Date: Tue, 8 May 2001 23:45:45 -0400 (EDT) From: "Andrew R. Reiter" <arr@watson.org> To: freebsd-audit@freebsd.org Subject: audit work: cmds.c from timedc Message-ID: <Pine.NEB.3.96L.1010508234228.79826A-200000@fledge.watson.org>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Hey, The attached patch accounts for a few sync ups to openbsd... they are: - check the msg.tsp_type value prior to using it as an index into char *tsptype[] - use strlcpy's instead of strcpy's - & handle short packets properly. The patch can also be found at: http://www.watson.org/~arr/fbsd-audit/usr.sbin/timed/timedc/ comments appreciated Thanks, Andrew *-------------................................................. | Andrew R. Reiter | arr@fledge.watson.org | "It requires a very unusual mind | to undertake the analysis of the obvious" -- A.N. Whitehead [-- Attachment #2 --] --- cmds.c.orig Tue May 8 19:52:38 2001 +++ cmds.c Tue May 8 20:40:40 2001 @@ -277,7 +277,7 @@ fd_set ready; struct sockaddr_in dest; int i, length; - struct sockaddr from; + struct sockaddr_in from; struct timeval tout; struct tsp msg; struct servent *srvp; @@ -308,7 +308,7 @@ } bcopy(hp->h_addr, &dest.sin_addr.s_addr, hp->h_length); - (void)strcpy(msg.tsp_name, myname); + (void)strlcpy(msg.tsp_name, myname, sizeof(msg.tsp_name)); msg.tsp_type = TSP_MSITE; msg.tsp_vers = TSPVERSION; bytenetorder(&msg); @@ -325,20 +325,31 @@ FD_SET(sock, &ready); if (select(FD_SETSIZE, &ready, (fd_set *)0, (fd_set *)0, &tout)) { - length = sizeof(struct sockaddr); + length = sizeof(from); cc = recvfrom(sock, &msg, sizeof(struct tsp), 0, - &from, &length); + (struct sockaddr *)&from, &length); if (cc < 0) { warn("recvfrom"); continue; } + if (cc < sizeof(struct tsp)) { + fprintf(stderr, + "short packet (%u/%u bytes) from %s\n", + cc, sizeof(struct tsp), + inet_ntoa(from.sin_addr)); + continue; + } bytehostorder(&msg); if (msg.tsp_type == TSP_ACK) { printf("master timedaemon at %s is %s\n", tgtname, msg.tsp_name); } else { - printf("received wrong ack: %s\n", - tsptype[msg.tsp_type]); + if (msg.tsp_type >= TSPTYPENUMBER + printf("unknown ack received: %u\n", + msg.tsp_type); + else + printf("wrong ack received: %s\n", + tsptype[msg.tsp_type]); } } else { printf("communication error with %s\n", tgtname); @@ -397,7 +408,7 @@ msg.tsp_vers = TSPVERSION; if (gethostname(myname, sizeof(myname) - 1) < 0) err(1, "gethostname"); - (void)strcpy(msg.tsp_name, myname); + (void)strlcpy(msg.tsp_name, myname, sizeof(msg.tsp_name)); bytenetorder(&msg); if (sendto(sock, &msg, sizeof(struct tsp), 0, (struct sockaddr*)&sin, @@ -421,7 +432,7 @@ int cc; fd_set ready; struct sockaddr_in dest; - struct sockaddr from; + struct sockaddr_in from; struct timeval tout; struct tsp msg; struct servent *srvp; @@ -466,22 +477,32 @@ FD_ZERO(&ready); FD_SET(sock, &ready); if (select(FD_SETSIZE, &ready, (fd_set *)0, (fd_set *)0, &tout)) { - length = sizeof(struct sockaddr); + length = sizeof(from); cc = recvfrom(sock, &msg, sizeof(struct tsp), 0, - &from, &length); + (struct sockaddr *)&from, &length); if (cc < 0) { warn("recvfrom"); return; } + if (cc < sizeof(struct tsp)) { + fprintf(stderr, "short pack (%u/%u bytes) from %s\n", + cc, sizeof(struct tsp), inet_ntoa(from.sin_addr)); + return; + } bytehostorder(&msg); if (msg.tsp_type == TSP_ACK) if (onflag) printf("timed tracing enabled\n"); else printf("timed tracing disabled\n"); - else - printf("wrong ack received: %s\n", + else { + if (msg.tsp_type >= TSPTYPENUMBER) + printf("unknown ack received: %u\n", + msg.tsp_type); + else + printf("wrong ack received: %s\n", tsptype[msg.tsp_type]); + } } else printf("communication error\n"); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010508234228.79826A-200000>