INN commit: trunk/nnrpd (misc.c nnrpd.h sasl.c)

INN Commit rra at isc.org
Thu Aug 4 19:59:02 UTC 2016


    Date: Thursday, August 4, 2016 @ 12:59:01
  Author: iulius
Revision: 10045

Improve syntax checking for the COMPRESS command

Add 501 response codes when appropriate.

Modified:
  trunk/nnrpd/misc.c
  trunk/nnrpd/nnrpd.h
  trunk/nnrpd/sasl.c

---------+
 misc.c  |   44 ++++++++++++++++++++++++++++++++++++++++++++
 nnrpd.h |    4 ++++
 sasl.c  |   34 +---------------------------------
 3 files changed, 49 insertions(+), 33 deletions(-)

Modified: misc.c
===================================================================
--- misc.c	2016-08-04 19:57:28 UTC (rev 10044)
+++ misc.c	2016-08-04 19:59:01 UTC (rev 10045)
@@ -449,6 +449,45 @@
      return 1;
 }
 
+#if defined(HAVE_SASL) || defined(HAVE_ZLIB)
+/*
+**  Check if the argument has a valid syntax.
+**
+**  Currently used for both SASL mechanisms (RFC 4643) and compression
+**  algorithms.
+**
+**    algorithm = 1*20alg-char
+**    alg-char = UPPER / DIGIT / "-" / "_"
+*/
+bool
+IsValidAlgorithm(const char *string)
+{
+    size_t len = 0;
+    const unsigned char *p;
+
+    /* Not NULL. */
+    if (string == NULL) {
+        return false;
+    }
+
+    p = (const unsigned char *) string;
+
+    for (; *p != '\0'; p++) {
+        len++;
+
+        if (!isalnum((unsigned char) *p) && *p != '-' && *p != '_') {
+            return false;
+        }
+    }
+
+    if (len > 0 && len < 21) {
+        return true;
+    } else {
+        return false;
+    }
+}
+#endif /* HAVE_SASL || HAVE_ZLIB */
+
 #if defined(HAVE_ZLIB)
 /*
 **  The COMPRESS command.
@@ -460,6 +499,11 @@
 
     /* Check the argument. */
     if (ac > 1) {
+        if (!IsValidAlgorithm(av[1])) {
+            Reply("%d Syntax error in compression algorithm\r\n",
+                  NNTP_ERR_SYNTAX);
+            return;
+        }
         if (strcasecmp(av[1], "DEFLATE") != 0) {
             Reply("%d Only the DEFLATE compression algorithm is supported\r\n",
                   NNTP_ERR_UNAVAILABLE);

Modified: nnrpd.h
===================================================================
--- nnrpd.h	2016-08-04 19:57:28 UTC (rev 10044)
+++ nnrpd.h	2016-08-04 19:59:01 UTC (rev 10045)
@@ -325,6 +325,10 @@
 void SASLnewserver(void);
 #endif /* HAVE_SASL */
 
+#if defined(HAVE_SASL) || defined(HAVE_ZLIB)
+bool IsValidAlgorithm(const char *);
+#endif /* HAVE_SASL || HAVE_ZLIB */
+
 #if defined(HAVE_ZLIB)
 extern bool compression_layer_on;
 extern bool tls_compression_on;

Modified: sasl.c
===================================================================
--- sasl.c	2016-08-04 19:57:28 UTC (rev 10044)
+++ sasl.c	2016-08-04 19:59:01 UTC (rev 10045)
@@ -35,39 +35,7 @@
 #define BASE64_BUF_SIZE 21848   /* Per RFC 4422:  (floor(n/3) + 1) * 4
                                    where n = 16 kB = 16384 bytes. */
 
-
 /*
-**  Check if the argument is a valid mechanism according to RFC 4643:
-**
-**    mechanism = 1*20mech-char
-**    mech-char = UPPER / DIGIT / "-" / "_"
-*/
-static bool
-IsValidMechanism(const char *string)
-{
-    int len = 0;
-    const unsigned char *p;
- 
-    /* Not NULL. */
-    if (string == NULL)
-        return false;
-
-    p = (const unsigned char *) string;
-
-    for (; *p != '\0'; p++) {
-        len++;
-        if (!isalnum((unsigned char) *p) && *p != '-' && *p != '_')
-            return false;
-    }
-
-    if (len > 0 && len < 21)
-        return true;
-    else
-        return false;
-}
-
-
-/*
 **  Create a new SASL server authentication object.
 */
 void
@@ -137,7 +105,7 @@
 
     mech = av[2];
 
-    if (!IsValidMechanism(mech)) {
+    if (!IsValidAlgorithm(mech)) {
         Reply("%d Syntax error in mechanism\r\n", NNTP_ERR_SYNTAX);
         return;
     }



More information about the inn-committers mailing list