lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Jul 2012 08:55:41 +0400 From: Pavel Emelyanov <xemul@...allels.com> To: Stephen Hemminger <shemminger@...ux-foundation.org>, Linux Netdev List <netdev@...r.kernel.org> Subject: [PATCH 1/2] iproute: Add magic cookie to route dump file In order to somehow verify that a blob contains route dump a 4-bytes magic is put at the head of the data and is checked on restore. Magic digits are taken from Portland (OR) coordinates :) Is there any more reliable way of generating such? Signed-of-by: Pavel Emelyanov <xemul@...allels.com> --- ip/iproute.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++------- 1 files changed, 47 insertions(+), 7 deletions(-) diff --git a/ip/iproute.c b/ip/iproute.c index 5cd313e..bbb3923 100644 --- a/ip/iproute.c +++ b/ip/iproute.c @@ -1064,6 +1064,8 @@ static int iproute_flush_cache(void) return 0; } +static __u32 route_dump_magic = 0x45311224; + int save_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) { int ret; @@ -1072,11 +1074,6 @@ int save_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) struct rtattr *tb[RTA_MAX+1]; int host_len = -1; - if (isatty(STDOUT_FILENO)) { - fprintf(stderr, "Not sending binary stream to stdout\n"); - return -1; - } - host_len = calc_host_len(r); len -= NLMSG_LENGTH(sizeof(*r)); parse_rtattr(tb, RTA_MAX, RTM_RTA(r), len); @@ -1093,6 +1090,24 @@ int save_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) return ret == n->nlmsg_len ? 0 : ret; } +static int save_route_prep(void) +{ + int ret; + + if (isatty(STDOUT_FILENO)) { + fprintf(stderr, "Not sending binary stream to stdout\n"); + return -1; + } + + ret = write(STDOUT_FILENO, &route_dump_magic, sizeof(route_dump_magic)); + if (ret != sizeof(route_dump_magic)) { + fprintf(stderr, "Can't write magic to dump file\n"); + return -1; + } + + return 0; +} + static int iproute_list_flush_or_save(int argc, char **argv, int action) { int do_ipv6 = preferred_family; @@ -1101,9 +1116,12 @@ static int iproute_list_flush_or_save(int argc, char **argv, int action) unsigned int mark = 0; rtnl_filter_t filter_fn; - if (action == IPROUTE_SAVE) + if (action == IPROUTE_SAVE) { + if (save_route_prep()) + return -1; + filter_fn = save_route; - else + } else filter_fn = print_route; iproute_reset_filter(); @@ -1521,8 +1539,30 @@ int restore_handler(const struct sockaddr_nl *nl, struct nlmsghdr *n, void *arg) return ret; } +static int route_dump_check_magic(void) +{ + int ret; + __u32 magic = 0; + + if (isatty(STDIN_FILENO)) { + fprintf(stderr, "Can't restore route dump from a terminal\n"); + return -1; + } + + ret = fread(&magic, sizeof(magic), 1, stdin); + if (magic != route_dump_magic) { + fprintf(stderr, "Magic mismatch (%d elems, %x magic)\n", ret, magic); + return -1; + } + + return 0; +} + int iproute_restore(void) { + if (route_dump_check_magic()) + exit(-1); + exit(rtnl_from_file(stdin, &restore_handler, NULL)); } -- 1.5.5.6 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists