CVS commit: src/crypto/dist/ipsec-tools/src/racoon

Mon, 20 Apr 2009 06:24:01 -0700 

Module Name:    src
Committed By:   tteras
Date:           Mon Apr 20 13:23:55 UTC 2009

Modified Files:
        src/crypto/dist/ipsec-tools/src/racoon: isakmp_inf.c isakmp_xauth.c
            plog.c

Log Message:
Orignally from Bin Li: Fix possible memory corruption in binsanitize().


To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 \
    src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c
cvs rdiff -u -r1.19 -r1.20 \
    src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c
cvs rdiff -u -r1.5 -r1.6 src/crypto/dist/ipsec-tools/src/racoon/plog.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c:1.37 src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c:1.38
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c:1.37	Thu Mar 12 10:57:26 2009
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c	Mon Apr 20 13:23:54 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: isakmp_inf.c,v 1.37 2009/03/12 10:57:26 tteras Exp $	*/
+/*	$NetBSD: isakmp_inf.c,v 1.38 2009/04/20 13:23:54 tteras Exp $	*/
 
 /* Id: isakmp_inf.c,v 1.44 2006/05/06 20:45:52 manubsd Exp */
 
@@ -340,8 +340,7 @@
 	const char *exchange;
 {
 	u_int type;
-	vchar_t *ndata;
-	char *nraw, *nhex;
+	char *nraw, *ndata, *nhex;
 	size_t l;
 
 	type = ntohs(notify->type);
@@ -361,13 +360,12 @@
 	if (l > 0) {
 		if (type >= ISAKMP_NTYPE_MINERROR &&
 		    type <= ISAKMP_NTYPE_MAXERROR) {
-			ndata = vmalloc(l);
+			ndata = binsanitize(nraw, l);
 			if (ndata != NULL) {
-				memcpy(ndata->v, nraw, ndata->l);
 				plog(LLV_ERROR, LOCATION, iph1->remote,
 					"error message: '%s'.\n",
-					binsanitize(ndata->v, ndata->l));
-				vfree(ndata);
+					ndata);
+				racoon_free(ndata);
 			} else {
 				plog(LLV_ERROR, LOCATION, iph1->remote,
 					"Cannot allocate memory\n");

Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c:1.19 src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c:1.20
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c:1.19	Fri Jan 23 08:25:06 2009
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c	Mon Apr 20 13:23:55 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: isakmp_xauth.c,v 1.19 2009/01/23 08:25:06 tteras Exp $	*/
+/*	$NetBSD: isakmp_xauth.c,v 1.20 2009/04/20 13:23:55 tteras Exp $	*/
 
 /* Id: isakmp_xauth.c,v 1.38 2006/08/22 18:17:17 manubsd Exp */
 
@@ -1449,8 +1449,7 @@
 	int ashort = 0;
 	int value = 0;
 	vchar_t *buffer = NULL;
-	char* mraw = NULL;
-	vchar_t *mdata = NULL;
+	char *mraw = NULL, *mdata;
 	char *data;
 	vchar_t *usr = NULL;
 	vchar_t *pwd = NULL;
@@ -1537,16 +1536,16 @@
 			dlen = ntohs(attr->lorv);
 			if (dlen > 0) {
 				mraw = (char*)(attr + 1);
-				if ((mdata = vmalloc(dlen)) == NULL) {
+				mdata = binsanitize(mraw, dlen);
+				if (mdata == NULL) {
 					plog(LLV_ERROR, LOCATION, iph1->remote,
 					    "Cannot allocate memory\n");
 					return NULL;
 				}
-				memcpy(mdata->v, mraw, mdata->l);
 				plog(LLV_NOTIFY,LOCATION, iph1->remote,
 					"XAUTH Message: '%s'.\n",
-					binsanitize(mdata->v, mdata->l));
-				vfree(mdata);
+					mdata);
+				racoon_free(mdata);
 			}
 		}
 		return NULL;
@@ -1606,8 +1605,7 @@
 	char *data;
 	struct xauth_state *xst;
 	size_t dlen = 0;
-	char* mraw = NULL;
-	vchar_t *mdata = NULL;
+	char* mraw = NULL, *mdata;
 
 	if ((iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_XAUTH) == 0) {
 		plog(LLV_ERROR, LOCATION, NULL, 
@@ -1662,16 +1660,16 @@
 			dlen = ntohs(attr->lorv);
 			if (dlen > 0) {
 				mraw = (char*)(attr + 1);
-				if ((mdata = vmalloc(dlen)) == NULL) {
+				mdata = binsanitize(mraw, dlen);
+				if (mdata == NULL) {
 					plog(LLV_ERROR, LOCATION, iph1->remote,
 					    "Cannot allocate memory\n");
 					return NULL;
 				}
-				memcpy(mdata->v, mraw, mdata->l);
 				plog(LLV_NOTIFY,LOCATION, iph1->remote,
 					"XAUTH Message: '%s'.\n",
-					binsanitize(mdata->v, mdata->l));
-				vfree(mdata);
+					mdata);
+				racoon_free(mdata);
 			}
 		}
 

Index: src/crypto/dist/ipsec-tools/src/racoon/plog.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/plog.c:1.5 src/crypto/dist/ipsec-tools/src/racoon/plog.c:1.6
--- src/crypto/dist/ipsec-tools/src/racoon/plog.c:1.5	Tue Oct  2 09:47:40 2007
+++ src/crypto/dist/ipsec-tools/src/racoon/plog.c	Mon Apr 20 13:23:55 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: plog.c,v 1.5 2007/10/02 09:47:40 vanhu Exp $	*/
+/*	$NetBSD: plog.c,v 1.6 2009/04/20 13:23:55 tteras Exp $	*/
 
 /* Id: plog.c,v 1.11 2006/06/20 09:57:31 vanhu Exp */
 
@@ -251,15 +251,18 @@
 {
 	int p,q;
 	char* d;
+
+	d = racoon_malloc(n + 1);
 	for (p = 0, q = 0; p < n; p++) {
-                 if (isgraph((int)binstr[p])) {
-			binstr[q++] = binstr[p];
+		if (isgraph((int)binstr[p])) {
+			d[q++] = binstr[p];
 		} else {
-			if (q && binstr[q - 1] != ' ')
-				 binstr[q++] = ' ';
+			if (q && d[q - 1] != ' ')
+				d[q++] = ' ';
 		}
 	}
-	binstr[q++] = '\0';
-	return binstr;
+	d[q++] = '\0';
+
+	return d;
 }

Reply via email to