Previously, cfsd would screw up if you used 8-bit filenames. Fix the

checksum mechanism for pathnames so that it works for those paths. Submitted by: Olof Samuelsson <olof@s8n.pp.se> PR: 35353
svn path=/head/; revision=107387
2004-04-18 03:12:05 +00:00 · 2004-04-18 03:12:05 +00:00 · 92e25f4467 · 2021-03-31 03:12:20 +00:00
commit 92e25f4467
parent ef59092fa1
2 changed files with 71 additions and 15 deletions
--- a/security/cfs/Makefile
+++ b/security/cfs/Makefile
@ -7,6 +7,7 @@

 PORTNAME=	cfs
 PORTVERSION=	1.4.1
+PORTREVESION=	1
 CATEGORIES=	security
 MASTER_SITES=	http://www.crypto.com/software/

--- a/security/cfs/files/patch-cfs_fh.c
+++ b/security/cfs/files/patch-cfs_fh.c
@ -1,16 +1,71 @@
--- cfs_fh.c.orig	Mon Aug 27 01:47:52 2001
-+++ cfs_fh.c	Mon Aug 27 01:48:41 2001
-@@ -177,6 +177,13 @@
- 		perror("write");
- 		return -1;
- 	}
-+	/* due to the way the file is padded we may actually have to
-+	   truncate it here. This happens when the write is at the end of
-+	   the file, is shorter than CFSBLOCK and brings the file to a length
-+	   which is evenly dividable by CFSBLOCK */
-+	if (offset+len > dtov(sb.st_size) && vtod(offset+len) < sb.st_size) {
-+	  ftruncate(fd, vtod(offset+len));
-+	}
- 	/* iolen may contain CFSBLOCK extra chars */
- 	return(dtov(iolen)-fronterr);
+--- cfs_fh.c.orig	Sat Apr 17 20:44:41 2004
+++ cfs_fh.c	Sat Apr 17 23:01:11 2004
+@@ -225,7 +225,9 @@
+ }
+ 
+ /*
+- * set high order bits
+ * Carefully frob the high order bits of s in a way that is both easily
+ * reversible (see unchksum) and backwards-compatible (at least for 7-bit
+ * characters).
+  */
+ chksum(s,l)
+      char *s;
+@@ -236,16 +238,44 @@
+ 	u_char bits[8];
+ 
+ 	acc=0;
+-	for (i=0; s[i]!='\0'; i++)
+-		acc += s[i]*((i%6)+1);
+	/* Everything we do here must be reproducible without knowledge of
+	   bit 7 because unchksum won't have that information.  Therefore,
+	   only accumulate the lower 7 bits of each char and stop at the
+	   first occurrence of either 0x00 or 0x80.  Note that, for inputs
+	   with bit 7 constantly zero, this is equivalent to looking at the
+	   whole string. */
+	for (i=0; (s[i]&0x7f) != '\0'; i++)
+		acc += (s[i]&0x7f)*((i%6)+1);
+	for (; s[i]!='\0'; i++) /* advance i if we stopped at a 0x80 */
+		;
+ 	for (i++; i<l; i++)	/* fill up the end */
+ 		s[i] = s[i%8];
+ 	for (i=0; i<8; i++)
+ 		bits[i] = (acc<<(i%8))&0x80;
+ 	for (i=0; i<l; i++)
+-		s[i] |= bits[i%8];
+		s[i] ^= bits[i%8];
+ }
+ 
+unchksum(s,l)
+    char *s;
+    long l;
+{
+	u_long acc;
+	int i;
+	u_char bits[8];
+
+	acc=0;
+	for (i=0; (s[i]&0x7f) != '\0'; i++)
+		acc += (s[i]&0x7f)*((i%6)+1);
+	for (i=0; i<8; i++)
+		bits[i] = (acc<<(i%8))&0x80;
+	for (i=0; i<l; i++) {
+		s[i] ^= bits[i%8];
+		/* not sure whether this actually buys any performance */
+		if(s[i]=='\0')
+			break;  /* found end of filename, can stop here */
+	}
+}
+ 
+ /*
+  * decrypt path component
+@@ -286,8 +316,7 @@
+ 	if (l%CFSBLOCK)
+ 		return NULL;
+ 	dodecrypt(key,clearstring,l,10241,zerovect);
+-	for (i=0; (clearstring[i]&0x7f) !='\0'; i++)
+-		clearstring[i] &= 0x7f;
+	unchksum(clearstring,l);
+ 	clearstring[i]='\0';
+ 	return clearstring;
 }