From: Lars Ellenberg <lars.ellenberg@linbit.com>
To: drbd-dev@lists.linbit.com
Subject: Re: [Drbd-dev] Only 63 characters maximum allowed for shared secret (and other string values)
Date: Tue, 12 Mar 2013 22:24:50 +0100 [thread overview]
Message-ID: <20130312212450.GB19508@soda.linbit> (raw)
In-Reply-To: <6693492.FO78ceTEC3@itsj>
On Tue, Mar 12, 2013 at 11:29:10AM +0100, Tijs Van Buggenhout wrote:
> Hi,
>
> In the online users-guide manual (and man 8 drbdsetup) I can read the
> following for shared-secret keyword: "The shared secret used in peer
> authentication. May be up to 64 characters."
>
> This seems to be inaccurate, as only 63 characters can be defined as valid
> value for the keyword, otherwise an error is raised. 64 bytes is the buffer
> size for the value of the keyword (drbd/linux/drbd.h:#define SHARED_SECRET_MAX
> 64) but it needs to be null terminated, hence one character is lost..
Right. So the documentation is off by one.
> which would make one believe SHARED_SECRET_MAX is actually the maximum length
> allowed for shared secret (SHARED_SECRET_MAX correspons with maxlen parameter
> of __str_field_def macro).
Maximum payload including terminating NUL.
> Also in the same file, __str_field macro is defined as:
> where NLA_NUL_STRING is introduced as nla type for the field, meaning..
>
> user/libgenl.h: * NLA_NUL_STRING Maximum length of string (excluding
> NUL)
exactly, but what is described there is the .len member of the policy struct.
> #define __array(attr_nr, attr_flag, name, nla_type, _type, maxlen, \
> __get, __put, __is_signed) \
> [attr_nr] = { .type = nla_type, \
> .len = maxlen - (nla_type == NLA_NUL_STRING) },
>
> the (max) length for the value of the field is decreased to (maxlen - 1) when
> nla_type equals NLA_NUL_STRING.
Yep, to make the value of the .len attribute of the policy struct match,
so validate_nla() will validate it to be <= that *including* the
terminating NUL.
> Did I misinterprete the manual? What is the intended behaviour?
See linux kernel source tree,
lib/nlattr.c, validate_nla, case NLA_NUL_STRING.
It validates the payload of that nla to contain a terminating NUL,
and contain that within the first pt->len + 1 byte
in case the attrlen should happen to be larger, even,
possibly due to padding.
That "+ 1" is why there is the "- (nla_type == NLA_NUL_STRING)"
in our macro.
--
: Lars Ellenberg
: LINBIT | Your Way to High Availability
: DRBD/HA support and consulting http://www.linbit.com
DRBD® and LINBIT® are registered trademarks of LINBIT, Austria.
next prev parent reply other threads:[~2013-03-12 21:24 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-12 10:29 [Drbd-dev] Only 63 characters maximum allowed for shared secret (and other string values) Tijs Van Buggenhout
2013-03-12 21:24 ` Lars Ellenberg [this message]
-- strict thread matches above, loose matches on Subject: below --
2013-03-12 10:27 Tijs Van Buggenhout
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130312212450.GB19508@soda.linbit \
--to=lars.ellenberg@linbit.com \
--cc=drbd-dev@lists.linbit.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox