summaryrefslogtreecommitdiff
path: root/security/cfs
diff options
context:
space:
mode:
authorBrian Feldman <green@FreeBSD.org>2004-04-18 03:12:05 +0000
committerBrian Feldman <green@FreeBSD.org>2004-04-18 03:12:05 +0000
commit92e25f44670b7ae0ba6cf748ea50ed440e015b60 (patch)
tree385553d25429cdbca98ba9d12cd4b1918163e01a /security/cfs
parentDrop the coalescence timeout from 50 to 15 to compromise between actual (diff)
Previously, cfsd would screw up if you used 8-bit filenames. Fix the
checksum mechanism for pathnames so that it works for those paths. Submitted by: Olof Samuelsson <olof@s8n.pp.se> PR: 35353
Diffstat (limited to 'security/cfs')
-rw-r--r--security/cfs/Makefile1
-rw-r--r--security/cfs/files/patch-cfs_fh.c83
2 files changed, 70 insertions, 14 deletions
diff --git a/security/cfs/Makefile b/security/cfs/Makefile
index cc13db23ddfe..261478ad8183 100644
--- a/security/cfs/Makefile
+++ b/security/cfs/Makefile
@@ -7,6 +7,7 @@
PORTNAME= cfs
PORTVERSION= 1.4.1
+PORTREVESION= 1
CATEGORIES= security
MASTER_SITES= http://www.crypto.com/software/
diff --git a/security/cfs/files/patch-cfs_fh.c b/security/cfs/files/patch-cfs_fh.c
index f474d23b7100..f2fcf64686bf 100644
--- a/security/cfs/files/patch-cfs_fh.c
+++ b/security/cfs/files/patch-cfs_fh.c
@@ -1,16 +1,71 @@
---- cfs_fh.c.orig Mon Aug 27 01:47:52 2001
-+++ cfs_fh.c Mon Aug 27 01:48:41 2001
-@@ -177,6 +177,13 @@
- perror("write");
- return -1;
- }
-+ /* due to the way the file is padded we may actually have to
-+ truncate it here. This happens when the write is at the end of
-+ the file, is shorter than CFSBLOCK and brings the file to a length
-+ which is evenly dividable by CFSBLOCK */
-+ if (offset+len > dtov(sb.st_size) && vtod(offset+len) < sb.st_size) {
-+ ftruncate(fd, vtod(offset+len));
+--- cfs_fh.c.orig Sat Apr 17 20:44:41 2004
++++ cfs_fh.c Sat Apr 17 23:01:11 2004
+@@ -225,7 +225,9 @@
+ }
+
+ /*
+- * set high order bits
++ * Carefully frob the high order bits of s in a way that is both easily
++ * reversible (see unchksum) and backwards-compatible (at least for 7-bit
++ * characters).
+ */
+ chksum(s,l)
+ char *s;
+@@ -236,16 +238,44 @@
+ u_char bits[8];
+
+ acc=0;
+- for (i=0; s[i]!='\0'; i++)
+- acc += s[i]*((i%6)+1);
++ /* Everything we do here must be reproducible without knowledge of
++ bit 7 because unchksum won't have that information. Therefore,
++ only accumulate the lower 7 bits of each char and stop at the
++ first occurrence of either 0x00 or 0x80. Note that, for inputs
++ with bit 7 constantly zero, this is equivalent to looking at the
++ whole string. */
++ for (i=0; (s[i]&0x7f) != '\0'; i++)
++ acc += (s[i]&0x7f)*((i%6)+1);
++ for (; s[i]!='\0'; i++) /* advance i if we stopped at a 0x80 */
++ ;
+ for (i++; i<l; i++) /* fill up the end */
+ s[i] = s[i%8];
+ for (i=0; i<8; i++)
+ bits[i] = (acc<<(i%8))&0x80;
+ for (i=0; i<l; i++)
+- s[i] |= bits[i%8];
++ s[i] ^= bits[i%8];
+ }
+
++unchksum(s,l)
++ char *s;
++ long l;
++{
++ u_long acc;
++ int i;
++ u_char bits[8];
++
++ acc=0;
++ for (i=0; (s[i]&0x7f) != '\0'; i++)
++ acc += (s[i]&0x7f)*((i%6)+1);
++ for (i=0; i<8; i++)
++ bits[i] = (acc<<(i%8))&0x80;
++ for (i=0; i<l; i++) {
++ s[i] ^= bits[i%8];
++ /* not sure whether this actually buys any performance */
++ if(s[i]=='\0')
++ break; /* found end of filename, can stop here */
+ }
- /* iolen may contain CFSBLOCK extra chars */
- return(dtov(iolen)-fronterr);
++}
+
+ /*
+ * decrypt path component
+@@ -286,8 +316,7 @@
+ if (l%CFSBLOCK)
+ return NULL;
+ dodecrypt(key,clearstring,l,10241,zerovect);
+- for (i=0; (clearstring[i]&0x7f) !='\0'; i++)
+- clearstring[i] &= 0x7f;
++ unchksum(clearstring,l);
+ clearstring[i]='\0';
+ return clearstring;
}