Signed-off-by: Daniel Lenski <dlen...@gmail.com>
---
auth-globalprotect.c | 19 ++++++++++++++-----
gpst.c | 26 +++++++++++++++++++-------
2 files changed, 33 insertions(+), 12 deletions(-)
diff --git a/auth-globalprotect.c b/auth-globalprotect.c
index d3799d6..4ef37f7 100644
--- a/auth-globalprotect.c
+++ b/auth-globalprotect.c
@@ -161,8 +161,7 @@ static int parse_login_xml(struct openconnect_info
*vpninfo, xmlNode *xml_node)
vpninfo->cookie = cookie->data;
cookie->data = NULL;
- buf_free(cookie);
- return 0;
+ return buf_free(cookie);
err_out:
free(value);
@@ -269,9 +268,14 @@ gateways:
}
buf_append(buf, " </ServerList>\n</GPPortal>\n");
- if (vpninfo->write_new_config && !buf_error(buf))
- result = vpninfo->write_new_config(vpninfo->cbdata, buf->data,
buf->pos);
- buf_free(buf);
+ if (vpninfo->write_new_config) {
+ result = buf_error(buf);
+ if (!result)
+ result = vpninfo->write_new_config(vpninfo->cbdata,
buf->data, buf->pos);
+ buf_free(buf);
+ if (result)
+ goto out;
+ }
/* process static auth form to select gateway */
result = process_auth_form(vpninfo, &form);
@@ -342,6 +346,8 @@ static int gpst_login(struct openconnect_info *vpninfo, int
portal)
if (auth_id)
append_opt(request_body, "inputStr", form->auth_id);
append_form_opts(vpninfo, form, request_body);
+ if ((result = buf_error(request_body)))
+ goto out;
orig_path = vpninfo->urlpath;
vpninfo->urlpath = strdup(portal ?
"global-protect/getconfig.esp" : "ssl-vpn/login.esp");
@@ -423,6 +429,8 @@ int gpst_bye(struct openconnect_info *vpninfo, const char
*reason)
*/
append_opt(request_body, "computer", vpninfo->localname);
buf_append(request_body, "&%s", vpninfo->cookie);
+ if ((result = buf_error(request_body)))
+ goto out;
/* We need to close and reopen the HTTPS connection (to kill
* the tunnel session) and submit a new HTTPS request to
@@ -445,6 +453,7 @@ int gpst_bye(struct openconnect_info *vpninfo, const char
*reason)
else
vpn_progress(vpninfo, PRG_INFO, _("Logout successful\n"));
+out:
buf_free(request_body);
free(xml_buf);
return result;
diff --git a/gpst.c b/gpst.c
index 68b94f7..0428dbd 100644
--- a/gpst.c
+++ b/gpst.c
@@ -573,6 +573,8 @@ static int gpst_get_config(struct openconnect_info *vpninfo)
filter_opts(request_body, vpninfo->cookie, "preferred-ip", 0);
} else
buf_append(request_body, "&%s", vpninfo->cookie);
+ if ((result = buf_error(request_body)))
+ goto out;
orig_path = vpninfo->urlpath;
vpninfo->urlpath = strdup("ssl-vpn/getconfig.esp");
@@ -632,6 +634,7 @@ static int gpst_connect(struct openconnect_info *vpninfo)
{
int ret;
struct oc_text_buf *reqbuf;
+ const char start_tunnel[12] = "START_TUNNEL"; /* NOT zero-terminated */
char buf[256];
/* Connect to SSL VPN tunnel */
@@ -646,31 +649,33 @@ static int gpst_connect(struct openconnect_info *vpninfo)
buf_append(reqbuf, "GET %s?", vpninfo->urlpath);
filter_opts(reqbuf, vpninfo->cookie, "user,authcookie", 1);
buf_append(reqbuf, " HTTP/1.1\r\n\r\n");
+ if ((ret = buf_error(reqbuf)))
+ goto out;
if (vpninfo->dump_http_traffic)
dump_buf(vpninfo, '>', reqbuf->data);
vpninfo->ssl_write(vpninfo, reqbuf->data, reqbuf->pos);
- buf_free(reqbuf);
if ((ret = vpninfo->ssl_read(vpninfo, buf, 12)) < 0) {
if (ret == -EINTR)
- return ret;
+ goto out;
vpn_progress(vpninfo, PRG_ERR,
_("Error fetching GET-tunnel HTTPS response.\n"));
- return -EINVAL;
+ ret = -EINVAL;
+ goto out;
}
- if (!strncmp(buf, "START_TUNNEL", 12)) {
+ if (!strncmp(buf, start_tunnel, sizeof(start_tunnel))) {
ret = 0;
} else if (ret==0) {
vpn_progress(vpninfo, PRG_ERR,
_("Gateway disconnected immediately after
GET-tunnel request.\n"));
ret = -EPIPE;
} else {
- if (ret==12) {
- ret = vpninfo->ssl_gets(vpninfo, buf+12, 244);
- ret = (ret>0 ? ret : 0) + 12;
+ if (ret==sizeof(start_tunnel)) {
+ ret = vpninfo->ssl_gets(vpninfo,
buf+sizeof(start_tunnel), sizeof(buf)-sizeof(start_tunnel));
+ ret = (ret>0 ? ret : 0) + sizeof(start_tunnel);
}
vpn_progress(vpninfo, PRG_ERR,
_("Got inappropriate HTTP GET-tunnel response:
%.*s\n"), ret, buf);
@@ -688,6 +693,8 @@ static int gpst_connect(struct openconnect_info *vpninfo)
vpninfo->proto->udp_close(vpninfo);
}
+out:
+ buf_free(reqbuf);
return ret;
}
@@ -748,12 +755,15 @@ static int build_csd_token(struct openconnect_info
*vpninfo)
buf = buf_alloc();
append_opt(buf, "computer", vpninfo->localname);
filter_opts(buf, vpninfo->cookie, "authcookie,preferred-ip", 0);
+ if (buf_error(buf))
+ goto out;
/* save as csd_token */
openconnect_md5(md5, buf->data, buf->pos);
for (i=0; i < MD5_SIZE; i++)
sprintf(&vpninfo->csd_token[i*2], "%02x", md5[i]);
+out:
return buf_free(buf);
}
@@ -781,6 +791,8 @@ static int check_or_submit_hip_report(struct
openconnect_info *vpninfo, const ch
goto out;
append_opt(request_body, "md5", vpninfo->csd_token);
}
+ if ((result = buf_error(request_body)))
+ goto out;
orig_path = vpninfo->urlpath;
vpninfo->urlpath = strdup(report ? "ssl-vpn/hipreport.esp" :
"ssl-vpn/hipreportcheck.esp");
--
2.7.4
_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel
