[Git][NTPsec/ntpsec][master] 2 commits: NTS: Check K-length on reading cookie file

[Hal Murray]

Hal Murray pushed to branch master at NTPsec / ntpsec


Commits:
8bddc9af by Hal Murray at 2019-03-21T21:10:43Z
NTS: Check K-length on reading cookie file
This might fix Coverity (#580), but I don't
understand what it is complaining about.

- - - - -
99c6f0d4 by Hal Murray at 2019-03-22T04:34:12Z
NTS: change "ntp" to "123" for getaddrinfo

- - - - -


2 changed files:

- ntpd/nts_client.c
- ntpd/nts_cookie.c


Changes:

=====================================
ntpd/nts_client.c
=====================================
@@ -213,7 +213,7 @@ int open_TCP_socket(struct peer *peer) {
   }
   if (NULL == tmp) {
     /* simple case, no : */
-    strlcpy(port, "ntp", sizeof(port));
+    strlcpy(port, "123", sizeof(port));
   } else {
     /* Complicated case, found a : */
     *tmp++ = 0;


=====================================
ntpd/nts_cookie.c
=====================================
@@ -161,8 +161,7 @@ bool nts_read_cookie_keys(void) {
   if (1 != fscanf(in, "T: %lu\n", &templ)) goto bail;
   K_time = templ;
   if (1 != fscanf(in, "L: %d\n", &K_length)) goto bail;
-  if (NTS_MAX_KEYLEN < K_length) goto bail;
-  // FIXME check K_length is 32, 48, or 64
+  if ( !((32 == K_length) || (48 == K_length) || (64 == K_length))) goto bail;
   if (1 != fscanf(in, "I: %u\n", &I)) goto bail;
   if (0 != fscanf(in, "K: ")) goto bail;
   for (int i=0; i< K_length; i++) {



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/12e409aa48d5266aadf2b2fea47b9dee89fda103...99c6f0d460963b86362234b4d6332fefca4caaa3

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/12e409aa48d5266aadf2b2fea47b9dee89fda103...99c6f0d460963b86362234b4d6332fefca4caaa3
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190322/36014faf/attachment.html>