help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cannot encrypt files smaller than 17 bytes


From: Hakan Isaksson
Subject: Re: Cannot encrypt files smaller than 17 bytes
Date: Thu, 26 Jun 2003 11:03:18 +0200 (CEST)

The patch below from Jonas also resolves the "Cannot encrypt files smaller
than 17 bytes" problem.

Just remove the check if filesize is smaller than 17 bytes in
cfservd.c and client.c.

-------------------------------------
Håkan Isaksson
address@hidden
+46 073 67 109 76



On Wed, 25 Jun 2003, Jonas J Linde wrote:

> On 30 Apr 2003 Håkan Isaksson wrote:
> > Copy with encrypt=true fails if the size of the file copied is somewhere
> > between 8193 and 8199 bytes large.
>
> > I'm running cfengine-2.0.6 but get the same error on cfengine-2.0.5.
>
> Håkan and I found the reason for this error; it probably misbehaves for
> any file sizes matching (n*2048)+i where 0<i<8 and n>=0, although we
> only checked for n=4.
>
> The bug is in cfservd.c on line 2570 in the function CfGetFile which
> needs an additional "if (cipherlen)" because of the way SendTransaction
> is handling a third argument (cipherlen) equal to zero.
>
> When the sendbuffer is a just little bit larger than n*2048 the
> ciphertext (out) from EVP_EncryptUpdate will be empty and supposed to be
> dealt with by EVP_EncryptFinal instead. I.e. the out-buffer will be
> unchanged and cipherlen will be set to zero. Unfortunately
> SendTransaction will interpret a zero cipherlen as a signal that the
> buffer contains a NULL terminated string which in turn will result in a
> random number of cipher bytes from the last round being resent.
>
> Here's the patch:
> --- cfengine-2.0.6/src/cfservd.c.orig      2003-06-25 22:28:47.041956000 +0200
> +++ cfengine-2.0.6/src/cfservd.c   2003-06-25 22:28:52.731435000 +0200
> @@ -2567,10 +2567,13 @@
>             return;
>             }
>
> -        if (SendTransaction(sd,out,cipherlen,CF_MORE) == -1)
> -            {
> -            CfLog(cfverbose,"Send failed in GetFile","send");
> -            break;
> +        if (cipherlen)
> +           {
> +           if (SendTransaction(sd,out,cipherlen,CF_MORE) == -1)
> +              {
> +              CfLog(cfverbose,"Send failed in GetFile","send");
> +              break;
> +              }
>              }
>          }
>        else
>
> BTW, I sent this patch to gnu.cfengine.bug too but I decided I don't
> really trust my news reader... ;)
>
> /J
> ________________________________________________________________________
> Jonas J Linde  <address@hidden> http://www.init.se/~jonas/ +46-707-492496
>
> GE/IT$ d-() s++: a C++(++++)$ UBVL++(++++)$ P++ L+++>$ E++ W++(-) N+ o--
> K+ !w(+) O M@ V PS+ PE++(-) Y+ PGP+>++ t 5 X R-@ tv- b++ DI D++ G++ e+++
> h--(----) r++ y++++ UF+
>





reply via email to

[Prev in Thread] Current Thread [Next in Thread]