diff options
| -rw-r--r-- | sbin/isakmpd/conf.c | 21 | ||||
| -rw-r--r-- | sbin/isakmpd/field.c | 5 | ||||
| -rw-r--r-- | sbin/isakmpd/ike_auth.c | 26 | ||||
| -rw-r--r-- | sbin/isakmpd/ike_quick_mode.c | 10 | ||||
| -rw-r--r-- | sbin/isakmpd/pf_key_v2.c | 71 | ||||
| -rw-r--r-- | sbin/isakmpd/policy.c | 33 | ||||
| -rw-r--r-- | sbin/isakmpd/ui.c | 16 | ||||
| -rw-r--r-- | sbin/isakmpd/x509.c | 29 |
8 files changed, 69 insertions, 142 deletions
diff --git a/sbin/isakmpd/conf.c b/sbin/isakmpd/conf.c index 78a3e063f5a..04abf876ed0 100644 --- a/sbin/isakmpd/conf.c +++ b/sbin/isakmpd/conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.c,v 1.84 2005/08/02 09:08:40 hshoexer Exp $ */ +/* $OpenBSD: conf.c,v 1.85 2005/11/14 23:25:11 deraadt Exp $ */ /* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $ */ /* @@ -1062,7 +1062,7 @@ void conf_report(void) { struct conf_binding *cb, *last = 0; - unsigned int i, len; + unsigned int i; char *current_section = (char *)0; struct dumper *dumper, *dnode; @@ -1080,14 +1080,9 @@ conf_report(void) if (!current_section || strcmp(cb->section, current_section)) { if (current_section) { - len = strlen(current_section) - + 3; - dnode->s = malloc(len); - if (!dnode->s) + if (asprintf(&dnode->s, "[%s]", + current_section) == -1) goto mem_fail; - - snprintf(dnode->s, len, "[%s]", - current_section); dnode->next = (struct dumper *) calloc(1, sizeof(struct dumper)); @@ -1116,13 +1111,9 @@ conf_report(void) } } - if (last) { - len = strlen(last->section) + 3; - dnode->s = malloc(len); - if (!dnode->s) + if (last) + if (asprintf(&dnode->s, "[%s]", last->section) == -1) goto mem_fail; - snprintf(dnode->s, len, "[%s]", last->section); - } conf_report_dump(dumper); return; diff --git a/sbin/isakmpd/field.c b/sbin/isakmpd/field.c index 1702645376c..4d4e3f34b9f 100644 --- a/sbin/isakmpd/field.c +++ b/sbin/isakmpd/field.c @@ -1,4 +1,4 @@ -/* $OpenBSD: field.c,v 1.17 2005/04/08 22:32:09 cloder Exp $ */ +/* $OpenBSD: field.c,v 1.18 2005/11/14 23:25:11 deraadt Exp $ */ /* $EOM: field.c,v 1.11 2000/02/20 19:58:37 niklas Exp $ */ /* @@ -114,8 +114,7 @@ field_debug_num(u_int8_t *buf, size_t len, struct constant_map **maps) if (extract_val(buf, len, &val)) return 0; /* 3 decimal digits are enough to represent each byte. */ - retval = malloc(3 * len); - snprintf(retval, 3 * len, "%u", val); + asprintf(&retval, "%u", val); return retval; } diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c index bff2778c975..5087c73ce89 100644 --- a/sbin/isakmpd/ike_auth.c +++ b/sbin/isakmpd/ike_auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_auth.c,v 1.104 2005/07/14 12:50:08 moritz Exp $ */ +/* $OpenBSD: ike_auth.c,v 1.105 2005/11/14 23:25:11 deraadt Exp $ */ /* $EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $ */ /* @@ -186,19 +186,13 @@ ike_auth_get_key(int type, char *id, char *local_id, size_t *keylen) struct stat sb; struct keynote_deckey dc; char *privkeyfile, *buf2; - int pkflen; size_t size; - pkflen = strlen(keyfile) + strlen(local_id) + - sizeof PRIVATE_KEY_FILE + sizeof "//" - 1; - privkeyfile = calloc(pkflen, sizeof(char)); - if (!privkeyfile) { - log_print("ike_auth_get_key: failed to " - "allocate %d bytes", pkflen); + if (asprintf(&privkeyfile, "%s/%s/%s", keyfile, + local_id, PRIVATE_KEY_FILE) == -1) { + log_print("ike_auth_get_key: failed to asprintf()"); return 0; } - snprintf(privkeyfile, pkflen, "%s/%s/%s", keyfile, - local_id, PRIVATE_KEY_FILE); keyfile = privkeyfile; fd = monitor_open(keyfile, O_RDONLY, 0); @@ -684,7 +678,6 @@ rsa_sig_decode_hash(struct message *msg) if (exchange->recv_certtype == ISAKMP_CERTENC_KEYNOTE) { struct keynote_deckey dc; char *pp; - int dclen; dc.dec_algorithm = KEYNOTE_ALGORITHM_RSA; dc.dec_key = key; @@ -697,17 +690,12 @@ rsa_sig_decode_hash(struct message *msg) "ASCII-encode key"); return -1; } - dclen = strlen(pp) + sizeof "rsa-hex:"; - exchange->keynote_key = calloc(dclen, sizeof(char)); - if (!exchange->keynote_key) { - free(pp); + if (asprintf(&exchange->keynote_key, "rsa-hex:%s", + pp) == -1) { kn_free_key(&dc); - log_print("rsa_sig_decode_hash: failed to " - "allocate %d bytes", dclen); + log_print("rsa_sig_decode_hash: failed to asprintf()"); return -1; } - snprintf(exchange->keynote_key, dclen, "rsa-hex:%s", - pp); free(pp); } found++; diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c index eb7a576ec8c..b8e71664e32 100644 --- a/sbin/isakmpd/ike_quick_mode.c +++ b/sbin/isakmpd/ike_quick_mode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_quick_mode.c,v 1.96 2005/05/26 06:11:09 hshoexer Exp $ */ +/* $OpenBSD: ike_quick_mode.c,v 1.97 2005/11/14 23:25:11 deraadt Exp $ */ /* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */ /* @@ -256,14 +256,10 @@ check_policy(struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa) "failed to allocate memory for principal"); goto policydone; } - len = strlen(principal[0]) + sizeof "rsa-hex:"; - principal[1] = calloc(len, sizeof(char)); - if (!principal[1]) { - log_error("check_policy: calloc (%d, %lu) failed", len, - (unsigned long)sizeof(char)); + if (asprintf(&principal[1], "rsa-hex:%s", principal[0]) == -1) { + log_error("check_policy: asprintf() failed"); goto policydone; } - snprintf(principal[1], len, "rsa-hex:%s", principal[0]); free(principal[0]); principal[0] = principal[1]; principal[1] = 0; diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c index 70434b0dd04..2aa7536a1cc 100644 --- a/sbin/isakmpd/pf_key_v2.c +++ b/sbin/isakmpd/pf_key_v2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_key_v2.c,v 1.167 2005/06/14 10:50:47 hshoexer Exp $ */ +/* $OpenBSD: pf_key_v2.c,v 1.168 2005/11/14 23:25:11 deraadt Exp $ */ /* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */ /* @@ -2448,7 +2448,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg) char dstbuf[ADDRESS_MAX], srcbuf[ADDRESS_MAX], *peer = 0; char confname[120], *conn = 0; char *srcid = 0, *dstid = 0, *prefstring = 0; - int slen, af, afamily, masklen, buflen; + int slen, af, afamily, masklen; struct sockaddr *smask, *sflow, *dmask, *dflow; struct sadb_protocol *sproto; char ssflow[ADDRESS_MAX], sdflow[ADDRESS_MAX]; @@ -2775,16 +2775,11 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg) * then dup. */ *srcid = '\0'; - slen = strlen((char *) (srcident + 1)) + - sizeof "ID:Address/"; - srcid = malloc(slen); - if (!srcid) { - log_error("pf_key_v2_acquire: " - "malloc (%d) failed", slen); + if (asprintf(&srcid, "ID:Address/%s", + (char *) (srcident + 1)) == -1) { + log_error("pf_key_v2_acquire: asprintf() failed"); goto fail; } - snprintf(srcid, slen, "ID:Address/%s", - (char *) (srcident + 1)); /* Set the section if it doesn't already exist. */ af = conf_begin(); @@ -2853,20 +2848,11 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg) } } } - buflen = (slen ? slen : strlen(pwd->pw_name)) + - strlen(prefstring) + sizeof "ID:/"; - srcid = malloc(buflen); - if (!srcid) { - log_error("pf_key_v2_acquire: " - "malloc (%d) failed", buflen); + if (asprintf(&srcid, "ID:%s/%s", prefstring, + slen ? (char *) (srcident + 1) : pwd->pw_name) == -1) { + log_error("pf_key_v2_acquire: asprintf() failed"); goto fail; } - snprintf(srcid, buflen, "ID:%s/", prefstring); - if (slen != 0) - strlcat(srcid, - (char *) (srcident + 1), buflen); - else - strlcat(srcid, pwd->pw_name, buflen); pwd = 0; /* Set the section if it doesn't already exist. */ @@ -2938,16 +2924,11 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg) * then dup. */ *dstid = '\0'; - slen = strlen((char *) (dstident + 1)) + - sizeof "ID:Address/"; - dstid = malloc(slen); - if (!dstid) { - log_error("pf_key_v2_acquire: " - "malloc (%d) failed", slen); + if (asprintf(&dstid, "ID:Address/%s", + (char *) (dstident + 1)) == -1) { + log_error("pf_key_v2_acquire: asprintf() failed"); goto fail; } - snprintf(dstid, slen, "ID:Address/%s", - (char *) (dstident + 1)); /* Set the section if it doesn't already exist. */ af = conf_begin(); @@ -3016,20 +2997,11 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg) } } } - buflen = (slen ? slen : strlen(pwd->pw_name)) + - strlen(prefstring) + sizeof "ID:/"; - dstid = malloc(buflen); - if (!dstid) { - log_error("pf_key_v2_acquire: " - "malloc (%d) failed", buflen); + if (asprintf(&dstid, "ID:%s/%s", prefstring, + slen ? (char *) (dstident + 1) : pwd->pw_name) == -1) { + log_error("pf_key_v2_acquire: asprintf() failed"); goto fail; } - snprintf(dstid, buflen, "ID:%s/", prefstring); - if (slen != 0) - strlcat(dstid, (char *) (dstident + 1), - buflen); - else - strlcat(dstid, pwd->pw_name, buflen); pwd = 0; /* Set the section if it doesn't already exist. */ @@ -3094,12 +3066,6 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg) * exists -- otherwise use the defaults) */ - slen = strlen(dstbuf) + strlen(srcbuf) + (srcid ? strlen(srcid) : 0) - + (dstid ? strlen(dstid) : 0) + sizeof "Peer-/-/"; - peer = malloc(slen); - if (!peer) - goto fail; - /* * The various cases: * - Peer-dstaddr @@ -3111,9 +3077,10 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg) * - Peer-dstaddr-/dstid * - Peer-dstaddr-srcid */ - snprintf(peer, slen, "Peer-%s%s%s%s%s%s%s", dstbuf, srcaddr ? "/" : "", - srcaddr ? srcbuf : "", srcid ? "-" : "", srcid ? srcid : "", - dstid ? (srcid ? "/" : "-/") : "", dstid ? dstid : ""); + if (asprintf(&peer, "Peer-%s%s%s%s%s%s%s", dstbuf, srcaddr ? "/" : "", + srcaddr ? srcbuf : "", srcid ? "-" : "", srcid ? srcid : "", + dstid ? (srcid ? "/" : "-/") : "", dstid ? dstid : "") == -1) + goto fail; /* * Set the IPsec connection section. Refcount is set to 2, because @@ -3135,7 +3102,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg) } /* Set Phase 2 IDs -- this is the Local-ID section. */ snprintf(lname, sizeof lname, "Phase2-ID:%s/%s/%u/%u", ssflow, ssmask, - tproto, sport); + tproto, sport); if (conf_set(af, conn, "Local-ID", lname, 0, 0)) { conf_end(af, 0); goto fail; diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c index 55458535dc2..0d371bc8f81 100644 --- a/sbin/isakmpd/policy.c +++ b/sbin/isakmpd/policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: policy.c,v 1.86 2005/06/14 10:50:47 hshoexer Exp $ */ +/* $OpenBSD: policy.c,v 1.87 2005/11/14 23:25:11 deraadt Exp $ */ /* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */ /* @@ -2148,34 +2148,31 @@ keynote_cert_obtain(u_int8_t *id, size_t id_len, void *data, u_int8_t **cert, if (addr_str == 0) return 0; - file = calloc(len + strlen(addr_str), sizeof(char)); - if (file == NULL) { + if (asprintf(&file, "%s/%s/%s", dirname, + addr_str, CREDENTIAL_FILE) == -1) { log_error("keynote_cert_obtain: failed to allocate " "%lu bytes", (unsigned long)len + strlen(addr_str)); free(addr_str); return 0; } - snprintf(file, len + strlen(addr_str), "%s/%s/%s", dirname, - addr_str, CREDENTIAL_FILE); free(addr_str); break; case IPSEC_ID_FQDN: - case IPSEC_ID_USER_FQDN: { - file = calloc(len + id_len, sizeof(char)); - if (file == NULL) { - log_error("keynote_cert_obtain: " - "failed to allocate %lu bytes", - (unsigned long)len + id_len); - return 0; - } - snprintf(file, len + id_len, "%s/", dirname); - memcpy(file + strlen(dirname) + 1, id, id_len); - snprintf(file + strlen(dirname) + 1 + id_len, - len - strlen(dirname) - 1, "/%s", CREDENTIAL_FILE); - break; + case IPSEC_ID_USER_FQDN: + file = calloc(len + id_len, sizeof(char)); + if (file == NULL) { + log_error("keynote_cert_obtain: " + "failed to allocate %lu bytes", + (unsigned long)len + id_len); + return 0; } + snprintf(file, len + id_len, "%s/", dirname); + memcpy(file + strlen(dirname) + 1, id, id_len); + snprintf(file + strlen(dirname) + 1 + id_len, + len - strlen(dirname) - 1, "/%s", CREDENTIAL_FILE); + break; default: return 0; diff --git a/sbin/isakmpd/ui.c b/sbin/isakmpd/ui.c index 65f44b839b8..3fd43925d2d 100644 --- a/sbin/isakmpd/ui.c +++ b/sbin/isakmpd/ui.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ui.c,v 1.46 2005/09/23 14:44:03 hshoexer Exp $ */ +/* $OpenBSD: ui.c,v 1.47 2005/11/14 23:25:11 deraadt Exp $ */ /* $EOM: ui.c,v 1.43 2000/10/05 09:25:12 niklas Exp $ */ /* @@ -221,7 +221,7 @@ ui_config(char *cmd) { char subcmd[81], section[81], tag[81], value[81], tmp[81]; char *v, *nv; - int trans = 0, items, nvlen; + int trans = 0, items; FILE *fd; if (sscanf(cmd, "C %80s", subcmd) != 1) @@ -262,18 +262,14 @@ ui_config(char *cmd) conf_set(trans, section, tag, value, 1, 0); else { /* Add the new value to the end of the 'v' list. */ - nvlen = strlen(v) + strlen(value) + 2; - nv = (char *)malloc(nvlen); - if (!nv) { - log_error("ui_config: malloc(%d) failed", - nvlen); + if (asprintf(&nv, + v[strlen(v) - 1] == ',' ? "%s%s" : "%s,%s", v, + value) == -1) { + log_error("ui_config: malloc() failed"); if (trans) conf_end(trans, 0); return; } - snprintf(nv, nvlen, - v[strlen(v) - 1] == ',' ? "%s%s" : "%s,%s", v, - value); conf_set(trans, section, tag, nv, 1, 0); free(nv); } diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c index d9d0f0e0183..52d6b8f152c 100644 --- a/sbin/isakmpd/x509.c +++ b/sbin/isakmpd/x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.c,v 1.103 2005/05/28 17:42:50 moritz Exp $ */ +/* $OpenBSD: x509.c,v 1.104 2005/11/14 23:25:11 deraadt Exp $ */ /* $EOM: x509.c,v 1.54 2001/01/16 18:42:16 ho Exp $ */ /* @@ -115,7 +115,7 @@ x509_generate_kn(int id, X509 *cert) time_t tt; char before[15], after[15], *timecomp, *timecomp2; ASN1_TIME *tm; - int i, buf_len; + int i; LOG_DBG((LOG_POLICY, 90, "x509_generate_kn: generating KeyNote policy for certificate %p", @@ -203,14 +203,6 @@ x509_generate_kn(int id, X509 *cert) RSA_free(key); key = NULL; - buf_len = strlen(fmt) + strlen(ikey) + strlen(skey) + 56; - buf = calloc(buf_len, sizeof(char)); - buf_len *= sizeof(char); - if (!buf) { - log_error("x509_generate_kn: " - "failed to allocate memory for KeyNote credential"); - goto fail; - } if (((tm = X509_get_notBefore(cert)) == NULL) || (tm->type != V_ASN1_UTCTIME && tm->type != V_ASN1_GENERALIZEDTIME)) { @@ -389,8 +381,12 @@ x509_generate_kn(int id, X509 *cert) after[14] = '\0'; /* This will overwrite trailing 'Z' */ } - snprintf(buf, buf_len, fmt, skey, ikey, timecomp, before, timecomp2, - after); + if (asprintf(&buf, fmt, skey, ikey, timecomp, before, timecomp2, + after) == -1) { + log_error("x509_generate_kn: " + "failed to allocate memory for KeyNote credential"); + goto fail; + } free(ikey); ikey = NULL; @@ -420,14 +416,11 @@ x509_generate_kn(int id, X509 *cert) "X509_NAME_oneline (subject, ...) failed")); goto fail; } - buf_len = strlen(fmt2) + strlen(isname) + strlen(subname) + 56; - buf = malloc(buf_len); - if (!buf) { - log_error("x509_generate_kn: malloc (%d) failed", buf_len); + if (asprintf(&buf, fmt2, isname, subname, timecomp, before, + timecomp2, after) == -1) { + log_error("x509_generate_kn: malloc failed"); return 0; } - snprintf(buf, buf_len, fmt2, isname, subname, timecomp, before, - timecomp2, after); if (kn_add_assertion(id, buf, strlen(buf), ASSERT_FLAG_LOCAL) == -1) { LOG_DBG((LOG_POLICY, 30, |