openwrt: fix ntp init to accept link local addr

Details

Message ID	1483717410-19317-1-git-send-email-tim@tn-x.org
State	Accepted
Commit	303ddf3ce90201052a1fb7f5295683952292884b
Headers	show Return-Path: <franken-dev-bounces@freifunk.net> From: Tim Niemeyer <tim@tn-x.org> To: franken-dev@freifunk.net Subject: [PATCH] openwrt: fix ntp init to accept link local addr Date: Fri, 6 Jan 2017 16:43:30 +0100 Message-Id: <1483717410-19317-1-git-send-email-tim@tn-x.org> Cc: Tim Niemeyer <tim@tn-x.org> Precedence: list Reply-To: Tim Niemeyer <tim@tn-x.org>, franken-dev@freifunk.net MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Errors-To: franken-dev-bounces@freifunk.net Sender: "franken-dev" <franken-dev-bounces@freifunk.net>

Message ID

1483717410-19317-1-git-send-email-tim@tn-x.org

State

Accepted

Commit

303ddf3ce90201052a1fb7f5295683952292884b

Headers

show

Return-Path: <franken-dev-bounces@freifunk.net>
X-Original-To: patchwork@server2.heidler.eu
Delivered-To: patchwork@server2.heidler.eu
Received: from pferd.in-berlin.de (pferd.in-berlin.de
	[IPv6:2001:bf0:c000:a::1:122])
	by server2.heidler.eu (Postfix) with ESMTP id 53693C1DE8
	for <patchwork@server2.heidler.eu>;
	Fri,  6 Jan 2017 16:44:40 +0100 (CET)
Received: from pferd.in-berlin.de (localhost [127.0.0.1])
	by pferd.in-berlin.de (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id
	v06Fhfo0007722; Fri, 6 Jan 2017 16:43:41 +0100
X-Mailman-Handler: $Id: mm-handler 5100 2002-04-05 19:41:09Z bwarsaw $
Received: from einhorn-in.in-berlin.de (einhorn-in.in-berlin.de
	[192.109.42.16])
	by pferd.in-berlin.de (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id
	v06FhdCN007717
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT) for <franken-dev+freifunk.net@mailman1.in-berlin.de>;
	Fri, 6 Jan 2017 16:43:39 +0100
Received: from argali.in-berlin.de (argali.in-berlin.de [192.109.42.10])
	by einhorn-in.in-berlin.de (8.14.4/8.14.4/Debian-4) with ESMTP id
	v06FhdbN002796
	for <franken-dev@freifunk.net>; Fri, 6 Jan 2017 16:43:39 +0100
X-Envelope-From: tim.niemeyer@mastersword.de
X-Envelope-To: <franken-dev@freifunk.net>
Received: from azrael.tn-x.org (azrael.tn-x.org [176.9.47.21])
	by argali.in-berlin.de (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id
	v06FhWv2020799
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for <franken-dev@freifunk.net>; Fri, 6 Jan 2017 16:43:35 +0100
Received: from redi7.home.tn-x.org (unknown
	[IPv6:2a02:810d:8ac0:33b2:bc06:d370:a7b8:10e8])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by azrael.tn-x.org (Postfix) with ESMTPSA id 0DCD933E748;
	Fri,  6 Jan 2017 16:43:32 +0100 (CET)
Received: from reddog by redi7.home.tn-x.org with local (Exim 4.84_2)
	(envelope-from <tim.niemeyer@mastersword.de>)
	id 1cPWfz-0005Q7-Mz; Fri, 06 Jan 2017 16:43:31 +0100
From: Tim Niemeyer <tim@tn-x.org>
To: franken-dev@freifunk.net
Subject: [PATCH] openwrt: fix ntp init to accept link local addr
Date: Fri,  6 Jan 2017 16:43:30 +0100
Message-Id: <1483717410-19317-1-git-send-email-tim@tn-x.org>
X-Mailer: git-send-email 2.1.4
X-Spam-Score: (0.001) BAYES_50
Cc: Tim Niemeyer <tim@tn-x.org>
X-BeenThere: franken-dev@freifunk.net
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Tim Niemeyer <tim@tn-x.org>, franken-dev@freifunk.net
List-Id: <franken-dev-freifunk.net>
List-Unsubscribe: <http://lists.freifunk.net/mailman/options/franken-dev-freifunk.net>,
	<mailto:franken-dev-request@freifunk.net?subject=unsubscribe>
List-Archive: <http://lists.freifunk.net/pipermail/franken-dev-freifunk.net/>
List-Post: <mailto:franken-dev@freifunk.net>
List-Help: <mailto:franken-dev-request@freifunk.net?subject=help>
List-Subscribe: <http://lists.freifunk.net/mailman/listinfo/franken-dev-freifunk.net>,
	<mailto:franken-dev-request@freifunk.net?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Errors-To: franken-dev-bounces@freifunk.net
Sender: "franken-dev" <franken-dev-bounces@freifunk.net>

Commit Message

Tim Niemeyer Jan. 6, 2017, 3:43 p.m.

Currently it seems to be more work to fix the ip validation in
ubox project (validate/validate.c). Therefore we just validate it
as string.

Fixes #9

Signed-off-by: Tim Niemeyer <tim@tn-x.org>
---

 build_patches/openwrt/0009-ntpd-host-as-string.patch | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 build_patches/openwrt/0009-ntpd-host-as-string.patch

Patch hide | download patch | download mbox

diff --git a/build_patches/openwrt/0009-ntpd-host-as-string.patch b/build_patches/openwrt/0009-ntpd-host-as-string.patch
new file mode 100644
index 0000000..94c2ce2
--- /dev/null
+++ b/build_patches/openwrt/0009-ntpd-host-as-string.patch
@@ -0,0 +1,13 @@ 
+diff --git package/utils/busybox/files/sysntpd package/utils/busybox/files/sysntpd
+index f73bb83..61cb54c 100755
+--- package/utils/busybox/files/sysntpd
++++ package/utils/busybox/files/sysntpd
+@@ -9,7 +9,7 @@ HOTPLUG_SCRIPT=/usr/sbin/ntpd-hotplug
+ 
+ validate_ntp_section() {
+ 	uci_validate_section system timeserver "${1}" \
+-		'server:list(host)' 'enabled:bool:1' 'enable_server:bool:0'
++		'server:list(string)' 'enabled:bool:1' 'enable_server:bool:0'
+ }
+ 
+ start_service() {

Comments

Jan Kraus Jan. 7, 2017, 2:07 p.m.

Hi Tim,

wenn ich das richtig verstehe, wird nun nur noch überprüft, ob die
Adresse ein String ist?
Was passiert dann, wenn man hier invalide Daten oder gar Schadcode
einfügt?

Grüße Jan
Am Freitag, den 06.01.2017, 16:43 +0100 schrieb Tim Niemeyer:
> Currently it seems to be more work to fix the ip validation in
> ubox project (validate/validate.c). Therefore we just validate it
> as string.
> 
> Fixes #9
> 
> Signed-off-by: Tim Niemeyer <tim@tn-x.org>
> ---
> 
>  build_patches/openwrt/0009-ntpd-host-as-string.patch | 13 +++++++++++++
>  1 file changed, 13 insertions(+)
>  create mode 100644 build_patches/openwrt/0009-ntpd-host-as-string.patch
> 
> diff --git a/build_patches/openwrt/0009-ntpd-host-as-string.patch b/build_patches/openwrt/0009-ntpd-host-as-string.patch
> new file mode 100644
> index 0000000..94c2ce2
> --- /dev/null
> +++ b/build_patches/openwrt/0009-ntpd-host-as-string.patch
> @@ -0,0 +1,13 @@
> +diff --git package/utils/busybox/files/sysntpd package/utils/busybox/files/sysntpd
> +index f73bb83..61cb54c 100755
> +--- package/utils/busybox/files/sysntpd
> ++++ package/utils/busybox/files/sysntpd
> +@@ -9,7 +9,7 @@ HOTPLUG_SCRIPT=/usr/sbin/ntpd-hotplug
> + 
> + validate_ntp_section() {
> + 	uci_validate_section system timeserver "${1}" \
> +-		'server:list(host)' 'enabled:bool:1' 'enable_server:bool:0'
> ++		'server:list(string)' 'enabled:bool:1' 'enable_server:bool:0'
> + }
> + 
> + start_service() {
> -- 
> 2.1.4
>

Jan Kraus Jan. 8, 2017, 10:24 a.m.

Hallo nochmal,

nach der Diskussion gestern im IRC hab ich mir das nochmal genauer
angeschaut.
Ich hatte gestern übersehen, das du hier nur die Validierung im Init
Script außer Kraft setzt. Ob die so wirklich notwendig ist, sei mal
dahin gestellt, da das eigentlich der NTPD selbst machen sollte.
Ich war beim kurz drüber schauen etwas verwirrt, weil du da C-Files
referenziert hast.

Auch wenn wir langfristig versuchen sollten, diesen Hack wieder los zu
werden:
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>

Grüße Jan

Am Samstag, den 07.01.2017, 15:07 +0100 schrieb Jan Kraus:
> Hi Tim,
> 
> wenn ich das richtig verstehe, wird nun nur noch überprüft, ob die
> Adresse ein String ist?
> Was passiert dann, wenn man hier invalide Daten oder gar Schadcode
> einfügt?
> 
> Grüße Jan
> Am Freitag, den 06.01.2017, 16:43 +0100 schrieb Tim Niemeyer:
> > Currently it seems to be more work to fix the ip validation in
> > ubox project (validate/validate.c). Therefore we just validate it
> > as string.
> > 
> > Fixes #9
> > 
> > Signed-off-by: Tim Niemeyer <tim@tn-x.org>
> > ---
> > 
> >  build_patches/openwrt/0009-ntpd-host-as-string.patch | 13 +++++++++++++
> >  1 file changed, 13 insertions(+)
> >  create mode 100644 build_patches/openwrt/0009-ntpd-host-as-string.patch
> > 
> > diff --git a/build_patches/openwrt/0009-ntpd-host-as-string.patch b/build_patches/openwrt/0009-ntpd-host-as-string.patch
> > new file mode 100644
> > index 0000000..94c2ce2
> > --- /dev/null
> > +++ b/build_patches/openwrt/0009-ntpd-host-as-string.patch
> > @@ -0,0 +1,13 @@
> > +diff --git package/utils/busybox/files/sysntpd package/utils/busybox/files/sysntpd
> > +index f73bb83..61cb54c 100755
> > +--- package/utils/busybox/files/sysntpd
> > ++++ package/utils/busybox/files/sysntpd
> > +@@ -9,7 +9,7 @@ HOTPLUG_SCRIPT=/usr/sbin/ntpd-hotplug
> > + 
> > + validate_ntp_section() {
> > + 	uci_validate_section system timeserver "${1}" \
> > +-		'server:list(host)' 'enabled:bool:1' 'enable_server:bool:0'
> > ++		'server:list(string)' 'enabled:bool:1' 'enable_server:bool:0'
> > + }
> > + 
> > + start_service() {
> > -- 
> > 2.1.4
> > 
>

Tobias Klaus Jan. 9, 2017, 9:40 p.m.

Hey,

hat jetzt zwar verblüffend lange gebraucht, bis ich den Patch im Patch 
verstanden hab, aber:

Reviewed-by: Tobias Klaus <tk+ff@meskal.net>

Grüße
Tobias

Am Freitag, 6. Januar 2017, 16:43:30 CET schrieb Tim Niemeyer:
> Currently it seems to be more work to fix the ip validation in
> ubox project (validate/validate.c). Therefore we just validate it
> as string.
> 
> Fixes #9
> 
> Signed-off-by: Tim Niemeyer <tim@tn-x.org>
> ---
> 
>  build_patches/openwrt/0009-ntpd-host-as-string.patch | 13 +++++++++++++
>  1 file changed, 13 insertions(+)
>  create mode 100644 build_patches/openwrt/0009-ntpd-host-as-string.patch
> 
> diff --git a/build_patches/openwrt/0009-ntpd-host-as-string.patch
> b/build_patches/openwrt/0009-ntpd-host-as-string.patch new file mode 100644
> index 0000000..94c2ce2
> --- /dev/null
> +++ b/build_patches/openwrt/0009-ntpd-host-as-string.patch
> @@ -0,0 +1,13 @@
> +diff --git package/utils/busybox/files/sysntpd
> package/utils/busybox/files/sysntpd +index f73bb83..61cb54c 100755
> +--- package/utils/busybox/files/sysntpd
> ++++ package/utils/busybox/files/sysntpd
> +@@ -9,7 +9,7 @@ HOTPLUG_SCRIPT=/usr/sbin/ntpd-hotplug
> +
> + validate_ntp_section() {
> + 	uci_validate_section system timeserver "${1}" \
> +-		'server:list(host)' 'enabled:bool:1' 'enable_server:bool:0'
> ++		'server:list(string)' 'enabled:bool:1' 'enable_server:bool:0'
> + }
> +
> + start_service() {

Tim Niemeyer Jan. 10, 2017, 6:32 p.m.

Hi

Und applied.

Tim

Am Freitag, den 06.01.2017, 16:43 +0100 schrieb Tim Niemeyer:
> Currently it seems to be more work to fix the ip validation in
> ubox project (validate/validate.c). Therefore we just validate it
> as string.
> 
> Fixes #9
> 
> Signed-off-by: Tim Niemeyer <tim@tn-x.org>
> ---
> 
>  build_patches/openwrt/0009-ntpd-host-as-string.patch | 13 +++++++++++++
>  1 file changed, 13 insertions(+)
>  create mode 100644 build_patches/openwrt/0009-ntpd-host-as-string.patch
> 
> diff --git a/build_patches/openwrt/0009-ntpd-host-as-string.patch b/build_patches/openwrt/0009-ntpd-host-as-string.patch
> new file mode 100644
> index 0000000..94c2ce2
> --- /dev/null
> +++ b/build_patches/openwrt/0009-ntpd-host-as-string.patch
> @@ -0,0 +1,13 @@
> +diff --git package/utils/busybox/files/sysntpd package/utils/busybox/files/sysntpd
> +index f73bb83..61cb54c 100755
> +--- package/utils/busybox/files/sysntpd
> ++++ package/utils/busybox/files/sysntpd
> +@@ -9,7 +9,7 @@ HOTPLUG_SCRIPT=/usr/sbin/ntpd-hotplug
> + 
> + validate_ntp_section() {
> + 	uci_validate_section system timeserver "${1}" \
> +-		'server:list(host)' 'enabled:bool:1' 'enable_server:bool:0'
> ++		'server:list(string)' 'enabled:bool:1' 'enable_server:bool:0'
> + }
> + 
> + start_service() {
> -- 
> 2.1.4
>