Merge branch 'collectd-4.6'

[collectd.git] / src / network.c

diff --git a/src/network.c b/src/network.c
index 50f9113..7023eaa 100644 (file)
--- a/src/network.c
+++ b/src/network.c
@@ -173,6 +173,7 @@ typedef struct part_values_s part_values_t;
  * ! Hash (Bits 224 - 255)                                         !
  * +---------------------------------------------------------------+
  */
+#define PART_SIGNATURE_SHA256_SIZE 36
 struct part_signature_sha256_s
 {
   part_header_t head;
@@ -573,11 +574,11 @@ static int write_part_string (char **ret_buffer, int *ret_buffer_len,
        return (0);
 } /* int write_part_string */
 
-static int parse_part_values (void **ret_buffer, int *ret_buffer_len,
+static int parse_part_values (void **ret_buffer, size_t *ret_buffer_len,
                value_t **ret_values, int *ret_num_values)
 {
        char *buffer = *ret_buffer;
-       int   buffer_len = *ret_buffer_len;
+       size_t buffer_len = *ret_buffer_len;
 
        uint16_t tmp16;
        size_t exp_size;
@@ -590,10 +591,10 @@ static int parse_part_values (void **ret_buffer, int *ret_buffer_len,
        uint8_t *pkg_types;
        value_t *pkg_values;
 
-       if (buffer_len < (15))
+       if (buffer_len < 15)
        {
-               DEBUG ("network plugin: packet is too short: buffer_len = %i",
-                               buffer_len);
+               NOTICE ("network plugin: packet is too short: "
+                               "buffer_len = %zu", buffer_len);
                return (-1);
        }
 
@@ -613,13 +614,13 @@ static int parse_part_values (void **ret_buffer, int *ret_buffer_len,
 
        exp_size = 3 * sizeof (uint16_t)
                + pkg_numval * (sizeof (uint8_t) + sizeof (value_t));
-       if ((buffer_len < 0) || ((size_t) buffer_len < exp_size))
+       if ((buffer_len < 0) || (buffer_len < exp_size))
        {
                WARNING ("network plugin: parse_part_values: "
                                "Packet too short: "
-                               "Chunk of size %u expected, "
-                               "but buffer has only %i bytes left.",
-                               (unsigned int) exp_size, buffer_len);
+                               "Chunk of size %zu expected, "
+                               "but buffer has only %zu bytes left.",
+                               exp_size, buffer_len);
                return (-1);
        }
 
@@ -664,11 +665,11 @@ static int parse_part_values (void **ret_buffer, int *ret_buffer_len,
        return (0);
 } /* int parse_part_values */
 
-static int parse_part_number (void **ret_buffer, int *ret_buffer_len,
+static int parse_part_number (void **ret_buffer, size_t *ret_buffer_len,
                uint64_t *value)
 {
        char *buffer = *ret_buffer;
-       int buffer_len = *ret_buffer_len;
+       size_t buffer_len = *ret_buffer_len;
 
        uint16_t tmp16;
        uint64_t tmp64;
@@ -681,9 +682,9 @@ static int parse_part_number (void **ret_buffer, int *ret_buffer_len,
        {
                WARNING ("network plugin: parse_part_number: "
                                "Packet too short: "
-                               "Chunk of size %u expected, "
-                               "but buffer has only %i bytes left.",
-                               (unsigned int) exp_size, buffer_len);
+                               "Chunk of size %zu expected, "
+                               "but buffer has only %zu bytes left.",
+                               exp_size, buffer_len);
                return (-1);
        }
 
@@ -705,11 +706,11 @@ static int parse_part_number (void **ret_buffer, int *ret_buffer_len,
        return (0);
 } /* int parse_part_number */
 
-static int parse_part_string (void **ret_buffer, int *ret_buffer_len,
+static int parse_part_string (void **ret_buffer, size_t *ret_buffer_len,
                char *output, int output_len)
 {
        char *buffer = *ret_buffer;
-       int   buffer_len = *ret_buffer_len;
+       size_t buffer_len = *ret_buffer_len;
 
        uint16_t tmp16;
        size_t header_size = 2 * sizeof (uint16_t);
@@ -717,13 +718,13 @@ static int parse_part_string (void **ret_buffer, int *ret_buffer_len,
        uint16_t pkg_length;
        uint16_t pkg_type;
 
-       if ((buffer_len < 0) || ((size_t) buffer_len < header_size))
+       if ((buffer_len < 0) || (buffer_len < header_size))
        {
                WARNING ("network plugin: parse_part_string: "
                                "Packet too short: "
-                               "Chunk of at least size %u expected, "
-                               "but buffer has only %i bytes left.",
-                               (unsigned int) header_size, buffer_len);
+                               "Chunk of at least size %zu expected, "
+                               "but buffer has only %zu bytes left.",
+                               header_size, buffer_len);
                return (-1);
        }
 
@@ -740,8 +741,8 @@ static int parse_part_string (void **ret_buffer, int *ret_buffer_len,
        {
                WARNING ("network plugin: parse_part_string: "
                                "Packet too big: "
-                               "Chunk of size %hu received, "
-                               "but buffer has only %i bytes left.",
+                               "Chunk of size %"PRIu16" received, "
+                               "but buffer has only %zu bytes left.",
                                pkg_length, buffer_len);
                return (-1);
        }
@@ -788,20 +789,37 @@ static int parse_part_string (void **ret_buffer, int *ret_buffer_len,
        return (0);
 } /* int parse_part_string */
 
+/* Forward declaration: parse_part_sign_sha256 and parse_part_encr_aes256 call
+ * parse_packet and vice versa. */
+#define PP_SIGNED    0x01
+#define PP_ENCRYPTED 0x02
+static int parse_packet (sockent_t *se,
+               void *buffer, size_t buffer_size, int flags);
+
+#define BUFFER_READ(p,s) do { \
+  memcpy ((p), buffer + buffer_offset, (s)); \
+  buffer_offset += (s); \
+} while (0)
+
 #if HAVE_GCRYPT_H
 static int parse_part_sign_sha256 (sockent_t *se, /* {{{ */
-    void **ret_buffer, int *ret_buffer_len)
+    void **ret_buffer, size_t *ret_buffer_len, int flags)
 {
-  char *buffer = *ret_buffer;
-  size_t buffer_len = (size_t) *ret_buffer_len;
+  char *buffer;
+  size_t buffer_len;
+  size_t buffer_offset;
 
-  part_signature_sha256_t ps_received;
-  char hash[sizeof (ps_received.hash)];
+  part_signature_sha256_t pss;
+  char hash[sizeof (pss.hash)];
 
   gcry_md_hd_t hd;
   gcry_error_t err;
   unsigned char *hash_ptr;
 
+  buffer = *ret_buffer;
+  buffer_len = *ret_buffer_len;
+  buffer_offset = 0;
+
   if (se->shared_secret == NULL)
   {
     NOTICE ("network plugin: Received signed network packet but can't verify "
@@ -809,9 +827,21 @@ static int parse_part_sign_sha256 (sockent_t *se, /* {{{ */
     return (0);
   }
 
-  if (buffer_len < sizeof (ps_received))
+  if (buffer_len < PART_SIGNATURE_SHA256_SIZE)
     return (-ENOMEM);
 
+  BUFFER_READ (&pss.head.type, sizeof (pss.head.type));
+  BUFFER_READ (&pss.head.length, sizeof (pss.head.length));
+  BUFFER_READ (pss.hash, sizeof (pss.hash));
+
+  assert (buffer_offset == PART_SIGNATURE_SHA256_SIZE);
+
+  if (ntohs (pss.head.length) != PART_SIGNATURE_SHA256_SIZE)
+  {
+    ERROR ("network plugin: HMAC-SHA-256 with invalid length received.");
+    return (-1);
+  }
+
   hd = NULL;
   err = gcry_md_open (&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
   if (err != 0)
@@ -831,13 +861,7 @@ static int parse_part_sign_sha256 (sockent_t *se, /* {{{ */
     return (-1);
   }
 
-  memcpy (&ps_received, buffer, sizeof (ps_received));
-  /* TODO: Check ps_received.head.length! */
-
-  buffer += sizeof (ps_received);
-  buffer_len -= sizeof (ps_received);
-
-  gcry_md_write (hd, buffer, buffer_len);
+  gcry_md_write (hd, buffer + buffer_offset, buffer_len - buffer_offset);
   hash_ptr = gcry_md_read (hd, GCRY_MD_SHA256);
   if (hash_ptr == NULL)
   {
@@ -850,34 +874,80 @@ static int parse_part_sign_sha256 (sockent_t *se, /* {{{ */
   gcry_md_close (hd);
   hd = NULL;
 
-  *ret_buffer += sizeof (ps_received);
-  *ret_buffer_len -= sizeof (ps_received);
+  if (memcmp (pss.hash, hash, sizeof (pss.hash)) != 0)
+  {
+    WARNING ("network plugin: Verifying HMAC-SHA-256 signature failed: "
+        "Hash mismatch.");
+  }
+  else
+  {
+    parse_packet (se, buffer + buffer_offset, buffer_len - buffer_offset,
+        flags | PP_SIGNED);
+  }
+
+  *ret_buffer = buffer + buffer_len;
+  *ret_buffer_len = 0;
 
-  if (memcmp (ps_received.hash, hash,
-        sizeof (ps_received.hash)) == 0)
-    return (0);
-  else /* hashes do not match. */
-    return (1);
+  return (0);
 } /* }}} int parse_part_sign_sha256 */
 /* #endif HAVE_GCRYPT_H */
 
 #else /* if !HAVE_GCRYPT_H */
 static int parse_part_sign_sha256 (sockent_t *se, /* {{{ */
-    void **ret_buffer, int *ret_buffer_len)
+    void **ret_buffer, size_t *ret_buffer_size, int flags)
 {
-  INFO ("network plugin: Received signed packet, but the network "
-      "plugin was not linked with libgcrypt, so I cannot "
-      "verify the signature. The packet will be accepted.");
+  static int warning_has_been_printed = 0;
+
+  char *buffer;
+  size_t buffer_size;
+  size_t buffer_offset;
+
+  part_signature_sha256_t pss;
+
+  buffer = *ret_buffer;
+  buffer_size = *ret_buffer_size;
+  buffer_offset = 0;
+
+  if (buffer_size < PART_SIGNATURE_SHA256_SIZE)
+    return (-ENOMEM);
+
+  BUFFER_READ (&pss.head.type, sizeof (pss.head.type));
+  BUFFER_READ (&pss.head.length, sizeof (pss.head.length));
+  BUFFER_READ (pss.hash, sizeof (pss.hash));
+
+  assert (buffer_offset == PART_SIGNATURE_SHA256_SIZE);
+
+  if (ntohs (pss.head.length) != PART_SIGNATURE_SHA256_SIZE)
+  {
+    ERROR ("network plugin: HMAC-SHA-256 with invalid length received.");
+    return (-1);
+  }
+
+  if (warning_has_been_printed == 0)
+  {
+    WARNING ("network plugin: Received signed packet, but the network "
+        "plugin was not linked with libgcrypt, so I cannot "
+        "verify the signature. The packet will be accepted.");
+    warning_has_been_printed = 1;
+  }
+
+  parse_packet (se, buffer + buffer_offset, buffer_size - buffer_offset,
+      flags);
+
+  *ret_buffer = buffer + buffer_size;
+  *ret_buffer_size = 0;
+
   return (0);
 } /* }}} int parse_part_sign_sha256 */
 #endif /* !HAVE_GCRYPT_H */
 
 #if HAVE_GCRYPT_H
 static int parse_part_encr_aes256 (sockent_t *se, /* {{{ */
-               void **ret_buffer, int *ret_buffer_len)
+               void **ret_buffer, size_t *ret_buffer_len,
+               int flags)
 {
   char  *buffer = *ret_buffer;
-  size_t buffer_len = (size_t) *ret_buffer_len;
+  size_t buffer_len = *ret_buffer_len;
   size_t orig_buffer_len;
   size_t part_size;
   size_t buffer_offset;
@@ -898,11 +968,6 @@ static int parse_part_encr_aes256 (sockent_t *se, /* {{{ */
 
   buffer_offset = 0;
 
-#define BUFFER_READ(p,s) do { \
-  memcpy ((p), buffer + buffer_offset, (s)); \
-  buffer_offset += (s); \
-} while (0)
-
   /* Copy the unencrypted information into `pea'. */
   BUFFER_READ (&pea.head.type, sizeof (pea.head.type));
   BUFFER_READ (&pea.head.length, sizeof (pea.head.length));
@@ -968,73 +1033,90 @@ static int parse_part_encr_aes256 (sockent_t *se, /* {{{ */
     return (-1);
   }
 
-  assert ((buffer_offset + orig_buffer_len) <= buffer_len);
-  if ((buffer_offset + orig_buffer_len) < buffer_len)
-  {
-    NOTICE ("network plugin: Trailing, potentially unencrypted data "
-        "(%zu bytes) will be ignored.",
-        buffer_len - (buffer_offset + orig_buffer_len));
-  }
+  assert ((PART_ENCRYPTION_AES256_SIZE + padding_size + orig_buffer_len)
+                 == part_size);
+
+  parse_packet (se, buffer + PART_ENCRYPTION_AES256_SIZE + padding_size,
+                 orig_buffer_len, flags | PP_ENCRYPTED);
 
   /* Update return values */
-  *ret_buffer = buffer + buffer_offset;
-  *ret_buffer_len = (int) orig_buffer_len;
+  *ret_buffer =     buffer     + part_size;
+  *ret_buffer_len = buffer_len - part_size;
 
   return (0);
-#undef BUFFER_READ
 } /* }}} int parse_part_encr_aes256 */
 /* #endif HAVE_GCRYPT_H */
 
 #else /* if !HAVE_GCRYPT_H */
 static int parse_part_encr_aes256 (sockent_t *se, /* {{{ */
-    void **ret_buffer, int *ret_buffer_len)
+    void **ret_buffer, size_t *ret_buffer_size, int flags)
 {
-  INFO ("network plugin: Received encrypted packet, but the network "
-      "plugin was not linked with libgcrypt, so I cannot "
-      "decrypt it. The packet will be discarded.");
-  return (-1);
+  static int warning_has_been_printed = 0;
+
+  char *buffer;
+  size_t buffer_size;
+  size_t buffer_offset;
+
+  part_header_t ph;
+  size_t ph_length;
+
+  buffer = *ret_buffer;
+  buffer_size = *ret_buffer_size;
+  buffer_offset = 0;
+
+  /* parse_packet assures this minimum size. */
+  assert (buffer_size >= (sizeof (ph.type) + sizeof (ph.length)));
+
+  BUFFER_READ (&ph.type, sizeof (ph.type));
+  BUFFER_READ (&ph.length, sizeof (ph.length));
+  ph_length = ntohs (ph.length);
+
+  if ((ph_length < PART_ENCRYPTION_AES256_SIZE)
+      || (ph_length > buffer_size))
+  {
+    ERROR ("network plugin: AES-256 encrypted part "
+        "with invalid length received.");
+    return (-1);
+  }
+
+  if (warning_has_been_printed == 0)
+  {
+    WARNING ("network plugin: Received encrypted packet, but the network "
+        "plugin was not linked with libgcrypt, so I cannot "
+        "decrypt it. The part will be discarded.");
+    warning_has_been_printed = 1;
+  }
+
+  *ret_buffer += ph_length;
+  *ret_buffer_size -= ph_length;
+
+  return (0);
 } /* }}} int parse_part_encr_aes256 */
 #endif /* !HAVE_GCRYPT_H */
 
-static int parse_packet (receive_list_entry_t *rle) /* {{{ */
+#undef BUFFER_READ
+
+static int parse_packet (sockent_t *se, /* {{{ */
+               void *buffer, size_t buffer_size, int flags)
 {
        int status;
 
-       void *buffer;
-       int buffer_len;
-       sockent_t *se;
-
        value_list_t vl = VALUE_LIST_INIT;
        notification_t n;
 
-       int packet_was_encrypted = 0;
-       int packet_was_signed = 0;
 #if HAVE_GCRYPT_H
+       int packet_was_signed = (flags & PP_SIGNED);
+        int packet_was_encrypted = (flags & PP_ENCRYPTED);
        int printed_ignore_warning = 0;
 #endif /* HAVE_GCRYPT_H */
 
-       buffer = rle->data;
-       buffer_len = rle->data_len;
-
-       /* Look for the correct `sockent_t' */
-       se = listen_sockets;
-       while ((se != NULL) && (se->fd != rle->fd))
-               se = se->next;
-
-       if (se == NULL)
-       {
-               ERROR ("network plugin: Got packet from FD %i, but can't "
-                               "find an appropriate socket entry.",
-                               rle->fd);
-               return (-1);
-       }
 
        memset (&vl, '\0', sizeof (vl));
        memset (&n, '\0', sizeof (n));
        status = 0;
 
-       while ((status == 0) && (0 < buffer_len)
-                       && ((unsigned int) buffer_len > sizeof (part_header_t)))
+       while ((status == 0) && (0 < buffer_size)
+                       && ((unsigned int) buffer_size > sizeof (part_header_t)))
        {
                uint16_t pkg_length;
                uint16_t pkg_type;
@@ -1049,7 +1131,7 @@ static int parse_packet (receive_list_entry_t *rle) /* {{{ */
                pkg_length = ntohs (pkg_length);
                pkg_type = ntohs (pkg_type);
 
-               if (pkg_length > buffer_len)
+               if (pkg_length > buffer_size)
                        break;
                /* Ensure that this loop terminates eventually */
                if (pkg_length < (2 * sizeof (uint16_t)))
@@ -1057,7 +1139,8 @@ static int parse_packet (receive_list_entry_t *rle) /* {{{ */
 
                if (pkg_type == TYPE_ENCR_AES256)
                {
-                       status = parse_part_encr_aes256 (se, &buffer, &buffer_len);
+                       status = parse_part_encr_aes256 (se,
+                                       &buffer, &buffer_size, flags);
                        if (status != 0)
                        {
                                ERROR ("network plugin: Decrypting AES256 "
@@ -1065,10 +1148,6 @@ static int parse_packet (receive_list_entry_t *rle) /* {{{ */
                                                "with status %i.", status);
                                break;
                        }
-                       else
-                       {
-                               packet_was_encrypted = 1;
-                       }
                }
 #if HAVE_GCRYPT_H
                else if ((se->security_level == SECURITY_LEVEL_ENCRYPT)
@@ -1086,24 +1165,15 @@ static int parse_packet (receive_list_entry_t *rle) /* {{{ */
 #endif /* HAVE_GCRYPT_H */
                else if (pkg_type == TYPE_SIGN_SHA256)
                {
-                       status = parse_part_sign_sha256 (se, &buffer, &buffer_len);
-                       if (status < 0)
+                       status = parse_part_sign_sha256 (se,
+                                        &buffer, &buffer_size, flags);
+                       if (status != 0)
                        {
                                ERROR ("network plugin: Verifying HMAC-SHA-256 "
                                                "signature failed "
                                                "with status %i.", status);
                                break;
                        }
-                       else if (status > 0)
-                       {
-                               ERROR ("network plugin: Ignoring packet with "
-                                               "invalid HMAC-SHA-256 signature.");
-                               break;
-                       }
-                       else
-                       {
-                               packet_was_signed = 1;
-                       }
                }
 #if HAVE_GCRYPT_H
                else if ((se->security_level == SECURITY_LEVEL_SIGN)
@@ -1122,7 +1192,7 @@ static int parse_packet (receive_list_entry_t *rle) /* {{{ */
 #endif /* HAVE_GCRYPT_H */
                else if (pkg_type == TYPE_VALUES)
                {
-                       status = parse_part_values (&buffer, &buffer_len,
+                       status = parse_part_values (&buffer, &buffer_size,
                                        &vl.values, &vl.values_len);
 
                        if (status != 0)
@@ -1147,7 +1217,7 @@ static int parse_packet (receive_list_entry_t *rle) /* {{{ */
                else if (pkg_type == TYPE_TIME)
                {
                        uint64_t tmp = 0;
-                       status = parse_part_number (&buffer, &buffer_len,
+                       status = parse_part_number (&buffer, &buffer_size,
                                        &tmp);
                        if (status == 0)
                        {
@@ -1158,21 +1228,21 @@ static int parse_packet (receive_list_entry_t *rle) /* {{{ */
                else if (pkg_type == TYPE_INTERVAL)
                {
                        uint64_t tmp = 0;
-                       status = parse_part_number (&buffer, &buffer_len,
+                       status = parse_part_number (&buffer, &buffer_size,
                                        &tmp);
                        if (status == 0)
                                vl.interval = (int) tmp;
                }
                else if (pkg_type == TYPE_HOST)
                {
-                       status = parse_part_string (&buffer, &buffer_len,
+                       status = parse_part_string (&buffer, &buffer_size,
                                        vl.host, sizeof (vl.host));
                        if (status == 0)
                                sstrncpy (n.host, vl.host, sizeof (n.host));
                }
                else if (pkg_type == TYPE_PLUGIN)
                {
-                       status = parse_part_string (&buffer, &buffer_len,
+                       status = parse_part_string (&buffer, &buffer_size,
                                        vl.plugin, sizeof (vl.plugin));
                        if (status == 0)
                                sstrncpy (n.plugin, vl.plugin,
@@ -1180,7 +1250,7 @@ static int parse_packet (receive_list_entry_t *rle) /* {{{ */
                }
                else if (pkg_type == TYPE_PLUGIN_INSTANCE)
                {
-                       status = parse_part_string (&buffer, &buffer_len,
+                       status = parse_part_string (&buffer, &buffer_size,
                                        vl.plugin_instance,
                                        sizeof (vl.plugin_instance));
                        if (status == 0)
@@ -1190,14 +1260,14 @@ static int parse_packet (receive_list_entry_t *rle) /* {{{ */
                }
                else if (pkg_type == TYPE_TYPE)
                {
-                       status = parse_part_string (&buffer, &buffer_len,
+                       status = parse_part_string (&buffer, &buffer_size,
                                        vl.type, sizeof (vl.type));
                        if (status == 0)
                                sstrncpy (n.type, vl.type, sizeof (n.type));
                }
                else if (pkg_type == TYPE_TYPE_INSTANCE)
                {
-                       status = parse_part_string (&buffer, &buffer_len,
+                       status = parse_part_string (&buffer, &buffer_size,
                                        vl.type_instance,
                                        sizeof (vl.type_instance));
                        if (status == 0)
@@ -1206,7 +1276,7 @@ static int parse_packet (receive_list_entry_t *rle) /* {{{ */
                }
                else if (pkg_type == TYPE_MESSAGE)
                {
-                       status = parse_part_string (&buffer, &buffer_len,
+                       status = parse_part_string (&buffer, &buffer_size,
                                        n.message, sizeof (n.message));
 
                        if (status != 0)
@@ -1242,7 +1312,7 @@ static int parse_packet (receive_list_entry_t *rle) /* {{{ */
                else if (pkg_type == TYPE_SEVERITY)
                {
                        uint64_t tmp = 0;
-                       status = parse_part_number (&buffer, &buffer_len,
+                       status = parse_part_number (&buffer, &buffer_size,
                                        &tmp);
                        if (status == 0)
                                n.severity = (int) tmp;
@@ -1253,7 +1323,7 @@ static int parse_packet (receive_list_entry_t *rle) /* {{{ */
                                        " type: 0x%04hx", pkg_type);
                        buffer = ((char *) buffer) + pkg_length;
                }
-       } /* while (buffer_len > sizeof (part_header_t)) */
+       } /* while (buffer_size > sizeof (part_header_t)) */
 
        return (status);
 } /* }}} int parse_packet */
@@ -1711,11 +1781,12 @@ static int network_add_sending_socket (const char *node, /* {{{ */
        return (0);
 } /* }}} int network_add_sending_socket */
 
-static void *dispatch_thread (void __attribute__((unused)) *arg)
+static void *dispatch_thread (void __attribute__((unused)) *arg) /* {{{ */
 {
   while (42)
   {
     receive_list_entry_t *ent;
+    sockent_t *se;
 
     /* Lock and wait for more data to come in */
     pthread_mutex_lock (&receive_list_lock);
@@ -1734,13 +1805,26 @@ static void *dispatch_thread (void __attribute__((unused)) *arg)
     if (ent == NULL)
       break;
 
-    parse_packet (ent);
+    /* Look for the correct `sockent_t' */
+    se = listen_sockets;
+    while ((se != NULL) && (se->fd != ent->fd))
+           se = se->next;
+
+    if (se == NULL)
+    {
+           ERROR ("network plugin: Got packet from FD %i, but can't "
+                           "find an appropriate socket entry.",
+                           ent->fd);
+           sfree (ent);
+           continue;
+    }
 
+    parse_packet (se, ent->data, ent->data_len, /* flags = */ 0);
     sfree (ent);
   } /* while (42) */
 
   return (NULL);
-} /* void *dispatch_thread */
+} /* }}} void *dispatch_thread */
 
 static int network_receive (void)
 {
@@ -2000,7 +2084,7 @@ static void networt_send_buffer_encrypted (sockent_t *se, /* {{{ */
   pea.orig_length = htons ((uint16_t) in_buffer_size);
 
   /* Chose a random initialization vector. */
-  gcry_randomize (&pea.iv, sizeof (pea.iv), GCRY_STRONG_RANDOM);
+  gcry_randomize ((void *) &pea.iv, sizeof (pea.iv), GCRY_STRONG_RANDOM);
 
   /* Create hash of the payload */
   gcry_md_hash_buffer (GCRY_MD_SHA1, pea.hash, in_buffer, in_buffer_size);
@@ -2008,7 +2092,7 @@ static void networt_send_buffer_encrypted (sockent_t *se, /* {{{ */
   /* Fill the extra field with random values. Some entropy in the encrypted
    * data is usually not a bad thing, I hope. */
   if (padding_size > 0)
-    gcry_randomize (&pea.padding, padding_size, GCRY_STRONG_RANDOM);
+    gcry_randomize ((void *) &pea.padding, padding_size, GCRY_STRONG_RANDOM);
 
   /* Initialize the buffer */
   buffer_offset = 0;