INN commit: trunk (5 files)
INN Commit
Russ_Allbery at isc.org
Wed Aug 27 20:00:55 UTC 2008
Date: Wednesday, August 27, 2008 @ 13:00:54
Author: iulius
Revision: 7978
The length of arguments is now checked: they do not exceed 497 octets.
Fix the return code when the line is too long: 500 must be returned
when there is no valid command (and not 501).
Modified:
trunk/include/inn/nntp.h
trunk/nnrpd/line.c
trunk/nnrpd/nnrpd.c
trunk/nnrpd/post.c
trunk/nnrpd/sasl.c
--------------------+
include/inn/nntp.h | 10 +++++-----
nnrpd/line.c | 4 ++--
nnrpd/nnrpd.c | 38 ++++++++++++++++++++++++++++++++------
nnrpd/post.c | 6 +++---
nnrpd/sasl.c | 4 ++--
5 files changed, 44 insertions(+), 18 deletions(-)
Modified: include/inn/nntp.h
===================================================================
--- include/inn/nntp.h 2008-08-26 20:50:41 UTC (rev 7977)
+++ include/inn/nntp.h 2008-08-27 20:00:54 UTC (rev 7978)
@@ -120,15 +120,15 @@
};
-/* Per draft-ietf-nntpext-base-17.txt:
+/* Command lines MUST NOT exceed 512 octets, which includes the
+ terminating CRLF pair. The arguments MUST NOT exceed 497
+ octets. A server MAY relax these limits for commands defined
+ in an extension.
- Command lines MUST NOT exceed 512 octets, which includes the
- terminating US-ASCII CRLF pair. The arguments MUST NOT exceed 497
- octets.
-
Also see below for an additional restriction on message IDs. */
#define NNTP_MAXLEN_COMMAND 512
+#define NNTP_MAXLEN_ARG 497
/* Consensus on the USEFOR mailing list in June of 2000 indicates that the
next revision of the Usenet article standard will limit the length of the
Modified: nnrpd/line.c
===================================================================
--- nnrpd/line.c 2008-08-26 20:50:41 UTC (rev 7977)
+++ nnrpd/line.c 2008-08-27 20:00:54 UTC (rev 7978)
@@ -61,7 +61,7 @@
line_init(struct line *line)
{
assert(line);
- line->allocated = NNTP_STRLEN;
+ line->allocated = NNTP_MAXLEN_COMMAND;
line->where = line->start = xmalloc(line->allocated);
line->remaining = 0;
}
@@ -164,7 +164,7 @@
/* don't grow the buffer bigger than the maximum
* article size we'll accept */
- if (PERMaccessconf->localmaxartsize > NNTP_STRLEN)
+ if (PERMaccessconf->localmaxartsize > NNTP_MAXLEN_COMMAND)
if (newsize > (unsigned)PERMaccessconf->localmaxartsize)
newsize = PERMaccessconf->localmaxartsize;
Modified: nnrpd/nnrpd.c
===================================================================
--- nnrpd/nnrpd.c 2008-08-26 20:50:41 UTC (rev 7977)
+++ nnrpd/nnrpd.c 2008-08-27 20:00:54 UTC (rev 7978)
@@ -229,7 +229,7 @@
sasl_dispose(&sasl_conn);
sasl_conn = NULL;
sasl_ssf = 0;
- sasl_maxout = NNTP_STRLEN;
+ sasl_maxout = NNTP_MAXLEN_COMMAND;
}
#endif /* HAVE_SASL */
@@ -684,11 +684,12 @@
{
const char *name;
CMDENT *cp;
- char buff[NNTP_STRLEN];
+ char buff[NNTP_MAXLEN_COMMAND];
char **av;
int ac;
READTYPE r;
int i;
+ char **v;
char *Reject;
int timeout;
unsigned int vid=0;
@@ -703,6 +704,7 @@
int clienttimeout;
char *ConfFile = NULL;
char *path;
+ bool validcommandtoolong;
int respawn = 0;
@@ -1046,7 +1048,7 @@
memset(&secprops, 0, sizeof(secprops));
secprops.security_flags = SASL_SEC_NOPLAINTEXT;
secprops.max_ssf = 256;
- secprops.maxbufsize = NNTP_STRLEN;
+ secprops.maxbufsize = NNTP_MAXLEN_COMMAND;
sasl_setprop(sasl_conn, SASL_SEC_PROPS, &secprops);
}
#endif /* HAVE_SASL */
@@ -1117,7 +1119,16 @@
}
/* FALLTHROUGH */
case RTlong:
- Reply("%d Line too long\r\n", NNTP_ERR_COMMAND);
+ /* The line is too long but we have to make sure that
+ * no recognized command has been sent. */
+ validcommandtoolong = false;
+ for (cp = CMDtable; cp->Name; cp++)
+ if (strncasecmp(cp->Name, p, strlen(cp->Name)) == 0) {
+ validcommandtoolong = true;
+ break;
+ }
+ Reply("%d Line too long\r\n",
+ validcommandtoolong ? NNTP_ERR_SYNTAX : NNTP_ERR_COMMAND);
continue;
case RTeof:
/* Handled below. */
@@ -1134,6 +1145,8 @@
for (cp = CMDtable; cp->Name; cp++)
if (strcasecmp(cp->Name, av[0]) == 0)
break;
+
+ /* If no command has been recognized. */
if (cp->Name == NULL) {
if ((int)strlen(buff) > 40)
syslog(L_NOTICE, "%s unrecognized %.40s...", Client.host, buff);
@@ -1143,6 +1156,19 @@
continue;
}
+ /* Check whether all arguments do not exceed their allowed size. */
+ if (ac > 1) {
+ validcommandtoolong = false;
+ for (v = av; *v; v++)
+ if (strlen(*v) > NNTP_MAXLEN_ARG) {
+ validcommandtoolong = true;
+ Reply("%d Argument too long\r\n", NNTP_ERR_SYNTAX);
+ break;
+ }
+ if (validcommandtoolong)
+ continue;
+ }
+
/* 502 if already successfully authenticated, according to RFC 4643. */
if (!PERMcanauthenticate && (strcasecmp(cp->Name, "authinfo") == 0)) {
Reply("%d %s\r\n", NNTP_ERR_ACCESS, "Already authenticated");
@@ -1165,9 +1191,9 @@
}
setproctitle("%s %s", Client.host, av[0]);
- (*cp->Function)(ac, av);
+ (*cp->Function)(ac, av);
- if (PushedBack)
+ if (PushedBack)
break;
if (PERMaccessconf)
clienttimeout = PERMaccessconf->clienttimeout;
Modified: nnrpd/post.c
===================================================================
--- nnrpd/post.c 2008-08-26 20:50:41 UTC (rev 7977)
+++ nnrpd/post.c 2008-08-27 20:00:54 UTC (rev 7978)
@@ -760,7 +760,7 @@
static void
SendQuit(FILE *FromServer, FILE *ToServer)
{
- char buff[NNTP_STRLEN];
+ char buff[NNTP_MAXLEN_COMMAND];
fprintf(ToServer, "quit\r\n");
fflush(ToServer);
@@ -794,7 +794,7 @@
static const char *
SpoolitTo(char *article, char *err, char *SpoolDir)
{
- static char CANTSPOOL[NNTP_STRLEN+2];
+ static char CANTSPOOL[NNTP_MAXLEN_COMMAND+2];
HEADER *hp;
FILE *F = NULL;
int i, fd;
@@ -933,7 +933,7 @@
HEADER *hp;
FILE *ToServer;
FILE *FromServer;
- char buff[NNTP_STRLEN + 2], frombuf[SMBUF];
+ char buff[NNTP_MAXLEN_COMMAND + 2], frombuf[SMBUF];
char *modgroup = NULL;
const char *error;
char *TrackID;
Modified: nnrpd/sasl.c
===================================================================
--- nnrpd/sasl.c 2008-08-26 20:50:41 UTC (rev 7977)
+++ nnrpd/sasl.c 2008-08-27 20:00:54 UTC (rev 7978)
@@ -14,7 +14,7 @@
#include <sasl/sasl.h>
sasl_conn_t *sasl_conn = NULL;
-int sasl_ssf = 0, sasl_maxout = NNTP_STRLEN;
+int sasl_ssf = 0, sasl_maxout = NNTP_MAXLEN_COMMAND;
sasl_callback_t sasl_callbacks[] = {
/* XXX do we want a proxy callback? */
@@ -160,7 +160,7 @@
/* save info about the negotiated security layer for I/O functions */
sasl_ssf = *ssfp;
sasl_maxout =
- (*maxoutp == 0 || *maxoutp > NNTP_STRLEN) ? NNTP_STRLEN : *maxoutp;
+ (*maxoutp == 0 || *maxoutp > NNTP_MAXLEN_COMMAND) ? NNTP_MAXLEN_COMMAND : *maxoutp;
}
else {
/* failure */
More information about the inn-committers
mailing list