errors << "Ignoring key #{key_info.keyid} for #{uid}: key revoked."
           elsif key_info.disabled?
-            #puts 'ignoring disabled key'
+            errors << "Ignoring key #{key_info.keyid} for #{uid}: key disabled."
           elsif key_info.expirationdate && key_info.expirationdate < now
-            #puts 'ignoring expired key'
+            errors << "Ignoring key #{key_info.keyid} for #{uid}: key expired"
           else
             keys << key_info
           end
         end
       end
-      keys
+      [keys, errors]
     end
   end
 
diff --git a/lib/nickserver/server.rb b/lib/nickserver/server.rb
index 8434759..7f74564 100644
--- a/lib/nickserver/server.rb
+++ b/lib/nickserver/server.rb
@@ -42,6 +42,8 @@ module Nickserver
       else
         send_key(uid)
       end
+    rescue RuntimeError => exc
+      send_error(exc.to_s)
     end
 
     private
-- 
cgit v1.2.3