Message ID | 1483717410-19317-1-git-send-email-tim@tn-x.org |
---|---|
State | Accepted |
Commit | 303ddf3ce90201052a1fb7f5295683952292884b |
Headers | show |
diff --git a/build_patches/openwrt/0009-ntpd-host-as-string.patch b/build_patches/openwrt/0009-ntpd-host-as-string.patch new file mode 100644 index 0000000..94c2ce2 --- /dev/null +++ b/build_patches/openwrt/0009-ntpd-host-as-string.patch @@ -0,0 +1,13 @@ +diff --git package/utils/busybox/files/sysntpd package/utils/busybox/files/sysntpd +index f73bb83..61cb54c 100755 +--- package/utils/busybox/files/sysntpd ++++ package/utils/busybox/files/sysntpd +@@ -9,7 +9,7 @@ HOTPLUG_SCRIPT=/usr/sbin/ntpd-hotplug + + validate_ntp_section() { + uci_validate_section system timeserver "${1}" \ +- 'server:list(host)' 'enabled:bool:1' 'enable_server:bool:0' ++ 'server:list(string)' 'enabled:bool:1' 'enable_server:bool:0' + } + + start_service() {
Hi Tim, wenn ich das richtig verstehe, wird nun nur noch überprüft, ob die Adresse ein String ist? Was passiert dann, wenn man hier invalide Daten oder gar Schadcode einfügt? Grüße Jan Am Freitag, den 06.01.2017, 16:43 +0100 schrieb Tim Niemeyer: > Currently it seems to be more work to fix the ip validation in > ubox project (validate/validate.c). Therefore we just validate it > as string. > > Fixes #9 > > Signed-off-by: Tim Niemeyer <tim@tn-x.org> > --- > > build_patches/openwrt/0009-ntpd-host-as-string.patch | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > create mode 100644 build_patches/openwrt/0009-ntpd-host-as-string.patch > > diff --git a/build_patches/openwrt/0009-ntpd-host-as-string.patch b/build_patches/openwrt/0009-ntpd-host-as-string.patch > new file mode 100644 > index 0000000..94c2ce2 > --- /dev/null > +++ b/build_patches/openwrt/0009-ntpd-host-as-string.patch > @@ -0,0 +1,13 @@ > +diff --git package/utils/busybox/files/sysntpd package/utils/busybox/files/sysntpd > +index f73bb83..61cb54c 100755 > +--- package/utils/busybox/files/sysntpd > ++++ package/utils/busybox/files/sysntpd > +@@ -9,7 +9,7 @@ HOTPLUG_SCRIPT=/usr/sbin/ntpd-hotplug > + > + validate_ntp_section() { > + uci_validate_section system timeserver "${1}" \ > +- 'server:list(host)' 'enabled:bool:1' 'enable_server:bool:0' > ++ 'server:list(string)' 'enabled:bool:1' 'enable_server:bool:0' > + } > + > + start_service() { > -- > 2.1.4 >
Hallo nochmal, nach der Diskussion gestern im IRC hab ich mir das nochmal genauer angeschaut. Ich hatte gestern übersehen, das du hier nur die Validierung im Init Script außer Kraft setzt. Ob die so wirklich notwendig ist, sei mal dahin gestellt, da das eigentlich der NTPD selbst machen sollte. Ich war beim kurz drüber schauen etwas verwirrt, weil du da C-Files referenziert hast. Auch wenn wir langfristig versuchen sollten, diesen Hack wieder los zu werden: Reviewed-by: Jan Kraus <mayosemmel@gmail.com> Grüße Jan Am Samstag, den 07.01.2017, 15:07 +0100 schrieb Jan Kraus: > Hi Tim, > > wenn ich das richtig verstehe, wird nun nur noch überprüft, ob die > Adresse ein String ist? > Was passiert dann, wenn man hier invalide Daten oder gar Schadcode > einfügt? > > Grüße Jan > Am Freitag, den 06.01.2017, 16:43 +0100 schrieb Tim Niemeyer: > > Currently it seems to be more work to fix the ip validation in > > ubox project (validate/validate.c). Therefore we just validate it > > as string. > > > > Fixes #9 > > > > Signed-off-by: Tim Niemeyer <tim@tn-x.org> > > --- > > > > build_patches/openwrt/0009-ntpd-host-as-string.patch | 13 +++++++++++++ > > 1 file changed, 13 insertions(+) > > create mode 100644 build_patches/openwrt/0009-ntpd-host-as-string.patch > > > > diff --git a/build_patches/openwrt/0009-ntpd-host-as-string.patch b/build_patches/openwrt/0009-ntpd-host-as-string.patch > > new file mode 100644 > > index 0000000..94c2ce2 > > --- /dev/null > > +++ b/build_patches/openwrt/0009-ntpd-host-as-string.patch > > @@ -0,0 +1,13 @@ > > +diff --git package/utils/busybox/files/sysntpd package/utils/busybox/files/sysntpd > > +index f73bb83..61cb54c 100755 > > +--- package/utils/busybox/files/sysntpd > > ++++ package/utils/busybox/files/sysntpd > > +@@ -9,7 +9,7 @@ HOTPLUG_SCRIPT=/usr/sbin/ntpd-hotplug > > + > > + validate_ntp_section() { > > + uci_validate_section system timeserver "${1}" \ > > +- 'server:list(host)' 'enabled:bool:1' 'enable_server:bool:0' > > ++ 'server:list(string)' 'enabled:bool:1' 'enable_server:bool:0' > > + } > > + > > + start_service() { > > -- > > 2.1.4 > > >
Hey, hat jetzt zwar verblüffend lange gebraucht, bis ich den Patch im Patch verstanden hab, aber: Reviewed-by: Tobias Klaus <tk+ff@meskal.net> Grüße Tobias Am Freitag, 6. Januar 2017, 16:43:30 CET schrieb Tim Niemeyer: > Currently it seems to be more work to fix the ip validation in > ubox project (validate/validate.c). Therefore we just validate it > as string. > > Fixes #9 > > Signed-off-by: Tim Niemeyer <tim@tn-x.org> > --- > > build_patches/openwrt/0009-ntpd-host-as-string.patch | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > create mode 100644 build_patches/openwrt/0009-ntpd-host-as-string.patch > > diff --git a/build_patches/openwrt/0009-ntpd-host-as-string.patch > b/build_patches/openwrt/0009-ntpd-host-as-string.patch new file mode 100644 > index 0000000..94c2ce2 > --- /dev/null > +++ b/build_patches/openwrt/0009-ntpd-host-as-string.patch > @@ -0,0 +1,13 @@ > +diff --git package/utils/busybox/files/sysntpd > package/utils/busybox/files/sysntpd +index f73bb83..61cb54c 100755 > +--- package/utils/busybox/files/sysntpd > ++++ package/utils/busybox/files/sysntpd > +@@ -9,7 +9,7 @@ HOTPLUG_SCRIPT=/usr/sbin/ntpd-hotplug > + > + validate_ntp_section() { > + uci_validate_section system timeserver "${1}" \ > +- 'server:list(host)' 'enabled:bool:1' 'enable_server:bool:0' > ++ 'server:list(string)' 'enabled:bool:1' 'enable_server:bool:0' > + } > + > + start_service() {
Hi Und applied. Tim Am Freitag, den 06.01.2017, 16:43 +0100 schrieb Tim Niemeyer: > Currently it seems to be more work to fix the ip validation in > ubox project (validate/validate.c). Therefore we just validate it > as string. > > Fixes #9 > > Signed-off-by: Tim Niemeyer <tim@tn-x.org> > --- > > build_patches/openwrt/0009-ntpd-host-as-string.patch | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > create mode 100644 build_patches/openwrt/0009-ntpd-host-as-string.patch > > diff --git a/build_patches/openwrt/0009-ntpd-host-as-string.patch b/build_patches/openwrt/0009-ntpd-host-as-string.patch > new file mode 100644 > index 0000000..94c2ce2 > --- /dev/null > +++ b/build_patches/openwrt/0009-ntpd-host-as-string.patch > @@ -0,0 +1,13 @@ > +diff --git package/utils/busybox/files/sysntpd package/utils/busybox/files/sysntpd > +index f73bb83..61cb54c 100755 > +--- package/utils/busybox/files/sysntpd > ++++ package/utils/busybox/files/sysntpd > +@@ -9,7 +9,7 @@ HOTPLUG_SCRIPT=/usr/sbin/ntpd-hotplug > + > + validate_ntp_section() { > + uci_validate_section system timeserver "${1}" \ > +- 'server:list(host)' 'enabled:bool:1' 'enable_server:bool:0' > ++ 'server:list(string)' 'enabled:bool:1' 'enable_server:bool:0' > + } > + > + start_service() { > -- > 2.1.4 >
Currently it seems to be more work to fix the ip validation in ubox project (validate/validate.c). Therefore we just validate it as string. Fixes #9 Signed-off-by: Tim Niemeyer <tim@tn-x.org> --- build_patches/openwrt/0009-ntpd-host-as-string.patch | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 build_patches/openwrt/0009-ntpd-host-as-string.patch