faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

cmdmon: extend initialization checks

Browse source 
Move the message size checks to a separate function and check also
header size in the command request and reply to catch incompatible
changes.
This commit is contained in:
Miroslav Lichvar 2016-03-14 15:31:11 +01:00
parent e7af875b68
commit 9a4c22db03
1 changed files with 31 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
cmdmon.c
View file

@ -248,45 +248,51 @@ prepare_socket(int family, int port_number)
/* ================================================== */ /* ================================================== */
void static void
CAM_Initialise(int family) do_size_checks(void)
{ {
int i, port_number; int i, request_length, padding_length, reply_length;
CMD_Request request;
CMD_Reply reply;
assert(!initialised); assert(offsetof(CMD_Request, data) == 20);
initialised = 1; assert(offsetof(CMD_Reply, data) == 28);
assert(sizeof (permissions) / sizeof (permissions[0]) == N_REQUEST_TYPES);
for (i = 0; i < N_REQUEST_TYPES; i++) { for (i = 0; i < N_REQUEST_TYPES; i++) {
CMD_Request r; request.version = PROTO_VERSION_NUMBER;
int command_length, padding_length; request.command = htons(i);
request_length = PKL_CommandLength(&request);
r.version = PROTO_VERSION_NUMBER; padding_length = PKL_CommandPaddingLength(&request);
r.command = htons(i); if (padding_length > MAX_PADDING_LENGTH || padding_length > request_length ||
command_length = PKL_CommandLength(&r); request_length > sizeof (CMD_Request) ||
padding_length = PKL_CommandPaddingLength(&r); (request_length && request_length < offsetof(CMD_Request, data)))
if (padding_length > MAX_PADDING_LENGTH || padding_length > command_length ||
command_length > sizeof (CMD_Request) ||
(command_length && command_length < offsetof(CMD_Request, data)))
assert(0); assert(0);
} }
for (i = 1; i < N_REPLY_TYPES; i++) { for (i = 1; i < N_REPLY_TYPES; i++) {
CMD_Reply r; reply.reply = htons(i);
int reply_length; reply.status = STT_SUCCESS;
reply.data.manual_list.n_samples = htonl(MAX_MANUAL_LIST_SAMPLES);
r.reply = htons(i); reply_length = PKL_ReplyLength(&reply);
r.status = STT_SUCCESS;
r.data.manual_list.n_samples = htonl(MAX_MANUAL_LIST_SAMPLES);
reply_length = PKL_ReplyLength(&r);
if ((reply_length && reply_length < offsetof(CMD_Reply, data)) || if ((reply_length && reply_length < offsetof(CMD_Reply, data)) ||
reply_length > sizeof (CMD_Reply)) reply_length > sizeof (CMD_Reply))
assert(0); assert(0);
} }
}
/* ================================================== */
void
CAM_Initialise(int family)
{
int port_number;
assert(!initialised);
assert(sizeof (permissions) / sizeof (permissions[0]) == N_REQUEST_TYPES);
do_size_checks();
initialised = 1;
sock_fdu = -1; sock_fdu = -1;
port_number = CNF_GetCommandPort(); port_number = CNF_GetCommandPort();
if (port_number && (family == IPADDR_UNSPEC || family == IPADDR_INET4)) if (port_number && (family == IPADDR_UNSPEC || family == IPADDR_INET4))