diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2008-04-27 10:49:31 +0000 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2008-04-27 10:49:31 +0000 |
| commit | 937eb2db00baa9cbd4a115f6d2e7f64df1e44faa (patch) | |
| tree | 49dce0e04d3e0e8504b8c80fe77b36d7c73fa6ad | |
| parent | c3628ebc35aab2e046bcef1d6b2587a1aa01f3e8 (diff) | |
| download | strongswan-937eb2db00baa9cbd4a115f6d2e7f64df1e44faa.tar.bz2 strongswan-937eb2db00baa9cbd4a115f6d2e7f64df1e44faa.tar.xz | |
fixed memory corruption problem in starter
| -rw-r--r-- | src/starter/args.c | 10 | ||||
| -rw-r--r-- | src/starter/confread.c | 143 | ||||
| -rw-r--r-- | src/starter/confread.h | 2 | ||||
| -rw-r--r-- | src/starter/starterwhack.c | 7 |
4 files changed, 85 insertions, 77 deletions
diff --git a/src/starter/args.c b/src/starter/args.c index 84179b673..c2921489b 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -218,9 +218,9 @@ static const token_info_t token_info[] = { ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action }, { ARG_MISC, 0, NULL /* KW_MODECONFIG */ }, { ARG_MISC, 0, NULL /* KW_XAUTH */ }, - { ARG_ENUM, offsetof(starter_conn_t, me_mediation), LST_bool }, - { ARG_STR, offsetof(starter_conn_t, me_mediated_by), NULL }, - { ARG_STR, offsetof(starter_conn_t, me_peerid), NULL }, + { ARG_ENUM, offsetof(starter_conn_t, me_mediation), LST_bool }, + { ARG_STR, offsetof(starter_conn_t, me_mediated_by), NULL }, + { ARG_STR, offsetof(starter_conn_t, me_peerid), NULL }, /* ca section keywords */ { ARG_STR, offsetof(starter_ca_t, name), NULL }, @@ -237,10 +237,10 @@ static const token_info_t token_info[] = /* end keywords */ { ARG_MISC, 0, NULL /* KW_HOST */ }, { ARG_MISC, 0, NULL /* KW_NEXTHOP */ }, - { ARG_MISC, 0, NULL /* KW_SUBNET */ }, + { ARG_STR, offsetof(starter_end_t, subnet), NULL }, { ARG_MISC, 0, NULL /* KW_SUBNETWITHIN */ }, { ARG_MISC, 0, NULL /* KW_PROTOPORT */ }, - { ARG_MISC, 0, NULL /* KW_SOURCEIP */ }, + { ARG_STR, offsetof(starter_end_t, srcip), NULL }, { ARG_MISC, 0, NULL /* KW_NATIP */ }, { ARG_ENUM, offsetof(starter_end_t, firewall), LST_bool }, { ARG_ENUM, offsetof(starter_end_t, hostaccess), LST_bool }, diff --git a/src/starter/confread.c b/src/starter/confread.c index 606f1e327..4bc36bb61 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -146,17 +146,89 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token if (!assign_arg(token, KW_END_FIRST, kw, (char *)end, &assigned)) goto err; - if (token == KW_SENDCERT) + /* post processing of some keywords that were assigned automatically */ + switch (token) { + case KW_SUBNET: + if ((strlen(value) >= 6 && strncmp(value,"vhost:",6) == 0) + || (strlen(value) >= 5 && strncmp(value,"vnet:",5) == 0)) + { + /* used by pluto only */ + end->has_virt = TRUE; + } + else + { + ip_subnet net; + char *pos; + int len = 0; + + end->has_client = TRUE; + conn->tunnel_addr_family = ip_version(value); + + pos = strchr(value, ','); + if (pos) + { + len = pos - value; + } + ugh = ttosubnet(value, len, ip_version(value), &net); + if (ugh != NULL) + { + plog("# bad subnet: %s=%s [%s]", name, value, ugh); + goto err; + } + } + break; + case KW_SOURCEIP: + if (end->has_natip) + { + plog("# natip and sourceip cannot be defined at the same time"); + goto err; + } + if (streq(value, "%modeconfig") || streq(value, "%modecfg") || + streq(value, "%config") || streq(value, "%cfg")) + { + end->modecfg = TRUE; + } + else + { + ip_address addr; + ip_subnet net; + + conn->tunnel_addr_family = ip_version(value); + if (strchr(value, '/')) + { /* CIDR notation, address pool */ + ugh = ttosubnet(value, 0, conn->tunnel_addr_family, &net); + } + else if (value[0] != '%') + { /* old style fixed srcip, a %poolname otherwise */ + ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &addr); + } + if (ugh != NULL) + { + plog("# bad addr: %s=%s [%s]", name, value, ugh); + goto err; + } + } + conn->policy |= POLICY_TUNNEL; + break; + case KW_SENDCERT: if (end->sendcert == CERT_YES_SEND) + { end->sendcert = CERT_ALWAYS_SEND; + } else if (end->sendcert == CERT_NO_SEND) + { end->sendcert = CERT_NEVER_SEND; + } + break; + default: + break; } if (assigned) return; + /* individual processing of keywords that were not assigned automatically */ switch (token) { case KW_HOST: @@ -242,35 +314,6 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token goto err; } break; - case KW_SUBNET: - if ((strlen(value) >= 6 && strncmp(value,"vhost:",6) == 0) - || (strlen(value) >= 5 && strncmp(value,"vnet:",5) == 0)) - { - end->virt = clone_str(value, "virt"); - } - else - { - ip_subnet net; - char *pos; - int len = 0; - - end->has_client = TRUE; - conn->tunnel_addr_family = ip_version(value); - - pos = strchr(value, ','); - if (pos) - { - len = pos - value; - } - ugh = ttosubnet(value, len, ip_version(value), &net); - if (ugh != NULL) - { - plog("# bad subnet: %s=%s [%s]", name, value, ugh); - goto err; - } - end->subnet = clone_str(value, "subnet"); - } - break; case KW_SUBNETWITHIN: { ip_subnet net; @@ -292,40 +335,6 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token ugh = ttoprotoport(value, 0, &end->protocol, &end->port, &has_port_wildcard); end->has_port_wildcard = has_port_wildcard; break; - case KW_SOURCEIP: - if (end->has_natip) - { - plog("# natip and sourceip cannot be defined at the same time"); - goto err; - } - if (streq(value, "%modeconfig") || streq(value, "%modecfg") || - streq(value, "%config") || streq(value, "%cfg")) - { - end->modecfg = TRUE; - } - else - { - ip_address addr; - ip_subnet net; - - conn->tunnel_addr_family = ip_version(value); - if (strchr(value, '/')) - { /* CIDR notation, address pool */ - ugh = ttosubnet(value, 0, conn->tunnel_addr_family, &net); - } - else if (value[0] != '%') - { /* old style fixed srcip, a %poolname otherwise */ - ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &addr); - } - if (ugh != NULL) - { - plog("# bad addr: %s=%s [%s]", name, value, ugh); - goto err; - } - end->srcip = clone_str(value, "srcip"); - } - conn->policy |= POLICY_TUNNEL; - break; case KW_NATIP: if (end->srcip) { @@ -848,12 +857,6 @@ free_also(also_t *head) static void confread_free_conn(starter_conn_t *conn) { - pfree(conn->left.subnet); - pfree(conn->right.subnet); - pfree(conn->left.virt); - pfree(conn->right.virt); - pfree(conn->left.srcip); - pfree(conn->right.srcip); free_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->left); free_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->right); free_args(KW_CONN_NAME, KW_CONN_LAST, (char *)conn); diff --git a/src/starter/confread.h b/src/starter/confread.h index d7e8ec37a..d7b2752bc 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -70,6 +70,7 @@ struct starter_end { bool has_client_wildcard; bool has_port_wildcard; bool has_natip; + bool has_virt; bool modecfg; certpolicy_t sendcert; bool firewall; @@ -79,7 +80,6 @@ struct starter_end { char *updown; u_int16_t port; u_int8_t protocol; - char *virt; char *srcip; }; diff --git a/src/starter/starterwhack.c b/src/starter/starterwhack.c index 4535a583e..0c86d0976 100644 --- a/src/starter/starterwhack.c +++ b/src/starter/starterwhack.c @@ -197,7 +197,13 @@ set_whack_end(whack_end_t *w, starter_end_t *end, sa_family_t family) ttosubnet(end->subnet, len, ip_version(end->subnet), &w->client); } else + { + if (end->has_virt) + { + w->virt = end->subnet; + } w->client.addr.u.v4.sin_family = addrtypeof(&w->host_addr); + } w->has_client_wildcard = end->has_client_wildcard; w->has_port_wildcard = end->has_port_wildcard; @@ -210,7 +216,6 @@ set_whack_end(whack_end_t *w, starter_end_t *end, sa_family_t family) w->host_port = IKE_UDP_PORT; w->port = end->port; w->protocol = end->protocol; - w->virt = end->virt; if (w->port != 0) { |