lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <574F942F.7050102@miraclelinux.com>
Date:	Thu, 2 Jun 2016 11:04:31 +0900
From:	YOSHIFUJI Hideaki <hideaki.yoshifuji@...aclelinux.com>
To:	Mike Frysinger <vapier@...too.org>,
	YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>
Cc:	hideaki.yoshifuji@...aclelinux.com, netdev@...r.kernel.org
Subject: Re: [PATCH iputils 3/6] ping6: allow disabling of openssl support

Hi,

Mike Frysinger wrote:
> Signed-off-by: Mike Frysinger <vapier@...too.org>
> ---
>  Makefile         |  5 ++++-
>  iputils_md5dig.h |  4 +++-
>  ping6.c          | 10 ++++++++++
>  3 files changed, 17 insertions(+), 2 deletions(-)
> 
:

> diff --git a/ping6.c b/ping6.c
> index 6d1a6db..cd140e2 100644
> --- a/ping6.c
> +++ b/ping6.c
> @@ -324,6 +324,7 @@ static void niquery_init_nonce(void)
>  #if !PING6_NONCE_MEMORY
>  static int niquery_nonce(__u8 *nonce, int fill)
>  {
> +# ifdef USE_CRYPTO
>  	static __u8 digest[MD5_DIGEST_LENGTH];
>  	static int seq = -1;
>  
> @@ -346,6 +347,10 @@ static int niquery_nonce(__u8 *nonce, int fill)
>  			return -1;
>  		return ntohsp((__u16 *)nonce);
>  	}
> +# else
> +	fprintf(stderr, "ping6: function not available; crypto disabled\n");
> +	exit(3);
> +# endif
>  }
>  #endif
>  
> @@ -500,6 +505,7 @@ static int niquery_option_subject_addr_handler(int index, const char *arg)
>  
>  static int niquery_option_subject_name_handler(int index, const char *arg)
>  {
> +#ifdef USE_CRYPTO
>  	static char nigroup_buf[INET6_ADDRSTRLEN + 1 + IFNAMSIZ];
>  	unsigned char *dnptrs[2], **dpp, **lastdnptr;
>  	int n;
> @@ -625,6 +631,10 @@ errexit:
>  	free(idn);
>  	free(name);
>  	exit(1);
> +#else
> +	fprintf(stderr, "ping6: function not available; crypto disabled\n");
> +	exit(3);
> +#endif
>  }
>  
>  int niquery_option_help_handler(int index, const char *arg)
> 

NAK. If you really build ping without crypto libraries,
you should disable Node Ifnforamtion Query support completely.

-- 
Hideaki Yoshifuji <hideaki.yoshifuji@...aclelinux.com>
Technical Division, MIRACLE LINUX CORPORATION

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ