Module Name: src Committed By: tteras Date: Mon Apr 20 13:32:57 UTC 2009
Modified Files: src/crypto/dist/ipsec-tools/src/racoon [ipsec-tools-0_7-branch]: admin.c racoonctl.c Log Message: Originally from Bin Li: Fix a crash with racoonctl logout user. To generate a diff of this commit: cvs rdiff -u -r1.17.6.2 -r1.17.6.3 \ src/crypto/dist/ipsec-tools/src/racoon/admin.c cvs rdiff -u -r1.7.6.1 -r1.7.6.2 \ src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/dist/ipsec-tools/src/racoon/admin.c diff -u src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.17.6.2 src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.17.6.3 --- src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.17.6.2 Wed Jun 18 07:30:19 2008 +++ src/crypto/dist/ipsec-tools/src/racoon/admin.c Mon Apr 20 13:32:57 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: admin.c,v 1.17.6.2 2008/06/18 07:30:19 mgrooms Exp $ */ +/* $NetBSD: admin.c,v 1.17.6.3 2009/04/20 13:32:57 tteras Exp $ */ /* Id: admin.c,v 1.25 2006/04/06 14:31:04 manubsd Exp */ @@ -307,16 +307,18 @@ #ifdef ENABLE_HYBRID case ADMIN_LOGOUT_USER: { struct ph1handle *iph1; - char *user; - int found = 0; + char user[LOGINLEN+1]; + int found = 0, len = com->ac_len - sizeof(com); - if (com->ac_len > sizeof(com) + LOGINLEN + 1) { + if (len > LOGINLEN) { plog(LLV_ERROR, LOCATION, NULL, "malformed message (login too long)\n"); break; } - user = (char *)(com + 1); + memcpy(user, (char *)(com + 1), len); + user[len] = 0; + found = purgeph1bylogin(user); plog(LLV_INFO, LOCATION, NULL, "deleted %d SA for user \"%s\"\n", found, user); Index: src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c diff -u src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c:1.7.6.1 src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c:1.7.6.2 --- src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c:1.7.6.1 Tue Jul 15 00:55:48 2008 +++ src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c Mon Apr 20 13:32:57 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: racoonctl.c,v 1.7.6.1 2008/07/15 00:55:48 mgrooms Exp $ */ +/* $NetBSD: racoonctl.c,v 1.7.6.2 2009/04/20 13:32:57 tteras Exp $ */ /* Id: racoonctl.c,v 1.11 2006/04/06 17:06:25 manubsd Exp */ @@ -834,15 +834,17 @@ vchar_t *buf; struct admin_com *head; char *user; + size_t userlen; /* need username */ if (ac < 1) errx(1, "insufficient arguments"); user = av[0]; - if ((user == NULL) || (strlen(user) > LOGINLEN)) + userlen = strlen(user); + if ((user == NULL) || (userlen > LOGINLEN)) errx(1, "bad login (too long?)"); - buf = vmalloc(sizeof(*head) + strlen(user) + 1); + buf = vmalloc(sizeof(*head) + userlen); if (buf == NULL) return NULL; @@ -852,7 +854,7 @@ head->ac_errno = 0; head->ac_proto = 0; - strncpy((char *)(head + 1), user, LOGINLEN); + strncpy((char *)(head + 1), user, userlen); return buf; }