src - OpenBSD base system

diff options


context:
space:
mode:

author	Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org>	2002-09-08 01:20:16 +0000
committer	Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org>	2002-09-08 01:20:16 +0000
commit	cab9b6aafe58f557fe000f8d0fcde7e0f22b955b (patch)
tree	8acd643f547875eb185160a92a9d3fbccf8357d8
parent	f08cb0a5897cd0121c4a1ff08442bbc6254eb860 (diff)

-ansi -pedantic (socklen_t). from cloder@loder.us

die if FD_SET overruns. sync w/kame

Diffstat

-rw-r--r--

usr.sbin/faithd/Makefile

-rw-r--r--

usr.sbin/faithd/faithd.c

-rw-r--r--

usr.sbin/faithd/ftp.c

-rw-r--r--

usr.sbin/faithd/prefix.c

-rw-r--r--

usr.sbin/faithd/tcp.c

5 files changed, 89 insertions, 70 deletions

diff --git a/usr.sbin/faithd/Makefile b/usr.sbin/faithd/Makefile
index 29adde41e69..053e03668c9 100644
--- a/usr.sbin/faithd/Makefile
+++ b/usr.sbin/faithd/Makefile

@@ -1,4 +1,4 @@

-# $OpenBSD: Makefile,v 1.3 2002/05/09 14:12:16 itojun Exp $

+# $OpenBSD: Makefile,v 1.4 2002/09/08 01:20:15 itojun Exp $

PROG= faithd

SRCS= faithd.c tcp.c ftp.c prefix.c

@@ -6,6 +6,7 @@ SRCS= faithd.c tcp.c ftp.c prefix.c

MAN= faithd.8

#CPPFLAGS+= -DFAITH4

+CFLAGS+=-ansi -pedantic

LDADD+= -lutil

DPADD+= ${LIBUTIL}

diff --git a/usr.sbin/faithd/faithd.c b/usr.sbin/faithd/faithd.c
index ae7ba4c2b15..7808f018a00 100644
--- a/usr.sbin/faithd/faithd.c
+++ b/usr.sbin/faithd/faithd.c

@@ -1,5 +1,5 @@

-/* $OpenBSD: faithd.c,v 1.21 2002/06/07 00:18:05 itojun Exp $ */

-/* $KAME: faithd.c,v 1.50 2002/05/09 14:06:52 itojun Exp $ */

+/* $OpenBSD: faithd.c,v 1.22 2002/09/08 01:20:15 itojun Exp $ */

+/* $KAME: faithd.c,v 1.58 2002/09/08 01:12:30 itojun Exp $ */

@@ -146,7 +146,7 @@ inetd_main(int argc, char **argv)

char path[MAXPATHLEN];

struct sockaddr_storage me;

struct sockaddr_storage from;

- int melen, fromlen;

+ socklen_t melen, fromlen;

int i;

int error;

const int on = 1;

@@ -224,9 +224,6 @@ daemon_main(int argc, char **argv)

int s_wld, error, i, serverargc, on = 1;

int family = AF_INET6;

int c;

-#ifdef FAITH_NS

- char *ns;

-#endif /* FAITH_NS */

while ((c = getopt(argc, argv, "df:p")) != -1) {

switch (c) {

@@ -252,23 +249,6 @@ daemon_main(int argc, char **argv)

/*NOTREACHED*/

}

-#ifdef FAITH_NS

- if ((ns = getenv(FAITH_NS)) != NULL) {

- struct sockaddr_storage ss;

- struct addrinfo hints, *res;

- char serv[NI_MAXSERV];

- memset(&ss, 0, sizeof(ss));

- memset(&hints, 0, sizeof(hints));

- snprintf(serv, sizeof(serv), "%u", NAMESERVER_PORT);

- hints.ai_flags = AI_NUMERICHOST;

- if (getaddrinfo(ns, serv, &hints, &res) == 0) {

- res_init();

- memcpy(&_res_ext.nsaddr, res->ai_addr, res->ai_addrlen);

- _res.nscount = 1;

- }

-#endif /* FAITH_NS */

#ifdef USE_ROUTE

grab_myaddrs();

@@ -336,6 +316,12 @@ daemon_main(int argc, char **argv)

if (error == -1)

exit_failure("setsockopt(SO_OOBINLINE): %s", strerror(errno));

+#ifdef IPV6_V6ONLY

+ error = setsockopt(s_wld, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on));

+ if (error == -1)

+ exit_failure("setsockopt(IPV6_V6ONLY): %s", strerror(errno));

+#endif

error = bind(s_wld, (struct sockaddr *)res->ai_addr, res->ai_addrlen);

if (error == -1)

exit_failure("bind: %s", strerror(errno));

@@ -370,7 +356,7 @@ static void

play_service(int s_wld)

{

struct sockaddr_storage srcaddr;

- int len;

+ socklen_t len;

int s_src;

pid_t child_pid;

fd_set rfds;

@@ -384,10 +370,14 @@ again:

setproctitle("%s", procname);

FD_ZERO(&rfds);

+ if (s_wld >= FD_SETSIZE)

+ exit_failure("descriptor too big");

FD_SET(s_wld, &rfds);

maxfd = s_wld;

#ifdef USE_ROUTE

if (sockfd) {

+ if (sockfd >= FD_SETSIZE)

+ exit_failure("descriptor too big");

FD_SET(sockfd, &rfds);

maxfd = (maxfd < sockfd) ? sockfd : maxfd;

}

@@ -408,17 +398,22 @@ again:

#endif

if (FD_ISSET(s_wld, &rfds)) {

len = sizeof(srcaddr);

- s_src = accept(s_wld, (struct sockaddr *)&srcaddr,

- &len);

+ s_src = accept(s_wld, (struct sockaddr *)&srcaddr, &len);

if (s_src < 0) {

if (errno == ECONNABORTED)

goto again;

exit_failure("socket: %s", strerror(errno));

/*NOTREACHED*/

}

+ if (srcaddr.ss_family == AF_INET6 &&

+ IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&srcaddr)->sin6_addr)) {

+ close(s_src);

+ syslog(LOG_ERR, "connection from IPv4 mapped address?");

+ goto again;

+ }

child_pid = fork();

if (child_pid == 0) {

/* child process */

close(s_wld);

@@ -445,7 +440,7 @@ play_child(int s_src, struct sockaddr *srcaddr)

char src[NI_MAXHOST];

char dst6[NI_MAXHOST];

char dst4[NI_MAXHOST];

- int len = sizeof(dstaddr6);

+ socklen_t len = sizeof(dstaddr6);

int s_dst, error, hport, nresvport, on = 1;

struct timeval tv;

struct sockaddr *sa4;

diff --git a/usr.sbin/faithd/ftp.c b/usr.sbin/faithd/ftp.c
index e22e03d5dda..5279d800e43 100644
--- a/usr.sbin/faithd/ftp.c
+++ b/usr.sbin/faithd/ftp.c

@@ -1,5 +1,5 @@

-/* $OpenBSD: ftp.c,v 1.9 2002/06/24 06:06:25 itojun Exp $ */

-/* $KAME: ftp.c,v 1.18 2002/06/23 14:41:47 itojun Exp $ */

+/* $OpenBSD: ftp.c,v 1.10 2002/09/08 01:20:15 itojun Exp $ */

+/* $KAME: ftp.c,v 1.20 2002/09/08 01:12:30 itojun Exp $ */

@@ -83,24 +83,36 @@ ftp_relay(int ctl6, int ctl4)

int maxfd = 0;

FD_ZERO(&readfds);

+ if (ctl4 >= FD_SETSIZE)

+ exit_failure("descriptor too big");

FD_SET(ctl4, &readfds);

maxfd = ctl4;

+ if (ctl6 >= FD_SETSIZE)

+ exit_failure("descriptor too big");

FD_SET(ctl6, &readfds);

maxfd = (ctl6 > maxfd) ? ctl6 : maxfd;

if (0 <= port4) {

+ if (port4 >= FD_SETSIZE)

+ exit_failure("descriptor too big");

FD_SET(port4, &readfds);

maxfd = (port4 > maxfd) ? port4 : maxfd;

}

if (0 <= port6) {

+ if (port6 >= FD_SETSIZE)

+ exit_failure("descriptor too big");

FD_SET(port6, &readfds);

maxfd = (port6 > maxfd) ? port6 : maxfd;

}

#if 0

if (0 <= wport4) {

+ if (wport4 >= FD_SETSIZE)

+ exit_failure("descriptor too big");

FD_SET(wport4, &readfds);

maxfd = (wport4 > maxfd) ? wport4 : maxfd;

}

if (0 <= wport6) {

+ if (wport6 >= FD_SETSIZE)

+ exit_failure("descriptor too big");

FD_SET(wport6, &readfds);

maxfd = (wport6 > maxfd) ? wport6 : maxfd;

}

@@ -215,7 +227,7 @@ ftp_relay(int ctl6, int ctl4)

static int

ftp_activeconn()

{

- int n;

+ socklen_t n;

int error;

fd_set set;

struct timeval timeout;

@@ -223,6 +235,8 @@ ftp_activeconn()

/* get active connection from server */

FD_ZERO(&set);

+ if (wport4 >= FD_SETSIZE)

+ exit_failure("descriptor too big");

FD_SET(wport4, &set);

timeout.tv_sec = 120;

timeout.tv_usec = -1;

@@ -262,7 +276,7 @@ ftp_activeconn()

static int

ftp_passiveconn()

{

- int n;

+ socklen_t len;

int error;

fd_set set;

struct timeval timeout;

@@ -270,12 +284,14 @@ ftp_passiveconn()

/* get passive connection from client */

FD_ZERO(&set);

+ if (wport6 >= FD_SETSIZE)

+ exit_failure("descriptor too big");

FD_SET(wport6, &set);

timeout.tv_sec = 120;

timeout.tv_usec = 0;

- n = sizeof(data6);

+ len = sizeof(data6);

if (select(wport6 + 1, &set, NULL, NULL, &timeout) == 0

- || (port6 = accept(wport6, (struct sockaddr *)&data6, &n)) < 0) {

+ || (port6 = accept(wport6, (struct sockaddr *)&data6, &len)) < 0) {

close(wport6);

wport6 = -1;

syslog(LOG_INFO, "passive mode data connection failed");

@@ -309,8 +325,7 @@ ftp_passiveconn()

static int

ftp_copy(int src, int dst)

{

- int error, atmark;

- int n;

+ int error, atmark, n;

/* OOB data handling */

error = ioctl(src, SIOCATMARK, &atmark);

@@ -347,8 +362,8 @@ ftp_copy(int src, int dst)

static int

ftp_copyresult(int src, int dst, enum state state)

{

- int error, atmark;

- int n;

+ int error, atmark, n;

+ socklen_t len;

char *param;

int code;

char *a, *p;

@@ -517,8 +532,8 @@ passivefail:

* addr from dst, port from wport6

- n = sizeof(data6);

- error = getsockname(wport6, (struct sockaddr *)&data6, &n);

+ len = sizeof(data6);

+ error = getsockname(wport6, (struct sockaddr *)&data6, &len);

if (error == -1) {

close(wport6);

wport6 = -1;

@@ -527,8 +542,8 @@ passivefail:

sin6 = (struct sockaddr_in6 *)&data6;

port = sin6->sin6_port;

- n = sizeof(data6);

- error = getsockname(dst, (struct sockaddr *)&data6, &n);

+ len = sizeof(data6);

+ error = getsockname(dst, (struct sockaddr *)&data6, &len);

if (error == -1) {

close(wport6);

wport6 = -1;

@@ -576,8 +591,8 @@ passivefail:

static int

ftp_copycommand(int src, int dst, enum state *state)

{

- int error, atmark;

- int n;

+ int error, atmark, n;

+ socklen_t len;

unsigned int af, hal, ho[16], pal, po[2];

char *a, *p, *q;

char cmd[5], *param;

@@ -692,8 +707,8 @@ ftp_copycommand(int src, int dst, enum state *state)

sendport:

/* get ready for active data connection */

- n = sizeof(data4);

- error = getsockname(dst, (struct sockaddr *)&data4, &n);

+ len = sizeof(data4);

+ error = getsockname(dst, (struct sockaddr *)&data4, &len);

if (error == -1) {

lprtfail:

n = snprintf(sbuf, sizeof(sbuf),

@@ -725,8 +740,8 @@ lprtfail:

}

/* transmit PORT */

- n = sizeof(data4);

- error = getsockname(wport4, (struct sockaddr *)&data4, &n);

+ len = sizeof(data4);

+ error = getsockname(wport4, (struct sockaddr *)&data4, &len);

if (error == -1) {

close(wport4);

wport4 = -1;

diff --git a/usr.sbin/faithd/prefix.c b/usr.sbin/faithd/prefix.c
index 927011c1b4d..7aca3a27688 100644
--- a/usr.sbin/faithd/prefix.c
+++ b/usr.sbin/faithd/prefix.c

@@ -1,5 +1,5 @@

-/* $OpenBSD: prefix.c,v 1.5 2002/06/24 06:06:25 itojun Exp $ */

-/* $KAME: prefix.c,v 1.11 2001/11/13 12:38:45 jinmei Exp $ */

+/* $OpenBSD: prefix.c,v 1.6 2002/09/08 01:20:15 itojun Exp $ */

+/* $KAME: prefix.c,v 1.12 2002/09/08 01:14:46 itojun Exp $ */

@@ -58,10 +58,7 @@ struct config *config_list = NULL;

const int niflags = NI_NUMERICHOST;

static int

-prefix_set(s, prefix, slash)

- const char *s;

- struct prefix *prefix;

- int slash;

+prefix_set(const char *s, struct prefix *prefix, int slash)

{

char *p = NULL, *q, *r;

struct addrinfo hints, *res = NULL;

@@ -128,8 +125,7 @@ fail:

}

const char *

-prefix_string(prefix)

- const struct prefix *prefix;

+prefix_string(const struct prefix *prefix)

{

static char buf[NI_MAXHOST + 20];

char hbuf[NI_MAXHOST];

@@ -142,9 +138,7 @@ prefix_string(prefix)

}

int

-prefix_match(prefix, sa)

- const struct prefix *prefix;

- const struct sockaddr *sa;

+prefix_match(const struct prefix *prefix, const struct sockaddr *sa)

{

struct sockaddr_storage a, b;

char *pa, *pb;

@@ -196,8 +190,7 @@ prefix_match(prefix, sa)

* 3ffe::/16 permit 10.0.0.0/8 10.1.1.1

static struct config *

-config_load1(line)

- const char *line;

+config_load1(const char *line)

{

struct config *conf;

char buf[BUFSIZ];

@@ -270,8 +263,7 @@ fail:

}

int

-config_load(configfile)

- const char *configfile;

+config_load(const char *configfile)

{

FILE *fp;

char buf[BUFSIZ];

@@ -302,8 +294,7 @@ config_load(configfile)

#if 0

static void

-config_show1(conf)

- const struct config *conf;

+config_show1(const struct config *conf)

{

const char *p;

@@ -332,8 +323,7 @@ config_show()

#endif

const struct config *

-config_match(sa1, sa2)

- struct sockaddr *sa1, *sa2;

+config_match(struct sockaddr *sa1, struct sockaddr *sa2)

{

static struct config conf;

const struct config *p;

diff --git a/usr.sbin/faithd/tcp.c b/usr.sbin/faithd/tcp.c
index 3f2b76ee4a6..8982b63b474 100644
--- a/usr.sbin/faithd/tcp.c
+++ b/usr.sbin/faithd/tcp.c

@@ -1,5 +1,5 @@

-/* $OpenBSD: tcp.c,v 1.11 2002/05/26 01:21:12 deraadt Exp $ */

-/* $KAME: tcp.c,v 1.6 2001/07/02 14:36:49 itojun Exp $ */

+/* $OpenBSD: tcp.c,v 1.12 2002/09/08 01:20:15 itojun Exp $ */

+/* $KAME: tcp.c,v 1.10 2002/08/20 23:01:01 itojun Exp $ */

@@ -161,6 +161,8 @@ send_data(int s_rcv, int s_snd, const char *service, int direction)

if (cc == -1)

goto retry_or_err;

oob_exists = 0;

+ if (s_rcv >= FD_SETSIZE)

+ exit_failure("descriptor too big");

FD_SET(s_rcv, &exceptfds);

}

@@ -179,12 +181,18 @@ send_data(int s_rcv, int s_snd, const char *service, int direction)

}

#endif /* DEBUG */

tblen = 0; tboff = 0;

+ if (s_snd >= FD_SETSIZE)

+ exit_failure("descriptor too big");

FD_CLR(s_snd, &writefds);

+ if (s_rcv >= FD_SETSIZE)

+ exit_failure("descriptor too big");

FD_SET(s_rcv, &readfds);

return;

retry_or_err:

if (errno != EAGAIN)

exit_failure("writing relay data failed: %s", strerror(errno));

+ if (s_snd >= FD_SETSIZE)

+ exit_failure("descriptor too big");

FD_SET(s_snd, &writefds);

}

@@ -200,6 +208,8 @@ relay(int s_rcv, int s_snd, const char *service, int direction)

FD_ZERO(&exceptfds);

fcntl(s_snd, F_SETFD, O_NONBLOCK);

oreadfds = readfds; owritefds = writefds; oexceptfds = exceptfds;

+ if (s_rcv >= FD_SETSIZE)

+ exit_failure("descriptor too big");

FD_SET(s_rcv, &readfds);

FD_SET(s_rcv, &exceptfds);

oob_exists = 0;

@@ -234,7 +244,11 @@ relay(int s_rcv, int s_snd, const char *service, int direction)

oob_read_retry:

cc = read(s_rcv, atmark_buf, 1);

if (cc == 1) {

+ if (s_rcv >= FD_SETSIZE)

+ exit_failure("descriptor too big");

FD_CLR(s_rcv, &exceptfds);

+ if (s_snd >= FD_SETSIZE)

+ exit_failure("descriptor too big");

FD_SET(s_snd, &writefds);

oob_exists = 1;

} else if (cc == -1) {

@@ -267,7 +281,11 @@ relay(int s_rcv, int s_snd, const char *service, int direction)

exit_success("terminating %s relay", service);

/* NOTREACHED */

default:

+ if (s_rcv >= FD_SETSIZE)

+ exit_failure("descriptor too big");

FD_CLR(s_rcv, &readfds);

+ if (s_snd >= FD_SETSIZE)

+ exit_failure("descriptor too big");

FD_SET(s_snd, &writefds);

break;

}