diff options
| author |   niklas <niklas@openbsd.org> | 2001-04-19 20:12:44 +0000 |
|---|---|---|
| committer | niklas <niklas@openbsd.org> | 2001-04-19 20:12:44 +0000 |
| commit | e05b609cd263ac30de37a0e87a82f5bf5845f89d (patch) | |
| tree | 0f1360a2c564b165700b1eca9ea2f4fe28537a96 | |
| parent | Include NUL-termination in identity extension length computation (diff) | |
| download | wireguard-openbsd-e05b609cd263ac30de37a0e87a82f5bf5845f89d.tar.xz wireguard-openbsd-e05b609cd263ac30de37a0e87a82f5bf5845f89d.zip | |
PF_KEY identity extensions are NUL-terminated. Do not forget neither to
allocate for the NUL, nor to actually transfer it.
| -rw-r--r-- | sbin/ipsecadm/ipsecadm.c | 20 | ||||
| -rw-r--r-- | sbin/isakmpd/pf_key_v2.c | 8 |
2 files changed, 14 insertions, 14 deletions
diff --git a/sbin/ipsecadm/ipsecadm.c b/sbin/ipsecadm/ipsecadm.c index 7e6143ca823..a6c86b04da9 100644 --- a/sbin/ipsecadm/ipsecadm.c +++ b/sbin/ipsecadm/ipsecadm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecadm.c,v 1.52 2001/03/28 19:15:43 angelos Exp $ */ +/* $OpenBSD: ipsecadm.c,v 1.53 2001/04/19 20:12:45 niklas Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -102,7 +102,7 @@ transform xf[] = { {"rmd160", SADB_AALG_RIPEMD160HMAC, XF_AUTH|AH_NEW|ESP_NEW}, }; -#define ROUNDUP(x) (x % 8 ? (x + 8) - (x % 8) : x) +#define ROUNDUP(x) (((x) + sizeof(u_int64_t) - 1) & ~(sizeof(u_int64_t) - 1)) void xf_set(struct iovec *iov, int cnt, int len) @@ -874,14 +874,14 @@ main(int argc, char **argv) exit(1); } - srcid = calloc(ROUNDUP(strlen(argv[i + 1])), sizeof(char)); + srcid = calloc(ROUNDUP(strlen(argv[i + 1]) + 1), sizeof(char)); if (srcid == NULL) { fprintf(stderr, "%s: malloc failed\n", argv[0]); exit(1); } strcpy(srcid, argv[i + 1]); - sid1.sadb_ident_len += ROUNDUP(strlen(srcid)) / sizeof(u_int64_t); + sid1.sadb_ident_len += ROUNDUP(strlen(srcid) + 1) / sizeof(u_int64_t); i++; continue; } @@ -897,14 +897,14 @@ main(int argc, char **argv) exit(1); } - dstid = calloc(ROUNDUP(strlen(argv[i + 1])), sizeof(char)); + dstid = calloc(ROUNDUP(strlen(argv[i + 1]) + 1), sizeof(char)); if (dstid == NULL) { fprintf(stderr, "%s: malloc failed\n", argv[0]); exit(1); } strcpy(dstid, argv[i + 1]); - sid2.sadb_ident_len += ROUNDUP(strlen(dstid)) / sizeof(u_int64_t); + sid2.sadb_ident_len += ROUNDUP(strlen(dstid) + 1) / sizeof(u_int64_t); i++; continue; } @@ -1517,7 +1517,7 @@ main(int argc, char **argv) iov[cnt++].iov_len = sizeof(sid1); /* SRC identity */ iov[cnt].iov_base = srcid; - iov[cnt++].iov_len = ROUNDUP(strlen(srcid)); + iov[cnt++].iov_len = ROUNDUP(strlen(srcid) + 1); smsg.sadb_msg_len += sid1.sadb_ident_len; } @@ -1527,7 +1527,7 @@ main(int argc, char **argv) iov[cnt++].iov_len = sizeof(sid2); /* DST identity */ iov[cnt].iov_base = dstid; - iov[cnt++].iov_len = ROUNDUP(strlen(dstid)); + iov[cnt++].iov_len = ROUNDUP(strlen(dstid) + 1); smsg.sadb_msg_len += sid2.sadb_ident_len; } @@ -1770,7 +1770,7 @@ main(int argc, char **argv) iov[cnt++].iov_len = sizeof(sid1); /* SRC identity */ iov[cnt].iov_base = srcid; - iov[cnt++].iov_len = ROUNDUP(strlen(srcid)); + iov[cnt++].iov_len = ROUNDUP(strlen(srcid) + 1); smsg.sadb_msg_len += sid1.sadb_ident_len; } @@ -1781,7 +1781,7 @@ main(int argc, char **argv) iov[cnt++].iov_len = sizeof(sid2); /* DST identity */ iov[cnt].iov_base = dstid; - iov[cnt++].iov_len = ROUNDUP(strlen(dstid)); + iov[cnt++].iov_len = ROUNDUP(strlen(dstid) + 1); smsg.sadb_msg_len += sid2.sadb_ident_len; } diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c index 2758ed0b00f..a8cd801c06c 100644 --- a/sbin/isakmpd/pf_key_v2.c +++ b/sbin/isakmpd/pf_key_v2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_key_v2.c,v 1.48 2001/04/09 22:09:52 ho Exp $ */ +/* $OpenBSD: pf_key_v2.c,v 1.49 2001/04/19 20:12:44 niklas Exp $ */ /* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */ /* @@ -1209,7 +1209,7 @@ pf_key_v2_flow (in_addr_t laddr, in_addr_t lmask, in_addr_t raddr, /* Setup the source ID, if provided */ if (srcid) { - sid = calloc (PF_KEY_V2_ROUND (srcid_len) + sizeof *sid, + sid = calloc (PF_KEY_V2_ROUND (srcid_len + 1) + sizeof *sid, sizeof (u_int8_t)); if (!sid) goto cleanup; @@ -1231,7 +1231,7 @@ pf_key_v2_flow (in_addr_t laddr, in_addr_t lmask, in_addr_t raddr, /* Setup the destination ID, if provided */ if (dstid) { - sid = calloc (PF_KEY_V2_ROUND (dstid_len) + sizeof *sid, + sid = calloc (PF_KEY_V2_ROUND (dstid_len + 1) + sizeof *sid, sizeof (u_int8_t)); if (!sid) goto cleanup; @@ -1387,7 +1387,7 @@ pf_key_v2_flow (in_addr_t laddr, in_addr_t lmask, in_addr_t raddr, bzero (&tprotocol, sizeof tprotocol); tprotocol.sadb_protocol_exttype = SADB_X_EXT_PROTOCOL; tprotocol.sadb_protocol_len = sizeof tprotocol / PF_KEY_V2_CHUNK; - tprotocol.sadb_protocol_proto = tproto;; + tprotocol.sadb_protocol_proto = tproto; if (pf_key_v2_msg_add (flow, (struct sadb_ext *)&tprotocol, 0) == -1) goto cleanup; |