CVS commit: src/crypto/dist/ipsec-tools/src/racoon

Mon, 20 Apr 2009 06:22:06 -0700 

Module Name:    src
Committed By:   tteras
Date:           Mon Apr 20 13:22:00 UTC 2009

Modified Files:
        src/crypto/dist/ipsec-tools/src/racoon: admin.c racoonctl.c

Log Message:
Originally from Bin Li: Fix a crash with racoonctl logout user.


To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/crypto/dist/ipsec-tools/src/racoon/admin.c
cvs rdiff -u -r1.16 -r1.17 src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/admin.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.29 src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.30
--- src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.29	Thu Mar 12 10:57:26 2009
+++ src/crypto/dist/ipsec-tools/src/racoon/admin.c	Mon Apr 20 13:22:00 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: admin.c,v 1.29 2009/03/12 10:57:26 tteras Exp $	*/
+/*	$NetBSD: admin.c,v 1.30 2009/04/20 13:22:00 tteras Exp $	*/
 
 /* Id: admin.c,v 1.25 2006/04/06 14:31:04 manubsd Exp */
 
@@ -325,16 +325,18 @@
 #ifdef ENABLE_HYBRID
 	case ADMIN_LOGOUT_USER: {
 		struct ph1handle *iph1;
-		char *user;
-		int found = 0;
+		char user[LOGINLEN+1];
+		int found = 0, len = com->ac_len - sizeof(com);
 
-		if (com->ac_len > sizeof(com) + LOGINLEN + 1) {
+		if (len > LOGINLEN) {
 			plog(LLV_ERROR, LOCATION, NULL,
 			    "malformed message (login too long)\n");
 			break;
 		}
 
-		user = (char *)(com + 1);
+		memcpy(user, (char *)(com + 1), len);
+		user[len] = 0;
+
 		found = purgeph1bylogin(user);
 		plog(LLV_INFO, LOCATION, NULL, 
 		    "deleted %d SA for user \"%s\"\n", found, user);

Index: src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c:1.16 src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c:1.17
--- src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c:1.16	Thu Mar 12 10:57:26 2009
+++ src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c	Mon Apr 20 13:22:00 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: racoonctl.c,v 1.16 2009/03/12 10:57:26 tteras Exp $	*/
+/*	$NetBSD: racoonctl.c,v 1.17 2009/04/20 13:22:00 tteras Exp $	*/
 
 /*	Id: racoonctl.c,v 1.11 2006/04/06 17:06:25 manubsd Exp */
 
@@ -740,19 +740,21 @@
 {
 	vchar_t *buf;
 	char *user;
+	size_t userlen;
 
 	/* need username */
 	if (ac < 1)
 		errx(1, "insufficient arguments");
 	user = av[0];
-	if ((user == NULL) || (strlen(user) > LOGINLEN))
+	userlen = strlen(user);
+	if ((user == NULL) || (userlen > LOGINLEN))
 		errx(1, "bad login (too long?)");
 
-	buf = make_request(ADMIN_LOGOUT_USER, 0, 0);
+	buf = make_request(ADMIN_LOGOUT_USER, 0, userlen);
 	if (buf == NULL)
 		return NULL;
 
-	strncpy(buf->v + sizeof(struct admin_com), user, LOGINLEN);
+	strncpy(buf->v + sizeof(struct admin_com), user, userlen);
 
 	return buf;
 }

Reply via email to