[Git][NTPsec/ntpsec][master] Make sendpkt() take void* for data

Daniel Fox Franke gitlab at mg.gitlab.com
Wed Jun 29 17:13:11 UTC 2016 

Daniel Fox Franke pushed to branch master at NTPsec / ntpsec


Commits:
e53fdfd6 by Daniel Fox Franke at 2016-06-29T13:12:33-04:00
Make sendpkt() take void* for data

- - - - -


5 changed files:

- include/ntpd.h
- ntpd/ntp_control.c
- ntpd/ntp_intercept.c
- ntpd/ntp_intercept.h
- ntpd/ntp_io.c


Changes:

=====================================
include/ntpd.h
=====================================
--- a/include/ntpd.h
+++ b/include/ntpd.h
@@ -126,7 +126,7 @@ extern	void	io_setbclient	(void);
 extern	void	io_unsetbclient	(void);
 extern	void	io_multicast_add(sockaddr_u *);
 extern	void	io_multicast_del(sockaddr_u *);
-extern	void	sendpkt 	(sockaddr_u *, struct interface *, int, struct pkt *, int);
+extern	void	sendpkt 	(sockaddr_u *, struct interface *, int, void *, int);
 #ifdef DEBUG
 extern	void	collect_timing  (struct recvbuf *, const char *, int, l_fp *);
 #endif


=====================================
ntpd/ntp_control.c
=====================================
--- a/ntpd/ntp_control.c
+++ b/ntpd/ntp_control.c
@@ -721,11 +721,11 @@ ctl_error(
 		maclen = authencrypt(res_keyid, (uint32_t *)&rpkt,
 				     CTL_HEADER_LEN);
 		intercept_sendpkt(__func__,
-				  rmt_addr, lcl_inter, -2, (void *)&rpkt,
+				  rmt_addr, lcl_inter, -2, &rpkt,
 				  CTL_HEADER_LEN + maclen);
 	} else
 		intercept_sendpkt(__func__,
-			      rmt_addr, lcl_inter, -3, (void *)&rpkt,
+			      rmt_addr, lcl_inter, -3, &rpkt,
 			      CTL_HEADER_LEN);
 }
 
@@ -1025,10 +1025,10 @@ ctl_flushpkt(
 			maclen = authencrypt(res_keyid,
 					     (uint32_t *)&rpkt, totlen);
 			intercept_sendpkt(__func__, rmt_addr, lcl_inter, -5,
-				(struct pkt *)&rpkt, totlen + maclen);
+				&rpkt, totlen + maclen);
 		} else {
 			intercept_sendpkt(__func__, rmt_addr, lcl_inter, -6,
-				(struct pkt *)&rpkt, sendlen);
+				&rpkt, sendlen);
 		}
 		if (more)
 			numctlfrags++;


=====================================
ntpd/ntp_intercept.c
=====================================
--- a/ntpd/ntp_intercept.c
+++ b/ntpd/ntp_intercept.c
@@ -713,6 +713,9 @@ static void packet_dump(char *buf, size_t buflen,
     size_t i;
     /*
      * Format is three tokens: source address, packet, MAC token. 
+     *
+     * FIXME: struct pkt fields are in network byte order. Need to
+     * add htonl()/ntohl() calls here and in packet_parse().
      */
     snprintf(buf, buflen, "%s %d:%d:%d:%d:%u:%u:%u:%s:%s:%s:%s ",
 	   socktoa(dest),
@@ -795,11 +798,21 @@ static void recvbuf_dump(char *buf, size_t buflen, struct recvbuf *rbufp)
 
 void intercept_sendpkt(const char *legend,
 		  sockaddr_u *dest, struct interface *ep, int ttl,
-		  struct pkt *pkt, int len)
+		  void *pkt, int len)
 {
     char pkt_dump[BUFSIZ], newpacket[BUFSIZ];
 
-    packet_dump(pkt_dump, sizeof(pkt_dump), dest, pkt, len);
+    /* FIXME: packet_dump expects a well formed struct pkt, but this
+       function is also called from ntp_control.c with other data.
+       Until packet_dump is rewritten to use parse_packet(),
+       to avoid a possible out-of-bounds read just shortcut to calling
+       sendpkt when len < 48. */
+    if(len < (int)LEN_PKT_NOMAC) {
+      sendpkt(dest, ep, ttl, pkt, len);
+      return;
+    }
+
+    packet_dump(pkt_dump, sizeof(pkt_dump), dest, (struct pkt*)pkt, len);
     snprintf(newpacket, sizeof(newpacket), "sendpkt %s %s\n", legend, pkt_dump);
 
     if (mode == replay)


=====================================
ntpd/ntp_intercept.h
=====================================
--- a/ntpd/ntp_intercept.h
+++ b/ntpd/ntp_intercept.h
@@ -22,7 +22,7 @@ void intercept_getconfig(const char *);
 void intercept_get_systime(const char *, l_fp *);
 long intercept_ntp_random(const char *);
 void intercept_sendpkt(const char *,
-		       sockaddr_u *, struct interface *, int, struct pkt *, int);
+		       sockaddr_u *, struct interface *, int, void *, int);
 void intercept_receive(struct recvbuf *);
 bool intercept_drift_read(const char *, double *);
 void intercept_drift_write(char *, double);


=====================================
ntpd/ntp_io.c
=====================================
--- a/ntpd/ntp_io.c
+++ b/ntpd/ntp_io.c
@@ -3110,7 +3110,7 @@ sendpkt(
 	sockaddr_u *		dest,
 	struct interface *	ep,
 	int			ttl,
-	struct pkt *		pkt,
+	void *			pkt,
 	int			len
 	)
 {
@@ -3186,7 +3186,7 @@ sendpkt(
 #ifdef SIM
 		cc = simulate_server(dest, src, pkt);
 #else
-		cc = sendto(src->fd, (char *)pkt, (u_int)len, 0,
+		cc = sendto(src->fd, pkt, (u_int)len, 0,
 			    &dest->sa, SOCKLEN(dest));
 #endif
 		if (cc == -1) {



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/e53fdfd62a9d4b0b0786c0967dabd4b9fdc0487e
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntpsec.org/pipermail/vc/attachments/20160629/e5819009/attachment.html>

More information about the vc mailing list