#ifndef CT_USERMGMT_H #define CT_USERMGMT_H #include #include "curve.h" #include "crypto_hash_sha512.h" enum is_user_enum { USERNAMES_OK = 0, /* Usernames match, valid 'token' */ USERNAMES_NE, /* Usernames do not match */ USERNAMES_TS, /* Usernames match, but 'token' invalid, Drop connection here */ USERNAMES_ERR, }; struct username_struct { uint32_t salt; uint8_t hash[crypto_hash_sha512_BYTES]; }; extern int username_msg(char *username, size_t len, char *dst, size_t dlen); extern enum is_user_enum username_msg_is_user(char *src, size_t slen, char *username, size_t len); extern void parse_userfile_and_generate_user_store_or_die(char *homedir); extern void dump_user_store(void); extern void destroy_user_store(void); extern int get_user_by_socket(int sock, struct curve25519_proto **proto); extern int get_user_by_sockaddr(struct sockaddr_storage *sa, size_t sa_len, struct curve25519_proto **proto); extern int try_register_user_by_socket(struct curve25519_struct *c, char *src, size_t slen, int sock, int log); extern int try_register_user_by_sockaddr(struct curve25519_struct *c, char *src, size_t slen, struct sockaddr_storage *sa, size_t sa_len, int log); extern void remove_user_by_socket(int sock); extern void remove_user_by_sockaddr(struct sockaddr_storage *sa, size_t sa_len); #endif /* CT_USERMGMT_H */ td>Tobias Klauser
summaryrefslogtreecommitdiff
path: root/Documentation
diff options
context:
space:
mode:
authorStefan Richter <stefanr@s5r6.in-berlin.de>2016-10-29 21:28:18 +0200
committerStefan Richter <stefanr@s5r6.in-berlin.de>2016-11-03 14:46:39 +0100
commit667121ace9dbafb368618dbabcf07901c962ddac (patch)
treea73ac08b8ff287151a62bfadc8acf167a3837194 /Documentation
parent6449e31ddebdce68508cfaf0915d31aad3835f4f (diff)
firewire: net: guard against rx buffer overflows
The IP-over-1394 driver firewire-net lacked input validation when handling incoming fragmented datagrams. A maliciously formed fragment with a respectively large datagram_offset would cause a memcpy past the datagram buffer. So, drop any packets carrying a fragment with offset + length larger than datagram_size. In addition, ensure that - GASP header, unfragmented encapsulation header, or fragment encapsulation header actually exists before we access it, - the encapsulated datagram or fragment is of nonzero size. Reported-by: Eyal Itkin <eyal.itkin@gmail.com> Reviewed-by: Eyal Itkin <eyal.itkin@gmail.com> Fixes: CVE 2016-8633 Cc: stable@vger.kernel.org Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Diffstat (limited to 'Documentation')