On Sun, Nov 05, 2017 at 09:19:04PM +0100, Patrick Wildt wrote:
> On Wed, Oct 25, 2017 at 06:03:44AM -0700, [email protected] wrote:
> > The patched submitted by Andrei fixed it for me.
> > There are some style issues, I fixed the ones I saw and reattached the
> > patch.
>
> Good find by Andrei, I will have a look!
>
The diff can be massively reduced. The expand_string() code looks for
$ENV::CERTFQDN and $ENV::CERTIP and replaces those in the config file.
Since IP: and DNS: is prepended in the config file already, there is
no need to do the dance as the prefix will still be there after the
$ENV::STUFF has been replaced.
The issue though is that due to the rework, we store a pointer to the
stack in the "CA config" struct. The function returns, and another
function then uses that pointer. But it's the stack, so it's already
garbage. The important thing from the diff is the strdup().
diff --git a/usr.sbin/ikectl/ikeca.c b/usr.sbin/ikectl/ikeca.c
index 3dacac9e83e..0bf2bbd5738 100644
--- a/usr.sbin/ikectl/ikeca.c
+++ b/usr.sbin/ikectl/ikeca.c
@@ -85,7 +85,7 @@ struct {
};
/* explicitly list allowed variables */
-const char *ca_env[][2] = {
+char *ca_env[][2] = {
{ "$ENV::CADB", NULL },
{ "$ENV::CASERIAL", NULL },
{ "$ENV::CERTFQDN", NULL },
@@ -899,20 +899,26 @@ void
ca_clrenv(void)
{
int i;
- for (i = 0; ca_env[i][0] != NULL; i++)
+ for (i = 0; ca_env[i][0] != NULL; i++) {
+ free(ca_env[i][1]);
ca_env[i][1] = NULL;
+ }
}
void
ca_setenv(const char *key, const char *value)
{
int i;
+ char *p = NULL;
for (i = 0; ca_env[i][0] != NULL; i++) {
if (strcmp(ca_env[i][0], key) == 0) {
if (ca_env[i][1] != NULL)
errx(1, "env %s already set: %s", key, value);
- ca_env[i][1] = value;
+ p = strdup(value);
+ if (p == NULL)
+ err(1, NULL);
+ ca_env[i][1] = p;
return;
}
}
