Don't reply to invalid chronyc packets
This commit is contained in:
Miroslav Lichvar
parent
5331e1a146
commit
7864c7a70c
1 changed files with 27 additions and 22 deletions
49
cmdmon.c
49
cmdmon.c
|
|
@ -1593,6 +1593,7 @@ read_from_cmd_socket(void *anything)
|
|||
int valid_ts;
|
||||
int authenticated;
|
||||
int localhost;
|
||||
int allowed;
|
||||
unsigned short rx_command;
|
||||
unsigned long rx_message_token;
|
||||
unsigned long tx_message_token;
|
||||
|
|
@ -1642,8 +1643,31 @@ read_from_cmd_socket(void *anything)
|
|||
|
||||
localhost = (remote_ip == 0x7f000001UL);
|
||||
|
||||
if ((!ADF_IsAllowed(access_auth_table, remote_ip)) &&
|
||||
(!localhost)) {
|
||||
allowed = ADF_IsAllowed(access_auth_table, remote_ip) || localhost;
|
||||
|
||||
if ((read_length < offsetof(CMD_Request, data)) ||
|
||||
(rx_message.version != PROTO_VERSION_NUMBER) ||
|
||||
(rx_message.pkt_type != PKT_TYPE_CMD_REQUEST) ||
|
||||
(rx_message.res1 != 0) ||
|
||||
(rx_message.res2 != 0)) {
|
||||
|
||||
/* We don't know how to process anything like this */
|
||||
if (allowed)
|
||||
CLG_LogCommandAccess(remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
if (read_length != expected_length) {
|
||||
LOG(LOGS_WARN, LOGF_CmdMon, "Read incorrectly sized packet from %s:%hu", UTI_IPToDottedQuad(remote_ip), remote_port);
|
||||
if (allowed)
|
||||
CLG_LogCommandAccess(remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
|
||||
/* For now, just ignore the packet. We may want to send a reply
|
||||
back eventually */
|
||||
return;
|
||||
}
|
||||
|
||||
if (!allowed) {
|
||||
/* The client is not allowed access, so don't waste any more time
|
||||
on him. Note that localhost is always allowed access
|
||||
regardless of the defined access rules - otherwise, we could
|
||||
|
|
@ -1664,25 +1688,6 @@ read_from_cmd_socket(void *anything)
|
|||
}
|
||||
|
||||
|
||||
if (read_length != expected_length) {
|
||||
LOG(LOGS_WARN, LOGF_CmdMon, "Read incorrectly sized packet from %s:%hu", UTI_IPToDottedQuad(remote_ip), remote_port);
|
||||
CLG_LogCommandAccess(remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
|
||||
/* For now, just ignore the packet. We may want to send a reply
|
||||
back eventually */
|
||||
return;
|
||||
}
|
||||
|
||||
if ((rx_message.version != PROTO_VERSION_NUMBER) ||
|
||||
(rx_message.pkt_type != PKT_TYPE_CMD_REQUEST) ||
|
||||
(rx_message.res1 != 0) ||
|
||||
(rx_message.res2 != 0)) {
|
||||
|
||||
/* We don't know how to process anything like this */
|
||||
CLG_LogCommandAccess(remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
rx_command = ntohs(rx_message.command);
|
||||
|
||||
/* OK, we have a valid message. Now dispatch on message type and process it. */
|
||||
|
|
@ -1809,7 +1814,7 @@ read_from_cmd_socket(void *anything)
|
|||
tx_message.status = htons(STT_INVALID);
|
||||
tx_message.reply = htons(RPY_NULL);
|
||||
} else {
|
||||
int allowed = 0;
|
||||
allowed = 0;
|
||||
|
||||
/* Check level of authority required to issue the command */
|
||||
switch(permissions[rx_command]) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue