diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2013-02-20 08:27:51 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2013-02-20 08:27:51 +0000 |
| commit | 8c0c53549b5088f4b420171010abcbbe8645a8fb (patch) | |
| tree | 4a81f8ca8828aaabb121f4758f4114d868a372b2 | |
| parent | df4465ed9ba25c64774e71fbdad94c8cb2dcf746 (diff) | |
Add an option to modpipe that warns if the modification offset it not
reached in it's stream and turn it on for t-integrity. This should catch
cases where the session is not fuzzed for being too short (cf. my last
"oops" commit)
| -rw-r--r-- | regress/usr.bin/ssh/integrity.sh | 4 | ||||
| -rwxr-xr-x | regress/usr.bin/ssh/modpipe.c | 25 |
2 files changed, 20 insertions, 9 deletions
diff --git a/regress/usr.bin/ssh/integrity.sh b/regress/usr.bin/ssh/integrity.sh index 5a86e1f2a9e..55d20f9a17f 100644 --- a/regress/usr.bin/ssh/integrity.sh +++ b/regress/usr.bin/ssh/integrity.sh @@ -1,4 +1,4 @@ -# $OpenBSD: integrity.sh,v 1.6 2013/02/19 02:14:09 djm Exp $ +# $OpenBSD: integrity.sh,v 1.7 2013/02/20 08:27:50 djm Exp $ # Placed in the Public Domain. tid="integrity" @@ -34,7 +34,7 @@ for m in $macs; do continue fi # modify output from sshd at offset $off - pxy="proxycommand=$cmd | $OBJ/modpipe -m xor:$off:1" + pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1" case $m in aes*gcm*) macopt="-c $m";; *) macopt="-m $m";; diff --git a/regress/usr.bin/ssh/modpipe.c b/regress/usr.bin/ssh/modpipe.c index ef3f8d89474..aac65078e76 100755 --- a/regress/usr.bin/ssh/modpipe.c +++ b/regress/usr.bin/ssh/modpipe.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: modpipe.c,v 1.2 2012/12/11 23:48:07 djm Exp $ */ +/* $Id: modpipe.c,v 1.3 2013/02/20 08:27:50 djm Exp $ */ #include <sys/types.h> #include <unistd.h> @@ -27,7 +27,7 @@ static void usage(void) { - fprintf(stderr, "Usage: modpipe [-m modspec ...] < in > out\n"); + fprintf(stderr, "Usage: modpipe -w [-m modspec ...] < in > out\n"); fprintf(stderr, "modspec is one of:\n"); fprintf(stderr, " xor:offset:value - XOR \"value\" at \"offset\"\n"); fprintf(stderr, " andor:offset:val1:val2 - AND \"val1\" then OR \"val2\" at \"offset\"\n"); @@ -71,15 +71,18 @@ main(int argc, char **argv) size_t total; ssize_t r, s, o; struct modification mods[MAX_MODIFICATIONS]; - u_int i, num_mods = 0; + u_int i, wflag = 0, num_mods = 0; - while ((ch = getopt(argc, argv, "m:")) != -1) { + while ((ch = getopt(argc, argv, "wm:")) != -1) { switch (ch) { case 'm': if (num_mods >= MAX_MODIFICATIONS) errx(1, "Too many modifications"); parse_modification(optarg, &(mods[num_mods++])); break; + case 'w': + wflag = 1; + break; default: usage(); /* NOTREACHED */ @@ -88,7 +91,7 @@ main(int argc, char **argv) for (total = 0;;) { r = s = read(STDIN_FILENO, buf, sizeof(buf)); if (r == 0) - return 0; + break; if (r < 0) { if (errno == EAGAIN || errno == EINTR) continue; @@ -111,7 +114,7 @@ main(int argc, char **argv) for (o = 0; o < s; o += r) { r = write(STDOUT_FILENO, buf, s - o); if (r == 0) - return 0; + break; if (r < 0) { if (errno == EAGAIN || errno == EINTR) continue; @@ -120,5 +123,13 @@ main(int argc, char **argv) } total += s; } - return 0; + /* Warn if modifications not reached in input stream */ + r = 0; + for (i = 0; wflag && i < num_mods; i++) { + if (mods[i].offset < total) + continue; + r = 1; + fprintf(stderr, "modpipe: warning - mod %u not reached\n", i); + } + return r; } |