src - OpenBSD base system

diff options


context:
space:
mode:

author	Theo de Raadt <deraadt@cvs.openbsd.org>	2005-11-14 23:25:12 +0000
committer	Theo de Raadt <deraadt@cvs.openbsd.org>	2005-11-14 23:25:12 +0000
commit	a04c4652e5ba0898c079e41e8c159f7b0c0e0ee2 (patch)
tree	44206c8c346bdc99c0c32ce007d7b214f287cabe /sbin
parent	0ded5e7dce531b702eb130e741310890f70bffbe (diff)

use snprintf; ok cloder. also looked at by a few other people

Diffstat (limited to 'sbin')

-rw-r--r--

sbin/isakmpd/conf.c

-rw-r--r--

sbin/isakmpd/field.c

-rw-r--r--

sbin/isakmpd/ike_auth.c

-rw-r--r--

sbin/isakmpd/ike_quick_mode.c

-rw-r--r--

sbin/isakmpd/pf_key_v2.c

-rw-r--r--

sbin/isakmpd/policy.c

-rw-r--r--

sbin/isakmpd/ui.c

-rw-r--r--

sbin/isakmpd/x509.c

8 files changed, 69 insertions, 142 deletions

diff --git a/sbin/isakmpd/conf.c b/sbin/isakmpd/conf.c
index 78a3e063f5a..04abf876ed0 100644
--- a/sbin/isakmpd/conf.c
+++ b/sbin/isakmpd/conf.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: conf.c,v 1.84 2005/08/02 09:08:40 hshoexer Exp $ */

+/* $OpenBSD: conf.c,v 1.85 2005/11/14 23:25:11 deraadt Exp $ */

/* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $ */

@@ -1062,7 +1062,7 @@ void

conf_report(void)

{

struct conf_binding *cb, *last = 0;

- unsigned int i, len;

+ unsigned int i;

char *current_section = (char *)0;

struct dumper *dumper, *dnode;

@@ -1080,14 +1080,9 @@ conf_report(void)

if (!current_section || strcmp(cb->section,

current_section)) {

if (current_section) {

- len = strlen(current_section)

- + 3;

- dnode->s = malloc(len);

- if (!dnode->s)

+ if (asprintf(&dnode->s, "[%s]",

+ current_section) == -1)

goto mem_fail;

- snprintf(dnode->s, len, "[%s]",

- current_section);

dnode->next = (struct dumper *)

calloc(1,

sizeof(struct dumper));

@@ -1116,13 +1111,9 @@ conf_report(void)

}

- if (last) {

- len = strlen(last->section) + 3;

- dnode->s = malloc(len);

- if (!dnode->s)

+ if (last)

+ if (asprintf(&dnode->s, "[%s]", last->section) == -1)

goto mem_fail;

- snprintf(dnode->s, len, "[%s]", last->section);

- }

conf_report_dump(dumper);

return;

diff --git a/sbin/isakmpd/field.c b/sbin/isakmpd/field.c
index 1702645376c..4d4e3f34b9f 100644
--- a/sbin/isakmpd/field.c
+++ b/sbin/isakmpd/field.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: field.c,v 1.17 2005/04/08 22:32:09 cloder Exp $ */

+/* $OpenBSD: field.c,v 1.18 2005/11/14 23:25:11 deraadt Exp $ */

/* $EOM: field.c,v 1.11 2000/02/20 19:58:37 niklas Exp $ */

@@ -114,8 +114,7 @@ field_debug_num(u_int8_t *buf, size_t len, struct constant_map **maps)

if (extract_val(buf, len, &val))

return 0;

/* 3 decimal digits are enough to represent each byte. */

- retval = malloc(3 * len);

- snprintf(retval, 3 * len, "%u", val);

+ asprintf(&retval, "%u", val);

return retval;

}

diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c
index bff2778c975..5087c73ce89 100644
--- a/sbin/isakmpd/ike_auth.c
+++ b/sbin/isakmpd/ike_auth.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ike_auth.c,v 1.104 2005/07/14 12:50:08 moritz Exp $ */

+/* $OpenBSD: ike_auth.c,v 1.105 2005/11/14 23:25:11 deraadt Exp $ */

/* $EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $ */

@@ -186,19 +186,13 @@ ike_auth_get_key(int type, char *id, char *local_id, size_t *keylen)

struct stat sb;

struct keynote_deckey dc;

char *privkeyfile, *buf2;

- int pkflen;

size_t size;

- pkflen = strlen(keyfile) + strlen(local_id) +

- sizeof PRIVATE_KEY_FILE + sizeof "//" - 1;

- privkeyfile = calloc(pkflen, sizeof(char));

- if (!privkeyfile) {

- log_print("ike_auth_get_key: failed to "

- "allocate %d bytes", pkflen);

+ if (asprintf(&privkeyfile, "%s/%s/%s", keyfile,

+ local_id, PRIVATE_KEY_FILE) == -1) {

+ log_print("ike_auth_get_key: failed to asprintf()");

return 0;

}

- snprintf(privkeyfile, pkflen, "%s/%s/%s", keyfile,

- local_id, PRIVATE_KEY_FILE);

keyfile = privkeyfile;

fd = monitor_open(keyfile, O_RDONLY, 0);

@@ -684,7 +678,6 @@ rsa_sig_decode_hash(struct message *msg)

if (exchange->recv_certtype == ISAKMP_CERTENC_KEYNOTE) {

struct keynote_deckey dc;

char *pp;

- int dclen;

dc.dec_algorithm = KEYNOTE_ALGORITHM_RSA;

dc.dec_key = key;

@@ -697,17 +690,12 @@ rsa_sig_decode_hash(struct message *msg)

"ASCII-encode key");

return -1;

}

- dclen = strlen(pp) + sizeof "rsa-hex:";

- exchange->keynote_key = calloc(dclen, sizeof(char));

- if (!exchange->keynote_key) {

- free(pp);

+ if (asprintf(&exchange->keynote_key, "rsa-hex:%s",

+ pp) == -1) {

kn_free_key(&dc);

- log_print("rsa_sig_decode_hash: failed to "

- "allocate %d bytes", dclen);

+ log_print("rsa_sig_decode_hash: failed to asprintf()");

return -1;

}

- snprintf(exchange->keynote_key, dclen, "rsa-hex:%s",

- pp);

free(pp);

}

found++;

diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c
index eb7a576ec8c..b8e71664e32 100644
--- a/sbin/isakmpd/ike_quick_mode.c
+++ b/sbin/isakmpd/ike_quick_mode.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ike_quick_mode.c,v 1.96 2005/05/26 06:11:09 hshoexer Exp $ */

+/* $OpenBSD: ike_quick_mode.c,v 1.97 2005/11/14 23:25:11 deraadt Exp $ */

/* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */

@@ -256,14 +256,10 @@ check_policy(struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa)

"failed to allocate memory for principal");

goto policydone;

}

- len = strlen(principal[0]) + sizeof "rsa-hex:";

- principal[1] = calloc(len, sizeof(char));

- if (!principal[1]) {

- log_error("check_policy: calloc (%d, %lu) failed", len,

- (unsigned long)sizeof(char));

+ if (asprintf(&principal[1], "rsa-hex:%s", principal[0]) == -1) {

+ log_error("check_policy: asprintf() failed");

goto policydone;

}

- snprintf(principal[1], len, "rsa-hex:%s", principal[0]);

free(principal[0]);

principal[0] = principal[1];

principal[1] = 0;

diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c
index 70434b0dd04..2aa7536a1cc 100644
--- a/sbin/isakmpd/pf_key_v2.c
+++ b/sbin/isakmpd/pf_key_v2.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pf_key_v2.c,v 1.167 2005/06/14 10:50:47 hshoexer Exp $ */

+/* $OpenBSD: pf_key_v2.c,v 1.168 2005/11/14 23:25:11 deraadt Exp $ */

/* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */

@@ -2448,7 +2448,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)

char dstbuf[ADDRESS_MAX], srcbuf[ADDRESS_MAX], *peer = 0;

char confname[120], *conn = 0;

char *srcid = 0, *dstid = 0, *prefstring = 0;

- int slen, af, afamily, masklen, buflen;

+ int slen, af, afamily, masklen;

struct sockaddr *smask, *sflow, *dmask, *dflow;

struct sadb_protocol *sproto;

char ssflow[ADDRESS_MAX], sdflow[ADDRESS_MAX];

@@ -2775,16 +2775,11 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)

* then dup.

*srcid = '\0';

- slen = strlen((char *) (srcident + 1)) +

- sizeof "ID:Address/";

- srcid = malloc(slen);

- if (!srcid) {

- log_error("pf_key_v2_acquire: "

- "malloc (%d) failed", slen);

+ if (asprintf(&srcid, "ID:Address/%s",

+ (char *) (srcident + 1)) == -1) {

+ log_error("pf_key_v2_acquire: asprintf() failed");

goto fail;

}

- snprintf(srcid, slen, "ID:Address/%s",

- (char *) (srcident + 1));

/* Set the section if it doesn't already exist. */

af = conf_begin();

@@ -2853,20 +2848,11 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)

}

- buflen = (slen ? slen : strlen(pwd->pw_name)) +

- strlen(prefstring) + sizeof "ID:/";

- srcid = malloc(buflen);

- if (!srcid) {

- log_error("pf_key_v2_acquire: "

- "malloc (%d) failed", buflen);

+ if (asprintf(&srcid, "ID:%s/%s", prefstring,

+ slen ? (char *) (srcident + 1) : pwd->pw_name) == -1) {

+ log_error("pf_key_v2_acquire: asprintf() failed");

goto fail;

}

- snprintf(srcid, buflen, "ID:%s/", prefstring);

- if (slen != 0)

- strlcat(srcid,

- (char *) (srcident + 1), buflen);

- else

- strlcat(srcid, pwd->pw_name, buflen);

pwd = 0;

/* Set the section if it doesn't already exist. */

@@ -2938,16 +2924,11 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)

* then dup.

*dstid = '\0';

- slen = strlen((char *) (dstident + 1)) +

- sizeof "ID:Address/";

- dstid = malloc(slen);

- if (!dstid) {

- log_error("pf_key_v2_acquire: "

- "malloc (%d) failed", slen);

+ if (asprintf(&dstid, "ID:Address/%s",

+ (char *) (dstident + 1)) == -1) {

+ log_error("pf_key_v2_acquire: asprintf() failed");

goto fail;

}

- snprintf(dstid, slen, "ID:Address/%s",

- (char *) (dstident + 1));

/* Set the section if it doesn't already exist. */

af = conf_begin();

@@ -3016,20 +2997,11 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)

}

- buflen = (slen ? slen : strlen(pwd->pw_name)) +

- strlen(prefstring) + sizeof "ID:/";

- dstid = malloc(buflen);

- if (!dstid) {

- log_error("pf_key_v2_acquire: "

- "malloc (%d) failed", buflen);

+ if (asprintf(&dstid, "ID:%s/%s", prefstring,

+ slen ? (char *) (dstident + 1) : pwd->pw_name) == -1) {

+ log_error("pf_key_v2_acquire: asprintf() failed");

goto fail;

}

- snprintf(dstid, buflen, "ID:%s/", prefstring);

- if (slen != 0)

- strlcat(dstid, (char *) (dstident + 1),

- buflen);

- else

- strlcat(dstid, pwd->pw_name, buflen);

pwd = 0;

/* Set the section if it doesn't already exist. */

@@ -3094,12 +3066,6 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)

* exists -- otherwise use the defaults)

- slen = strlen(dstbuf) + strlen(srcbuf) + (srcid ? strlen(srcid) : 0)

- + (dstid ? strlen(dstid) : 0) + sizeof "Peer-/-/";

- peer = malloc(slen);

- if (!peer)

- goto fail;

* The various cases:

* - Peer-dstaddr

@@ -3111,9 +3077,10 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)

* - Peer-dstaddr-/dstid

* - Peer-dstaddr-srcid

- snprintf(peer, slen, "Peer-%s%s%s%s%s%s%s", dstbuf, srcaddr ? "/" : "",

- srcaddr ? srcbuf : "", srcid ? "-" : "", srcid ? srcid : "",

- dstid ? (srcid ? "/" : "-/") : "", dstid ? dstid : "");

+ if (asprintf(&peer, "Peer-%s%s%s%s%s%s%s", dstbuf, srcaddr ? "/" : "",

+ srcaddr ? srcbuf : "", srcid ? "-" : "", srcid ? srcid : "",

+ dstid ? (srcid ? "/" : "-/") : "", dstid ? dstid : "") == -1)

+ goto fail;

* Set the IPsec connection section. Refcount is set to 2, because

@@ -3135,7 +3102,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)

}

/* Set Phase 2 IDs -- this is the Local-ID section. */

snprintf(lname, sizeof lname, "Phase2-ID:%s/%s/%u/%u", ssflow, ssmask,

- tproto, sport);

+ tproto, sport);

if (conf_set(af, conn, "Local-ID", lname, 0, 0)) {

conf_end(af, 0);

goto fail;

diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c
index 55458535dc2..0d371bc8f81 100644
--- a/sbin/isakmpd/policy.c
+++ b/sbin/isakmpd/policy.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: policy.c,v 1.86 2005/06/14 10:50:47 hshoexer Exp $ */

+/* $OpenBSD: policy.c,v 1.87 2005/11/14 23:25:11 deraadt Exp $ */

/* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */

@@ -2148,34 +2148,31 @@ keynote_cert_obtain(u_int8_t *id, size_t id_len, void *data, u_int8_t **cert,

if (addr_str == 0)

return 0;

- file = calloc(len + strlen(addr_str), sizeof(char));

- if (file == NULL) {

+ if (asprintf(&file, "%s/%s/%s", dirname,

+ addr_str, CREDENTIAL_FILE) == -1) {

log_error("keynote_cert_obtain: failed to allocate "

"%lu bytes", (unsigned long)len +

strlen(addr_str));

free(addr_str);

return 0;

}

- snprintf(file, len + strlen(addr_str), "%s/%s/%s", dirname,

- addr_str, CREDENTIAL_FILE);

free(addr_str);

break;

case IPSEC_ID_FQDN:

- case IPSEC_ID_USER_FQDN: {

- file = calloc(len + id_len, sizeof(char));

- if (file == NULL) {

- log_error("keynote_cert_obtain: "

- "failed to allocate %lu bytes",

- (unsigned long)len + id_len);

- return 0;

- }

- snprintf(file, len + id_len, "%s/", dirname);

- memcpy(file + strlen(dirname) + 1, id, id_len);

- snprintf(file + strlen(dirname) + 1 + id_len,

- len - strlen(dirname) - 1, "/%s", CREDENTIAL_FILE);

- break;

+ case IPSEC_ID_USER_FQDN:

+ file = calloc(len + id_len, sizeof(char));

+ if (file == NULL) {

+ log_error("keynote_cert_obtain: "

+ "failed to allocate %lu bytes",

+ (unsigned long)len + id_len);

+ return 0;

}

+ snprintf(file, len + id_len, "%s/", dirname);

+ memcpy(file + strlen(dirname) + 1, id, id_len);

+ snprintf(file + strlen(dirname) + 1 + id_len,

+ len - strlen(dirname) - 1, "/%s", CREDENTIAL_FILE);

+ break;

default:

return 0;

diff --git a/sbin/isakmpd/ui.c b/sbin/isakmpd/ui.c
index 65f44b839b8..3fd43925d2d 100644
--- a/sbin/isakmpd/ui.c
+++ b/sbin/isakmpd/ui.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ui.c,v 1.46 2005/09/23 14:44:03 hshoexer Exp $ */

+/* $OpenBSD: ui.c,v 1.47 2005/11/14 23:25:11 deraadt Exp $ */

/* $EOM: ui.c,v 1.43 2000/10/05 09:25:12 niklas Exp $ */

@@ -221,7 +221,7 @@ ui_config(char *cmd)

{

char subcmd[81], section[81], tag[81], value[81], tmp[81];

char *v, *nv;

- int trans = 0, items, nvlen;

+ int trans = 0, items;

FILE *fd;

if (sscanf(cmd, "C %80s", subcmd) != 1)

@@ -262,18 +262,14 @@ ui_config(char *cmd)

conf_set(trans, section, tag, value, 1, 0);

else {

/* Add the new value to the end of the 'v' list. */

- nvlen = strlen(v) + strlen(value) + 2;

- nv = (char *)malloc(nvlen);

- if (!nv) {

- log_error("ui_config: malloc(%d) failed",

- nvlen);

+ if (asprintf(&nv,

+ v[strlen(v) - 1] == ',' ? "%s%s" : "%s,%s", v,

+ value) == -1) {

+ log_error("ui_config: malloc() failed");

if (trans)

conf_end(trans, 0);

return;

}

- snprintf(nv, nvlen,

- v[strlen(v) - 1] == ',' ? "%s%s" : "%s,%s", v,

- value);

conf_set(trans, section, tag, nv, 1, 0);

free(nv);

}

diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c
index d9d0f0e0183..52d6b8f152c 100644
--- a/sbin/isakmpd/x509.c
+++ b/sbin/isakmpd/x509.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: x509.c,v 1.103 2005/05/28 17:42:50 moritz Exp $ */

+/* $OpenBSD: x509.c,v 1.104 2005/11/14 23:25:11 deraadt Exp $ */

/* $EOM: x509.c,v 1.54 2001/01/16 18:42:16 ho Exp $ */

@@ -115,7 +115,7 @@ x509_generate_kn(int id, X509 *cert)

time_t tt;

char before[15], after[15], *timecomp, *timecomp2;

ASN1_TIME *tm;

- int i, buf_len;

+ int i;

LOG_DBG((LOG_POLICY, 90,

"x509_generate_kn: generating KeyNote policy for certificate %p",

@@ -203,14 +203,6 @@ x509_generate_kn(int id, X509 *cert)

RSA_free(key);

key = NULL;

- buf_len = strlen(fmt) + strlen(ikey) + strlen(skey) + 56;

- buf = calloc(buf_len, sizeof(char));

- buf_len *= sizeof(char);

- if (!buf) {

- log_error("x509_generate_kn: "

- "failed to allocate memory for KeyNote credential");

- goto fail;

- }

if (((tm = X509_get_notBefore(cert)) == NULL) ||

(tm->type != V_ASN1_UTCTIME &&

tm->type != V_ASN1_GENERALIZEDTIME)) {

@@ -389,8 +381,12 @@ x509_generate_kn(int id, X509 *cert)

after[14] = '\0'; /* This will overwrite trailing 'Z' */

}

- snprintf(buf, buf_len, fmt, skey, ikey, timecomp, before, timecomp2,

- after);

+ if (asprintf(&buf, fmt, skey, ikey, timecomp, before, timecomp2,

+ after) == -1) {

+ log_error("x509_generate_kn: "

+ "failed to allocate memory for KeyNote credential");

+ goto fail;

+ }

free(ikey);

ikey = NULL;

@@ -420,14 +416,11 @@ x509_generate_kn(int id, X509 *cert)

"X509_NAME_oneline (subject, ...) failed"));

goto fail;

}

- buf_len = strlen(fmt2) + strlen(isname) + strlen(subname) + 56;

- buf = malloc(buf_len);

- if (!buf) {

- log_error("x509_generate_kn: malloc (%d) failed", buf_len);

+ if (asprintf(&buf, fmt2, isname, subname, timecomp, before,

+ timecomp2, after) == -1) {

+ log_error("x509_generate_kn: malloc failed");

return 0;

}

- snprintf(buf, buf_len, fmt2, isname, subname, timecomp, before,

- timecomp2, after);

if (kn_add_assertion(id, buf, strlen(buf), ASSERT_FLAG_LOCAL) == -1) {

LOG_DBG((LOG_POLICY, 30,