Browse Source

ocserv: updated to 0.10.3

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
lilik-openwrt-22.03
Nikos Mavrogiannopoulos 10 years ago
parent
commit
899724bd35
3 changed files with 2 additions and 140 deletions
  1. +2
    -2
      net/ocserv/Makefile
  2. +0
    -104
      net/ocserv/patches/001-sec-mod-do-not-impose-timeouts-on-reads-from-main.patch
  3. +0
    -34
      net/ocserv/patches/002-reject-bad-commands-from-main.patch

+ 2
- 2
net/ocserv/Makefile View File

@ -8,13 +8,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=ocserv
PKG_VERSION:=0.10.2
PKG_VERSION:=0.10.3
PKG_RELEASE:=1
PKG_BUILD_DIR :=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=ftp://ftp.infradead.org/pub/ocserv/
PKG_MD5SUM:=32ce2c2a00a97ab7c27e571aae207b2d
PKG_MD5SUM:=36c947a4e37484487844dc1c977ca870
PKG_LICENSE:=GPLv2
PKG_LICENSE_FILES:=COPYING


+ 0
- 104
net/ocserv/patches/001-sec-mod-do-not-impose-timeouts-on-reads-from-main.patch View File

@ -1,104 +0,0 @@
From 0967f05f8d7665a67f3cb0fbed46c48dc7ec74cb Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 31 Mar 2015 10:13:08 +0200
Subject: [PATCH] sec-mod: do not impose timeouts on reads from main
---
src/sec-mod.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++-------
1 file changed, 53 insertions(+), 7 deletions(-)
diff --git a/src/sec-mod.c b/src/sec-mod.c
index b824e87..5a0763d 100644
--- a/src/sec-mod.c
+++ b/src/sec-mod.c
@@ -404,7 +404,56 @@ static void check_other_work(sec_mod_st *sec)
}
static
-int serve_request(sec_mod_st *sec, int cfd, unsigned is_main, uint8_t *buffer, unsigned buffer_size)
+int serve_request_main(sec_mod_st *sec, int cfd, uint8_t *buffer, unsigned buffer_size)
+{
+ int ret, e;
+ unsigned cmd, length;
+ uint16_t l16;
+ void *pool = buffer;
+
+ /* read request */
+ ret = force_read(cfd, buffer, 3);
+ if (ret == 0)
+ goto leave;
+ else if (ret < 3) {
+ e = errno;
+ seclog(sec, LOG_INFO, "error receiving msg head: %s",
+ strerror(e));
+ ret = ERR_BAD_COMMAND;
+ goto leave;
+ }
+
+ cmd = buffer[0];
+ memcpy(&l16, &buffer[1], 2);
+ length = l16;
+
+ if (length > buffer_size - 4) {
+ seclog(sec, LOG_INFO, "too big message (%d)", length);
+ ret = ERR_BAD_COMMAND;
+ goto leave;
+ }
+
+ /* read the body */
+ ret = force_read(cfd, buffer, length);
+ if (ret < 0) {
+ e = errno;
+ seclog(sec, LOG_INFO, "error receiving msg body: %s",
+ strerror(e));
+ ret = ERR_BAD_COMMAND;
+ goto leave;
+ }
+
+ ret = process_packet_from_main(pool, cfd, sec, cmd, buffer, ret);
+ if (ret < 0) {
+ seclog(sec, LOG_INFO, "error processing data for '%s' command (%d)", cmd_request_to_str(cmd), ret);
+ }
+
+ leave:
+ return ret;
+}
+
+static
+int serve_request(sec_mod_st *sec, int cfd, uint8_t *buffer, unsigned buffer_size)
{
int ret, e;
unsigned cmd, length;
@@ -443,10 +492,7 @@ int serve_request(sec_mod_st *sec, int cfd, unsigned is_main, uint8_t *buffer, u
goto leave;
}
- if (is_main)
- ret = process_packet_from_main(pool, cfd, sec, cmd, buffer, ret);
- else
- ret = process_packet(pool, cfd, sec, cmd, buffer, ret);
+ ret = process_packet(pool, cfd, sec, cmd, buffer, ret);
if (ret < 0) {
seclog(sec, LOG_INFO, "error processing data for '%s' command (%d)", cmd_request_to_str(cmd), ret);
}
@@ -677,7 +723,7 @@ void sec_mod_server(void *main_pool, struct perm_cfg_st *perm_config, const char
if (buffer == NULL) {
seclog(sec, LOG_ERR, "error in memory allocation");
} else {
- ret = serve_request(sec, cmd_fd, 1, buffer, buffer_size);
+ ret = serve_request_main(sec, cmd_fd, buffer, buffer_size);
if (ret < 0 && ret == ERR_BAD_COMMAND) {
seclog(sec, LOG_ERR, "error processing command from main");
exit(1);
@@ -710,7 +756,7 @@ void sec_mod_server(void *main_pool, struct perm_cfg_st *perm_config, const char
if (buffer == NULL) {
seclog(sec, LOG_ERR, "error in memory allocation");
} else {
- serve_request(sec, cfd, 0, buffer, buffer_size);
+ serve_request(sec, cfd, buffer, buffer_size);
talloc_free(buffer);
}
}
--
2.1.4

+ 0
- 34
net/ocserv/patches/002-reject-bad-commands-from-main.patch View File

@ -1,34 +0,0 @@
From 99dd4a6e03b669a5b5fe234fa665b75bbd95c593 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 7 Apr 2015 17:13:29 +0200
Subject: [PATCH] reject bad commands from main
---
src/sec-mod.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/sec-mod.c b/src/sec-mod.c
index 5a0763d..7783264 100644
--- a/src/sec-mod.c
+++ b/src/sec-mod.c
@@ -325,7 +325,7 @@ int process_packet_from_main(void *pool, int cfd, sec_mod_st * sec, cmd_request_
data.data);
if (msg == NULL) {
seclog(sec, LOG_INFO, "error unpacking auth ban ip reply\n");
- return -1;
+ return ERR_BAD_COMMAND;
}
handle_sec_auth_ban_ip_reply(cfd, sec, msg);
@@ -342,7 +342,7 @@ int process_packet_from_main(void *pool, int cfd, sec_mod_st * sec, cmd_request_
data.data);
if (msg == NULL) {
seclog(sec, LOG_INFO, "error unpacking session close\n");
- return -1;
+ return ERR_BAD_COMMAND;
}
ret = handle_sec_auth_session_cmd(cfd, sec, msg, cmd);
--
2.1.4

Loading…
Cancel
Save