Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compile-time configurable MAX_DOFF (handle large files) #95

Closed
mullerch opened this issue Mar 8, 2021 · 3 comments
Closed

Compile-time configurable MAX_DOFF (handle large files) #95

mullerch opened this issue Mar 8, 2021 · 3 comments

Comments

@mullerch
Copy link

mullerch commented Mar 8, 2021

Actually, cert files are limited to MAX_DOFF=65535 :

basicstation/src/sys.c

Line 148 in bd17e53

fsize > MAX_DOFF ||

As mbedTLS support certificates bundles, user may give to the Basic Station the system certificate bundle (e.g. /etc/ssl/certs/ca-certificates.crt), it may occur that those bundles are bigger than that. A Debian system ca-certificates bundle is typically 200KB.

I suggest raising this limit up to 1MB at least to handle standard system bundles. By the way, I would suggest printing a specific error message to this error as it is actually hard to diagnose (it prints errno which is not set and refers to an older function call error).
@mullerch mullerch changed the title Handle certificates files greater than 65535 MB Handle certificates files greater than 65535 B Mar 8, 2021
@beitler
Copy link
Contributor

beitler commented Mar 8, 2021

Station abstracts chunks of memory in the dbuf_t structure which maintains offsets of type doff_t. To accommodate for small platforms, those offsets are 16 bits long by default:

basicstation/src/rt.h

Lines 70 to 71 in bd17e53

typedef u2_t doff_t;
enum { MAX_DOFF = 0xFFFF };

In principle, the code made provisions for allowing larger offsets (thus larger buffers), but at this time is not a supported mode of operation. It is something we could choose to expose as a compile time option in the future.

As for your specific case of large trust files: The primary paradigm of Basic Station is that connection security parameters are fully managed centrally in a self contained way via the CUPS protocol. We believe that on the long run, over large fleets of gateways, maintaining security credentials centrally is more robust than relying on local device-level configurations. Relying on the system bundle of certificates, you implicitly rely on the OS's package manager to update the bundle accordingly. Basic Station tries to minimize error prone dependencies to third party systems. Hence, using the system bundle as a trust source is not a recommended approach. Nevertheless, I agree that in some conditions under controlled environments, a user may want to use large trust stores and Basic Station should not prevent that. The option that I laid out above should enable this use case in the future.

Concerning error reporting: Definitely, the error reporting for that case should be fixed. Thanks!

@mullerch
Copy link
Author

mullerch commented Mar 8, 2021

Thanks for clarification. So if I understand correctly, settings MAX_DOFF to 0xFFFFFFFF should work just fine (to be tested).

@mullerch mullerch changed the title Handle certificates files greater than 65535 B Compile-time configurable MAX_DOFF (handle large files) Mar 8, 2021
@mullerch
Copy link
Author

mullerch commented Mar 9, 2021

I've been able to read larger files by setting MAX_DOFF to 0xFFFFFFFF and using u4_t type for doff_t:

typedef u4_t doff_t;
enum { MAX_DOFF = 0xFFFFFFFF };

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mullerch @beitler