diff options
author | Renato Botelho <renato@netgate.com> | 2016-05-03 08:55:02 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2016-05-03 08:55:02 -0300 |
commit | 5081bace2b0bdb7140682f44a429ab5ef9e71751 (patch) | |
tree | d061b3d4735aaab475bafa19055993adf3dd675f /contrib/ntp/libntp/authreadkeys.c | |
parent | 25206d6ba449fcddd116840c00b967fbd620f735 (diff) | |
parent | 39baf3a8165fd1fa06257b6812862e7113c5b905 (diff) | |
download | FreeBSD-src-5081bace2b0bdb7140682f44a429ab5ef9e71751.zip FreeBSD-src-5081bace2b0bdb7140682f44a429ab5ef9e71751.tar.gz |
Merge remote-tracking branch 'origin/releng/10.3' into RELENG_2_3
Diffstat (limited to 'contrib/ntp/libntp/authreadkeys.c')
-rw-r--r-- | contrib/ntp/libntp/authreadkeys.c | 103 |
1 files changed, 59 insertions, 44 deletions
diff --git a/contrib/ntp/libntp/authreadkeys.c b/contrib/ntp/libntp/authreadkeys.c index 1d4ee30..e9273ad 100644 --- a/contrib/ntp/libntp/authreadkeys.c +++ b/contrib/ntp/libntp/authreadkeys.c @@ -101,13 +101,33 @@ log_maybe( ...) { va_list ap; - if (++(*pnerr) <= nerr_loglimit) { + if ((NULL == pnerr) || (++(*pnerr) <= nerr_loglimit)) { va_start(ap, fmt); mvsyslog(LOG_ERR, fmt, ap); va_end(ap); } } +static void +free_keydata( + KeyDataT *node + ) +{ + KeyAccT *kap; + + if (node) { + while (node->keyacclist) { + kap = node->keyacclist; + node->keyacclist = kap->next; + free(kap); + } + + /* purge secrets from memory before free()ing it */ + memset(node, 0, sizeof(*node) + node->seclen); + free(node); + } +} + /* * authreadkeys - (re)read keys from a file. */ @@ -156,7 +176,7 @@ authreadkeys( * First is key number. See if it is okay. */ keyno = atoi(token); - if (keyno == 0) { + if (keyno < 1) { log_maybe(&nerr, "authreadkeys: cannot change key %s", token); @@ -180,6 +200,14 @@ authreadkeys( keyno); continue; } + + /* We want to silently ignore keys where we do not + * support the requested digest type. OTOH, we want to + * make sure the file is well-formed. That means we + * have to process the line completely and have to + * finally throw away the result... This is a bit more + * work, but it also results in better error detection. + */ #ifdef OPENSSL /* * The key type is the NID used by the message digest @@ -189,30 +217,28 @@ authreadkeys( */ keytype = keytype_from_text(token, NULL); if (keytype == 0) { - log_maybe(&nerr, + log_maybe(NULL, "authreadkeys: invalid type for key %d", keyno); - continue; - } - if (EVP_get_digestbynid(keytype) == NULL) { - log_maybe(&nerr, + } else if (EVP_get_digestbynid(keytype) == NULL) { + log_maybe(NULL, "authreadkeys: no algorithm for key %d", keyno); - continue; + keytype = 0; } #else /* !OPENSSL follows */ - /* * The key type is unused, but is required to be 'M' or * 'm' for compatibility. */ if (!(*token == 'M' || *token == 'm')) { - log_maybe(&nerr, + log_maybe(NULL, "authreadkeys: invalid type for key %d", keyno); - continue; + keytype = 0; + } else { + keytype = KEY_TYPE_MD5; } - keytype = KEY_TYPE_MD5; #endif /* !OPENSSL */ /* @@ -269,26 +295,22 @@ authreadkeys( } token = nexttok(&line); -DPRINTF(0, ("authreadkeys: full access list <%s>\n", (token) ? token : "NULL")); + DPRINTF(0, ("authreadkeys: full access list <%s>\n", (token) ? token : "NULL")); if (token != NULL) { /* A comma-separated IP access list */ char *tp = token; while (tp) { char *i; - KeyAccT ka; + sockaddr_u addr; i = strchr(tp, (int)','); if (i) *i = '\0'; -DPRINTF(0, ("authreadkeys: access list: <%s>\n", tp)); + DPRINTF(0, ("authreadkeys: access list: <%s>\n", tp)); - if (is_ip_address(tp, AF_UNSPEC, &ka.addr)) { - KeyAccT *kap; - - kap = emalloc(sizeof(KeyAccT)); - memcpy(kap, &ka, sizeof ka); - kap->next = next->keyacclist; - next->keyacclist = kap; + if (is_ip_address(tp, AF_UNSPEC, &addr)) { + next->keyacclist = keyacc_new_push( + next->keyacclist, &addr); } else { log_maybe(&nerr, "authreadkeys: invalid IP address <%s> for key %d", @@ -303,21 +325,25 @@ DPRINTF(0, ("authreadkeys: access list: <%s>\n", tp)); } } + /* check if this has to be weeded out... */ + if (0 == keytype) { + free_keydata(next); + next = NULL; + continue; + } + INSIST(NULL != next); next->next = list; list = next; } fclose(fp); - if (nerr > nerr_maxlimit) { - msyslog(LOG_ERR, - "authreadkeys: rejecting file '%s' after %u errors (emergency break)", - file, nerr); - goto onerror; - } if (nerr > 0) { + const char * why = ""; + if (nerr > nerr_maxlimit) + why = " (emergency break)"; msyslog(LOG_ERR, - "authreadkeys: rejecting file '%s' after %u error(s)", - file, nerr); + "authreadkeys: rejecting file '%s' after %u error(s)%s", + file, nerr, why); goto onerror; } @@ -328,9 +354,8 @@ DPRINTF(0, ("authreadkeys: access list: <%s>\n", tp)); list = next->next; MD5auth_setkey(next->keyid, next->keytype, next->secbuf, next->seclen, next->keyacclist); - /* purge secrets from memory before free()ing it */ - memset(next, 0, sizeof(*next) + next->seclen); - free(next); + next->keyacclist = NULL; /* consumed by MD5auth_setkey */ + free_keydata(next); } return (1); @@ -338,17 +363,7 @@ DPRINTF(0, ("authreadkeys: access list: <%s>\n", tp)); /* Mop up temporary storage before bailing out. */ while (NULL != (next = list)) { list = next->next; - - while (next->keyacclist) { - KeyAccT *kap = next->keyacclist; - - next->keyacclist = kap->next; - free(kap); - } - - /* purge secrets from memory before free()ing it */ - memset(next, 0, sizeof(*next) + next->seclen); - free(next); + free_keydata(next); } return (0); } |