op public repos

Commit Diff

Commit:: 6be59daa956c266ddcbb86bdf8efc0d34438291b
From:: Omar Polo <op@omarpolo.com>
Date:: Sun May 22 18:53:00 2022 UTC
Message:: reject connections with an msize ridiculously small
Actions:: Patch | Tree
commit - 16ba5d4d71e3eb6099fb35d5443525b42952e3d6
commit + 6be59daa956c266ddcbb86bdf8efc0d34438291b
blob - d5ce6a7555e5b43d98bdb6fa2baa38cae922aece
blob + e7608b4dfe2532e3d7464470c55310f0d9230d27
--- kamid/client.c
+++ kamid/client.c
@@ -50,6 +50,11 @@
  * CLIENT_MSIZE is thus the maximum message size we can handle now.
  */
 #define CLIENT_MSIZE (MAX_IMSGSIZE - IMSG_HEADER_SIZE)
+
+/*
+ * The minimum value allowed for the msize.
+ */
+#define MIN_MSIZE 256
 
 #define DEBUG_PACKETS 0
 
@@ -931,7 +936,8 @@ tversion(struct np_msg_header *hdr, const uint8_t *dat
 		goto err;
 	case READSTRTRUNC:
 		log_warnx("9P version string too long, truncated");
-		goto mismatch;
+		np_version(hdr->tag, MSIZE9P, "unknown");
+		return;
 	}
 
 	if (len != 0)
@@ -940,21 +946,25 @@ tversion(struct np_msg_header *hdr, const uint8_t *dat
 	if ((dot = strchr(version, '.')) != NULL)
 		*dot = '\0';
 
-	if (strcmp(version, VERSION9P) != 0 ||
-	    msize == 0)
-		goto mismatch;
+	if (strcmp(version, VERSION9P) != 0) {
+		log_warnx("unknown 9P version \"%s\"; want "VERSION9P,
+		    version);
+		np_version(hdr->tag, MSIZE9P, "unknown");
+		return;
+	}
+
+	if (msize < MIN_MSIZE) {
+		log_warnx("msize too small: %"PRIu32"; want %d at least",
+		    msize, MIN_MSIZE);
+		np_version(hdr->tag, MSIZE9P, "unknown");
+		return;
+	}
 
 	/* version matched */
 	handshaked = 1;
 	msize = MIN(msize, CLIENT_MSIZE);
 	client_send_listener(IMSG_MSIZE, &msize, sizeof(msize));
 	np_version(hdr->tag, msize, VERSION9P);
-	return;
-
-mismatch:
-	log_warnx("unknown 9P version string: \"%s\", want "VERSION9P,
-	    version);
-	np_version(hdr->tag, MSIZE9P, "unknown");
 	return;
 
 err:
blob - 734d37e92b27e505d0e8f0f06719f8d12c763eca
blob + 84d5212625f9dae8fa36bbd1adc36e93290979fe
--- regress/ninepscript/misc-suite.9ps
+++ regress/ninepscript/misc-suite.9ps
@@ -6,6 +6,18 @@ testing "if version works" {
 	assert m.type == Rversion
 }
 
+testing "that fails with an msize too small" {
+	send(Tversion, notag, 64:u32, np2000)
+	m = recv()
+	assert m.type == Rversion
+
+	# we can't check if the replied version is "unknown" because
+	# of a limitation of 9pscript...  instead, we'll try to attach
+	# and expect a failure.
+	attach(0, nofid, "op", "/")
+	should-fail recv() : "the connection should have been closed"
+}
+
 testing "fails when sending a R-message" {
 	send(Rversion, notag, msize, np2000)
 	should-fail recv() : "the connection should have been closed"