/mandos/trunk : revision 1229

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

Committer: teddy at recompile
Date: 2020-12-03 20:30:45 UTC
Revision ID: teddy@recompile.se-20201203203045-iqd6nq9y5nwalh1x

Minor fix of a test function

In dracut-module/password-agent, the test function
test_send_password_to_socket_EMSGSIZE() (which tests that the
send_password_to_socket() task function aborts properly when getting
EMSGSIZE when writing to the password socket), part of the test code
is supposed to find a message size which definitely does trigger
EMSGSIZE when send()ing to a socket.  Without a "break" in the proper
place, however, the size given is always exactly 1024 bytes too large.

This is very probably not a problem, since a too large message will
still be too large if it is increased by 1024 bytes, and send(2) in
practice checks the size before reading the buffer.  The biggest issue
would be if some version of send(2) would try to look at the last 1024
bytes of the message buffer before checking the message size; this
would then lead to a buffer over-read when running this test function.
(But even then there would be no security implications since the tests
are not run in the normal operation of the program.)

* dracut-module/password-agent.c
  (test_send_password_to_socket_EMSGSIZE): Break out early when ssret
  < 0 and errno == EMSGSIZE; don't allow loop to increase message_size
  again.

Show diffs side-by-side

added added

removed removed

mandos

# "AvahiService" class, and some lines in "main".

# Everything else is

# This file is part of Mandos.

import codecs

import unittest

import random

import shlex

import dbus

import dbus.service

__metaclass__ = type

str = unicode

# Add collections.abc.Callable if it does not exist

try:

100

collections.abc.Callable

101

except AttributeError:

102

class abc:

103

Callable = collections.Callable

104

collections.abc = abc

105

del abc

106

107

# Add shlex.quote if it does not exist

108

try:

109

shlex.quote

110

except AttributeError:

111

shlex.quote = re.escape

112

113

# Show warnings by default

114

if not sys.warnoptions:

115

import warnings

127

143

if sys.version_info < (3, 2):

128

144

configparser.Configparser = configparser.SafeConfigParser

129

145

130

version = "1.8.9"

146

version = "1.8.13"

131

147

stored_state_file = "clients.pickle"

132

148

133

149

logger = logging.getLogger()

508

524

class AvahiServiceToSyslog(AvahiService):

509

525

def rename(self, *args, **kwargs):

510

526

"""Add the new name to the syslog messages"""

511

ret = super(AvahiServiceToSyslog, self).rename(*args, **kwargs)

527

ret = super(AvahiServiceToSyslog, self).rename(*args,

528

**kwargs)

512

529

syslogger.setFormatter(logging.Formatter(

513

530

'Mandos ({}) [%(process)d]: %(levelname)s: %(message)s'

514

531

.format(self.name)))

758

775

759

776

x509_crt_fmt_t = ctypes.c_int

760

777

761

# All the function declarations below are from gnutls/abstract.h

778

# All the function declarations below are from

779

# gnutls/abstract.h

762

780

pubkey_init = _library.gnutls_pubkey_init

763

781

pubkey_init.argtypes = [ctypes.POINTER(pubkey_t)]

764

782

pubkey_init.restype = _error_code

778

796

pubkey_deinit.argtypes = [pubkey_t]

779

797

pubkey_deinit.restype = None

780

798

else:

781

# All the function declarations below are from gnutls/openpgp.h

799

# All the function declarations below are from

800

# gnutls/openpgp.h

782

801

783

802

openpgp_crt_init = _library.gnutls_openpgp_crt_init

784

803

openpgp_crt_init.argtypes = [ctypes.POINTER(openpgp_crt_t)]

790

809

openpgp_crt_fmt_t]

791

810

openpgp_crt_import.restype = _error_code

792

811

793

openpgp_crt_verify_self = _library.gnutls_openpgp_crt_verify_self

794

openpgp_crt_verify_self.argtypes = [openpgp_crt_t, ctypes.c_uint,

795

ctypes.POINTER(ctypes.c_uint)]

812

openpgp_crt_verify_self = \

813

_library.gnutls_openpgp_crt_verify_self

814

openpgp_crt_verify_self.argtypes = [

815

openpgp_crt_t,

816

ctypes.c_uint,

817

ctypes.POINTER(ctypes.c_uint),

818

]

796

819

openpgp_crt_verify_self.restype = _error_code

797

820

798

821

openpgp_crt_deinit = _library.gnutls_openpgp_crt_deinit

1118

1141

if self.checker is None:

1119

1142

# Escape attributes for the shell

1120

1143

escaped_attrs = {

1121

attr: re.escape(str(getattr(self, attr)))

1144

attr: shlex.quote(str(getattr(self, attr)))

1122

1145

for attr in self.runtime_expansions}

1123

1146

try:

1124

1147

command = self.checker_command % escaped_attrs

2452

2475

buf = ctypes.create_string_buffer(32)

2453

2476

buf_len = ctypes.c_size_t(len(buf))

2454

2477

# Get the key ID from the raw public key into the buffer

2455

gnutls.pubkey_get_key_id(pubkey,

2456

gnutls.KEYID_USE_SHA256,

2457

ctypes.cast(ctypes.byref(buf),

2458

ctypes.POINTER(ctypes.c_ubyte)),

2459

ctypes.byref(buf_len))

2478

gnutls.pubkey_get_key_id(

2479

pubkey,

2480

gnutls.KEYID_USE_SHA256,

2481

ctypes.cast(ctypes.byref(buf),

2482

ctypes.POINTER(ctypes.c_ubyte)),

2483

ctypes.byref(buf_len))

2460

2484

# Deinit the certificate

2461

2485

gnutls.pubkey_deinit(pubkey)

2462

2486

2707

2731

address = request[3]

2708

2732

2709

2733

for c in self.clients.values():

2710

if key_id == "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855":

2734

if key_id == ("E3B0C44298FC1C149AFBF4C8996FB924"

2735

"27AE41E4649B934CA495991B7852B855"):

2711

2736

continue

2712

2737

if key_id and c.key_id == key_id:

2713

2738

client = c

2748

2773

if command == 'getattr':

2749

2774

attrname = request[1]

2750

2775

if isinstance(client_object.__getattribute__(attrname),

2751

collections.Callable):

2776

collections.abc.Callable):

2752

2777

parent_pipe.send(('function', ))

2753

2778

else:

2754

2779

parent_pipe.send((

2765

2790

def rfc3339_duration_to_delta(duration):

2766

2791

"""Parse an RFC 3339 "duration" and return a datetime.timedelta

2767

2792

2768

>>> rfc3339_duration_to_delta("P7D") == datetime.timedelta(7)

2769

True

2770

>>> rfc3339_duration_to_delta("PT60S") == datetime.timedelta(0, 60)

2771

True

2772

>>> rfc3339_duration_to_delta("PT60M") == datetime.timedelta(0, 3600)

2773

True

2774

>>> rfc3339_duration_to_delta("PT24H") == datetime.timedelta(1)

2775

True

2776

>>> rfc3339_duration_to_delta("P1W") == datetime.timedelta(7)

2777

True

2778

>>> rfc3339_duration_to_delta("PT5M30S") == datetime.timedelta(0, 330)

2779

True

2780

>>> rfc3339_duration_to_delta("P1DT3M20S") == datetime.timedelta(1, 200)

2781

True

2793

>>> timedelta = datetime.timedelta

2794

>>> rfc3339_duration_to_delta("P7D") == timedelta(7)

2795

True

2796

>>> rfc3339_duration_to_delta("PT60S") == timedelta(0, 60)

2797

True

2798

>>> rfc3339_duration_to_delta("PT60M") == timedelta(0, 3600)

2799

True

2800

>>> rfc3339_duration_to_delta("PT24H") == timedelta(1)

2801

True

2802

>>> rfc3339_duration_to_delta("P1W") == timedelta(7)

2803

True

2804

>>> rfc3339_duration_to_delta("PT5M30S") == timedelta(0, 330)

2805

True

2806

>>> rfc3339_duration_to_delta("P1DT3M20S") == timedelta(1, 200)

2807

True

2808

>>> del timedelta

2782

2809

"""

2783

2810

2784

2811

# Parsing an RFC 3339 duration with regular expressions is not

Older »