libipsec

Christos Zoulas Sun, 09 Mar 2025 11:41:34 -0700

Module Name:    src
Committed By:   christos
Date:           Sun Mar  9 18:32:21 UTC 2025


Modified Files:
        src/crypto/dist/ipsec-tools/src/libipsec: ipsec_dump_policy.c pfkey.c
            pfkey_dump.c

Log Message:
fix const, size of buffer, and sign issues


To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 \
    src/crypto/dist/ipsec-tools/src/libipsec/ipsec_dump_policy.c
cvs rdiff -u -r1.26 -r1.27 src/crypto/dist/ipsec-tools/src/libipsec/pfkey.c
cvs rdiff -u -r1.24 -r1.25 \
    src/crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ipsec-tools/src/libipsec/ipsec_dump_policy.c
diff -u src/crypto/dist/ipsec-tools/src/libipsec/ipsec_dump_policy.c:1.11 src/crypto/dist/ipsec-tools/src/libipsec/ipsec_dump_policy.c:1.12
--- src/crypto/dist/ipsec-tools/src/libipsec/ipsec_dump_policy.c:1.11	Mon May 28 16:45:38 2018
+++ src/crypto/dist/ipsec-tools/src/libipsec/ipsec_dump_policy.c	Sun Mar  9 14:32:20 2025
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_dump_policy.c,v 1.11 2018/05/28 20:45:38 maxv Exp $	*/
+/*	$NetBSD: ipsec_dump_policy.c,v 1.12 2025/03/09 18:32:20 christos Exp $	*/
 
 /* Id: ipsec_dump_policy.c,v 1.10 2005/06/29 09:12:37 manubsd Exp */
 
@@ -64,11 +64,11 @@ static const char *ipsp_policy_strs[] = 
 };
 
 static char *ipsec_dump_ipsecrequest(char *, size_t,
-	struct sadb_x_ipsecrequest *, size_t, int);
-static char *ipsec_dump_policy1(void *, const char *, int);
-static int set_addresses(char *, size_t, struct sockaddr *,
-	struct sockaddr *, int);
-static char *set_address(char *, size_t, struct sockaddr *, int);
+	const struct sadb_x_ipsecrequest *, size_t, int);
+static char *ipsec_dump_policy1(const void *, const char *, int);
+static int set_addresses(char *, size_t, const struct sockaddr *,
+	const struct sockaddr *, int);
+static char *set_address(char *, size_t, const struct sockaddr *, int);
 
 /*
  * policy is sadb_x_policy buffer.
@@ -88,11 +88,11 @@ ipsec_dump_policy_withports(void *policy
 }
 
 static char *
-ipsec_dump_policy1(void *policy, const char *delimiter, int withports)
+ipsec_dump_policy1(const void *policy, const char *delimiter, int withports)
 {
-	struct sadb_x_policy *xpl = policy;
-	struct sadb_x_ipsecrequest *xisr;
-	size_t off, buflen;
+	const struct sadb_x_policy *xpl = policy;
+	const struct sadb_x_ipsecrequest *xisr;
+	size_t off, buflen, extlen;
 	char *buf;
 	char isrbuf[1024];
 	char *newbuf;
@@ -227,32 +227,33 @@ ipsec_dump_policy1(void *policy, const c
 
 	/* count length of buffer for use */
 	off = sizeof(*xpl);
-	while (off < PFKEY_EXTLEN(xpl)) {
-		xisr = (void *)((caddr_t)(void *)xpl + off);
+	extlen = PFKEY_EXTLEN(xpl);
+	while (off < extlen) {
+		xisr = (const void *)((const char *)xpl + off);
 		off += xisr->sadb_x_ipsecrequest_len;
 	}
 
 	/* validity check */
-	if (off != PFKEY_EXTLEN(xpl)) {
+	if (off != extlen) {
 		__ipsec_errcode = EIPSEC_INVAL_SADBMSG;
 		free(buf);
 		return NULL;
 	}
 
 	off = sizeof(*xpl);
-	while (off < PFKEY_EXTLEN(xpl)) {
-		int offset;
-		xisr = (void *)((caddr_t)(void *)xpl + off);
+	while (off < extlen) {
+		size_t offset;
+		xisr = (const void *)((const char *)xpl + off);
 
 		if (ipsec_dump_ipsecrequest(isrbuf, sizeof(isrbuf), xisr,
-		    PFKEY_EXTLEN(xpl) - off, withports) == NULL) {
+		    extlen - off, withports) == NULL) {
 			free(buf);
 			return NULL;
 		}
 
 		offset = strlen(buf);
 		buflen = offset + strlen(delimiter) + strlen(isrbuf) + 1;
-		newbuf = (char *)realloc(buf, buflen);
+		newbuf = realloc(buf, buflen);
 		if (newbuf == NULL) {
 			__ipsec_errcode = EIPSEC_NO_BUFS;
 			free(buf);
@@ -269,11 +270,12 @@ ipsec_dump_policy1(void *policy, const c
 }
 
 static char *
-ipsec_dump_ipsecrequest(char *buf, size_t len, struct sadb_x_ipsecrequest *xisr,
+ipsec_dump_ipsecrequest(char *buf, size_t len,
+    const struct sadb_x_ipsecrequest *xisr,
     size_t bound /* boundary */, int withports)
 {
 	const char *proto, *mode, *level;
-	char abuf[NI_MAXHOST * 2 + 2];
+	char abuf[(NI_MAXHOST + NI_MAXSERV + 3) * 2 + 2];
 
 	if (xisr->sadb_x_ipsecrequest_len > bound) {
 		__ipsec_errcode = EIPSEC_INVAL_PROTO;
@@ -312,12 +314,12 @@ ipsec_dump_ipsecrequest(char *buf, size_
 
 	abuf[0] = '\0';
 	if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
-		struct sockaddr *sa1, *sa2;
-		caddr_t p;
+		const struct sockaddr *sa1, *sa2;
+		const char *p;
 
-		p = (void *)(xisr + 1);
-		sa1 = (void *)p;
-		sa2 = (void *)(p + sysdep_sa_len(sa1));
+		p = (const void *)(xisr + 1);
+		sa1 = (const void *)p;
+		sa2 = (const void *)(p + sysdep_sa_len(sa1));
 		if (sizeof(*xisr) + sysdep_sa_len(sa1) + sysdep_sa_len(sa2) !=
 		    xisr->sadb_x_ipsecrequest_len) {
 			__ipsec_errcode = EIPSEC_INVAL_ADDRESS;
@@ -365,10 +367,10 @@ ipsec_dump_ipsecrequest(char *buf, size_
 }
 
 static int
-set_addresses(char *buf, size_t len, struct sockaddr *sa1, struct sockaddr *sa2,
-    int withports)
+set_addresses(char *buf, size_t len, const struct sockaddr *sa1,
+    const struct sockaddr *sa2, int withports)
 {
-	char tmp1[NI_MAXHOST], tmp2[NI_MAXHOST];
+	char tmp1[NI_MAXHOST + NI_MAXSERV + 3], tmp2[sizeof(tmp1)];
 
 	if (set_address(tmp1, sizeof(tmp1), sa1, withports) == NULL ||
 	    set_address(tmp2, sizeof(tmp2), sa2, withports) == NULL)
@@ -380,7 +382,7 @@ set_addresses(char *buf, size_t len, str
 }
 
 static char *
-set_address(char *buf, size_t len, struct sockaddr *sa, int withports)
+set_address(char *buf, size_t len, const struct sockaddr *sa, int withports)
 {
 	const int niflags = NI_NUMERICHOST | NI_NUMERICSERV;
 	char host[NI_MAXHOST];

Index: src/crypto/dist/ipsec-tools/src/libipsec/pfkey.c
diff -u src/crypto/dist/ipsec-tools/src/libipsec/pfkey.c:1.26 src/crypto/dist/ipsec-tools/src/libipsec/pfkey.c:1.27
--- src/crypto/dist/ipsec-tools/src/libipsec/pfkey.c:1.26	Mon May 28 16:45:38 2018
+++ src/crypto/dist/ipsec-tools/src/libipsec/pfkey.c	Sun Mar  9 14:32:20 2025
@@ -1,4 +1,4 @@
-/*	$NetBSD: pfkey.c,v 1.26 2018/05/28 20:45:38 maxv Exp $	*/
+/*	$NetBSD: pfkey.c,v 1.27 2025/03/09 18:32:20 christos Exp $	*/
 /*	$KAME: pfkey.c,v 1.47 2003/10/02 19:52:12 itojun Exp $	*/
 
 /*
@@ -127,7 +127,7 @@ static int supported_map[] = {
 static int
 findsupportedmap(int satype)
 {
-	int i;
+	size_t i;
 
 	for (i = 0; i < sizeof(supported_map)/sizeof(supported_map[0]); i++)
 		if (supported_map[i] == satype)
@@ -157,7 +157,7 @@ findsupportedalg(u_int satype, u_int alg
 		- sizeof(struct sadb_supported);
 	p = (void *)(ipsec_supported[algno] + 1);
 	while (tlen > 0) {
-		if (tlen < sizeof(struct sadb_alg)) {
+		if (tlen < (int)sizeof(struct sadb_alg)) {
 			/* invalid format */
 			break;
 		}
@@ -698,7 +698,7 @@ pfkey_send_register(int so, u_int satype
 
 	if (satype == SADB_SATYPE_UNSPEC) {
 		for (algno = 0;
-		     algno < sizeof(supported_map)/sizeof(supported_map[0]);
+		     algno < (int)__arraycount(supported_map);
 		     algno++) {
 			if (ipsec_supported[algno]) {
 				free(ipsec_supported[algno]);
@@ -743,7 +743,7 @@ pfkey_recv_register(int so)
 		if ((newmsg = pfkey_recv(so)) == NULL)
 			return -1;
 		if (newmsg->sadb_msg_type == SADB_REGISTER &&
-		    newmsg->sadb_msg_pid == pid)
+		    (pid_t)newmsg->sadb_msg_pid == pid)
 			break;
 		free(newmsg);
 	}
@@ -791,7 +791,7 @@ pfkey_set_supported(struct sadb_msg *msg
 	while (p < ep) {
 		sup = (void *)p;
 		if (ep < p + sizeof(*sup) ||
-		    PFKEY_EXTLEN(sup) < sizeof(*sup) ||
+		    PFKEY_EXTLEN(sup) < (int)sizeof(*sup) ||
 		    ep < p + sup->sadb_supported_len) {
 			/* invalid format */
 			break;
@@ -1632,7 +1632,7 @@ pfkey_send_x4(int so, u_int type, struct
 	struct sadb_msg *newmsg;
 	int len;
 	caddr_t p;
-	int plen;
+	size_t plen;
 	caddr_t ep;
 
 	/* validity check */
@@ -1881,7 +1881,7 @@ pfkey_recv(int so)
 		return NULL;
 	}
 
-	if (len < sizeof(buf)) {
+	if (len < (int)sizeof(buf)) {
 		recv(so, (void *)&buf, sizeof(buf), 0);
 		__ipsec_errcode = EIPSEC_MAX;
 		return NULL;
@@ -1980,7 +1980,8 @@ pfkey_align(struct sadb_msg *msg, caddr_
 
 	while (p < ep) {
 		ext = (void *)p;
-		if (ep < p + sizeof(*ext) || PFKEY_EXTLEN(ext) < sizeof(*ext) ||
+		if (ep < p + sizeof(*ext) ||
+		    PFKEY_EXTLEN(ext) < (int)sizeof(*ext) ||
 		    ep < p + PFKEY_EXTLEN(ext)) {
 			/* invalid format */
 			break;

Index: src/crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c
diff -u src/crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c:1.24 src/crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c:1.25
--- src/crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c:1.24	Mon May 28 16:45:38 2018
+++ src/crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c	Sun Mar  9 14:32:21 2025
@@ -1,4 +1,4 @@
-/*	$NetBSD: pfkey_dump.c,v 1.24 2018/05/28 20:45:38 maxv Exp $	*/
+/*	$NetBSD: pfkey_dump.c,v 1.25 2025/03/09 18:32:21 christos Exp $	*/
 
 /*	$KAME: pfkey_dump.c,v 1.45 2003/09/08 10:14:56 itojun Exp $	*/
 
@@ -704,7 +704,7 @@ str_prefport(u_int family, u_int pref, u
 	static char buf[128];
 	char prefbuf[128];
 	char portbuf[128];
-	int plen;
+	size_t plen;
 
 	switch (family) {
 	case AF_INET:

CVS commit: src/crypto/dist/ipsec-tools/src/libipsec

Reply via email to