INN commit: branches/2.6/nnrpd (misc.c nnrpd.h sasl.c)
INN Commit
rra at isc.org
Thu Aug 4 20:05:25 UTC 2016
Date: Thursday, August 4, 2016 @ 13:05:25
Author: iulius
Revision: 10048
Improve syntax checking for the COMPRESS command
Add 501 response codes when appropriate.
Modified:
branches/2.6/nnrpd/misc.c
branches/2.6/nnrpd/nnrpd.h
branches/2.6/nnrpd/sasl.c
---------+
misc.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
nnrpd.h | 4 ++++
sasl.c | 34 +---------------------------------
3 files changed, 49 insertions(+), 33 deletions(-)
Modified: misc.c
===================================================================
--- misc.c 2016-08-04 20:04:49 UTC (rev 10047)
+++ misc.c 2016-08-04 20:05:25 UTC (rev 10048)
@@ -449,6 +449,45 @@
return 1;
}
+#if defined(HAVE_SASL) || defined(HAVE_ZLIB)
+/*
+** Check if the argument has a valid syntax.
+**
+** Currently used for both SASL mechanisms (RFC 4643) and compression
+** algorithms.
+**
+** algorithm = 1*20alg-char
+** alg-char = UPPER / DIGIT / "-" / "_"
+*/
+bool
+IsValidAlgorithm(const char *string)
+{
+ size_t len = 0;
+ const unsigned char *p;
+
+ /* Not NULL. */
+ if (string == NULL) {
+ return false;
+ }
+
+ p = (const unsigned char *) string;
+
+ for (; *p != '\0'; p++) {
+ len++;
+
+ if (!isalnum((unsigned char) *p) && *p != '-' && *p != '_') {
+ return false;
+ }
+ }
+
+ if (len > 0 && len < 21) {
+ return true;
+ } else {
+ return false;
+ }
+}
+#endif /* HAVE_SASL || HAVE_ZLIB */
+
#if defined(HAVE_ZLIB)
/*
** The COMPRESS command.
@@ -460,6 +499,11 @@
/* Check the argument. */
if (ac > 1) {
+ if (!IsValidAlgorithm(av[1])) {
+ Reply("%d Syntax error in compression algorithm\r\n",
+ NNTP_ERR_SYNTAX);
+ return;
+ }
if (strcasecmp(av[1], "DEFLATE") != 0) {
Reply("%d Only the DEFLATE compression algorithm is supported\r\n",
NNTP_ERR_UNAVAILABLE);
Modified: nnrpd.h
===================================================================
--- nnrpd.h 2016-08-04 20:04:49 UTC (rev 10047)
+++ nnrpd.h 2016-08-04 20:05:25 UTC (rev 10048)
@@ -325,6 +325,10 @@
void SASLnewserver(void);
#endif /* HAVE_SASL */
+#if defined(HAVE_SASL) || defined(HAVE_ZLIB)
+bool IsValidAlgorithm(const char *);
+#endif /* HAVE_SASL || HAVE_ZLIB */
+
#if defined(HAVE_ZLIB)
extern bool compression_layer_on;
extern bool tls_compression_on;
Modified: sasl.c
===================================================================
--- sasl.c 2016-08-04 20:04:49 UTC (rev 10047)
+++ sasl.c 2016-08-04 20:05:25 UTC (rev 10048)
@@ -35,39 +35,7 @@
#define BASE64_BUF_SIZE 21848 /* Per RFC 4422: (floor(n/3) + 1) * 4
where n = 16 kB = 16384 bytes. */
-
/*
-** Check if the argument is a valid mechanism according to RFC 4643:
-**
-** mechanism = 1*20mech-char
-** mech-char = UPPER / DIGIT / "-" / "_"
-*/
-static bool
-IsValidMechanism(const char *string)
-{
- int len = 0;
- const unsigned char *p;
-
- /* Not NULL. */
- if (string == NULL)
- return false;
-
- p = (const unsigned char *) string;
-
- for (; *p != '\0'; p++) {
- len++;
- if (!isalnum((unsigned char) *p) && *p != '-' && *p != '_')
- return false;
- }
-
- if (len > 0 && len < 21)
- return true;
- else
- return false;
-}
-
-
-/*
** Create a new SASL server authentication object.
*/
void
@@ -137,7 +105,7 @@
mech = av[2];
- if (!IsValidMechanism(mech)) {
+ if (!IsValidAlgorithm(mech)) {
Reply("%d Syntax error in mechanism\r\n", NNTP_ERR_SYNTAX);
return;
}
More information about the inn-committers
mailing list