commit 6be59daa956c266ddcbb86bdf8efc0d34438291b from: Omar Polo date: Sun May 22 18:53:00 2022 UTC reject connections with an msize ridiculously small commit - 16ba5d4d71e3eb6099fb35d5443525b42952e3d6 commit + 6be59daa956c266ddcbb86bdf8efc0d34438291b blob - d5ce6a7555e5b43d98bdb6fa2baa38cae922aece blob + e7608b4dfe2532e3d7464470c55310f0d9230d27 --- kamid/client.c +++ kamid/client.c @@ -50,6 +50,11 @@ * CLIENT_MSIZE is thus the maximum message size we can handle now. */ #define CLIENT_MSIZE (MAX_IMSGSIZE - IMSG_HEADER_SIZE) + +/* + * The minimum value allowed for the msize. + */ +#define MIN_MSIZE 256 #define DEBUG_PACKETS 0 @@ -931,7 +936,8 @@ tversion(struct np_msg_header *hdr, const uint8_t *dat goto err; case READSTRTRUNC: log_warnx("9P version string too long, truncated"); - goto mismatch; + np_version(hdr->tag, MSIZE9P, "unknown"); + return; } if (len != 0) @@ -940,21 +946,25 @@ tversion(struct np_msg_header *hdr, const uint8_t *dat if ((dot = strchr(version, '.')) != NULL) *dot = '\0'; - if (strcmp(version, VERSION9P) != 0 || - msize == 0) - goto mismatch; + if (strcmp(version, VERSION9P) != 0) { + log_warnx("unknown 9P version \"%s\"; want "VERSION9P, + version); + np_version(hdr->tag, MSIZE9P, "unknown"); + return; + } + + if (msize < MIN_MSIZE) { + log_warnx("msize too small: %"PRIu32"; want %d at least", + msize, MIN_MSIZE); + np_version(hdr->tag, MSIZE9P, "unknown"); + return; + } /* version matched */ handshaked = 1; msize = MIN(msize, CLIENT_MSIZE); client_send_listener(IMSG_MSIZE, &msize, sizeof(msize)); np_version(hdr->tag, msize, VERSION9P); - return; - -mismatch: - log_warnx("unknown 9P version string: \"%s\", want "VERSION9P, - version); - np_version(hdr->tag, MSIZE9P, "unknown"); return; err: blob - 734d37e92b27e505d0e8f0f06719f8d12c763eca blob + 84d5212625f9dae8fa36bbd1adc36e93290979fe --- regress/ninepscript/misc-suite.9ps +++ regress/ninepscript/misc-suite.9ps @@ -6,6 +6,18 @@ testing "if version works" { assert m.type == Rversion } +testing "that fails with an msize too small" { + send(Tversion, notag, 64:u32, np2000) + m = recv() + assert m.type == Rversion + + # we can't check if the replied version is "unknown" because + # of a limitation of 9pscript... instead, we'll try to attach + # and expect a failure. + attach(0, nofid, "op", "/") + should-fail recv() : "the connection should have been closed" +} + testing "fails when sending a R-message" { send(Rversion, notag, msize, np2000) should-fail recv() : "the connection should have been closed"