From 7864c7a70ce00369194e734eb2842ecc5f8db531 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed, 13 Jan 2010 17:40:20 +0100
Subject: [PATCH 1/3] Don't reply to invalid chronyc packets
---
cmdmon.c | 49 +++++++++++++++++++++++++++----------------------
1 files changed, 27 insertions(+), 22 deletions(-)
diff --git a/cmdmon.c b/cmdmon.c
index e88d7c3..c9ce0e9 100644
--- a/cmdmon.c
+++ b/cmdmon.c
@@ -1593,6 +1593,7 @@ read_from_cmd_socket(void *anything)
int valid_ts;
int authenticated;
int localhost;
+ int allowed;
unsigned short rx_command;
unsigned long rx_message_token;
unsigned long tx_message_token;
@@ -1642,8 +1643,31 @@ read_from_cmd_socket(void *anything)
localhost = (remote_ip == 0x7f000001UL);
- if ((!ADF_IsAllowed(access_auth_table, remote_ip)) &&
- (!localhost)) {
+ allowed = ADF_IsAllowed(access_auth_table, remote_ip) || localhost;
+
+ if ((read_length < offsetof(CMD_Request, data)) ||
+ (rx_message.version != PROTO_VERSION_NUMBER) ||
+ (rx_message.pkt_type != PKT_TYPE_CMD_REQUEST) ||
+ (rx_message.res1 != 0) ||
+ (rx_message.res2 != 0)) {
+
+ /* We don't know how to process anything like this */
+ if (allowed)
+ CLG_LogCommandAccess(remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
+
+ return;
+ }
+
+ if (read_length != expected_length) {
+ LOG(LOGS_WARN, LOGF_CmdMon, "Read incorrectly sized packet from %s:%hu", UTI_IPToDottedQuad(remote_ip), remote_port);
+ if (allowed)
+ CLG_LogCommandAccess(remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
+ /* For now, just ignore the packet. We may want to send a reply
+ back eventually */
+ return;
+ }
+
+ if (!allowed) {
/* The client is not allowed access, so don't waste any more time
on him. Note that localhost is always allowed access
regardless of the defined access rules - otherwise, we could
@@ -1664,25 +1688,6 @@ read_from_cmd_socket(void *anything)
}
- if (read_length != expected_length) {
- LOG(LOGS_WARN, LOGF_CmdMon, "Read incorrectly sized packet from %s:%hu", UTI_IPToDottedQuad(remote_ip), remote_port);
- CLG_LogCommandAccess(remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
- /* For now, just ignore the packet. We may want to send a reply
- back eventually */
- return;
- }
-
- if ((rx_message.version != PROTO_VERSION_NUMBER) ||
- (rx_message.pkt_type != PKT_TYPE_CMD_REQUEST) ||
- (rx_message.res1 != 0) ||
- (rx_message.res2 != 0)) {
-
- /* We don't know how to process anything like this */
- CLG_LogCommandAccess(remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
-
- return;
- }
-
rx_command = ntohs(rx_message.command);
/* OK, we have a valid message. Now dispatch on message type and process it. */
@@ -1809,7 +1814,7 @@ read_from_cmd_socket(void *anything)
tx_message.status = htons(STT_INVALID);
tx_message.reply = htons(RPY_NULL);
} else {
- int allowed = 0;
+ allowed = 0;
/* Check level of authority required to issue the command */
switch(permissions[rx_command]) {
--
1.6.5.2