From: Kern Sibbald Date: Thu, 20 Mar 2003 17:28:40 +0000 (+0000) Subject: More conservative authentication with bad input X-Git-Tag: Release-1.30~79 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=0ead2456c9f849db66af82808cb5d3b7888e557f;p=bacula%2Fbacula More conservative authentication with bad input git-svn-id: https://bacula.svn.sourceforge.net/svnroot/bacula/trunk@388 91ce42f0-d328-0410-95d8-f526ca767f89 --- diff --git a/bacula/src/dird/authenticate.c b/bacula/src/dird/authenticate.c index 3d1db7e03f..8cb06f6165 100644 --- a/bacula/src/dird/authenticate.c +++ b/bacula/src/dird/authenticate.c @@ -73,13 +73,13 @@ int authenticate_storage_daemon(JCR *jcr) } Dmsg1(116, ">stored: %s", sd->msg); if (bnet_recv(sd) <= 0) { - Emsg1(M_FATAL, 0, _("bdirdmsg); if (strncmp(sd->msg, OKhello, sizeof(OKhello)) != 0) { - Emsg0(M_FATAL, 0, _("Storage daemon rejected Hello command\n")); + Jmsg0(jcr, M_FATAL, 0, _("Storage daemon rejected Hello command\n")); return 0; } return 1; @@ -98,7 +98,7 @@ int authenticate_file_daemon(JCR *jcr) */ strcpy(dirname, director->hdr.name); bash_spaces(dirname); - if (!bnet_fsend(fd, hello, director->hdr.name)) { + if (!bnet_fsend(fd, hello, dirname)) { Jmsg(jcr, M_FATAL, 0, _("Error sending Hello to File daemon. ERR=%s\n"), bnet_strerror(fd)); return 0; } @@ -109,7 +109,7 @@ int authenticate_file_daemon(JCR *jcr) } Dmsg1(116, ">filed: %s", fd->msg); if (bnet_recv(fd) <= 0) { - Jmsg(jcr, M_FATAL, 0, _("bdirdmsglen > MAXSTRING || - sscanf(ua->msg, "Hello %127s calling\n", name) != 1) { + if (ua->msglen < 16 || ua->msglen >= MAXSTRING-1) { + Emsg0(M_ERROR, 0, _("UA Hello is invalid.\n")); + return 0; + } + + if (sscanf(ua->msg, "Hello %127s calling\n", name) != 1) { ua->msg[100] = 0; /* terminate string */ - Emsg1(M_ERROR, 0, _("Authentication failure: %s"), ua->msg); + Emsg1(M_ERROR, 0, _("UA Hello is invalid. Got: %s\n"), ua->msg); return 0; } diff --git a/bacula/src/filed/authenticate.c b/bacula/src/filed/authenticate.c index b6b23f975e..9c4440c1ca 100644 --- a/bacula/src/filed/authenticate.c +++ b/bacula/src/filed/authenticate.c @@ -45,8 +45,9 @@ static int authenticate(int rcode, BSOCK *bs) Emsg1(M_FATAL, 0, _("I only authenticate directors, not %d\n"), rcode); return 0; } - if (bs->msglen > 200) { - bs->msglen = 200; + if (bs->msglen < 25 || bs->msglen > 200) { + Emsg0(M_FATAL, 0, _("Bad Hello command from Director.\n")); + return 0; } dirname = get_pool_memory(PM_MESSAGE); dirname = check_pool_memory_size(dirname, bs->msglen); @@ -54,7 +55,7 @@ static int authenticate(int rcode, BSOCK *bs) if (sscanf(bs->msg, "Hello Director %s calling\n", dirname) != 1) { free_pool_memory(dirname); bs->msg[100] = 0; - Emsg1(M_FATAL, 0, _("Bad Hello command from Director: %s"), bs->msg); + Emsg1(M_FATAL, 0, _("Bad Hello command from Director: %s\n"), bs->msg); return 0; } director = NULL; diff --git a/bacula/src/stored/authenticate.c b/bacula/src/stored/authenticate.c index df7bb393dc..5d4d670901 100644 --- a/bacula/src/stored/authenticate.c +++ b/bacula/src/stored/authenticate.c @@ -46,8 +46,9 @@ static int authenticate(int rcode, BSOCK *bs) Emsg1(M_FATAL, 0, _("I only authenticate Directors, not %d\n"), rcode); return 0; } - if (bs->msglen > 200) { - bs->msglen = 200; + if (bs->msglen < 25 || bs->msglen > 200) { + Emsg0(M_FATAL, 0, _("Bad Hello command from Director.\n")); + return 0; } dirname = get_pool_memory(PM_MESSAGE); dirname = check_pool_memory_size(dirname, bs->msglen);