[Git][NTPsec/ntpsec][issue-579] 3 commits: NTS: Check K-length on reading cookie file

Matt Selsky gitlab at mg.gitlab.com
Sat Mar 23 01:46:58 UTC 2019 


Matt Selsky pushed to branch issue-579 at NTPsec / ntpsec


Commits:
8bddc9af by Hal Murray at 2019-03-21T21:10:43Z
NTS: Check K-length on reading cookie file
This might fix Coverity (#580), but I don't
understand what it is complaining about.

- - - - -
99c6f0d4 by Hal Murray at 2019-03-22T04:34:12Z
NTS: change "ntp" to "123" for getaddrinfo

- - - - -
6187b423 by Matt Selsky at 2019-03-23T01:46:50Z
Update Coverity CI build to include all refclocks

Fixes GitLab #579
- - - - -


3 changed files:

- .gitlab-ci.yml
- ntpd/nts_client.c
- ntpd/nts_cookie.c


Changes:

=====================================
.gitlab-ci.yml
=====================================
@@ -578,7 +578,7 @@ gentoo-hardened-refclocks:
 
 coverity-scan:
   script:
-    - ./waf configure
+    - ./waf configure --refclock=all
     - /opt/cov-analysis/bin/cov-build --dir cov-int ./waf build
     - tar czf ntpsec_coverity.tgz cov-int
     - curl --form token=$COVERITY_TOKEN --form email=security at ntpsec.org --form file=@ntpsec_coverity.tgz --form version="$(git rev-parse --short HEAD)" --form description="Automatic submission by gitlab-ci" https://scan.coverity.com/builds?project=ntpsec


=====================================
ntpd/nts_client.c
=====================================
@@ -213,7 +213,7 @@ int open_TCP_socket(struct peer *peer) {
   }
   if (NULL == tmp) {
     /* simple case, no : */
-    strlcpy(port, "ntp", sizeof(port));
+    strlcpy(port, "123", sizeof(port));
   } else {
     /* Complicated case, found a : */
     *tmp++ = 0;


=====================================
ntpd/nts_cookie.c
=====================================
@@ -161,8 +161,7 @@ bool nts_read_cookie_keys(void) {
   if (1 != fscanf(in, "T: %lu\n", &templ)) goto bail;
   K_time = templ;
   if (1 != fscanf(in, "L: %d\n", &K_length)) goto bail;
-  if (NTS_MAX_KEYLEN < K_length) goto bail;
-  // FIXME check K_length is 32, 48, or 64
+  if ( !((32 == K_length) || (48 == K_length) || (64 == K_length))) goto bail;
   if (1 != fscanf(in, "I: %u\n", &I)) goto bail;
   if (0 != fscanf(in, "K: ")) goto bail;
   for (int i=0; i< K_length; i++) {



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/4e4abdd0257e4230126cdd368ff59a7290fd1d8c...6187b4239cd0aaf227d63c3aa4755c19a4e87221

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/4e4abdd0257e4230126cdd368ff59a7290fd1d8c...6187b4239cd0aaf227d63c3aa4755c19a4e87221
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190323/5e68c14d/attachment-0001.html>

More information about the vc mailing list