From b28b13af9dc83c315c7ac7e54ec504533c4f7041 Mon Sep 17 00:00:00 2001 From: Jun-ichiro itojun Hagino Date: Sat, 2 Dec 2000 02:56:51 +0000 Subject: sync with latest kame. - validate strdup() error in argument parsing. - use strlcat in complex string manipulation --- sbin/ping6/ping6.c | 48 +++++++++++++++++++++++------------------------- 1 file changed, 23 insertions(+), 25 deletions(-) (limited to 'sbin/ping6/ping6.c') diff --git a/sbin/ping6/ping6.c b/sbin/ping6/ping6.c index 2d292dc0ee5..99da4f227fb 100644 --- a/sbin/ping6/ping6.c +++ b/sbin/ping6/ping6.c @@ -1,5 +1,5 @@ -/* $OpenBSD: ping6.c,v 1.17 2000/11/11 00:45:38 itojun Exp $ */ -/* $KAME: ping6.c,v 1.99 2000/11/08 09:55:45 itojun Exp $ */ +/* $OpenBSD: ping6.c,v 1.18 2000/12/02 02:56:50 itojun Exp $ */ +/* $KAME: ping6.c,v 1.105 2000/12/02 02:48:41 itojun Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -484,11 +484,13 @@ main(argc, argv) #ifdef IPSEC_POLICY_IPSEC case 'P': options |= F_POLICY; - if (!strncmp("in", optarg, 2)) - policy_in = strdup(optarg); - else if (!strncmp("out", optarg, 3)) - policy_out = strdup(optarg); - else + if (!strncmp("in", optarg, 2)) { + if ((policy_in = strdup(optarg)) == NULL) + errx(1, "strdup"); + } else if (!strncmp("out", optarg, 3)) { + if ((policy_out = strdup(optarg)) == NULL) + errx(1, "strdup"); + } else errx(1, "invalid security policy"); break; #else @@ -1153,25 +1155,21 @@ dnsdecode(sp, ep, base, buf, bufsiz) u_char *buf; size_t bufsiz; { - int i, l; + int i; const u_char *cp; - char *q; - const char *eq; char cresult[MAXDNAME + 1]; const u_char *comp; cp = *sp; - q = buf; - eq = buf + bufsiz; + *buf = '\0'; if (cp >= ep) return NULL; while (cp < ep) { i = *cp; if (i == 0 || cp != *sp) { - if (q >= eq - 1) + if (strlcat(buf, ".", bufsiz) >= bufsiz) return NULL; /*result overrun*/ - *q++ = '.'; } if (i == 0) break; @@ -1186,31 +1184,25 @@ dnsdecode(sp, ep, base, buf, bufsiz) if (dnsdecode(&comp, cp, base, cresult, sizeof(cresult)) == NULL) return NULL; - if (eq - q < strlen(cresult) + 1) + if (strlcat(buf, cresult, bufsiz) >= bufsiz) return NULL; /*result overrun*/ - strcpy(q, cresult); /*XXX should be strlcpy*/ - q += strlen(q); break; } else if ((i & 0x3f) == i) { if (i > ep - cp) return NULL; /*source overrun*/ while (i-- > 0 && cp < ep) { - if (eq - q < (isprint(*cp) ? 2 : 5)) - return NULL; /*result overrun*/ - l = snprintf(q, eq - q, + (void)snprintf(cresult, sizeof(cresult), isprint(*cp) ? "%c" : "\\%03o", *cp & 0xff); + if (strlcat(buf, cresult, bufsiz) >= bufsiz) + return NULL; /*result overrun*/ cp++; - q += l; } } else return NULL; /*invalid label*/ } - if (q >= eq) - return NULL; /*result overrun*/ if (i != 0) return NULL; /*not terminated*/ cp++; - *q = '\0'; *sp = cp; return buf; } @@ -1802,6 +1794,9 @@ get_hoplim(mhdr) for (cm = (struct cmsghdr *)CMSG_FIRSTHDR(mhdr); cm; cm = (struct cmsghdr *)CMSG_NXTHDR(mhdr, cm)) { + if (cm->cmsg_len == 0) + return(-1); + if (cm->cmsg_level == IPPROTO_IPV6 && cm->cmsg_type == IPV6_HOPLIMIT && cm->cmsg_len == CMSG_LEN(sizeof(int))) @@ -1819,6 +1814,9 @@ get_rcvpktinfo(mhdr) for (cm = (struct cmsghdr *)CMSG_FIRSTHDR(mhdr); cm; cm = (struct cmsghdr *)CMSG_NXTHDR(mhdr, cm)) { + if (cm->cmsg_len == 0) + return(NULL); + if (cm->cmsg_level == IPPROTO_IPV6 && cm->cmsg_type == IPV6_PKTINFO && cm->cmsg_len == CMSG_LEN(sizeof(struct in6_pktinfo))) @@ -2050,7 +2048,7 @@ pr_icmph(icp, end) if (!inet_ntop(AF_INET6, &red->nd_rd_target, ntop_buf, sizeof(ntop_buf))) strncpy(ntop_buf, "?", sizeof(ntop_buf)); - (void)printf("New Target: %s", ntop_buf); + (void)printf(" New Target: %s", ntop_buf); break; case ICMP6_NI_QUERY: (void)printf("Node Information Query"); -- cgit v1.2.3