Re: [PATCH] crypto: allocate padding in crypto_header

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]




ACK

Fabio M. Di Nitto napsal(a):
From: "Fabio M. Di Nitto"<fdinitto@xxxxxxxxxx>

while it might seem a waste of space by using 2 extra bytes in
the crypto_config_header, it actually gives us the option
to grow "unknown at this time" features without hopefully
breaking onwire compat

Signed-off-by: Fabio M. Di Nitto<fdinitto@xxxxxxxxxx>
---
  exec/totemcrypto.c |   10 ++++++++++
  1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/exec/totemcrypto.c b/exec/totemcrypto.c
index 0f910db..e8717e4 100644
--- a/exec/totemcrypto.c
+++ b/exec/totemcrypto.c
@@ -83,6 +83,8 @@
  struct crypto_config_header {
  	uint8_t	crypto_cipher_type;
  	uint8_t	crypto_hash_type;
+	uint8_t __pad0;
+	uint8_t __pad1;
  } __attribute__((packed));

  enum crypto_crypt_t {
@@ -634,6 +636,8 @@ int crypto_encrypt_and_sign (
  	cch = (struct crypto_config_header *)buf_out;
  	cch->crypto_cipher_type = instance->crypto_cipher_type;
  	cch->crypto_hash_type = instance->crypto_hash_type;
+	cch->__pad0 = 0;
+	cch->__pad1 = 0;

  	if ((!cipher_to_nss[instance->crypto_cipher_type])&&
  	(!hash_to_nss[instance->crypto_hash_type])) {
@@ -677,6 +681,12 @@ int crypto_authenticate_and_decrypt (struct crypto_instance *instance,
  		return -1;
  	}

+	if ((cch->__pad0 != 0) || (cch->__pad1 != 0)) {
+		log_printf(instance->log_level_security,
+			   "Incoming packet appears to have features not supported by this version of corosync. Rejecting");
+		return -1;
+	}
+
  	/*
  	 * invalidate config header
  	 */

_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss


[Corosync Project]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Photo]     [Yosemite News]    [Yosemite Photos]    [Free Online Dating]     [Linux Kernel]     [Linux SCSI]     [XFree86]

Add to Google Powered by Linux