Commit 9f29a6d2 authored by Petr Vandrovec's avatar Petr Vandrovec

ncpfs: Verify packet signatures on replies.

parent 32758c3b
...@@ -108,5 +108,21 @@ void __sign_packet(struct ncp_server *server, const char *packet, size_t size, _ ...@@ -108,5 +108,21 @@ void __sign_packet(struct ncp_server *server, const char *packet, size_t size, _
memcpy(sign_buff, server->sign_last, 8); memcpy(sign_buff, server->sign_last, 8);
} }
int sign_verify_reply(struct ncp_server *server, const char *packet, size_t size, __u32 totalsize, const void *sign_buff) {
unsigned char data[64];
unsigned char hash[16];
memcpy(data, server->sign_root, 8);
*(__u32*)(data + 8) = totalsize;
if (size < 52) {
memcpy(data + 12, packet, size);
memset(data + 12 + size, 0, 52 - size);
} else {
memcpy(data + 12, packet, 52);
}
nwsign(server->sign_last, data, hash);
return memcmp(sign_buff, hash, 8);
}
#endif /* CONFIG_NCPFS_PACKET_SIGNING */ #endif /* CONFIG_NCPFS_PACKET_SIGNING */
...@@ -12,6 +12,7 @@ ...@@ -12,6 +12,7 @@
#ifdef CONFIG_NCPFS_PACKET_SIGNING #ifdef CONFIG_NCPFS_PACKET_SIGNING
void __sign_packet(struct ncp_server *server, const char *data, size_t size, __u32 totalsize, void *sign_buff); void __sign_packet(struct ncp_server *server, const char *data, size_t size, __u32 totalsize, void *sign_buff);
int sign_verify_reply(struct ncp_server *server, const char *data, size_t size, __u32 totalsize, const void *sign_buff);
#endif #endif
static inline size_t sign_packet(struct ncp_server *server, const char *data, size_t size, __u32 totalsize, void *sign_buff) { static inline size_t sign_packet(struct ncp_server *server, const char *data, size_t size, __u32 totalsize, void *sign_buff) {
......
...@@ -391,7 +391,14 @@ static void __ncpdgram_rcv_proc(void *s) { ...@@ -391,7 +391,14 @@ static void __ncpdgram_rcv_proc(void *s) {
if (result < 8 + 8) { if (result < 8 + 8) {
result = -EIO; result = -EIO;
} else { } else {
unsigned int hdrl;
result -= 8; result -= 8;
hdrl = sock->sk->family == AF_INET ? 8 : 6;
if (sign_verify_reply(server, ((char*)req->reply_buf) + hdrl, result - hdrl, cpu_to_le32(result), ((char*)req->reply_buf) + result)) {
printk(KERN_INFO "ncpfs: Signature violation\n");
result = -EIO;
}
} }
} }
#endif #endif
...@@ -593,6 +600,15 @@ skipdata:; ...@@ -593,6 +600,15 @@ skipdata:;
return -EIO; return -EIO;
} }
} }
#ifdef CONFIG_NCPFS_PACKET_SIGNING
if (server->sign_active && req->tx_type != NCP_DEALLOC_SLOT_REQUEST) {
if (sign_verify_reply(server, (unsigned char*)(req->reply_buf) + 6, req->datalen - 6, cpu_to_be32(req->datalen + 16), &server->rcv.buf.type)) {
printk(KERN_ERR "ncpfs: tcp: Signature violation\n");
__ncp_abort_request(server, req, -EIO);
return -EIO;
}
}
#endif
ncp_finish_request(req, req->datalen); ncp_finish_request(req, req->datalen);
nextreq:; nextreq:;
__ncp_next_request(server); __ncp_next_request(server);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment