lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <574F942F.7050102@miraclelinux.com> Date: Thu, 2 Jun 2016 11:04:31 +0900 From: YOSHIFUJI Hideaki <hideaki.yoshifuji@...aclelinux.com> To: Mike Frysinger <vapier@...too.org>, YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org> Cc: hideaki.yoshifuji@...aclelinux.com, netdev@...r.kernel.org Subject: Re: [PATCH iputils 3/6] ping6: allow disabling of openssl support Hi, Mike Frysinger wrote: > Signed-off-by: Mike Frysinger <vapier@...too.org> > --- > Makefile | 5 ++++- > iputils_md5dig.h | 4 +++- > ping6.c | 10 ++++++++++ > 3 files changed, 17 insertions(+), 2 deletions(-) > : > diff --git a/ping6.c b/ping6.c > index 6d1a6db..cd140e2 100644 > --- a/ping6.c > +++ b/ping6.c > @@ -324,6 +324,7 @@ static void niquery_init_nonce(void) > #if !PING6_NONCE_MEMORY > static int niquery_nonce(__u8 *nonce, int fill) > { > +# ifdef USE_CRYPTO > static __u8 digest[MD5_DIGEST_LENGTH]; > static int seq = -1; > > @@ -346,6 +347,10 @@ static int niquery_nonce(__u8 *nonce, int fill) > return -1; > return ntohsp((__u16 *)nonce); > } > +# else > + fprintf(stderr, "ping6: function not available; crypto disabled\n"); > + exit(3); > +# endif > } > #endif > > @@ -500,6 +505,7 @@ static int niquery_option_subject_addr_handler(int index, const char *arg) > > static int niquery_option_subject_name_handler(int index, const char *arg) > { > +#ifdef USE_CRYPTO > static char nigroup_buf[INET6_ADDRSTRLEN + 1 + IFNAMSIZ]; > unsigned char *dnptrs[2], **dpp, **lastdnptr; > int n; > @@ -625,6 +631,10 @@ errexit: > free(idn); > free(name); > exit(1); > +#else > + fprintf(stderr, "ping6: function not available; crypto disabled\n"); > + exit(3); > +#endif > } > > int niquery_option_help_handler(int index, const char *arg) > NAK. If you really build ping without crypto libraries, you should disable Node Ifnforamtion Query support completely. -- Hideaki Yoshifuji <hideaki.yoshifuji@...aclelinux.com> Technical Division, MIRACLE LINUX CORPORATION
Powered by blists - more mailing lists