Index: trunk/configure.ac =================================================================== --- trunk/configure.ac (revision 88) +++ trunk/configure.ac (revision 89) @@ -13,5 +13,5 @@ dnl start dnl -AM_INIT_AUTOMAKE(samhain, 2.3.1a) +AM_INIT_AUTOMAKE(samhain, 2.3.2) AC_CANONICAL_HOST Index: trunk/docs/Changelog =================================================================== --- trunk/docs/Changelog (revision 88) +++ trunk/docs/Changelog (revision 89) @@ -1,3 +1,7 @@ -2.3.1a: +2.3.2: + * fix regression in full stealth mode (incorrect comparison of + bytes read vs. maximum capacity), reported by B. Fleming + +2.3.1a (21-01-2007): * fix incorrect use of sh_gpg_fill_startup if option --with-fp is used (reported by zeroXten) Index: trunk/docs/HOWTO-client+server-troubleshooting.html =================================================================== --- trunk/docs/HOWTO-client+server-troubleshooting.html (revision 88) +++ trunk/docs/HOWTO-client+server-troubleshooting.html (revision 89) @@ -30,4 +30,5 @@ div.warnblock { background: #b6c5f2; color: #000; + background: #ffffcc; color: #000; margin: 1em; padding: 0 1em 0 1em; border-width: 1px; @@ -131,4 +132,12 @@
+
+

This document aims to explain how to diagnose and fix common problems that @@ -255,4 +264,5 @@ the interface used is not the one the client name resolves to.

+

If the client uses the wrong interface on a multi-interface machine, @@ -264,5 +274,5 @@

If you want to download the config file from the server, you - should instead use the corresponding command line + should instead use the corresponding command line option --bind-address=IP address to select the interface. Index: trunk/src/sh_unix.c =================================================================== --- trunk/src/sh_unix.c (revision 88) +++ trunk/src/sh_unix.c (revision 89) @@ -4323,5 +4323,6 @@ -int hideout_hex_block(SL_TICKET fd, unsigned char * str, int len); +int hideout_hex_block(SL_TICKET fd, unsigned char * str, int len, + unsigned long * bytes_read); unsigned long first_hex_block(SL_TICKET fd, unsigned long * max); @@ -4331,7 +4332,8 @@ int sh_unix_getline_stealth (SL_TICKET fd, char * str, int len) { - int add_off, llen; - static unsigned long off_data = 0; - static unsigned long max_data = 0; + int add_off = 0, llen; + static unsigned long off_data = 0; + static unsigned long max_data = 0; + static unsigned long bytes_read = 0; static int stealth_init = BAD; @@ -4358,5 +4360,5 @@ /* --- Seek to proper position. --- */ - if (off_data >= max_data) + if (bytes_read >= max_data || add_off < 0) { dlog(1, FIL__, __LINE__, @@ -4370,5 +4372,5 @@ /* --- Read one line. --- */ - add_off = hideout_hex_block(fd, (unsigned char *) str, len); + add_off = hideout_hex_block(fd, (unsigned char *) str, len, &bytes_read); off_data += add_off; @@ -4377,5 +4379,6 @@ } -int hideout_hex_block(SL_TICKET fd, unsigned char * str, int len) +int hideout_hex_block(SL_TICKET fd, unsigned char * str, int len, + unsigned long * bytes_read) { @@ -4386,4 +4389,5 @@ unsigned long here = 0; unsigned long retval = 0; + unsigned long bread = 0; SL_ENTER(_("hideout_hex_block")); @@ -4410,7 +4414,10 @@ num = sl_read (fd, &c, 1); } while (num == 0 && errno == EINTR); - if (num == 0) + if (num > 0) + ++here; + else if (num == 0) SL_RETURN((0), _("hideout_hex_block")); - ++here; + else + SL_RETURN((-1), _("hideout_hex_block")); } while (c == '\n' || c == '\t' || c == '\r' || c == ' '); @@ -4426,4 +4433,5 @@ str[i] &= ~mask[j]; + bread += 1; } if (str[i] == '\n') break; @@ -4436,4 +4444,5 @@ str[i+1] = '\0'; /* keep newline and terminate */ retval += here; + *bytes_read += (bread/8); SL_RETURN(retval, _("hideout_hex_block")); Index: trunk/test/testrun_1a.sh =================================================================== --- trunk/test/testrun_1a.sh (revision 88) +++ trunk/test/testrun_1a.sh (revision 89) @@ -20,11 +20,133 @@ # -BUILDOPTS="--quiet $TRUST --enable-debug --enable-xml-log --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" -export BUILDOPTS +PREBUILDOPTS="--quiet $TRUST --enable-debug --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" +export PREBUILDOPTS + +MAXTEST=1; export MAXTEST + +testrun_stealth () +{ + tcount=14 + + if test -r "Makefile"; then + $MAKE distclean >/dev/null + fi + + ${TOP_SRCDIR}/configure ${BUILDOPTS} + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE >/dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + CONVERT=`find_path convert` + if [ x"$CONVERT" = x ]; then + [ -z "$verbose" ] || log_msg_fail "ImageMagick convert not found"; + return 1 + fi + "$CONVERT" --help | grep ImageMagick >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Convert utility is not ImageMagick convert"; + return 1 + fi + "${CONVERT}" +compress stealth_template.jpg stealth_template.ps + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Converting stealth_template.jpg failed"; + return 1 + fi + + $MAKE samhain_stealth >/dev/null 2>>test_log + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "make samhain_stealth"; + return 1 + fi + capacity=`./samhain_stealth -i stealth_template.ps | awk '{ print $7 }'` + + prep_init + check_err $? ${tcount}; errval=$? + if [ $errval -eq 0 ]; then + prep_testdata + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + prep_testpolicy 1 + check_err $? ${tcount}; errval=$? + fi + + if [ $errval -eq 0 ]; then + fill=`cat "${RCFILE}" | wc -c` + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + let "capacity = capacity - fill" >/dev/null + let "capacity = capacity - 100" >/dev/null + until [ "$capacity" -le 0 ] + do + echo "###############################" >>"${RCFILE}" + let "capacity = capacity - 32" >/dev/null + done + + ./samhain_stealth -s stealth_template.ps "${RCFILE}" >/dev/null + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + cp stealth_template.ps "${RCFILE}" + check_err $? ${tcount}; errval=$? + fi + + if [ $errval -eq 0 ]; then + run_init + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + eval mod_testdata_1 + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + run_check + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + eval chk_testdata_1 + check_err $? ${tcount}; errval=$? + fi + if [ $testrun1_setup -eq 0 ]; then + if [ $errval -eq 0 ]; then + run_update + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + run_check_after_update + check_err $? ${tcount}; errval=$? + fi + fi + + if [ $errval -eq 0 ]; then + [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST}; + fi +} testrun1a () { log_start "RUN STANDALONE W/STEALTH" - testrun_internal + # + # micro-stealth + # + #BUILDOPTS="$PREBUILDOPTS --enable-micro-stealth=137"; export BUILDOPTS + #testrun_internal + + BUILDOPTS="$PREBUILDOPTS --enable-stealth=137"; export BUILDOPTS + testrun_stealth + log_end "RUN STANDALONE W/STEALTH" return 0