[RESEND] [PATCH] Fix a couple of problems with xt

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [RESEND] [PATCH] Fix a couple of problems with xt_SYSRQ
@ 2010-06-25  9:38 John Haxby
  2010-06-25  9:57 ` John Haxby
  0 siblings, 1 reply; 2+ messages in thread
From: John Haxby @ 2010-06-25  9:38 UTC (permalink / raw)
  To: netfilter-devel

The first problem is that the error response from crypto_alloc_hash()
should be extracted from the pointer before setting the pointer to NULL.

The second error is that only the first half of the password hash is
checked which slightly weakens the password checking.

Signed-off-by: John Haxby <john.haxby@oracle.com>
---
  extensions/xt_SYSRQ.c |    6 +++---
  1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/extensions/xt_SYSRQ.c b/extensions/xt_SYSRQ.c
index e0b6aa0..30fc112 100644
--- a/extensions/xt_SYSRQ.c
+++ b/extensions/xt_SYSRQ.c
@@ -135,13 +135,13 @@ static unsigned int sysrq_tg(const void *pdata, 
uint16_t len)
  			"0123456789abcdef"[sysrq_digest[i] & 0xf];
  	}
  	sysrq_hexdigest[2*sysrq_digest_size] = '\0';
-	if (len - n < sysrq_digest_size) {
+	if (len - n < sysrq_digest_size*2) {
  		if (sysrq_debug)
  			printk(KERN_INFO KBUILD_MODNAME ": Short digest,"
  			       " expected %s\n", sysrq_hexdigest);
  		return NF_DROP;
  	}
-	if (strncmp(data + n, sysrq_hexdigest, sysrq_digest_size) != 0) {
+	if (strncmp(data + n, sysrq_hexdigest, sysrq_digest_size*2) != 0) {
  		if (sysrq_debug)
  			printk(KERN_INFO KBUILD_MODNAME ": Bad digest,"
  			       " expected %s\n", sysrq_hexdigest);
@@ -324,8 +324,8 @@ static int __init sysrq_crypto_init(void)
  		printk(KERN_WARNING KBUILD_MODNAME
  			": Error: Could not find or load %s hash\n",
  			sysrq_hash);
-		sysrq_tfm = NULL;
  		ret = PTR_ERR(sysrq_tfm);
+		sysrq_tfm = NULL;
  		goto fail;
  	}
  	sysrq_digest_size = crypto_hash_digestsize(sysrq_tfm);
-- 
1.7.0.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [RESEND] [PATCH] Fix a couple of problems with xt_SYSRQ
  2010-06-25  9:38 [RESEND] [PATCH] Fix a couple of problems with xt_SYSRQ John Haxby
@ 2010-06-25  9:57 ` John Haxby
  0 siblings, 0 replies; 2+ messages in thread
From: John Haxby @ 2010-06-25  9:57 UTC (permalink / raw)
  To: netfilter-devel

On 25/06/10 10:38, John Haxby wrote:
> The first problem is that the error response from crypto_alloc_hash()
> should be extracted from the pointer before setting the pointer to NULL.
>
> The second error is that only the first half of the password hash is
> checked which slightly weakens the password checking.

My apologies, this patch was corrupted by my mailer.   The "[RESEND2]" 
following should be OK.

jch

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2010-06-25  9:58 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-06-25  9:38 [RESEND] [PATCH] Fix a couple of problems with xt_SYSRQ John Haxby
2010-06-25  9:57 ` John Haxby

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).