summaryrefslogtreecommitdiff
path: root/sbin/isakmpd
diff options
context:
space:
mode:
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r--sbin/isakmpd/conf.c14
-rw-r--r--sbin/isakmpd/field.c4
-rw-r--r--sbin/isakmpd/ike_quick_mode.c20
-rw-r--r--sbin/isakmpd/key.c4
-rw-r--r--sbin/isakmpd/log.c4
-rw-r--r--sbin/isakmpd/message.c9
-rw-r--r--sbin/isakmpd/pf_key_v2.c53
-rw-r--r--sbin/isakmpd/util.c11
-rw-r--r--sbin/isakmpd/x509.c4
9 files changed, 62 insertions, 61 deletions
diff --git a/sbin/isakmpd/conf.c b/sbin/isakmpd/conf.c
index 8e100759361..72071db05b6 100644
--- a/sbin/isakmpd/conf.c
+++ b/sbin/isakmpd/conf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf.c,v 1.35 2002/01/03 16:27:41 ho Exp $ */
+/* $OpenBSD: conf.c,v 1.36 2002/01/23 18:44:47 ho Exp $ */
/* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $ */
/*
@@ -1076,7 +1076,7 @@ void
conf_report (void)
{
struct conf_binding *cb, *last = 0;
- int i;
+ int i, len;
char *current_section = (char *)0;
struct dumper *dumper, *dnode;
@@ -1097,11 +1097,12 @@ conf_report (void)
{
if (current_section)
{
- dnode->s = malloc (strlen (current_section) + 3);
+ len = strlen (current_section) + 3;
+ dnode->s = malloc (len);
if (!dnode->s)
goto mem_fail;
- sprintf (dnode->s, "[%s]", current_section);
+ snprintf (dnode->s, len, "[%s]", current_section);
dnode->next
= (struct dumper *)calloc (1, sizeof (struct dumper));
dnode = dnode->next;
@@ -1129,10 +1130,11 @@ conf_report (void)
if (last)
{
- dnode->s = malloc (strlen (last->section) + 3);
+ len = strlen (last->section) + 3;
+ dnode->s = malloc (len);
if (!dnode->s)
goto mem_fail;
- sprintf (dnode->s, "[%s]", last->section);
+ snprintf (dnode->s, len, "[%s]", last->section);
}
conf_report_dump (dumper);
diff --git a/sbin/isakmpd/field.c b/sbin/isakmpd/field.c
index d1476709292..4072945a57e 100644
--- a/sbin/isakmpd/field.c
+++ b/sbin/isakmpd/field.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: field.c,v 1.9 2002/01/03 16:27:41 ho Exp $ */
+/* $OpenBSD: field.c,v 1.10 2002/01/23 18:44:47 ho Exp $ */
/* $EOM: field.c,v 1.11 2000/02/20 19:58:37 niklas Exp $ */
/*
@@ -78,7 +78,7 @@ field_debug_raw (u_int8_t *buf, size_t len, struct constant_map **maps)
p = retval + 2;
while (len--)
{
- sprintf (p, "%02x", *buf++);
+ snprintf (p, 1 + len * 2, "%02x", *buf++);
p += 2;
}
return retval;
diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c
index ab54a4c301c..12e9ccb55fa 100644
--- a/sbin/isakmpd/ike_quick_mode.c
+++ b/sbin/isakmpd/ike_quick_mode.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_quick_mode.c,v 1.57 2002/01/23 17:16:42 ho Exp $ */
+/* $OpenBSD: ike_quick_mode.c,v 1.58 2002/01/23 18:44:47 ho Exp $ */
/* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */
/*
@@ -212,8 +212,8 @@ check_policy (struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa)
strlcpy (principal[1], "passphrase-md5-hex:", len);
MD5 (isakmp_sa->recv_key, strlen (isakmp_sa->recv_key), hashbuf);
for (i = 0; i < 16; i++)
- sprintf (principal[1] + 2 * i + sizeof "passphrase-md5-hex:" - 1,
- "%02x", hashbuf[i]);
+ snprintf (principal[1] + 2 * i + sizeof "passphrase-md5-hex:" - 1,
+ 2, "%02x", hashbuf[i]);
len = sizeof "passphrase-sha1-hex:" + 2 * 20;
principal[2] = calloc (len, sizeof (char));
@@ -227,8 +227,8 @@ check_policy (struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa)
strlcpy (principal[2], "passphrase-sha1-hex:", len);
SHA1 (isakmp_sa->recv_key, strlen (isakmp_sa->recv_key), hashbuf);
for (i = 0; i < 20; i++)
- sprintf (principal[2] + 2 * i + sizeof "passphrase-sha1-hex:" - 1,
- "%02x", hashbuf[i]);
+ snprintf (principal[2] + 2 * i + sizeof "passphrase-sha1-hex:" - 1,
+ 2, "%02x", hashbuf[i]);
break;
case ISAKMP_CERTENC_KEYNOTE:
@@ -287,16 +287,16 @@ check_policy (struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa)
goto policydone;
}
- principal[1] = calloc (strlen (principal[0]) + sizeof "rsa-hex:",
- sizeof (char));
+ len = strlen (principal[0]) + sizeof "rsa-hex:";
+ principal[1] = calloc (len, sizeof (char));
if (!principal[1])
{
- log_error ("check_policy: calloc (%d, %d) failed",
- strlen (principal[0]) + sizeof "rsa-hex:", sizeof (char));
+ log_error ("check_policy: calloc (%d, %d) failed", len,
+ sizeof (char));
goto policydone;
}
- sprintf (principal[1], "rsa-hex:%s", principal[0]);
+ snprintf (principal[1], len, "rsa-hex:%s", principal[0]);
free (principal[0]);
principal[0] = principal[1];
principal[1] = 0;
diff --git a/sbin/isakmpd/key.c b/sbin/isakmpd/key.c
index 2d08ecc4c43..24a916ae57d 100644
--- a/sbin/isakmpd/key.c
+++ b/sbin/isakmpd/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.5 2001/10/26 16:02:20 ho Exp $ */
+/* $OpenBSD: key.c,v 1.6 2002/01/23 18:44:47 ho Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
*
@@ -113,7 +113,7 @@ key_printable (int type, int private, u_int8_t *data, int datalen)
return 0;
}
for (i = 0; i < datalen; i++)
- sprintf (s + (2 * i), "%02x", data[i]);
+ snprintf (s + (2 * i), 2 * (datalen - i), "%02x", data[i]);
return s;
default:
diff --git a/sbin/isakmpd/log.c b/sbin/isakmpd/log.c
index 3b01d77a523..7015b74c631 100644
--- a/sbin/isakmpd/log.c
+++ b/sbin/isakmpd/log.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: log.c,v 1.25 2002/01/03 16:27:41 ho Exp $ */
+/* $OpenBSD: log.c,v 1.26 2002/01/23 18:44:47 ho Exp $ */
/* $EOM: log.c,v 1.30 2000/09/29 08:19:23 niklas Exp $ */
/*
@@ -245,7 +245,7 @@ log_debug_buf (int cls, int level, const char *header, const u_int8_t *buf,
log_debug (cls, level, "%s:", header);
for (i = j = 0; i < sz;)
{
- sprintf (s + j, "%02x", buf[i++]);
+ snprintf (s + j, 73 - j, "%02x", buf[i++]);
j += 2;
if (i % 4 == 0)
{
diff --git a/sbin/isakmpd/message.c b/sbin/isakmpd/message.c
index 633977427c6..e85e4f7f675 100644
--- a/sbin/isakmpd/message.c
+++ b/sbin/isakmpd/message.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: message.c,v 1.47 2001/10/26 13:29:26 ho Exp $ */
+/* $OpenBSD: message.c,v 1.48 2002/01/23 18:44:47 ho Exp $ */
/* $EOM: message.c,v 1.156 2000/10/10 12:36:39 provos Exp $ */
/*
@@ -885,8 +885,10 @@ message_recv (struct message *msg)
struct proto tmp_proto;
struct sa tmp_sa;
+#ifdef USE_DEBUG
/* Possibly dump a raw hex image of the message to the log channel. */
message_dump_raw ("message_recv", msg, LOG_MESSAGE);
+#endif
/* Messages shorter than an ISAKMP header are bad. */
if (sz < ISAKMP_HDR_SZ || sz != GET_ISAKMP_HDR_LENGTH (buf))
@@ -1222,7 +1224,9 @@ message_send (struct message *msg)
GET_ISAKMP_HDR_FLAGS (msg->iov[0].iov_base)
| ISAKMP_FLAGS_COMMIT);
+#ifdef USE_DEBUG
message_dump_raw ("message_send", msg, LOG_MESSAGE);
+#endif
msg->flags |= MSG_IN_TRANSIT;
exchange->in_transit = msg;
@@ -1533,7 +1537,8 @@ message_dump_raw (char *header, struct message *msg, int class)
for (i = 0; i < msg->iovlen; i++)
for (j = 0; j < msg->iov[i].iov_len; j++)
{
- sprintf (p, "%02x", ((u_int8_t *)msg->iov[i].iov_base)[j]);
+ snprintf (p, 80 - (int)(p - buf), "%02x",
+ ((u_int8_t *)msg->iov[i].iov_base)[j]);
p += 2;
if (++k % 32 == 0)
{
diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c
index 6592b1ee208..ecefb2f68af 100644
--- a/sbin/isakmpd/pf_key_v2.c
+++ b/sbin/isakmpd/pf_key_v2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_key_v2.c,v 1.93 2002/01/23 17:21:16 ho Exp $ */
+/* $OpenBSD: pf_key_v2.c,v 1.94 2002/01/23 18:44:47 ho Exp $ */
/* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */
/*
@@ -2119,9 +2119,10 @@ pf_key_v2_convert_id (u_int8_t *id, int idlen, size_t *reslen, int *idtype)
addr = id + ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ;
if (inet_ntop (AF_INET, addr, addrbuf, ADDRESS_MAX) == NULL)
return 0;
- sprintf (addrbuf + strlen (addrbuf), "/%d",
- pf_key_v2_mask_to_bits ((u_int32_t)
- *(addr + sizeof (struct in_addr))));
+ snprintf (addrbuf + strlen (addrbuf), ADDRESS_MAX - strlen (addrbuf),
+ "/%d", pf_key_v2_mask_to_bits ((u_int32_t)
+ *(addr +
+ sizeof (struct in_addr))));
*reslen = strlen (addrbuf);
res = strdup (addrbuf);
if (!res)
@@ -2134,8 +2135,9 @@ pf_key_v2_convert_id (u_int8_t *id, int idlen, size_t *reslen, int *idtype)
addr = id + ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ;
if (inet_ntop (AF_INET6, addr, addrbuf, ADDRESS_MAX) == NULL)
return 0;
- sprintf (addrbuf + strlen (addrbuf), "/%d",
- pf_key_v2_mask6_to_bits (addr + sizeof (struct in6_addr)));
+ snprintf (addrbuf + strlen (addrbuf), ADDRESS_MAX - strlen (addrbuf),
+ "/%d", pf_key_v2_mask6_to_bits (addr +
+ sizeof (struct in6_addr)));
*reslen = strlen (addrbuf);
res = strdup (addrbuf);
if (!res)
@@ -2769,7 +2771,7 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
char dstbuf[ADDRESS_MAX], srcbuf[ADDRESS_MAX], *peer = 0, *conn = 0;
char confname[120];
char *srcid = 0, *dstid = 0, *prefstring = 0;
- int slen, af, afamily, masklen;
+ int slen, af, afamily, masklen, buflen;
struct sockaddr *smask, *sflow, *dmask, *dflow;
struct sadb_protocol *sproto;
char ssflow[ADDRESS_MAX], sdflow[ADDRESS_MAX];
@@ -3143,24 +3145,20 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
}
}
- srcid = malloc ((slen ? slen : strlen (pwd->pw_name))
- + strlen (prefstring) + sizeof "ID:/");
+ buflen = (slen ? slen : strlen (pwd->pw_name)) + strlen (prefstring)
+ + sizeof "ID:/";
+ srcid = malloc (buflen);
if (!srcid)
{
- log_error ("pf_key_v2_acquire: malloc (%d) failed",
- slen ? slen : strlen (pwd->pw_name)
- + strlen (prefstring) + sizeof "ID:/");
+ log_error ("pf_key_v2_acquire: malloc (%d) failed", buflen);
goto fail;
}
- sprintf (srcid, "ID:%s/", prefstring);
+ snprintf (srcid, buflen, "ID:%s/", prefstring);
if (slen != 0)
- strlcat (srcid + sizeof "ID:/" - 1 + strlen (prefstring),
- (char *)(srcident + 1),
- slen + strlen (prefstring) + sizeof "ID:/");
+ strlcat (srcid, (char *)(srcident + 1), buflen);
else
- strlcat (srcid + sizeof "ID:/" - 1 + strlen (prefstring),
- pwd->pw_name, strlen (prefstring) + sizeof "ID:/");
+ strlcat (srcid, pwd->pw_name, buflen);
pwd = 0;
/* Set the section if it doesn't already exist. */
@@ -3312,25 +3310,20 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
}
}
- dstid = malloc ((slen ? slen : strlen (pwd->pw_name))
- + strlen (prefstring) + sizeof "ID:/");
+ buflen = (slen ? slen : strlen (pwd->pw_name)) + strlen (prefstring)
+ + sizeof "ID:/";
+ dstid = malloc (buflen);
if (!dstid)
{
- log_error ("pf_key_v2_acquire: malloc (%d) failed",
- slen ? slen : strlen (pwd->pw_name)
- + strlen (prefstring) + sizeof "ID:/");
+ log_error ("pf_key_v2_acquire: malloc (%d) failed", buflen);
goto fail;
}
- sprintf (dstid, "ID:%s/", prefstring);
+ snprintf (dstid, buflen, "ID:%s/", prefstring);
if (slen != 0)
- strlcat (dstid + sizeof "ID:/" - 1 + strlen (prefstring),
- (char *)(dstident + 1),
- slen + strlen (prefstring) + sizeof "ID:/");
+ strlcat (dstid, (char *)(dstident + 1), buflen);
else
- strlcat (dstid + sizeof "ID:/" - 1 + strlen (prefstring),
- pwd->pw_name,
- strlen (prefstring) + sizeof "ID:/");
+ strlcat (dstid, pwd->pw_name, buflen);
pwd = 0;
/* Set the section if it doesn't already exist. */
diff --git a/sbin/isakmpd/util.c b/sbin/isakmpd/util.c
index 42b846b33a3..d5f67aebd75 100644
--- a/sbin/isakmpd/util.c
+++ b/sbin/isakmpd/util.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: util.c,v 1.25 2002/01/23 17:10:09 ho Exp $ */
+/* $OpenBSD: util.c,v 1.26 2002/01/23 18:44:48 ho Exp $ */
/* $EOM: util.c,v 1.23 2000/11/23 12:22:08 niklas Exp $ */
/*
@@ -380,7 +380,8 @@ sockaddr2text (struct sockaddr *sa, char **address, int zflag)
free (*address);
return -1;
}
- sprintf (*address + strlen (*address), "%03ld", val);
+ snprintf (*address + strlen (*address),
+ addrlen - strlen (*address), "%03ld", val);
if (bstart)
strlcat (*address, ".", addrlen);
}
@@ -397,9 +398,9 @@ sockaddr2text (struct sockaddr *sa, char **address, int zflag)
return -1;
for (i = 0, j = 0; i < 8; i++)
- j += sprintf ((*address) + j, "%02x%02x:",
- ((struct sockaddr_in6 *)sa)->sin6_addr.s6_addr[2 * i],
- ((struct sockaddr_in6 *)sa)->sin6_addr.s6_addr[2 * i + 1]);
+ j += snprintf ((*address) + j, addrlen - j, "%02x%02x:",
+ ((struct sockaddr_in6 *)sa)->sin6_addr.s6_addr[2 * i],
+ ((struct sockaddr_in6 *)sa)->sin6_addr.s6_addr[2 * i + 1]);
(*address)[j - 1] = '\0';
break;
diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c
index 96d18b698ff..300b6c66d01 100644
--- a/sbin/isakmpd/x509.c
+++ b/sbin/isakmpd/x509.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.c,v 1.67 2002/01/23 17:26:21 ho Exp $ */
+/* $OpenBSD: x509.c,v 1.68 2002/01/23 18:44:48 ho Exp $ */
/* $EOM: x509.c,v 1.54 2001/01/16 18:42:16 ho Exp $ */
/*
@@ -1341,7 +1341,7 @@ x509_printable (void *cert)
}
for (i = 0; i < datalen; i++)
- sprintf (s + (2 * i), "%02x", data[i]);
+ snprintf (s + (2 * i), 2 * (datalen - i), "%02x", data[i]);
free (data);
return s;
}