From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed, 19 Jan 2011 13:44:10 +0000 (+0100)
Subject: Reply with status invalid instead of bad length on invalid command
X-Git-Tag: 1.25-pre1~11
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bc4d5df94ee46c57e4bfce2ed448ff84d05d7949;p=thirdparty%2Fchrony.git

Reply with status invalid instead of bad length on invalid command
---

diff --git a/client.c b/client.c
index e6dbd61e..b671bef3 100644
--- a/client.c
+++ b/client.c
@@ -1309,6 +1309,8 @@ submit_request(CMD_Request *request, CMD_Reply *reply, int *reply_auth_ok)
     }
 
     command_length = PKL_CommandLength(request);
+    assert(command_length > 0);
+
 #if 0
     printf("Sent command length=%d bytes\n", command_length);
 #endif
diff --git a/cmdmon.c b/cmdmon.c
index 38aec8da..9cad3412 100644
--- a/cmdmon.c
+++ b/cmdmon.c
@@ -1784,6 +1784,7 @@ read_from_cmd_socket(void *anything)
 
   read_length = status;
   expected_length = PKL_CommandLength(&rx_message);
+  rx_command = ntohs(rx_message.command);
 
   LCL_ReadRawTime(&now);
   LCL_CookTime(&now, &cooked_now, NULL);
@@ -1858,6 +1859,18 @@ read_from_cmd_socket(void *anything)
     return;
   }
 
+  if (rx_command >= N_REQUEST_TYPES) {
+    if (!LOG_RateLimited()) {
+      LOG(LOGS_WARN, LOGF_CmdMon, "Read command packet with invalid command %d from %s:%hu", rx_command, UTI_IPToString(&remote_ip), remote_port);
+    }
+    if (allowed)
+      CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
+
+    tx_message.status = htons(STT_INVALID);
+    transmit_reply(&tx_message, &where_from);
+    return;
+  }
+
   if (read_length != expected_length) {
     if (!LOG_RateLimited()) {
       LOG(LOGS_WARN, LOGF_CmdMon, "Read incorrectly sized command packet from %s:%hu", UTI_IPToString(&remote_ip), remote_port);
@@ -1888,8 +1901,6 @@ read_from_cmd_socket(void *anything)
     return;
   }
 
-  rx_command = ntohs(rx_message.command);
-
   /* OK, we have a valid message.  Now dispatch on message type and process it. */
 
   /* Do authentication stuff and command tokens here.  Well-behaved
@@ -2015,10 +2026,9 @@ read_from_cmd_socket(void *anything)
   tx_message.token = htonl(tx_message_token);
 
 
-  /* If command type is invalid, send back reply */
   if (rx_command >= N_REQUEST_TYPES) {
-    tx_message.status = htons(STT_INVALID);
-    tx_message.reply = htons(RPY_NULL);
+    /* This should be already handled */
+    assert(0);
   } else {
     allowed = 0;