Does TOFU actually work?

[marc]

> Hi,

Hello

> I wanted to set up my own Gemini server today. I think I got MITM-attacked
> by China.

snip

> I am in Vilnius, Lithuania. My IP is in this range:
> inetnum:?????????????? 78.59.128.0 - 78.59.255.255

snip

> 36.130.78.59 naujenai.lt /?? 57ms?????? 39 20 text/gemini
> 154.170.78.59 naujenai.lt /test.gmi?? 67ms???????? 0 51 Not found

So we can't blame the PRC on this. It is a bug in
gmnisrv. I mailed Drew the following in September, but
it seems my fix got ignored. I suppose it only affects 
certain architectures, and only ipv4. What is happening
is that the address decoding routine input is shifted 
by 2bytes, hence your 78.59 appears in the wrong place, and 
the first two bytes are bogus. 

Your general point about TOFU/MITM still stands though. 
We can reduce the risk by not expiring keys, and by
maybe showing fingerprints in the browser, in 
various caches and maybe even in the links occasionally.

> I noticed on some platforms the logging logic for the
> server (log.c:23) uses addr->sa_data which is not aligned,
> as the short is only 2 bytes long, and the char[] happens
> immediately after that:
> 
>     eg addr=0xb6e01014, fam=0xb6e01014, data=0xb6e01016
> 
> and so doesn't map directly on to the address structure.
> I solved this with a horrible
> 
>     const char *addrs = inet_ntop(addr->sa_family, (void *)&(((struct sockaddr_in *)addr)->sin_addr), abuf, sizeof(abuf));

For completeness, the proper fix would involve doing a 
switch on sa_family, and grabbing the proper location 
on a per address family basis - things that a type safe
language would have insisted on, but which C (a very
sharp tool requires sharp users) allows us to bypass.

regards

marc

PS: Comments from the peanut gallery advocating for a 
newer language are of course wrong. C is still the better 
choice ;-) I suspect Emilis test system doesn't have enough
RAM to be even supported by some shinier runtimes, nevermind
the CPU architecture...

-- CC-SA