/*************************************************************************
*
* Verify that a packet is legal
*
*************************************************************************/
int verify_packet( struct session *ses, struct pppoe_packet *p){
struct session * hu_val;
/* This code here should do all of the error checking and
validation on the incoming packet */
/* If we receive any error tags, abort */
#define CHECK_TAG(name, val) \
if((NULL==p->tags[name])== val){ \
poe_error(ses,"Tag error: " #name ); \
return -1; \
}
/* If packet is not directed to our MAC address, forget it */
if (ses->state == PADS_CODE) {
if (memcmp(p->addr.sll_addr, ses->remote.sll_addr, ETH_ALEN)) {
poe_info(ses,"ETH_DEST mismatch: %E %E \n",p->addr.sll_addr, ses->remote.sll_addr);
return -1;
}
}
CHECK_TAG(TAG_SRV_ERR,0);
CHECK_TAG(TAG_SYS_ERR,0);
CHECK_TAG(TAG_GEN_ERR,0);
/* A HOST_UNIQ must be present */
CHECK_TAG(TAG_HOST_UNIQ,1);
hu_val = *TAG_DATA(struct session* ,p->tags[TAG_HOST_UNIQ]);
if( hu_val != ses ){
poe_info(ses,"HOST_UNIQ mismatch: %08x %i\n",(int)hu_val,getpid());
return -1;
}
if(ses->filt->htag &&
!verify_tag(ses,p,TAG_HOST_UNIQ,ses->filt->htag->tag_data,(int)ntohs(ses->filt->htag->tag_len))) {
poe_info(ses,"HOST_UNIQ failure");
return -1;
}
if(ses->filt->ntag && ses->state == PADO_CODE &&
!verify_tag(ses,p,TAG_AC_NAME,ses->filt->ntag->tag_data,(int)ntohs(ses->filt->ntag->tag_len))){
poe_info(ses,"AC_NAME failure");
return -1;
}
if(ses->filt->stag &&
!verify_tag(ses,p,TAG_SRV_NAME,ses->filt->stag->tag_data,(int)ntohs(ses->filt->stag->tag_len))){
poe_info(ses,"SRV_NAME failure");
return -1;
}
return 0;
}
/*************************************************************************
*
* Verify that a packet is legal
*
*************************************************************************/
int verify_packet( struct session *ses, struct pppoe_packet *p){
struct session * hu_val;
/* This code here should do all of the error checking and
validation on the incoming packet */
/* If we receive any error tags, abort */
#define CHECK_TAG(name, val) \
if((NULL==p->tags[name])== val){ \
char format[sizeof("Tag error: ") + sizeof (#name) + \
sizeof("- %.65535s")]; \
sprintf(format, "Tag error: %s - %%.%ds", #name,\
p->tags[name]->tag_len);\
poe_error(ses,format,p->tags[name]->tag_data);\
return -1; \
}
/* This causes an unaligned access here */
CHECK_TAG(TAG_SRV_ERR,0);
CHECK_TAG(TAG_SYS_ERR,0);
CHECK_TAG(TAG_GEN_ERR,0);
/* A HOST_UNIQ must be present */
CHECK_TAG(TAG_HOST_UNIQ,1);
hu_val = *TAG_DATA(struct session* ,p->tags[TAG_HOST_UNIQ]);
if( hu_val != ses ){
poe_info(ses,"HOST_UNIQ mismatch: %08x %i\n",(int)hu_val,getpid());
return -1;
}
if(ses->filt->htag &&
!verify_tag(ses,p,TAG_HOST_UNIQ,ses->filt->htag->tag_data,(int)ntohs(ses->filt->htag->tag_len))) {
poe_info(ses, "HOST_NAME failure");
return -1;
}
if(ses->filt->ntag &&
!verify_tag(ses,p,TAG_AC_NAME,ses->filt->ntag->tag_data,(int)ntohs(ses->filt->ntag->tag_len))){
poe_info(ses,"AC_NAME failure");
return -1;
}
if(ses->filt->stag &&
!verify_tag(ses,p,TAG_SRV_NAME,ses->filt->stag->tag_data,(int)ntohs(ses->filt->stag->tag_len))){
poe_info(ses,"SRV_NAME failure");
return -1;
}
return 1;
}
int main(int argc, char **argv)
{
struct strbuf buf = STRBUF_INIT;
unsigned char result_sha1[20];
if (argc != 1)
usage("git mktag < signaturefile");
git_extract_argv0_path(argv[0]);
setup_git_directory();
if (strbuf_read(&buf, 0, 4096) < 0) {
die("could not read from stdin");
}
/* Verify it for some basic sanity: it needs to start with
"object <sha1>\ntype\ntagger " */
if (verify_tag(buf.buf, buf.len) < 0)
die("invalid tag signature file");
if (write_sha1_file(buf.buf, buf.len, tag_type, result_sha1) < 0)
die("unable to write tag file");
strbuf_release(&buf);
printf("%s\n", sha1_to_hex(result_sha1));
return 0;
}
int cmd_mktag(int argc, const char **argv, const char *prefix)
{
struct strbuf buf = STRBUF_INIT;
struct object_id result;
if (argc != 1)
usage("git mktag");
git_config(git_default_config, NULL);
if (strbuf_read(&buf, 0, 4096) < 0) {
die_errno("could not read from stdin");
}
/* Verify it for some basic sanity: it needs to start with
"object <sha1>\ntype\ntagger " */
if (verify_tag(buf.buf, buf.len) < 0)
die("invalid tag signature file");
if (write_object_file(buf.buf, buf.len, tag_type, &result) < 0)
die("unable to write tag file");
strbuf_release(&buf);
printf("%s\n", oid_to_hex(&result));
return 0;
}
virtual void pass_long() {
_to[0] = *(intptr_t*)(_from+Interpreter::local_offset_in_bytes(1));
debug_only(verify_tag(frame::TagValue));
_to += 1;
_from -= 2*Interpreter::stackElementSize();
add_signature( long_sig );
}
/*************************************************************************
*
* Verify that a packet is legal
*
*************************************************************************/
int verify_packet( struct session *ses, struct pppoe_packet *p){
struct session * hu_val;
/* This code here should do all of the error checking and
validation on the incoming packet */
/* If we receive any error tags, abort */
#define CHECK_TAG(name, val) \
if((NULL==p->tags[name])== val){ \
poe_error(ses,"Tag error: " #name ); \
return -1; \
}
CHECK_TAG(TAG_SRV_ERR,0);
CHECK_TAG(TAG_SYS_ERR,0);
CHECK_TAG(TAG_GEN_ERR,0);
/* A HOST_UNIQ must be present */
CHECK_TAG(TAG_HOST_UNIQ,1);
hu_val = *TAG_DATA(struct session* ,p->tags[TAG_HOST_UNIQ]);
if( hu_val != ses ){
poe_info(ses,"HOST_UNIQ mismatch: %08x %i\n",(int)hu_val,getpid());
return -1;
}
if(ses->filt->htag &&
!verify_tag(ses,p,TAG_HOST_UNIQ,ses->filt->htag->tag_data,(int)ntohs(ses->filt->htag->tag_len)))
return -1;
else
poe_info(ses,"HOST_UNIQ successful match\n");
if(ses->filt->ntag &&
!verify_tag(ses,p,TAG_AC_NAME,ses->filt->ntag->tag_data,(int)ntohs(ses->filt->ntag->tag_len))){
poe_info(ses,"AC_NAME failure");
return -1;
}
if(ses->filt->stag &&
!verify_tag(ses,p,TAG_SRV_NAME,ses->filt->stag->tag_data,(int)ntohs(ses->filt->stag->tag_len))){
poe_info(ses,"SRV_NAME failure");
return -1;
}
}
virtual void pass_object() {
// pass address of from
intptr_t *from_addr = (intptr_t*)(_from + Interpreter::local_offset_in_bytes(0));
*_to++ = (*from_addr == 0) ? NULL : (intptr_t) from_addr;
debug_only(verify_tag(frame::TagReference));
_from -= Interpreter::stackElementSize();
add_signature( non_float );
}
virtual void pass_object()
{
intptr_t *from_addr = (intptr_t*)(_from + Interpreter::local_offset_in_bytes(0));
debug_only(verify_tag(frame::TagReference));
_from -= Interpreter::stackElementSize();
if (_num_args < Argument::n_int_register_parameters_c-1) {
*_reg_args++ = (*from_addr == 0) ? NULL : (intptr_t) from_addr;
_num_args++;
} else {
*_to++ = (*from_addr == 0) ? NULL : (intptr_t) from_addr;
}
}
static char *evaluate_by_udev(const char *token, const char *value, int uevent)
{
char dev[PATH_MAX];
char *path = NULL;
size_t len;
struct stat st;
DBG(EVALUATE, ul_debug("evaluating by udev %s=%s", token, value));
if (!strcmp(token, "UUID"))
strcpy(dev, _PATH_DEV_BYUUID "/");
else if (!strcmp(token, "LABEL"))
strcpy(dev, _PATH_DEV_BYLABEL "/");
else if (!strcmp(token, "PARTLABEL"))
strcpy(dev, _PATH_DEV_BYPARTLABEL "/");
else if (!strcmp(token, "PARTUUID"))
strcpy(dev, _PATH_DEV_BYPARTUUID "/");
else {
DBG(EVALUATE, ul_debug("unsupported token %s", token));
return NULL; /* unsupported tag */
}
len = strlen(dev);
if (blkid_encode_string(value, &dev[len], sizeof(dev) - len) != 0)
return NULL;
DBG(EVALUATE, ul_debug("expected udev link: %s", dev));
if (stat(dev, &st))
goto failed; /* link or device does not exist */
if (!S_ISBLK(st.st_mode))
return NULL;
path = canonicalize_path(dev);
if (!path)
return NULL;
#ifdef CONFIG_BLKID_VERIFY_UDEV
if (verify_tag(path, token, value))
goto failed;
#endif
return path;
failed:
DBG(EVALUATE, ul_debug("failed to evaluate by udev"));
if (uevent && path)
blkid_send_uevent(path, "change");
free(path);
return NULL;
}
virtual void pass_float()
{
jint from_obj = *(jint*)(_from+Interpreter::local_offset_in_bytes(0));
debug_only(verify_tag(frame::TagValue));
_from -= Interpreter::stackElementSize();
if (_num_fp_args < Argument::n_float_register_parameters_c) {
*_fp_args++ = from_obj;
_num_fp_args++;
} else {
*_to++ = from_obj;
}
}
virtual void pass_long()
{
intptr_t from_obj = *(intptr_t*)(_from+Interpreter::local_offset_in_bytes(1));
debug_only(verify_tag(frame::TagValue));
_from -= 2*Interpreter::stackElementSize();
if (_num_int_args < Argument::n_int_register_parameters_c-1) {
*_int_args++ = from_obj;
_num_int_args++;
} else {
*_to++ = from_obj;
}
}
void BT_kFree(void *p) {
if(!p) return;
struct MEM_TAG *tag = (struct MEM_TAG *) p;
tag -= 1;
struct MAGIC_TAG *postmem = (struct MAGIC_TAG *) ((BT_u8 *) (tag+1) + tag->size);
if(!verify_tag(&tag->tag_0) || !verify_tag(&tag->tag_1) || !verify_tag(postmem)) {
BT_kPrint("Kernel Panic - Corrupted FREE");
while(1) {
;
}
}
BT_CACHE *pCache = tag->pCache;
if(pCache) {
BT_CacheFree(pCache, tag);
} else {
bt_page_free((BT_PHYS_ADDR) bt_virt_to_phys(tag), tag->size+sizeof(struct MEM_TAG)+sizeof(struct MAGIC_TAG));
}
}
virtual void pass_double()
{
intptr_t from_obj = *(intptr_t*)(_from+Interpreter::local_offset_in_bytes(1));
debug_only(verify_tag(frame::TagValue));
_from -= 2*Interpreter::stackElementSize();
if (_num_args < Argument::n_float_register_parameters_c-1) {
*_reg_args++ = from_obj;
*_fp_identifiers |= (intptr_t)(0x3 << (_num_args*2)); // mark as double
_num_args++;
} else {
*_to++ = from_obj;
}
}
int cmd_verify_tag(int argc, const char **argv, const char *prefix)
{
int i = 1, verbose = 0, had_error = 0;
git_config(git_default_config, NULL);
if (argc == 1)
usage(builtin_verify_tag_usage);
if (!strcmp(argv[i], "-v") || !strcmp(argv[i], "--verbose")) {
verbose = 1;
i++;
}
/* sometimes the program was terminated because this signal
* was received in the process of writing the gpg input: */
signal(SIGPIPE, SIG_IGN);
while (i < argc)
if (verify_tag(argv[i++], verbose))
had_error = 1;
return had_error;
}
int cmd_verify_tag(int argc, const char **argv, const char *prefix)
{
int i = 1, verbose = 0, had_error = 0;
const struct option verify_tag_options[] = {
OPT__VERBOSE(&verbose, "print tag contents"),
OPT_END()
};
git_config(git_default_config, NULL);
argc = parse_options(argc, argv, prefix, verify_tag_options,
verify_tag_usage, PARSE_OPT_KEEP_ARGV0);
if (argc <= i)
usage_with_options(verify_tag_usage, verify_tag_options);
/* sometimes the program was terminated because this signal
* was received in the process of writing the gpg input: */
signal(SIGPIPE, SIG_IGN);
while (i < argc)
if (verify_tag(argv[i++], verbose))
had_error = 1;
return had_error;
}
static partition_result_t
get_anch_vol_desc(partition_private_t *partition_privatep,
anch_vol_desc_ptr_t **anchor_vol_desc_ptrpp,
int32_t *block_sizep)
{
int8_t *block_bufferp;
int32_t block_size;
anch_vol_desc_ptr_t *anchor_vol_desc_ptrp;
off_t offset;
partition_result_t partition_result;
medium_private_t *medium_privatep;
anchor_vol_desc_ptrp = NULL;
block_bufferp = NULL;
block_size = 0;
partition_result = PARTITION_SUCCESS;
medium_privatep = (medium_private_t *)partition_privatep->on_mediump;
block_bufferp = malloc(MAXIMUM_BLOCK_SIZE);
*anchor_vol_desc_ptrpp = NULL;
anchor_vol_desc_ptrp = malloc(sizeof (anch_vol_desc_ptr_t));
if ((block_bufferp == NULL) || (anchor_vol_desc_ptrp == NULL)) {
partition_result = PARTITION_OUT_OF_MEMORY;
}
if (partition_result == PARTITION_SUCCESS) {
block_size = MINIMUM_BLOCK_SIZE;
partition_result = PARTITION_NOT_THIS_TYPE;
}
while ((partition_result == PARTITION_NOT_THIS_TYPE) &&
(block_size <= MAXIMUM_BLOCK_SIZE)) {
offset = partition_privatep->offset +
(off_t)(ANCHOR_VOL_DESC_LOC * block_size);
if ((offset + block_size) > medium_privatep->medium_capacity) {
partition_result = PARTITION_CANT_READ_MEDIUM;
continue;
}
if (lseek(partition_privatep->file_descriptor, offset,
SEEK_SET) == -1) {
partition_result = PARTITION_CANT_READ_MEDIUM;
} else if (read(partition_privatep->file_descriptor,
block_bufferp,
block_size) != block_size) {
partition_result = PARTITION_CANT_READ_MEDIUM;
} else {
(void) memcpy(anchor_vol_desc_ptrp, block_bufferp,
sizeof (anch_vol_desc_ptr_t));
partition_result =
verify_tag(&(anchor_vol_desc_ptrp->avd_tag),
UD_ANCH_VOL_DESC);
if (partition_result == PARTITION_SUCCESS) {
*anchor_vol_desc_ptrpp = anchor_vol_desc_ptrp;
*block_sizep = block_size;
}
}
block_size = 2 * block_size;
}
if (block_bufferp != NULL) {
free(block_bufferp);
}
/*
* if we don't pass the buffer, but the buffer was allocated,
* we need to free.
*/
if (*anchor_vol_desc_ptrpp == NULL && anchor_vol_desc_ptrp != NULL) {
free(anchor_vol_desc_ptrp);
}
return (partition_result);
}
virtual void pass_float() {
*_to++ = *(jint *)(_from+Interpreter::local_offset_in_bytes(0));
debug_only(verify_tag(frame::TagValue));
_from -= Interpreter::stackElementSize();
add_signature( float_sig );
}
int crypto_aead_decrypt(unsigned char *m, unsigned long long *outputmlen,
unsigned char *nsec,
const unsigned char *c, unsigned long long clen,
const unsigned char *ad, unsigned long long adlen,
const unsigned char *npub, const unsigned char *k)
{
AES_KEY key[1];
AES_KEY kappa_0[1];
AES_KEY kappa_m[1];
unsigned char nonce[BLOCK_LENGTH];
CPFB_BLOCK X[1];
CPFB_BLOCK P[1];
CPFB_BLOCK stream[1];
unsigned long long counter;
unsigned long long mlen;
(void)nsec; /* avoid warning */
if (clen < TAG_LENGTH)
return -1;
*outputmlen = mlen = clen - TAG_LENGTH;
init(npub,k,kappa_0,key,nonce);
/* Block encoding alen and mlen
* In an online implementation, it would be done at the end, and X would be 0
*/
store64(X->u8, mlen);
X->u32[2] = htobe32((crypto_uint32)adlen);
X->counter = 0;
AES_encrypt(X, X, kappa_0);
/* AD processing */
counter = 0;
while (adlen > PAYLOAD_LENGTH) {
load_96_ctr(P,ad,++counter);
AES_encrypt(P, stream, kappa_0);
xor_128(X, stream, X);
ad += PAYLOAD_LENGTH;
adlen -= PAYLOAD_LENGTH;
}
if (adlen > 0) {
load_partial_ctr(P,ad,adlen,++counter);
AES_encrypt(P, stream, kappa_0);
xor_128(X, stream, X);
}
/* Plaintext processing */
if (mlen > 0) {
/* New kappa */
gen_next_kappa(nonce,kappa_0,kappa_m,key);
counter = 0;
/* P_0 processing */
P->u64[0] = P->u64[1] = 0;
AES_encrypt(P, stream, kappa_m);
while (mlen > PAYLOAD_LENGTH) {
store_xor_96(m,(CPFB_BLOCK*)c,stream);
load_96_ctr(P,m,++counter);
AES_encrypt(P, stream, kappa_m);
xor_128(X, stream, X);
c += PAYLOAD_LENGTH;
m += PAYLOAD_LENGTH;
mlen -= PAYLOAD_LENGTH;
}
if (mlen > 0) {
store_xor_partial(m,(CPFB_BLOCK*)c,stream,mlen);
load_partial_ctr(P,m,mlen,++counter);
AES_encrypt(P, stream, kappa_m);
xor_128(X, stream, X);
c += mlen;
}
}
AES_encrypt(X, X, kappa_0);
return verify_tag(c,X->u8);
}
static partition_result_t
read_label(partition_private_t *partition_privatep,
anch_vol_desc_ptr_t *anchor_vol_desc_ptrp,
int32_t block_size)
{
uchar_t *block_bufferp;
uint32_t block_number;
uint32_t end_of_vol_desc_blocks;
uint32_t first_vol_desc_block;
char *key_bufferp;
char *name_bufferp;
uint32_t number_of_vol_desc_blocks;
partition_result_t partition_result;
struct pri_vol_desc *primary_vol_descp;
char *string_bufferp;
off_t offset;
medium_private_t *medium_privatep;
first_vol_desc_block =
SWAP_32(anchor_vol_desc_ptrp->avd_main_vdse.ext_loc);
number_of_vol_desc_blocks =
SWAP_32(anchor_vol_desc_ptrp->avd_main_vdse.ext_len)
/ block_size;
end_of_vol_desc_blocks =
first_vol_desc_block + number_of_vol_desc_blocks;
partition_result = PARTITION_SUCCESS;
medium_privatep = (medium_private_t *)partition_privatep->on_mediump;
block_bufferp = malloc(block_size);
key_bufferp = malloc(MAXPATHLEN);
name_bufferp = malloc(MAXNAMELEN);
primary_vol_descp = malloc(sizeof (struct pri_vol_desc));
string_bufferp = malloc(MAX_UNICODE_NAMELEN);
if ((block_bufferp == NULL) ||
(key_bufferp == NULL) ||
(name_bufferp == NULL) ||
(primary_vol_descp == NULL) ||
(string_bufferp == NULL)) {
partition_result = PARTITION_OUT_OF_MEMORY;
}
if (partition_result == PARTITION_SUCCESS) {
block_number = first_vol_desc_block;
partition_result = PARTITION_NOT_THIS_TYPE;
}
while ((partition_result == PARTITION_NOT_THIS_TYPE) &&
(block_number < end_of_vol_desc_blocks)) {
offset = partition_privatep->offset +
(off_t)(block_number * block_size);
if ((offset + block_size) > medium_privatep->medium_capacity) {
partition_result = PARTITION_CANT_READ_MEDIUM;
continue;
}
if (lseek(partition_privatep->file_descriptor, offset,
SEEK_SET) == -1) {
partition_result = PARTITION_CANT_READ_MEDIUM;
} else if (read(partition_privatep->file_descriptor,
block_bufferp,
block_size) != block_size) {
partition_result = PARTITION_CANT_READ_MEDIUM;
} else {
(void) memcpy(primary_vol_descp, block_bufferp,
sizeof (struct pri_vol_desc));
partition_result =
verify_tag(&(primary_vol_descp->pvd_tag),
UD_PRI_VOL_DESC);
}
block_number++;
}
if (partition_result == PARTITION_SUCCESS) {
/*
* Check the character set. Solaris only supports
* the OSTA Compressed Unicode character set for UDFS.
*/
if ((primary_vol_descp->pvd_desc_cs.cs_type != CS_TYPE0) ||
(strncmp(primary_vol_descp->pvd_desc_cs.cs_info,
osta_comp_uni, 63) != 0)) {
partition_result = PARTITION_CANT_READ_MEDIUM;
} else {
(void) ud_convert2utf8(
(uint8_t *)(primary_vol_descp->pvd_vol_id),
(uint8_t *)string_bufferp,
strlen(primary_vol_descp->pvd_vol_id));
if ((string_bufferp[0] == NULLC) ||
(strcmp(string_bufferp, "UNDEFINED") == 0)) {
partition_privatep->has_volume_name = B_FALSE;
(void) snprintf(name_bufferp, MAXNAMELEN,
"%s%s",
UNNAMED_PREFIX,
partition_privatep->medium_typep);
partition_privatep->labelp->volume_namep =
strdup(name_bufferp);
} else {
partition_privatep->has_volume_name = B_TRUE;
partition_privatep->labelp->volume_namep =
strdup(string_bufferp);
}
if (partition_privatep->labelp->volume_namep == NULL) {
partition_result = PARTITION_OUT_OF_MEMORY;
} else {
partition_privatep->labelp->crc =
calc_crc(block_bufferp, block_size);
(void) snprintf(key_bufferp, MAXPATHLEN,
"0x%lx",
partition_privatep->labelp->crc);
partition_privatep->labelp->keyp =
strdup(key_bufferp);
if (partition_privatep->labelp->keyp == NULL) {
partition_result =
PARTITION_OUT_OF_MEMORY;
}
}
}
}
if (block_bufferp != NULL) {
free(block_bufferp);
}
if (key_bufferp != NULL) {
free(key_bufferp);
}
if (name_bufferp != NULL) {
free(name_bufferp);
}
if (primary_vol_descp != NULL) {
free(primary_vol_descp);
}
if (string_bufferp != NULL) {
free(string_bufferp);
}
return (partition_result);
}