Correct fast-path handshake length calculation.

Prevent segv when encryption is not available.
xrootd · Oct 13, 2016 · fa86c92 · fa86c92
1 parent a7a27eb
commit fa86c92
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/src/XrdSec/XrdSecProtect.cc b/src/XrdSec/XrdSecProtect.cc
@@ -422,6 +422,10 @@ const char *XrdSecProtect::Verify(SecurityRequest  &secreq,
        if (rc < 0) return strerror(-rc);
        if (myReq.bP->size != (int)sizeof(secHash))
           return "Invalid signature hash length";
+       inHash = (unsigned char *)myReq.bP->buffer;
+      } else {
+       if (dlen != (int)sizeof(secHash))
+          return "Invalid signature hash length";
       }
 
 // Fill out the iovec to recompute the hash
@@ -443,7 +447,7 @@ const char *XrdSecProtect::Verify(SecurityRequest  &secreq,
 
 // Compare this hash with the hash we were given
 //
-   if (memcmp(secHash, myReq.bP->buffer, sizeof(secHash)))
+   if (memcmp(secHash, inHash, sizeof(secHash)))
       return "Signature hash mismatch";
 
 // This request has been verified (update the seqno)

diff --git a/src/XrdXrootd/XrdXrootdProtocol.cc b/src/XrdXrootd/XrdXrootdProtocol.cc
@@ -292,10 +292,10 @@ int dlen, rc;
         memcpy(&Request, hsRqst, sizeof(Request));
         memcpy(hsprot.Hdr.streamid,hsRqst->streamid,sizeof(hsprot.Hdr.streamid));
         rspLen              = do_Protocol(&hsprot.Rsp);
-        iov[1].iov_len      = rspLen;
         hsprot.Hdr.dlen     = htonl(rspLen);
         hsprot.Hdr.status   = 0;
-        rc = lp->Send(iov, 2, sizeof(hsresp)+rspLen);
+        iov[1].iov_len      = sizeof(hsprot.Hdr) + rspLen;
+        rc = lp->Send(iov, 2, sizeof(hsresp)+sizeof(hsprot.Hdr)+rspLen);
        }
 
 // Verify that our handshake response was actually sent