Fixes to allow compilation with Microsoft Visual Studio 2008 * Fixed several instances of declarations after statements.
* In socket.c, fixed issue where uninitialized value (err) is being passed to to gai_strerror. * ssl.c is trying to access multi_output_peer_info_env function in multi.c, causing an undefined symbol warning at compile time. ssl.c is strictly a client of multi.c (but not the other way around), therefore ssl.c does not include multi.h and should not depend on multi.h API. To fix, moved validate_peer_info_line and multi_output_peer_info_env from multi.c to misc.c. * MSVC doesn't support %z as a printf format specifier for size_t * MSVC doesn't support a const variable being used to dimension an array. * Explicitly cast the third parameter to setsockopt to const void * --- src/openvpn/init.c | 10 ++++---- src/openvpn/misc.c | 56 +++++++++++++++++++++++++++++++++++++++++++++ src/openvpn/misc.h | 7 ++++++ src/openvpn/multi.c | 52 ----------------------------------------- src/openvpn/multi.h | 3 --- src/openvpn/socket.c | 5 ++-- src/openvpn/socket.h | 2 +- src/openvpn/ssl.c | 2 +- src/openvpn/ssl_openssl.c | 7 +++--- src/openvpn/win32.c | 6 ++--- 10 files changed, 79 insertions(+), 71 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index fb14726..031fb20 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -183,10 +183,12 @@ ce_management_query_proxy (struct context *c) if (management) { gc = gc_new (); - struct buffer out = alloc_buf_gc (256, &gc); - buf_printf (&out, ">PROXY:%u,%s,%s", (l ? l->current : 0) + 1, - (proto_is_udp (ce->proto) ? "UDP" : "TCP"), np (ce->remote)); - management_notify_generic (management, BSTR (&out)); + { + struct buffer out = alloc_buf_gc (256, &gc); + buf_printf (&out, ">PROXY:%u,%s,%s", (l ? l->current : 0) + 1, + (proto_is_udp (ce->proto) ? "UDP" : "TCP"), np (ce->remote)); + management_notify_generic (management, BSTR (&out)); + } ce->flags |= CE_MAN_QUERY_PROXY; while (ce->flags & CE_MAN_QUERY_PROXY) { diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 1120adc..4688444 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -2063,3 +2063,59 @@ compat_flag (unsigned int flag) return (compat_flags & (flag >> 1)); } + +#if P2MP_SERVER + +/* helper to parse peer_info received from multi client, validate + * (this is untrusted data) and put into environment + */ +bool +validate_peer_info_line(char *line) +{ + uint8_t c; + int state = 0; + while (*line) + { + c = *line; + switch (state) + { + case 0: + case 1: + if (c == '=' && state == 1) + state = 2; + else if (isalnum(c) || c == '_') + state = 1; + else + return false; + case 2: + /* after the '=', replace non-printable or shell meta with '_' */ + if (!isprint(c) || isspace(c) || + c == '$' || c == '(' || c == '`' ) + *line = '_'; + } + line++; + } + return (state == 2); +} + +void +output_peer_info_env (struct env_set *es, const char * peer_info) +{ + char line[256]; + struct buffer buf; + buf_set_read (&buf, (const uint8_t *) peer_info, strlen(peer_info)); + while (buf_parse (&buf, '\n', line, sizeof (line))) + { + chomp (line); + if (validate_peer_info_line(line) && + (strncmp(line, "IV_", 3) == 0 || strncmp(line, "UV_", 3) == 0) ) + { + msg (M_INFO, "peer info: %s", line); + env_set_add(es, line); + } + else + msg (M_WARN, "validation failed on peer_info line received from client"); + } +} + +#endif /* P2MP_SERVER */ diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h index 183898e..41748bd 100644 --- a/src/openvpn/misc.h +++ b/src/openvpn/misc.h @@ -369,4 +369,11 @@ void argv_printf_cat (struct argv *a, const char *format, ...) #define COMPAT_NO_NAME_REMAPPING (1<<2) /** compat flag: --compat-names without char remapping */ bool compat_flag (unsigned int flag); +#if P2MP_SERVER +/* helper to parse peer_info received from multi client, validate + * (this is untrusted data) and put into environment */ +bool validate_peer_info_line(char *line); +void output_peer_info_env (struct env_set *es, const char * peer_info); +#endif /* P2MP_SERVER */ + #endif diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 50f398d..f016b14 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -1562,58 +1562,6 @@ multi_client_connect_mda (struct multi_context *m, #endif -/* helper to parse peer_info received from multi client, validate - * (this is untrusted data) and put into environment - */ -bool -validate_peer_info_line(char *line) -{ - uint8_t c; - int state = 0; - while (*line) - { - c = *line; - switch (state) - { - case 0: - case 1: - if (c == '=' && state == 1) - state = 2; - else if (isalnum(c) || c == '_') - state = 1; - else - return false; - case 2: - /* after the '=', replace non-printable or shell meta with '_' */ - if (!isprint(c) || isspace(c) || - c == '$' || c == '(' || c == '`' ) - *line = '_'; - } - line++; - } - return (state == 2); -} - -void -multi_output_peer_info_env (struct env_set *es, const char * peer_info) -{ - char line[256]; - struct buffer buf; - buf_set_read (&buf, (const uint8_t *) peer_info, strlen(peer_info)); - while (buf_parse (&buf, '\n', line, sizeof (line))) - { - chomp (line); - if (validate_peer_info_line(line) && - (strncmp(line, "IV_", 3) == 0 || strncmp(line, "UV_", 3) == 0) ) - { - msg (M_INFO, "peer info: %s", line); - env_set_add(es, line); - } - else - msg (M_WARN, "validation failed on peer_info line received from client"); - } -} - static void multi_client_connect_setenv (struct multi_context *m, struct multi_instance *mi) diff --git a/src/openvpn/multi.h b/src/openvpn/multi.h index 7b97b0d..fc2ffb2 100644 --- a/src/openvpn/multi.h +++ b/src/openvpn/multi.h @@ -312,9 +312,6 @@ void multi_close_instance_on_signal (struct multi_context *m, struct multi_insta void init_management_callback_multi (struct multi_context *m); void uninit_management_callback_multi (struct multi_context *m); -bool validate_peer_info_line(char *line); -void multi_output_peer_info_env (struct env_set *es, const char * peer_info); - /* * Return true if our output queue is not full */ diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 40356a0..3c0a379 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -1158,7 +1158,6 @@ resolve_bind_local (struct link_socket *sock) case AF_INET6: { int status; - int err; CLEAR(sock->info.lsa->local.addr.in6); if (sock->local_host) { @@ -1181,7 +1180,7 @@ resolve_bind_local (struct link_socket *sock) { msg (M_FATAL, "getaddr6() failed for local \"%s\": %s", sock->local_host, - gai_strerror(err)); + gai_strerror(status)); } sock->info.lsa->local.addr.in6.sin6_port = htons (sock->local_port); } @@ -1235,6 +1234,7 @@ resolve_remote (struct link_socket *sock, unsigned int flags = sf2gaf(GETADDR_RESOLVE|GETADDR_UPDATE_MANAGEMENT_STATE, sock->sockflags); int retry = 0; int status = -1; + struct addrinfo* ai; if (sock->connection_profiles_defined && sock->resolve_retry_seconds == RESOLV_RETRY_INFINITE) { @@ -1271,7 +1271,6 @@ resolve_remote (struct link_socket *sock, ASSERT (0); } - struct addrinfo* ai; /* Temporary fix, this need to be changed for dual stack */ status = openvpn_getaddrinfo(flags, sock->remote_host, retry, signal_received, af, &ai); diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h index 4e7e7f8..793cd9f 100644 --- a/src/openvpn/socket.h +++ b/src/openvpn/socket.h @@ -1023,7 +1023,7 @@ static inline void link_socket_set_tos (struct link_socket *ls) { if (ls && ls->ptos_defined) - setsockopt (ls->sd, IPPROTO_IP, IP_TOS, &ls->ptos, sizeof (ls->ptos)); + setsockopt (ls->sd, IPPROTO_IP, IP_TOS, (const void *)&ls->ptos, sizeof (ls->ptos)); } #endif diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index e4b802f..69f77f3 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2062,7 +2062,7 @@ key_method_2_read (struct buffer *buf, struct tls_multi *multi, struct tls_sessi free (multi->peer_info); multi->peer_info = read_string_alloc (buf); if ( multi->peer_info ) - multi_output_peer_info_env (session->opt->es, multi->peer_info); + output_peer_info_env (session->opt->es, multi->peer_info); #endif if (verify_user_pass_enabled(session)) diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 12c725d..ec76b30 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -242,8 +242,7 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) const tls_cipher_name_pair *cipher_pair; - const size_t openssl_ciphers_size = 4096; - char openssl_ciphers[openssl_ciphers_size]; + char openssl_ciphers[4096]; size_t openssl_ciphers_len = 0; openssl_ciphers[0] = '\0'; @@ -282,8 +281,8 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) } // Make sure new cipher name fits in cipher string - if (((openssl_ciphers_size-1) - openssl_ciphers_len) < current_cipher_len) { - msg(M_SSLERR, "Failed to set restricted TLS cipher list, too long (>%zu).", openssl_ciphers_size-1); + if (((sizeof(openssl_ciphers)-1) - openssl_ciphers_len) < current_cipher_len) { + msg(M_SSLERR, "Failed to set restricted TLS cipher list, too long (>%d).", (int)sizeof(openssl_ciphers)-1); } // Concatenate cipher name to OpenSSL cipher string diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c index 178e2c3..022eec5 100644 --- a/src/openvpn/win32.c +++ b/src/openvpn/win32.c @@ -870,6 +870,9 @@ openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned i WCHAR *cl = wide_cmd_line (a, &gc); WCHAR *cmd = wide_string (a->argv[0], &gc); + /* this allows console programs to run, and is ignored otherwise */ + DWORD proc_flags = CREATE_NO_WINDOW; + CLEAR (start_info); CLEAR (proc_info); @@ -879,9 +882,6 @@ openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned i start_info.dwFlags = STARTF_USESHOWWINDOW; start_info.wShowWindow = SW_HIDE; - /* this allows console programs to run, and is ignored otherwise */ - DWORD proc_flags = CREATE_NO_WINDOW; - if (CreateProcessW (cmd, cl, NULL, NULL, FALSE, proc_flags, env, NULL, &start_info, &proc_info)) { DWORD exit_status = 0; -- 1.7.9.5