From: Juergen Perlinger Date: Wed, 21 Oct 2020 06:28:23 +0000 (+0000) Subject: Merge psp-deb1.ntp.org:/home/stenn/ntp-stable X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a07d4bb286e71609d8a6ef08be25903f35b4a6b7;p=thirdparty%2Fntp.git Merge psp-deb1.ntp.org:/home/stenn/ntp-stable into psp-deb1.ntp.org:/net/nfs1/nfs/home/perlinger/MERGER/ntp-stable-3693 bk: 5f8fd507-aVBz8kssxce1YdG2S9_YA --- a07d4bb286e71609d8a6ef08be25903f35b4a6b7 diff --cc ChangeLog index 8bf5d4c73,d28c48747..0efd6c27e --- a/ChangeLog +++ b/ChangeLog @@@ -1,23 -1,6 +1,24 @@@ --- - + * [Bug 3693] Improvement of error handling key lengths + - original patch by Richard Schmidt, with mods & unit test fixes +* [Bug 3692] /dev/gpsN requirement prevents KPPS + - implement/wrap 'realpath()' to resolve symlinks in device names +* [Bug 3690] newline in ntp clock variable (parse) + - patch by Frank Kardel +* [Bug 3689] Extension for MD5, SHA-1 and other keys + - ntp{q,dc} now use the same password processing as ntpd does in the key + file, so havin a binary secret >= 11 bytes is possible for all keys. + (This is a different approach to the roblem than suggested) +* [Bug 3688] GCC 10 build errors in testsuite +* [Bug 3676] compiler warnings (CMAC, interrupt_buf, typo, fallthrough) + - applied patches by Gerry Garvey +* [Bug 3675] ntpq ccmds[] stores pointer to non-persistent storage +* [Bug 3672] fix biased selection in median cut +* [Bug 3666] avoid unlimited receive buffer allocation + - follow-up: fix inverted sense in check, reset shortfall counter +* [Bug 3626] (SNTP) UTC offset calculation needs dst flag + - applied patch by Gerry Garvey +* Implement NTP_FUNC_REALPATH. --- (4.2.8p15) 2020/06/23 Released by Harlan Stenn diff --cc libntp/authkeys.c index 3d16228af,0cac2fd81..4448dadd2 --- a/libntp/authkeys.c +++ b/libntp/authkeys.c @@@ -925,97 -925,5 +925,97 @@@ authdecrypt return MD5authdecrypt(cache_type, cache_secret, cache_secretsize, - pkt, length, size); + pkt, length, size, keyno); } + +/* password decoding helpers */ +static size_t +pwdecode_plain( + u_char * dst, + size_t dstlen, + const char * src + ) +{ + size_t srclen = strlen(src); + if (srclen > dstlen) { + errno = ENOMEM; + return (size_t)-1; + } + memcpy(dst, src, srclen); + return srclen; +} + +static size_t +pwdecode_hex( + u_char * dst, + size_t dstlen, + const char * src + ) +{ + static const char hex[] = "00112233445566778899AaBbCcDdEeFf"; + + size_t srclen = strlen(src); + size_t reslen = (srclen >> 1) + (srclen & 1); + u_char tmp; + char *ptr; + size_t j; + + if (reslen > dstlen) { + errno = ENOMEM; + reslen = (size_t)-1; + } else { + for (j = 0; j < srclen; ++j) { + tmp = *(const unsigned char*)(src + j); + ptr = strchr(hex, tmp); + if (ptr == NULL) { + errno = EINVAL; + reslen = (size_t)-1; + break; + } + tmp = (u_char)((ptr - hex) > 1); + if (j & 1) + dst[j >> 1] |= tmp; + else + dst[j >> 1] = tmp << 4; + } + } + return reslen; +} +/* + * authdecodepw - decode plaintext or hex-encoded password to binary + * secret. Returns size of secret in bytes or -1 on error. + */ +size_t +authdecodepw( + u_char * dst, + size_t dstlen, + const char * src, + enum AuthPwdEnc enc + ) +{ + size_t reslen; + + if ( !(dst && dstlen && src)) { + errno = EINVAL; + reslen = (size_t)-1; + } else { + switch (enc) { + case AUTHPWD_UNSPEC: + if (strlen(src) <= 20) + reslen = pwdecode_plain(dst, dstlen, src); + else + reslen = pwdecode_hex(dst, dstlen, src); + break; + case AUTHPWD_PLAIN: + reslen = pwdecode_plain(dst, dstlen, src); + break; + case AUTHPWD_HEX: + reslen = pwdecode_hex(dst, dstlen, src); + break; + default: + errno = EINVAL; + reslen = (size_t)-1; + } + } + return reslen; +}