← Back to branch summary

~ubuntu-branches/debian/squeeze/ntp/squeeze-201010051545

« back to all changes in this revision

Viewing changes to ports/winnt/libisc/net.c

  • Committer: Bazaar Package Importer
  • Author(s): Kurt Roeckx
  • Date: 2009-01-05 21:10:03 UTC
  • mfrom: (1.2.4 upstream)
  • Revision ID: james.westby@ubuntu.com-20090105211003-mh6zc3um4k1uhsj7
Tags: 1:4.2.4p4+dfsg-8
It did not properly check the return value of EVP_VerifyFinal
which results in an malformed DSA signature being treated as
a good signature rather than as an error.  (CVE-2009-0021)

Show diffs side-by-side

added added

removed removed

Lines of Context:
ports/winnt/libisc/net.c
1
1
/*
2
 
 * Copyright (C) 1999-2001  Internet Software Consortium.
 
2
 * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
 
3
 * Copyright (C) 1999-2003  Internet Software Consortium.
3
4
 *
4
5
 * Permission to use, copy, modify, and distribute this software for any
5
6
 * purpose with or without fee is hereby granted, provided that the above
6
7
 * copyright notice and this permission notice appear in all copies.
7
8
 *
8
 
 * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
9
 
 * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
10
 
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
11
 
 * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
12
 
 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
13
 
 * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
14
 
 * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
15
 
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
9
 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 
10
 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 
11
 * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 
12
 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 
13
 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 
14
 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 
15
 * PERFORMANCE OF THIS SOFTWARE.
16
16
 */
17
17
 
18
 
/* $Id: net.c,v 1.4 2001/11/21 05:07:25 mayer Exp $ */
 
18
/* $Id: net.c,v 1.3.2.2.4.7 2004/04/29 01:31:23 marka Exp $ */
19
19
 
20
20
#include <config.h>
21
21
 
22
22
#include <errno.h>
23
23
#include <unistd.h>
24
24
 
 
25
#include <ws2tcpip.h>
 
26
#include <isc/ipv6.h>
25
27
#include <isc/net.h>
 
28
#include <isc/once.h>
26
29
#include <isc/strerror.h>
27
30
#include <isc/string.h>
28
31
#include <isc/util.h>
29
32
 
30
 
#if defined(ISC_PLATFORM_HAVEIPV6) && defined(ISC_PLATFORM_NEEDIN6ADDRANY)
 
33
#if defined(ISC_PLATFORM_NEEDIN6ADDRANY)
31
34
const struct in6_addr isc_net_in6addrany = IN6ADDR_ANY_INIT;
32
35
#endif
33
36
 
34
37
static isc_boolean_t    once = ISC_FALSE;
 
38
static isc_once_t       once_ipv6only = ISC_ONCE_INIT;
 
39
static isc_once_t       once_ipv6pktinfo = ISC_ONCE_INIT;
35
40
static isc_result_t     ipv4_result = ISC_R_NOTFOUND;
36
41
static isc_result_t     ipv6_result = ISC_R_NOTFOUND;
 
42
static isc_result_t     ipv6only_result = ISC_R_NOTFOUND;
 
43
static isc_result_t     ipv6pktinfo_result = ISC_R_NOTFOUND;
37
44
 
38
45
static isc_result_t
39
46
try_proto(int domain) {
60
67
        }
61
68
 
62
69
#ifdef ISC_PLATFORM_HAVEIPV6
 
70
#ifdef WANT_IPV6
63
71
#ifdef ISC_PLATFORM_HAVEIN6PKTINFO
64
72
        if (domain == PF_INET6) {
65
73
                struct sockaddr_in6 sin6;
82
90
        }
83
91
#endif
84
92
#endif
 
93
#endif
85
94
 
86
95
        closesocket(s);
87
96
 
92
101
initialize_action(void) {
93
102
        ipv4_result = try_proto(PF_INET);
94
103
#ifdef ISC_PLATFORM_HAVEIPV6
 
104
#ifdef WANT_IPV6
95
105
#ifdef ISC_PLATFORM_HAVEIN6PKTINFO
96
106
        ipv6_result = try_proto(PF_INET6);
97
107
#endif
98
108
#endif
 
109
#endif
99
110
}
100
111
 
101
112
static void
117
128
        initialize();
118
129
        return (ipv6_result);
119
130
}
 
131
#ifdef ISC_PLATFORM_HAVEIPV6
 
132
#ifdef WANT_IPV6
 
133
static void
 
134
try_ipv6only(void) {
 
135
#ifdef IPV6_V6ONLY
 
136
        SOCKET s;
 
137
        int on;
 
138
        char strbuf[ISC_STRERRORSIZE];
 
139
#endif
 
140
        isc_result_t result;
 
141
 
 
142
        result = isc_net_probeipv6();
 
143
        if (result != ISC_R_SUCCESS) {
 
144
                ipv6only_result = result;
 
145
                return;
 
146
        }
 
147
 
 
148
#ifndef IPV6_V6ONLY
 
149
        ipv6only_result = ISC_R_NOTFOUND;
 
150
        return;
 
151
#else
 
152
        /* check for TCP sockets */
 
153
        s = socket(PF_INET6, SOCK_STREAM, 0);
 
154
        if (s == INVALID_SOCKET) {
 
155
                isc__strerror(errno, strbuf, sizeof(strbuf));
 
156
                UNEXPECTED_ERROR(__FILE__, __LINE__,
 
157
                                 "socket() %s: %s",
 
158
                                 isc_msgcat_get(isc_msgcat,
 
159
                                                ISC_MSGSET_GENERAL,
 
160
                                                ISC_MSG_FAILED,
 
161
                                                "failed"),
 
162
                                 strbuf);
 
163
                ipv6only_result = ISC_R_UNEXPECTED;
 
164
                return;
 
165
        }
 
166
 
 
167
        on = 1;
 
168
        if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0) {
 
169
                ipv6only_result = ISC_R_NOTFOUND;
 
170
                goto close;
 
171
        }
 
172
 
 
173
        close(s);
 
174
 
 
175
        /* check for UDP sockets */
 
176
        s = socket(PF_INET6, SOCK_DGRAM, 0);
 
177
        if (s == INVALID_SOCKET) {
 
178
                isc__strerror(errno, strbuf, sizeof(strbuf));
 
179
                UNEXPECTED_ERROR(__FILE__, __LINE__,
 
180
                                 "socket() %s: %s",
 
181
                                 isc_msgcat_get(isc_msgcat,
 
182
                                                ISC_MSGSET_GENERAL,
 
183
                                                ISC_MSG_FAILED,
 
184
                                                "failed"),
 
185
                                 strbuf);
 
186
                ipv6only_result = ISC_R_UNEXPECTED;
 
187
                return;
 
188
        }
 
189
 
 
190
        on = 1;
 
191
        if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0) {
 
192
                ipv6only_result = ISC_R_NOTFOUND;
 
193
                goto close;
 
194
        }
 
195
 
 
196
        close(s);
 
197
 
 
198
        ipv6only_result = ISC_R_SUCCESS;
 
199
 
 
200
close:
 
201
        close(s);
 
202
        return;
 
203
#endif /* IPV6_V6ONLY */
 
204
}
 
205
 
 
206
static void
 
207
initialize_ipv6only(void) {
 
208
        RUNTIME_CHECK(isc_once_do(&once_ipv6only,
 
209
                                  try_ipv6only) == ISC_R_SUCCESS);
 
210
}
 
211
 
 
212
static void
 
213
try_ipv6pktinfo(void) {
 
214
        int s, on;
 
215
        char strbuf[ISC_STRERRORSIZE];
 
216
        isc_result_t result;
 
217
        int optname;
 
218
 
 
219
        result = isc_net_probeipv6();
 
220
        if (result != ISC_R_SUCCESS) {
 
221
                ipv6pktinfo_result = result;
 
222
                return;
 
223
        }
 
224
 
 
225
        /* we only use this for UDP sockets */
 
226
        s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_UDP);
 
227
        if (s == -1) {
 
228
                isc__strerror(errno, strbuf, sizeof(strbuf));
 
229
                UNEXPECTED_ERROR(__FILE__, __LINE__,
 
230
                                 "socket() %s: %s",
 
231
                                 isc_msgcat_get(isc_msgcat,
 
232
                                                ISC_MSGSET_GENERAL,
 
233
                                                ISC_MSG_FAILED,
 
234
                                                "failed"),
 
235
                                 strbuf);
 
236
                ipv6pktinfo_result = ISC_R_UNEXPECTED;
 
237
                return;
 
238
        }
 
239
 
 
240
#ifdef IPV6_RECVPKTINFO
 
241
        optname = IPV6_RECVPKTINFO;
 
242
#else
 
243
        optname = IPV6_PKTINFO;
 
244
#endif
 
245
        on = 1;
 
246
        if (setsockopt(s, IPPROTO_IPV6, optname, &on, sizeof(on)) < 0) {
 
247
                ipv6pktinfo_result = ISC_R_NOTFOUND;
 
248
                goto close;
 
249
        }
 
250
 
 
251
        close(s);
 
252
        ipv6pktinfo_result = ISC_R_SUCCESS;
 
253
 
 
254
close:
 
255
        close(s);
 
256
        return;
 
257
}
 
258
 
 
259
static void
 
260
initialize_ipv6pktinfo(void) {
 
261
        RUNTIME_CHECK(isc_once_do(&once_ipv6pktinfo,
 
262
                                  try_ipv6pktinfo) == ISC_R_SUCCESS);
 
263
}
 
264
#endif /* WANT_IPV6 */
 
265
#endif /* ISC_PLATFORM_HAVEIPV6 */
 
266
 
 
267
isc_result_t
 
268
isc_net_probe_ipv6only(void) {
 
269
#ifdef ISC_PLATFORM_HAVEIPV6
 
270
#ifdef WANT_IPV6
 
271
        initialize_ipv6only();
 
272
#else
 
273
        ipv6only_result = ISC_R_NOTFOUND;
 
274
#endif
 
275
#endif
 
276
        return (ipv6only_result);
 
277
}
 
278
 
 
279
isc_result_t
 
280
isc_net_probe_ipv6pktinfo(void) {
 
281
#ifdef ISC_PLATFORM_HAVEIPV6
 
282
#ifdef WANT_IPV6
 
283
        initialize_ipv6pktinfo();
 
284
#else
 
285
        ipv6pktinfo_result = ISC_R_NOTFOUND;
 
286
#endif
 
287
#endif
 
288
        return (ipv6pktinfo_result);
 
289
}
 
290
 
 
291
void
 
292
isc_net_disableipv4(void) {
 
293
        initialize();
 
294
        if (ipv4_result == ISC_R_SUCCESS)
 
295
                ipv4_result = ISC_R_DISABLED;
 
296
}
 
297
 
 
298
void
 
299
isc_net_disableipv6(void) {
 
300
        initialize();
 
301
        if (ipv6_result == ISC_R_SUCCESS)
 
302
                ipv6_result = ISC_R_DISABLED;
 
303
}
 
304
 
 
305
void
 
306
isc_net_enableipv4(void) {
 
307
        initialize();
 
308
        if (ipv4_result == ISC_R_DISABLED)
 
309
                ipv4_result = ISC_R_SUCCESS;
 
310
}
 
311
 
 
312
void
 
313
isc_net_enableipv6(void) {
 
314
        initialize();
 
315
        if (ipv6_result == ISC_R_DISABLED)
 
316
                ipv6_result = ISC_R_SUCCESS;
 
317
}
120
318
/*
121
319
 * Initialize socket services
122
320
 */