From 7864c7a70ce00369194e734eb2842ecc5f8db531 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Wed, 13 Jan 2010 17:40:20 +0100 Subject: [PATCH] Don't reply to invalid chronyc packets --- cmdmon.c | 49 +++++++++++++++++++++++++++---------------------- 1 file changed, 27 insertions(+), 22 deletions(-) diff --git a/cmdmon.c b/cmdmon.c index e88d7c3..c9ce0e9 100644 --- a/cmdmon.c +++ b/cmdmon.c @@ -1593,6 +1593,7 @@ read_from_cmd_socket(void *anything) int valid_ts; int authenticated; int localhost; + int allowed; unsigned short rx_command; unsigned long rx_message_token; unsigned long tx_message_token; @@ -1642,8 +1643,31 @@ read_from_cmd_socket(void *anything) localhost = (remote_ip == 0x7f000001UL); - if ((!ADF_IsAllowed(access_auth_table, remote_ip)) && - (!localhost)) { + allowed = ADF_IsAllowed(access_auth_table, remote_ip) || localhost; + + if ((read_length < offsetof(CMD_Request, data)) || + (rx_message.version != PROTO_VERSION_NUMBER) || + (rx_message.pkt_type != PKT_TYPE_CMD_REQUEST) || + (rx_message.res1 != 0) || + (rx_message.res2 != 0)) { + + /* We don't know how to process anything like this */ + if (allowed) + CLG_LogCommandAccess(remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec); + + return; + } + + if (read_length != expected_length) { + LOG(LOGS_WARN, LOGF_CmdMon, "Read incorrectly sized packet from %s:%hu", UTI_IPToDottedQuad(remote_ip), remote_port); + if (allowed) + CLG_LogCommandAccess(remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec); + /* For now, just ignore the packet. We may want to send a reply + back eventually */ + return; + } + + if (!allowed) { /* The client is not allowed access, so don't waste any more time on him. Note that localhost is always allowed access regardless of the defined access rules - otherwise, we could @@ -1664,25 +1688,6 @@ read_from_cmd_socket(void *anything) } - if (read_length != expected_length) { - LOG(LOGS_WARN, LOGF_CmdMon, "Read incorrectly sized packet from %s:%hu", UTI_IPToDottedQuad(remote_ip), remote_port); - CLG_LogCommandAccess(remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec); - /* For now, just ignore the packet. We may want to send a reply - back eventually */ - return; - } - - if ((rx_message.version != PROTO_VERSION_NUMBER) || - (rx_message.pkt_type != PKT_TYPE_CMD_REQUEST) || - (rx_message.res1 != 0) || - (rx_message.res2 != 0)) { - - /* We don't know how to process anything like this */ - CLG_LogCommandAccess(remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec); - - return; - } - rx_command = ntohs(rx_message.command); /* OK, we have a valid message. Now dispatch on message type and process it. */ @@ -1809,7 +1814,7 @@ read_from_cmd_socket(void *anything) tx_message.status = htons(STT_INVALID); tx_message.reply = htons(RPY_NULL); } else { - int allowed = 0; + allowed = 0; /* Check level of authority required to issue the command */ switch(permissions[rx_command]) {