stroke: Dynamically resize stroke messages

The maximum size of a stroke message is currently 64k due to the 2 byte length field. Fixes #943.
author: Tobias Brunner <tobias@strongswan.org> 2015-05-20 18:21:15 +0200
committer: Tobias Brunner <tobias@strongswan.org> 2015-05-22 10:40:15 +0200
commit: d8fe354a0e3a41d7d400a44fd2865312782db5df (patch)
tree: f6905db17e998e647aa1eb93039b42a80b277ed1
parent: e94aae83d3292a45626f15d121366d21c687e7ad (diff)
download: strongswan-d8fe354a0e3a41d7d400a44fd2865312782db5df.tar.bz2
strongswan-d8fe354a0e3a41d7d400a44fd2865312782db5df.tar.xz
3 files changed, 320 insertions, 287 deletions
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index 6e1f1605d..79a92cdad 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -1,4 +1,5 @@
 /*
+ * Copyright (C) 2007-2015 Tobias Brunner
  * Copyright (C) 2006 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -31,37 +32,57 @@
 #define IPV4_LEN	 4
 #define IPV6_LEN	16
 
-static char* push_string(stroke_msg_t *msg, char *string)
+static stroke_msg_t *create_stroke_msg(int type)
 {
-	unsigned long string_start = msg->length;
+	stroke_msg_t *msg;
 
-	if (string == NULL)
+	INIT(msg,
+		.type = type,
+		.length = offsetof(stroke_msg_t, buffer),
+	);
+	return msg;
+}
+
+#define push_string(msg, field, str) \
+	push_string_impl(msg, offsetof(stroke_msg_t, field), str)
+#define push_string_end(msg, offset, field, str) \
+	push_string_impl(msg, offset + offsetof(stroke_end_t, field), str)
+
+static void push_string_impl(stroke_msg_t **msg, size_t offset, char *string)
+{
+	size_t cur_len = (*msg)->length, str_len;
+
+	if (!string)
 	{
-		return NULL;
+		return;
 	}
-	else if ((size_t)msg->length + strlen(string) >= sizeof(stroke_msg_t))
+	str_len = strlen(string) + 1;
+	if (cur_len + str_len >= UINT16_MAX)
 	{
-		/* set invalid length to fail during message send */
-		msg->length = ~0;
-		return NULL;
+		(*msg)->length = UINT16_MAX;
+		return;
 	}
-	else
+	while (cur_len + str_len > sizeof(stroke_msg_t) + (*msg)->buflen)
 	{
-		msg->length += strlen(string) + 1;
-		strcpy((char*)msg + string_start, string);
-		return (char*)string_start;
+		*msg = realloc(*msg, sizeof(stroke_msg_t) + (*msg)->buflen +
+					   STROKE_BUF_LEN_INC);
+		(*msg)->buflen += STROKE_BUF_LEN_INC;
 	}
+	(*msg)->length += str_len;
+	strcpy((char*)*msg + cur_len, string);
+	*(char**)((char*)*msg + offset) = (char*)cur_len;
 }
 
-static int send_stroke_msg (stroke_msg_t *msg)
+static int send_stroke_msg(stroke_msg_t *msg)
 {
 	stream_t *stream;
 	char *uri, buffer[64];
 	int count;
 
-	if (msg->length > sizeof(stroke_msg_t))
+	if (msg->length == UINT16_MAX)
 	{
-		DBG1(DBG_APP, "stroke message exceeds buffer size");
+		DBG1(DBG_APP, "stroke message exceeds maximum buffer size");
+		free(msg);
 		return -1;
 	}
 
@@ -74,6 +95,7 @@ static int send_stroke_msg (stroke_msg_t *msg)
 	if (!stream)
 	{
 		DBG1(DBG_APP, "failed to connect to stroke socket '%s'", uri);
+		free(msg);
 		return -1;
 	}
 
@@ -81,6 +103,7 @@ static int send_stroke_msg (stroke_msg_t *msg)
 	{
 		DBG1(DBG_APP, "sending stroke message failed");
 		stream->destroy(stream);
+		free(msg);
 		return -1;
 	}
 	while ((count = stream->read(stream, buffer, sizeof(buffer)-1, TRUE)) > 0)
@@ -93,6 +116,7 @@ static int send_stroke_msg (stroke_msg_t *msg)
 		DBG1(DBG_APP, "reading stroke response failed");
 	}
 	stream->destroy(stream);
+	free(msg);
 	return 0;
 }
 
@@ -109,33 +133,38 @@ static char* connection_name(starter_conn_t *conn)
 	return conn->name;
 }
 
-static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, starter_end_t *conn_end)
+static void add_end(stroke_msg_t **msg, size_t offset, starter_end_t *conn_end)
 {
-	msg_end->auth = push_string(msg, conn_end->auth);
-	msg_end->auth2 = push_string(msg, conn_end->auth2);
-	msg_end->id = push_string(msg, conn_end->id);
-	msg_end->id2 = push_string(msg, conn_end->id2);
-	msg_end->rsakey = push_string(msg, conn_end->rsakey);
-	msg_end->cert = push_string(msg, conn_end->cert);
-	msg_end->cert2 = push_string(msg, conn_end->cert2);
-	msg_end->cert_policy = push_string(msg, conn_end->cert_policy);
-	msg_end->ca = push_string(msg, conn_end->ca);
-	msg_end->ca2 = push_string(msg, conn_end->ca2);
-	msg_end->groups = push_string(msg, conn_end->groups);
-	msg_end->groups2 = push_string(msg, conn_end->groups2);
-	msg_end->updown = push_string(msg, conn_end->updown);
+	stroke_end_t *msg_end;
+
+	push_string_end(msg, offset, auth, conn_end->auth);
+	push_string_end(msg, offset, auth2, conn_end->auth2);
+	push_string_end(msg, offset, id, conn_end->id);
+	push_string_end(msg, offset, id2, conn_end->id2);
+	push_string_end(msg, offset, rsakey, conn_end->rsakey);
+	push_string_end(msg, offset, cert, conn_end->cert);
+	push_string_end(msg, offset, cert2, conn_end->cert2);
+	push_string_end(msg, offset, cert_policy, conn_end->cert_policy);
+	push_string_end(msg, offset, ca, conn_end->ca);
+	push_string_end(msg, offset, ca2, conn_end->ca2);
+	push_string_end(msg, offset, groups, conn_end->groups);
+	push_string_end(msg, offset, groups2, conn_end->groups2);
+	push_string_end(msg, offset, updown, conn_end->updown);
 	if (conn_end->host)
 	{
-		msg_end->address = push_string(msg, conn_end->host);
+		push_string_end(msg, offset, address, conn_end->host);
 	}
 	else
 	{
-		msg_end->address = push_string(msg, "%any");
+		push_string_end(msg, offset, address, "%any");
 	}
+	push_string_end(msg, offset, subnets, conn_end->subnet);
+	push_string_end(msg, offset, sourceip, conn_end->sourceip);
+	push_string_end(msg, offset, dns, conn_end->dns);
+
+	/* we can't assign it earlier as msg might change */
+	msg_end = (stroke_end_t*)((char*)(*msg) + offset);
 	msg_end->ikeport = conn_end->ikeport;
-	msg_end->subnets = push_string(msg, conn_end->subnet);
-	msg_end->sourceip = push_string(msg, conn_end->sourceip);
-	msg_end->dns = push_string(msg, conn_end->dns);
 	msg_end->sendcert = conn_end->sendcert;
 	msg_end->hostaccess = conn_end->hostaccess;
 	msg_end->tohost = !conn_end->subnet;
@@ -147,187 +176,178 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta
 
 int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
 {
-	stroke_msg_t msg;
+	stroke_msg_t *msg;
 
-	memset(&msg, 0, sizeof(msg));
-	msg.type = STR_ADD_CONN;
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.add_conn.version = conn->keyexchange;
-	msg.add_conn.name = push_string(&msg, connection_name(conn));
-	msg.add_conn.eap_identity = push_string(&msg, conn->eap_identity);
-	msg.add_conn.aaa_identity = push_string(&msg, conn->aaa_identity);
-	msg.add_conn.xauth_identity = push_string(&msg, conn->xauth_identity);
+	msg = create_stroke_msg(STR_ADD_CONN);
+	msg->add_conn.version = conn->keyexchange;
+	push_string(&msg, add_conn.name, connection_name(conn));
+	push_string(&msg, add_conn.eap_identity, conn->eap_identity);
+	push_string(&msg, add_conn.aaa_identity, conn->aaa_identity);
+	push_string(&msg, add_conn.xauth_identity, conn->xauth_identity);
 
-	msg.add_conn.mode = conn->mode;
-	msg.add_conn.proxy_mode = conn->proxy_mode;
+	msg->add_conn.mode = conn->mode;
+	msg->add_conn.proxy_mode = conn->proxy_mode;
 
 	if (!(conn->options & SA_OPTION_DONT_REKEY))
 	{
-		msg.add_conn.rekey.reauth = !(conn->options & SA_OPTION_DONT_REAUTH);
-		msg.add_conn.rekey.ipsec_lifetime = conn->sa_ipsec_life_seconds;
-		msg.add_conn.rekey.ike_lifetime = conn->sa_ike_life_seconds;
-		msg.add_conn.rekey.margin = conn->sa_rekey_margin;
-		msg.add_conn.rekey.life_bytes = conn->sa_ipsec_life_bytes;
-		msg.add_conn.rekey.margin_bytes = conn->sa_ipsec_margin_bytes;
-		msg.add_conn.rekey.life_packets = conn->sa_ipsec_life_packets;
-		msg.add_conn.rekey.margin_packets = conn->sa_ipsec_margin_packets;
-		msg.add_conn.rekey.fuzz = conn->sa_rekey_fuzz;
+		msg->add_conn.rekey.reauth = !(conn->options & SA_OPTION_DONT_REAUTH);
+		msg->add_conn.rekey.ipsec_lifetime = conn->sa_ipsec_life_seconds;
+		msg->add_conn.rekey.ike_lifetime = conn->sa_ike_life_seconds;
+		msg->add_conn.rekey.margin = conn->sa_rekey_margin;
+		msg->add_conn.rekey.life_bytes = conn->sa_ipsec_life_bytes;
+		msg->add_conn.rekey.margin_bytes = conn->sa_ipsec_margin_bytes;
+		msg->add_conn.rekey.life_packets = conn->sa_ipsec_life_packets;
+		msg->add_conn.rekey.margin_packets = conn->sa_ipsec_margin_packets;
+		msg->add_conn.rekey.fuzz = conn->sa_rekey_fuzz;
 	}
-	msg.add_conn.rekey.tries = conn->sa_keying_tries;
-
-	msg.add_conn.mobike = conn->options & SA_OPTION_MOBIKE;
-	msg.add_conn.force_encap = conn->options & SA_OPTION_FORCE_ENCAP;
-	msg.add_conn.fragmentation = conn->fragmentation;
-	msg.add_conn.ikedscp = conn->ikedscp;
-	msg.add_conn.ipcomp = conn->options & SA_OPTION_COMPRESS;
-	msg.add_conn.install_policy = conn->install_policy;
-	msg.add_conn.aggressive = conn->aggressive;
-	msg.add_conn.pushmode = conn->options & SA_OPTION_MODECFG_PUSH;
-	msg.add_conn.crl_policy = (crl_policy_t)cfg->setup.strictcrlpolicy;
-	msg.add_conn.unique = cfg->setup.uniqueids;
-	msg.add_conn.algorithms.ike = push_string(&msg, conn->ike);
-	msg.add_conn.algorithms.esp = push_string(&msg, conn->esp);
-	msg.add_conn.algorithms.ah = push_string(&msg, conn->ah);
-	msg.add_conn.dpd.delay = conn->dpd_delay;
-	msg.add_conn.dpd.timeout = conn->dpd_timeout;
-	msg.add_conn.dpd.action = conn->dpd_action;
-	msg.add_conn.close_action = conn->close_action;
-	msg.add_conn.inactivity = conn->inactivity;
-	msg.add_conn.ikeme.mediation = conn->me_mediation;
-	msg.add_conn.ikeme.mediated_by = push_string(&msg, conn->me_mediated_by);
-	msg.add_conn.ikeme.peerid = push_string(&msg, conn->me_peerid);
-	msg.add_conn.reqid = conn->reqid;
-	msg.add_conn.replay_window = conn->replay_window;
-	msg.add_conn.mark_in.value = conn->mark_in.value;
-	msg.add_conn.mark_in.mask = conn->mark_in.mask;
-	msg.add_conn.mark_out.value = conn->mark_out.value;
-	msg.add_conn.mark_out.mask = conn->mark_out.mask;
-	msg.add_conn.tfc = conn->tfc;
-
-	starter_stroke_add_end(&msg, &msg.add_conn.me, &conn->left);
-	starter_stroke_add_end(&msg, &msg.add_conn.other, &conn->right);
-
-	if (!msg.add_conn.me.auth && !msg.add_conn.other.auth &&
+	msg->add_conn.rekey.tries = conn->sa_keying_tries;
+
+	msg->add_conn.mobike = conn->options & SA_OPTION_MOBIKE;
+	msg->add_conn.force_encap = conn->options & SA_OPTION_FORCE_ENCAP;
+	msg->add_conn.fragmentation = conn->fragmentation;
+	msg->add_conn.ikedscp = conn->ikedscp;
+	msg->add_conn.ipcomp = conn->options & SA_OPTION_COMPRESS;
+	msg->add_conn.install_policy = conn->install_policy;
+	msg->add_conn.aggressive = conn->aggressive;
+	msg->add_conn.pushmode = conn->options & SA_OPTION_MODECFG_PUSH;
+	msg->add_conn.crl_policy = (crl_policy_t)cfg->setup.strictcrlpolicy;
+	msg->add_conn.unique = cfg->setup.uniqueids;
+	push_string(&msg, add_conn.algorithms.ike, conn->ike);
+	push_string(&msg, add_conn.algorithms.esp, conn->esp);
+	push_string(&msg, add_conn.algorithms.ah, conn->ah);
+	msg->add_conn.dpd.delay = conn->dpd_delay;
+	msg->add_conn.dpd.timeout = conn->dpd_timeout;
+	msg->add_conn.dpd.action = conn->dpd_action;
+	msg->add_conn.close_action = conn->close_action;
+	msg->add_conn.inactivity = conn->inactivity;
+	msg->add_conn.ikeme.mediation = conn->me_mediation;
+	push_string(&msg, add_conn.ikeme.mediated_by, conn->me_mediated_by);
+	push_string(&msg, add_conn.ikeme.peerid, conn->me_peerid);
+	msg->add_conn.reqid = conn->reqid;
+	msg->add_conn.replay_window = conn->replay_window;
+	msg->add_conn.mark_in.value = conn->mark_in.value;
+	msg->add_conn.mark_in.mask = conn->mark_in.mask;
+	msg->add_conn.mark_out.value = conn->mark_out.value;
+	msg->add_conn.mark_out.mask = conn->mark_out.mask;
+	msg->add_conn.tfc = conn->tfc;
+
+	add_end(&msg, offsetof(stroke_msg_t, add_conn.me), &conn->left);
+	add_end(&msg, offsetof(stroke_msg_t, add_conn.other), &conn->right);
+
+	if (!msg->add_conn.me.auth && !msg->add_conn.other.auth &&
 		 conn->authby)
 	{	/* leftauth/rightauth not set, use legacy options */
 		if (streq(conn->authby, "rsa")   || streq(conn->authby, "rsasig")   ||
 			streq(conn->authby, "ecdsa") || streq(conn->authby, "ecdsasig") ||
 			streq(conn->authby, "pubkey"))
 		{
-			msg.add_conn.me.auth = push_string(&msg, "pubkey");
-			msg.add_conn.other.auth = push_string(&msg, "pubkey");
+			push_string(&msg, add_conn.me.auth, "pubkey");
+			push_string(&msg, add_conn.other.auth, "pubkey");
 		}
 		else if (streq(conn->authby, "secret") || streq(conn->authby, "psk"))
 		{
-			msg.add_conn.me.auth = push_string(&msg, "psk");
-			msg.add_conn.other.auth = push_string(&msg, "psk");
+			push_string(&msg, add_conn.me.auth, "psk");
+			push_string(&msg, add_conn.other.auth, "psk");
 		}
 		else if (streq(conn->authby, "xauthrsasig"))
 		{
-			msg.add_conn.me.auth = push_string(&msg, "pubkey");
-			msg.add_conn.other.auth = push_string(&msg, "pubkey");
+			push_string(&msg, add_conn.me.auth, "pubkey");
+			push_string(&msg, add_conn.other.auth, "pubkey");
 			if (conn->options & SA_OPTION_XAUTH_SERVER)
 			{
-				msg.add_conn.other.auth2 = push_string(&msg, "xauth");
+				push_string(&msg, add_conn.other.auth2, "xauth");
 			}
 			else
 			{
-				msg.add_conn.me.auth2 = push_string(&msg, "xauth");
+				push_string(&msg, add_conn.me.auth2, "xauth");
 			}
 		}
 		else if (streq(conn->authby, "xauthpsk"))
 		{
-			msg.add_conn.me.auth = push_string(&msg, "psk");
-			msg.add_conn.other.auth = push_string(&msg, "psk");
+			push_string(&msg, add_conn.me.auth, "psk");
+			push_string(&msg, add_conn.other.auth, "psk");
 			if (conn->options & SA_OPTION_XAUTH_SERVER)
 			{
-				msg.add_conn.other.auth2 = push_string(&msg, "xauth");
+				push_string(&msg, add_conn.other.auth2, "xauth");
 			}
 			else
 			{
-				msg.add_conn.me.auth2 = push_string(&msg, "xauth");
+				push_string(&msg, add_conn.me.auth2, "xauth");
 			}
 		}
 	}
-	return send_stroke_msg(&msg);
+	return send_stroke_msg(msg);
 }
 
 int starter_stroke_del_conn(starter_conn_t *conn)
 {
-	stroke_msg_t msg;
+	stroke_msg_t *msg;
 
-	msg.type = STR_DEL_CONN;
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.del_conn.name = push_string(&msg, connection_name(conn));
-	return send_stroke_msg(&msg);
+	msg = create_stroke_msg(STR_DEL_CONN);
+	push_string(&msg, del_conn.name, connection_name(conn));
+	return send_stroke_msg(msg);
 }
 
 int starter_stroke_route_conn(starter_conn_t *conn)
 {
-	stroke_msg_t msg;
+	stroke_msg_t *msg;
 
-	msg.type = STR_ROUTE;
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.route.name = push_string(&msg, connection_name(conn));
-	return send_stroke_msg(&msg);
+	msg = create_stroke_msg(STR_ROUTE);
+	push_string(&msg, route.name, connection_name(conn));
+	return send_stroke_msg(msg);
 }
 
 int starter_stroke_unroute_conn(starter_conn_t *conn)
 {
-	stroke_msg_t msg;
+	stroke_msg_t *msg;
 
-	msg.type = STR_UNROUTE;
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.route.name = push_string(&msg, connection_name(conn));
-	return send_stroke_msg(&msg);
+	msg = create_stroke_msg(STR_UNROUTE);
+	push_string(&msg, route.name, connection_name(conn));
+	return send_stroke_msg(msg);
 }
 
 int starter_stroke_initiate_conn(starter_conn_t *conn)
 {
-	stroke_msg_t msg;
+	stroke_msg_t *msg;
 
-	msg.type = STR_INITIATE;
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.initiate.name = push_string(&msg, connection_name(conn));
-	return send_stroke_msg(&msg);
+	msg = create_stroke_msg(STR_INITIATE);
+	push_string(&msg, initiate.name, connection_name(conn));
+	return send_stroke_msg(msg);
 }
 
 int starter_stroke_add_ca(starter_ca_t *ca)
 {
-	stroke_msg_t msg;
-
-	msg.type = STR_ADD_CA;
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.add_ca.name =        push_string(&msg, ca->name);
-	msg.add_ca.cacert =      push_string(&msg, ca->cacert);
-	msg.add_ca.crluri =      push_string(&msg, ca->crluri);
-	msg.add_ca.crluri2 =     push_string(&msg, ca->crluri2);
-	msg.add_ca.ocspuri =     push_string(&msg, ca->ocspuri);
-	msg.add_ca.ocspuri2 =    push_string(&msg, ca->ocspuri2);
-	msg.add_ca.certuribase = push_string(&msg, ca->certuribase);
-	return send_stroke_msg(&msg);
+	stroke_msg_t *msg;
+
+	msg = create_stroke_msg(STR_ADD_CA);
+	push_string(&msg, add_ca.name, ca->name);
+	push_string(&msg, add_ca.cacert, ca->cacert);
+	push_string(&msg, add_ca.crluri, ca->crluri);
+	push_string(&msg, add_ca.crluri2, ca->crluri2);
+	push_string(&msg, add_ca.ocspuri, ca->ocspuri);
+	push_string(&msg, add_ca.ocspuri2, ca->ocspuri2);
+	push_string(&msg, add_ca.certuribase, ca->certuribase);
+	return send_stroke_msg(msg);
 }
 
 int starter_stroke_del_ca(starter_ca_t *ca)
 {
-	stroke_msg_t msg;
+	stroke_msg_t *msg;
 
-	msg.type = STR_DEL_CA;
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.del_ca.name = push_string(&msg, ca->name);
-	return send_stroke_msg(&msg);
+	msg = create_stroke_msg(STR_DEL_CA);
+	push_string(&msg, del_ca.name, ca->name);
+	return send_stroke_msg(msg);
 }
 
 int starter_stroke_configure(starter_config_t *cfg)
 {
-	stroke_msg_t msg;
+	stroke_msg_t *msg;
 
 	if (cfg->setup.cachecrls)
 	{
-		msg.type = STR_CONFIG;
-		msg.length = offsetof(stroke_msg_t, buffer);
-		msg.config.cachecrl = 1;
-		return send_stroke_msg(&msg);
+		msg = create_stroke_msg(STR_CONFIG);
+		msg->config.cachecrl = 1;
+		return send_stroke_msg(msg);
 	}
 	return 0;
 }
diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c
index ae20b0ca3..07911d2d2 100644
--- a/src/stroke/stroke.c
+++ b/src/stroke/stroke.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007-2014 Tobias Brunner
+ * Copyright (C) 2007-2015 Tobias Brunner
  * Copyright (C) 2006 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -33,28 +33,58 @@ struct stroke_token {
 static char *daemon_name = "charon";
 static int output_verbosity = 1; /* CONTROL */
 
-static char* push_string(stroke_msg_t *msg, char *string)
+static stroke_msg_t *create_stroke_msg(int type)
 {
-	unsigned long string_start = msg->length;
+	stroke_msg_t *msg;
 
-	if (string == NULL ||  msg->length + strlen(string) >= sizeof(stroke_msg_t))
+	INIT(msg,
+		.type = type,
+		.length = offsetof(stroke_msg_t, buffer),
+	);
+	return msg;
+}
+
+#define push_string(msg, field, str) \
+	push_string_impl(msg, offsetof(stroke_msg_t, field), str)
+
+static void push_string_impl(stroke_msg_t **msg, size_t offset, char *string)
+{
+	size_t cur_len = (*msg)->length, str_len;
+
+	if (!string)
+	{
+		return;
+	}
+	str_len = strlen(string) + 1;
+	if (cur_len + str_len >= UINT16_MAX)
 	{
-		return NULL;
+		(*msg)->length = UINT16_MAX;
+		return;
 	}
-	else
+	while (cur_len + str_len > sizeof(stroke_msg_t) + (*msg)->buflen)
 	{
-		msg->length += strlen(string) + 1;
-		strcpy((char*)msg + string_start, string);
-		return (char*)string_start;
+		*msg = realloc(*msg, sizeof(stroke_msg_t) + (*msg)->buflen +
+					   STROKE_BUF_LEN_INC);
+		(*msg)->buflen += STROKE_BUF_LEN_INC;
 	}
+	(*msg)->length += str_len;
+	strcpy((char*)*msg + cur_len, string);
+	*(char**)((char*)*msg + offset) = (char*)cur_len;
 }
 
-static int send_stroke_msg (stroke_msg_t *msg)
+static int send_stroke_msg(stroke_msg_t *msg)
 {
 	stream_t *stream;
 	char *uri, buffer[512], *pass;
 	int count;
 
+	if (msg->length == UINT16_MAX)
+	{
+		fprintf(stderr, "stroke message exceeds maximum buffer size");
+		free(msg);
+		return -1;
+	}
+
 	msg->output_verbosity = output_verbosity;
 
 	uri = lib->settings->get_str(lib->settings, "%s.plugins.stroke.socket",
@@ -63,6 +93,7 @@ static int send_stroke_msg (stroke_msg_t *msg)
 	if (!stream)
 	{
 		fprintf(stderr, "failed to connect to stroke socket '%s'\n", uri);
+		free(msg);
 		return -1;
 	}
 
@@ -70,6 +101,7 @@ static int send_stroke_msg (stroke_msg_t *msg)
 	{
 		fprintf(stderr, "sending stroke message failed\n");
 		stream->destroy(stream);
+		free(msg);
 		return -1;
 	}
 
@@ -109,6 +141,7 @@ static int send_stroke_msg (stroke_msg_t *msg)
 		fprintf(stderr, "reading stroke response failed\n");
 	}
 	stream->destroy(stream);
+	free(msg);
 	return 0;
 }
 
@@ -117,126 +150,116 @@ static int add_connection(char *name,
 						  char *my_addr, char *other_addr,
 						  char *my_nets, char *other_nets)
 {
-	stroke_msg_t msg;
-
-	memset(&msg, 0, sizeof(msg));
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.type = STR_ADD_CONN;
-
-	msg.add_conn.name = push_string(&msg, name);
-	msg.add_conn.version = 2;
-	msg.add_conn.mode = 1;
-	msg.add_conn.mobike = 1;
-	msg.add_conn.dpd.action = 1;
-	msg.add_conn.install_policy = 1;
-
-	msg.add_conn.me.id = push_string(&msg, my_id);
-	msg.add_conn.me.address = push_string(&msg, my_addr);
-	msg.add_conn.me.ikeport = 500;
-	msg.add_conn.me.subnets = push_string(&msg, my_nets);
-	msg.add_conn.me.sendcert = 1;
-	msg.add_conn.me.to_port = 65535;
-
-	msg.add_conn.other.id = push_string(&msg, other_id);
-	msg.add_conn.other.address = push_string(&msg, other_addr);
-	msg.add_conn.other.ikeport = 500;
-	msg.add_conn.other.subnets = push_string(&msg, other_nets);
-	msg.add_conn.other.sendcert = 1;
-	msg.add_conn.other.to_port = 65535;
-
-	return send_stroke_msg(&msg);
+	stroke_msg_t *msg;
+
+	msg = create_stroke_msg(STR_ADD_CONN);
+
+	push_string(&msg, add_conn.name, name);
+	msg->add_conn.version = 2;
+	msg->add_conn.mode = 1;
+	msg->add_conn.mobike = 1;
+	msg->add_conn.dpd.action = 1;
+	msg->add_conn.install_policy = 1;
+
+	push_string(&msg, add_conn.me.id, my_id);
+	push_string(&msg, add_conn.me.address, my_addr);
+	msg->add_conn.me.ikeport = 500;
+	push_string(&msg, add_conn.me.subnets, my_nets);
+	msg->add_conn.me.sendcert = 1;
+	msg->add_conn.me.to_port = 65535;
+
+	push_string(&msg, add_conn.other.id, other_id);
+	push_string(&msg, add_conn.other.address, other_addr);
+	msg->add_conn.other.ikeport = 500;
+	push_string(&msg, add_conn.other.subnets, other_nets);
+	msg->add_conn.other.sendcert = 1;
+	msg->add_conn.other.to_port = 65535;
+
+	return send_stroke_msg(msg);
 }
 
 static int del_connection(char *name)
 {
-	stroke_msg_t msg;
+	stroke_msg_t *msg;
 
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.type = STR_DEL_CONN;
-	msg.initiate.name = push_string(&msg, name);
-	return send_stroke_msg(&msg);
+	msg = create_stroke_msg(STR_DEL_CONN);
+	push_string(&msg, initiate.name, name);
+	return send_stroke_msg(msg);
 }
 
 static int initiate_connection(char *name)
 {
-	stroke_msg_t msg;
+	stroke_msg_t *msg;
 
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.type = STR_INITIATE;
-	msg.initiate.name = push_string(&msg, name);
-	return send_stroke_msg(&msg);
+	msg = create_stroke_msg(STR_INITIATE);
+	push_string(&msg, initiate.name, name);
+	return send_stroke_msg(msg);
 }
 
 static int terminate_connection(char *name)
 {
-	stroke_msg_t msg;
+	stroke_msg_t *msg;
 
-	msg.type = STR_TERMINATE;
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.initiate.name = push_string(&msg, name);
-	return send_stroke_msg(&msg);
+	msg = create_stroke_msg(STR_TERMINATE);
+	push_string(&msg, initiate.name, name);
+	return send_stroke_msg(msg);
 }
 
 static int terminate_connection_srcip(char *start, char *end)
 {
-	stroke_msg_t msg;
+	stroke_msg_t *msg;
 
-	msg.type = STR_TERMINATE_SRCIP;
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.terminate_srcip.start = push_string(&msg, start);
-	msg.terminate_srcip.end = push_string(&msg, end);
-	return send_stroke_msg(&msg);
+	msg = create_stroke_msg(STR_TERMINATE_SRCIP);
+	push_string(&msg, terminate_srcip.start, start);
+	push_string(&msg, terminate_srcip.end, end);
+	return send_stroke_msg(msg);
 }
 
 static int rekey_connection(char *name)
 {
-	stroke_msg_t msg;
+	stroke_msg_t *msg;
 
-	msg.type = STR_REKEY;
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.rekey.name = push_string(&msg, name);
-	return send_stroke_msg(&msg);
+	msg = create_stroke_msg(STR_REKEY);
+	push_string(&msg, rekey.name, name);
+	return send_stroke_msg(msg);
 }
 
 static int route_connection(char *name)
 {
-	stroke_msg_t msg;
+	stroke_msg_t *msg;
 
-	msg.type = STR_ROUTE;
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.route.name = push_string(&msg, name);
-	return send_stroke_msg(&msg);
+	msg = create_stroke_msg(STR_ROUTE);
+	push_string(&msg, route.name, name);
+	return send_stroke_msg(msg);
 }
 
 static int unroute_connection(char *name)
 {
-	stroke_msg_t msg;
+	stroke_msg_t *msg;
 
-	msg.type = STR_UNROUTE;
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.unroute.name = push_string(&msg, name);
-	return send_stroke_msg(&msg);
+	msg = create_stroke_msg(STR_UNROUTE);
+	push_string(&msg, unroute.name, name);
+	return send_stroke_msg(msg);
 }
 
 static int show_status(stroke_keyword_t kw, char *connection)
 {
-	stroke_msg_t msg;
+	stroke_msg_t *msg;
 
 	switch (kw)
 	{
 		case STROKE_STATUSALL:
-			msg.type = STR_STATUS_ALL;
+			msg = create_stroke_msg(STR_STATUS_ALL);
 			break;
 		case STROKE_STATUSALL_NOBLK:
-			msg.type = STR_STATUS_ALL_NOBLK;
+			msg = create_stroke_msg(STR_STATUS_ALL_NOBLK);
 			break;
 		default:
-			msg.type = STR_STATUS;
+			msg = create_stroke_msg(STR_STATUS);
 			break;
 	}
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.status.name = push_string(&msg, connection);
-	return send_stroke_msg(&msg);
+	push_string(&msg, status.name, connection);
+	return send_stroke_msg(msg);
 }
 
 static int list_flags[] = {
@@ -257,13 +280,12 @@ static int list_flags[] = {
 
 static int list(stroke_keyword_t kw, int utc)
 {
-	stroke_msg_t msg;
+	stroke_msg_t *msg;
 
-	msg.type = STR_LIST;
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.list.utc = utc;
-	msg.list.flags = list_flags[kw - STROKE_LIST_FIRST];
-	return send_stroke_msg(&msg);
+	msg = create_stroke_msg(STR_LIST);
+	msg->list.utc = utc;
+	msg->list.flags = list_flags[kw - STROKE_LIST_FIRST];
+	return send_stroke_msg(msg);
 }
 
 static int reread_flags[] = {
@@ -278,12 +300,11 @@ static int reread_flags[] = {
 
 static int reread(stroke_keyword_t kw)
 {
-	stroke_msg_t msg;
+	stroke_msg_t *msg;
 
-	msg.type = STR_REREAD;
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.reread.flags = reread_flags[kw - STROKE_REREAD_FIRST];
-	return send_stroke_msg(&msg);
+	msg = create_stroke_msg(STR_REREAD);
+	msg->reread.flags = reread_flags[kw - STROKE_REREAD_FIRST];
+	return send_stroke_msg(msg);
 }
 
 static int purge_flags[] = {
@@ -295,12 +316,11 @@ static int purge_flags[] = {
 
 static int purge(stroke_keyword_t kw)
 {
-	stroke_msg_t msg;
+	stroke_msg_t *msg;
 
-	msg.type = STR_PURGE;
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.purge.flags = purge_flags[kw - STROKE_PURGE_FIRST];
-	return send_stroke_msg(&msg);
+	msg = create_stroke_msg(STR_PURGE);
+	msg->purge.flags = purge_flags[kw - STROKE_PURGE_FIRST];
+	return send_stroke_msg(msg);
 }
 
 static int export_flags[] = {
@@ -311,68 +331,61 @@ static int export_flags[] = {
 
 static int export(stroke_keyword_t kw, char *selector)
 {
-	stroke_msg_t msg;
+	stroke_msg_t *msg;
 
-	msg.type = STR_EXPORT;
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.export.selector = push_string(&msg, selector);
-	msg.export.flags = export_flags[kw - STROKE_EXPORT_FIRST];
-	return send_stroke_msg(&msg);
+	msg = create_stroke_msg(STR_EXPORT);
+	push_string(&msg, export.selector, selector);
+	msg->export.flags = export_flags[kw - STROKE_EXPORT_FIRST];
+	return send_stroke_msg(msg);
 }
 
 static int leases(stroke_keyword_t kw, char *pool, char *address)
 {
-	stroke_msg_t msg;
+	stroke_msg_t *msg;
 
-	msg.type = STR_LEASES;
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.leases.pool = push_string(&msg, pool);
-	msg.leases.address = push_string(&msg, address);
-	return send_stroke_msg(&msg);
+	msg = create_stroke_msg(STR_LEASES);
+	push_string(&msg, leases.pool, pool);
+	push_string(&msg, leases.address, address);
+	return send_stroke_msg(msg);
 }
 
 static int memusage()
 {
-	stroke_msg_t msg;
+	stroke_msg_t *msg;
 
-	msg.type = STR_MEMUSAGE;
-	msg.length = offsetof(stroke_msg_t, buffer);
-	return send_stroke_msg(&msg);
+	msg = create_stroke_msg(STR_MEMUSAGE);
+	return send_stroke_msg(msg);
 }
 
 static int user_credentials(char *name, char *user, char *pass)
 {
-	stroke_msg_t msg;
-
-	msg.type = STR_USER_CREDS;
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.user_creds.name = push_string(&msg, name);
-	msg.user_creds.username = push_string(&msg, user);
-	msg.user_creds.password = push_string(&msg, pass);
-	return send_stroke_msg(&msg);
+	stroke_msg_t *msg;
+
+	msg = create_stroke_msg(STR_USER_CREDS);
+	push_string(&msg, user_creds.name, name);
+	push_string(&msg, user_creds.username, user);
+	push_string(&msg, user_creds.password, pass);
+	return send_stroke_msg(msg);
 }
 
 static int counters(int reset, char *name)
 {
-	stroke_msg_t msg;
-
-	msg.type = STR_COUNTERS;
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.counters.name = push_string(&msg, name);
-	msg.counters.reset = reset;
+	stroke_msg_t *msg;
 
-	return send_stroke_msg(&msg);
+	msg = create_stroke_msg(STR_COUNTERS);
+	push_string(&msg, counters.name, name);
+	msg->counters.reset = reset;
+	return send_stroke_msg(msg);
 }
 
 static int set_loglevel(char *type, u_int level)
 {
-	stroke_msg_t msg;
+	stroke_msg_t *msg;
 
-	msg.type = STR_LOGLEVEL;
-	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.loglevel.type = push_string(&msg, type);
-	msg.loglevel.level = level;
-	return send_stroke_msg(&msg);
+	msg = create_stroke_msg(STR_LOGLEVEL);
+	push_string(&msg, loglevel.type, type);
+	msg->loglevel.level = level;
+	return send_stroke_msg(msg);
 }
 
 static int usage(char *error)
diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h
index c2b923f6d..17f8a4326 100644
--- a/src/stroke/stroke_msg.h
+++ b/src/stroke/stroke_msg.h
@@ -1,11 +1,5 @@
-/**
- * @file stroke_msg.h
- *
- * @brief Definition of stroke_msg_t.
- *
- */
-
 /*
+ * Copyright (C) 2015 Tobias Brunner
  * Copyright (C) 2006 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -32,7 +26,10 @@
  */
 #define STROKE_SOCKET IPSEC_PIDDIR "/charon.ctl"
 
-#define STROKE_BUF_LEN		4096
+/**
+ * Number of bytes by which the buffer is increased as needed
+ */
+#define STROKE_BUF_LEN_INC     1024
 
 typedef enum list_flag_t list_flag_t;
 
@@ -371,7 +368,10 @@ struct stroke_msg_t {
 			char *name;
 		} counters;
 	};
-	char buffer[STROKE_BUF_LEN];
+	/* length of the string buffer */
+	u_int16_t buflen;
+	/* string buffer */
+	char buffer[];
 };
 
 #endif /* STROKE_MSG_H_ */
author	Tobias Brunner <tobias@strongswan.org>	2015-05-20 18:21:15 +0200
committer	Tobias Brunner <tobias@strongswan.org>	2015-05-22 10:40:15 +0200
commit	d8fe354a0e3a41d7d400a44fd2865312782db5df (patch)
tree	f6905db17e998e647aa1eb93039b42a80b277ed1
parent	e94aae83d3292a45626f15d121366d21c687e7ad (diff)
download	strongswan-d8fe354a0e3a41d7d400a44fd2865312782db5df.tar.bz2 strongswan-d8fe354a0e3a41d7d400a44fd2865312782db5df.tar.xz