From: "Fabio M. Di Nitto"<fdinitto@xxxxxxxxxx>
while it might seem a waste of space by using 2 extra bytes in
the crypto_config_header, it actually gives us the option
to grow "unknown at this time" features without hopefully
breaking onwire compat
Signed-off-by: Fabio M. Di Nitto<fdinitto@xxxxxxxxxx>
---
exec/totemcrypto.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/exec/totemcrypto.c b/exec/totemcrypto.c
index 0f910db..e8717e4 100644
--- a/exec/totemcrypto.c
+++ b/exec/totemcrypto.c
@@ -83,6 +83,8 @@
struct crypto_config_header {
uint8_t crypto_cipher_type;
uint8_t crypto_hash_type;
+ uint8_t __pad0;
+ uint8_t __pad1;
} __attribute__((packed));
enum crypto_crypt_t {
@@ -634,6 +636,8 @@ int crypto_encrypt_and_sign (
cch = (struct crypto_config_header *)buf_out;
cch->crypto_cipher_type = instance->crypto_cipher_type;
cch->crypto_hash_type = instance->crypto_hash_type;
+ cch->__pad0 = 0;
+ cch->__pad1 = 0;
if ((!cipher_to_nss[instance->crypto_cipher_type])&&
(!hash_to_nss[instance->crypto_hash_type])) {
@@ -677,6 +681,12 @@ int crypto_authenticate_and_decrypt (struct crypto_instance *instance,
return -1;
}
+ if ((cch->__pad0 != 0) || (cch->__pad1 != 0)) {
+ log_printf(instance->log_level_security,
+ "Incoming packet appears to have features not supported by this version of corosync. Rejecting");
+ return -1;
+ }
+
/*
* invalidate config header
*/
