[Git][NTPsec/ntpsec][issue-579] 3 commits: NTS: Check K-length on reading cookie file
Matt Selsky
gitlab at mg.gitlab.com
Sat Mar 23 01:46:58 UTC 2019
Matt Selsky pushed to branch issue-579 at NTPsec / ntpsec
Commits:
8bddc9af by Hal Murray at 2019-03-21T21:10:43Z
NTS: Check K-length on reading cookie file
This might fix Coverity (#580), but I don't
understand what it is complaining about.
- - - - -
99c6f0d4 by Hal Murray at 2019-03-22T04:34:12Z
NTS: change "ntp" to "123" for getaddrinfo
- - - - -
6187b423 by Matt Selsky at 2019-03-23T01:46:50Z
Update Coverity CI build to include all refclocks
Fixes GitLab #579
- - - - -
3 changed files:
- .gitlab-ci.yml
- ntpd/nts_client.c
- ntpd/nts_cookie.c
Changes:
=====================================
.gitlab-ci.yml
=====================================
@@ -578,7 +578,7 @@ gentoo-hardened-refclocks:
coverity-scan:
script:
- - ./waf configure
+ - ./waf configure --refclock=all
- /opt/cov-analysis/bin/cov-build --dir cov-int ./waf build
- tar czf ntpsec_coverity.tgz cov-int
- curl --form token=$COVERITY_TOKEN --form email=security at ntpsec.org --form file=@ntpsec_coverity.tgz --form version="$(git rev-parse --short HEAD)" --form description="Automatic submission by gitlab-ci" https://scan.coverity.com/builds?project=ntpsec
=====================================
ntpd/nts_client.c
=====================================
@@ -213,7 +213,7 @@ int open_TCP_socket(struct peer *peer) {
}
if (NULL == tmp) {
/* simple case, no : */
- strlcpy(port, "ntp", sizeof(port));
+ strlcpy(port, "123", sizeof(port));
} else {
/* Complicated case, found a : */
*tmp++ = 0;
=====================================
ntpd/nts_cookie.c
=====================================
@@ -161,8 +161,7 @@ bool nts_read_cookie_keys(void) {
if (1 != fscanf(in, "T: %lu\n", &templ)) goto bail;
K_time = templ;
if (1 != fscanf(in, "L: %d\n", &K_length)) goto bail;
- if (NTS_MAX_KEYLEN < K_length) goto bail;
- // FIXME check K_length is 32, 48, or 64
+ if ( !((32 == K_length) || (48 == K_length) || (64 == K_length))) goto bail;
if (1 != fscanf(in, "I: %u\n", &I)) goto bail;
if (0 != fscanf(in, "K: ")) goto bail;
for (int i=0; i< K_length; i++) {
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/4e4abdd0257e4230126cdd368ff59a7290fd1d8c...6187b4239cd0aaf227d63c3aa4755c19a4e87221
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/4e4abdd0257e4230126cdd368ff59a7290fd1d8c...6187b4239cd0aaf227d63c3aa4755c19a4e87221
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190323/5e68c14d/attachment-0001.html>
More information about the vc
mailing list