cmdmon: extend initialization checks
Move the message size checks to a separate function and check also header size in the command request and reply to catch incompatible changes.
This commit is contained in:
Miroslav Lichvar
parent
e7af875b68
commit
9a4c22db03
1 changed files with 31 additions and 25 deletions
56
cmdmon.c
56
cmdmon.c
|
|
@ -248,45 +248,51 @@ prepare_socket(int family, int port_number)
|
|||
|
||||
/* ================================================== */
|
||||
|
||||
void
|
||||
CAM_Initialise(int family)
|
||||
static void
|
||||
do_size_checks(void)
|
||||
{
|
||||
int i, port_number;
|
||||
int i, request_length, padding_length, reply_length;
|
||||
CMD_Request request;
|
||||
CMD_Reply reply;
|
||||
|
||||
assert(!initialised);
|
||||
initialised = 1;
|
||||
|
||||
assert(sizeof (permissions) / sizeof (permissions[0]) == N_REQUEST_TYPES);
|
||||
assert(offsetof(CMD_Request, data) == 20);
|
||||
assert(offsetof(CMD_Reply, data) == 28);
|
||||
|
||||
for (i = 0; i < N_REQUEST_TYPES; i++) {
|
||||
CMD_Request r;
|
||||
int command_length, padding_length;
|
||||
|
||||
r.version = PROTO_VERSION_NUMBER;
|
||||
r.command = htons(i);
|
||||
command_length = PKL_CommandLength(&r);
|
||||
padding_length = PKL_CommandPaddingLength(&r);
|
||||
if (padding_length > MAX_PADDING_LENGTH || padding_length > command_length ||
|
||||
command_length > sizeof (CMD_Request) ||
|
||||
(command_length && command_length < offsetof(CMD_Request, data)))
|
||||
request.version = PROTO_VERSION_NUMBER;
|
||||
request.command = htons(i);
|
||||
request_length = PKL_CommandLength(&request);
|
||||
padding_length = PKL_CommandPaddingLength(&request);
|
||||
if (padding_length > MAX_PADDING_LENGTH || padding_length > request_length ||
|
||||
request_length > sizeof (CMD_Request) ||
|
||||
(request_length && request_length < offsetof(CMD_Request, data)))
|
||||
assert(0);
|
||||
}
|
||||
|
||||
for (i = 1; i < N_REPLY_TYPES; i++) {
|
||||
CMD_Reply r;
|
||||
int reply_length;
|
||||
|
||||
r.reply = htons(i);
|
||||
r.status = STT_SUCCESS;
|
||||
r.data.manual_list.n_samples = htonl(MAX_MANUAL_LIST_SAMPLES);
|
||||
reply_length = PKL_ReplyLength(&r);
|
||||
reply.reply = htons(i);
|
||||
reply.status = STT_SUCCESS;
|
||||
reply.data.manual_list.n_samples = htonl(MAX_MANUAL_LIST_SAMPLES);
|
||||
reply_length = PKL_ReplyLength(&reply);
|
||||
if ((reply_length && reply_length < offsetof(CMD_Reply, data)) ||
|
||||
reply_length > sizeof (CMD_Reply))
|
||||
assert(0);
|
||||
}
|
||||
}
|
||||
|
||||
/* ================================================== */
|
||||
|
||||
void
|
||||
CAM_Initialise(int family)
|
||||
{
|
||||
int port_number;
|
||||
|
||||
assert(!initialised);
|
||||
assert(sizeof (permissions) / sizeof (permissions[0]) == N_REQUEST_TYPES);
|
||||
do_size_checks();
|
||||
|
||||
initialised = 1;
|
||||
sock_fdu = -1;
|
||||
|
||||
port_number = CNF_GetCommandPort();
|
||||
|
||||
if (port_number && (family == IPADDR_UNSPEC || family == IPADDR_INET4))
|
||||
|
|
|
|||
Loading…
Reference in a new issue