diff options
-rw-r--r-- | nhrpd/linux.c | 2 | ||||
-rw-r--r-- | nhrpd/netlink.h | 2 | ||||
-rw-r--r-- | nhrpd/netlink_arp.c | 13 | ||||
-rw-r--r-- | nhrpd/nhrp_event.c | 6 | ||||
-rw-r--r-- | nhrpd/nhrp_peer.c | 6 | ||||
-rw-r--r-- | nhrpd/nhrp_protocol.h | 1 | ||||
-rw-r--r-- | nhrpd/nhrp_vty.c | 2 | ||||
-rw-r--r-- | nhrpd/nhrpd.h | 2 | ||||
-rw-r--r-- | nhrpd/vici.c | 30 | ||||
-rw-r--r-- | nhrpd/znl.c | 6 |
10 files changed, 48 insertions, 22 deletions
diff --git a/nhrpd/linux.c b/nhrpd/linux.c index 75a16eab3..88804a87d 100644 --- a/nhrpd/linux.c +++ b/nhrpd/linux.c @@ -105,7 +105,7 @@ static int linux_configure_arp(const char *iface, int on) { struct ifreq ifr; - strncpy(ifr.ifr_name, iface, IFNAMSIZ); + strncpy(ifr.ifr_name, iface, IFNAMSIZ - 1); if (ioctl(nhrp_socket_fd, SIOCGIFFLAGS, &ifr)) return -1; diff --git a/nhrpd/netlink.h b/nhrpd/netlink.h index f05596ba1..e8dc22adf 100644 --- a/nhrpd/netlink.h +++ b/nhrpd/netlink.h @@ -15,7 +15,7 @@ struct interface; extern int netlink_nflog_group; extern int netlink_req_fd; -int netlink_init(void); +void netlink_init(void); int netlink_configure_arp(unsigned int ifindex, int pf); void netlink_update_binding(struct interface *ifp, union sockunion *proto, union sockunion *nbma); void netlink_set_nflog_group(int nlgroup); diff --git a/nhrpd/netlink_arp.c b/nhrpd/netlink_arp.c index 2b222e3c5..425526ced 100644 --- a/nhrpd/netlink_arp.c +++ b/nhrpd/netlink_arp.c @@ -230,20 +230,27 @@ void netlink_set_nflog_group(int nlgroup) netlink_nflog_group = nlgroup; if (nlgroup) { netlink_log_fd = znl_open(NETLINK_NETFILTER, 0); + if (netlink_log_fd < 0) + return; + netlink_log_register(netlink_log_fd, nlgroup); thread_add_read(master, netlink_log_recv, 0, netlink_log_fd, &netlink_log_thread); } } -int netlink_init(void) +void netlink_init(void) { netlink_req_fd = znl_open(NETLINK_ROUTE, 0); + if (netlink_req_fd < 0) + return; + netlink_listen_fd = znl_open(NETLINK_ROUTE, RTMGRP_NEIGH); + if (netlink_listen_fd < 0) + return; + thread_add_read(master, netlink_route_recv, 0, netlink_listen_fd, NULL); - - return 0; } int netlink_configure_arp(unsigned int ifindex, int pf) diff --git a/nhrpd/nhrp_event.c b/nhrpd/nhrp_event.c index 8a3f820f7..4ee58a43e 100644 --- a/nhrpd/nhrp_event.c +++ b/nhrpd/nhrp_event.c @@ -59,8 +59,10 @@ static void evmgr_recv_message(struct event_manager *evmgr, struct zbuf *zb) buf[len] = 0; debugf(NHRP_DEBUG_EVENT, "evmgr: msg: %s", buf); - sscanf(buf, "eventid=%d", &eventid); - sscanf(buf, "result=%63s", result); + if (sscanf(buf, "eventid=%d", &eventid) != 1) + continue; + if (sscanf(buf, "result=%63s", result) != 1) + continue; } debugf(NHRP_DEBUG_EVENT, "evmgr: received: eventid=%d result=%s", eventid, result); if (eventid && result[0]) { diff --git a/nhrpd/nhrp_peer.c b/nhrpd/nhrp_peer.c index f1cf62a59..4ee9afbd5 100644 --- a/nhrpd/nhrp_peer.c +++ b/nhrpd/nhrp_peer.c @@ -598,6 +598,10 @@ static struct { const char *name; void (*handler)(struct nhrp_packet_parser *); } packet_types[] = { + [0] = { + .type = PACKET_UNKNOWN, + .name = "UNKNOWN", + }, [NHRP_PACKET_RESOLUTION_REQUEST] = { .type = PACKET_REQUEST, .name = "Resolution-Request", @@ -797,7 +801,7 @@ void nhrp_peer_recv(struct nhrp_peer *p, struct zbuf *zb) nbma_afi = htons(hdr->afnum); proto_afi = proto2afi(htons(hdr->protocol_type)); - if (hdr->type > ZEBRA_NUM_OF(packet_types) || + if (hdr->type > NHRP_PACKET_MAX || hdr->version != NHRP_VERSION_RFC2332 || nbma_afi >= AFI_MAX || proto_afi == AF_UNSPEC || packet_types[hdr->type].type == PACKET_UNKNOWN || diff --git a/nhrpd/nhrp_protocol.h b/nhrpd/nhrp_protocol.h index a4bc9fa6b..d5f120ea0 100644 --- a/nhrpd/nhrp_protocol.h +++ b/nhrpd/nhrp_protocol.h @@ -26,6 +26,7 @@ #define NHRP_PACKET_PURGE_REPLY 6 #define NHRP_PACKET_ERROR_INDICATION 7 #define NHRP_PACKET_TRAFFIC_INDICATION 8 +#define NHRP_PACKET_MAX 8 /* NHRP Extension Types */ #define NHRP_EXTENSION_FLAG_COMPULSORY 0x8000 diff --git a/nhrpd/nhrp_vty.c b/nhrpd/nhrp_vty.c index ae5bd6e23..20ef17de0 100644 --- a/nhrpd/nhrp_vty.c +++ b/nhrpd/nhrp_vty.c @@ -74,7 +74,7 @@ static int nhrp_vty_return(struct vty *vty, int ret) if (ret == NHRP_OK) return CMD_SUCCESS; - if (ret > 0 && ret <= (int)ZEBRA_NUM_OF(errmsgs)) + if (ret > 0 && ret <= NHRP_ERR_MAX) if (errmsgs[ret]) str = errmsgs[ret]; diff --git a/nhrpd/nhrpd.h b/nhrpd/nhrpd.h index 9a4f26d57..307137196 100644 --- a/nhrpd/nhrpd.h +++ b/nhrpd/nhrpd.h @@ -35,7 +35,9 @@ enum { NHRP_ERR_ENTRY_EXISTS, NHRP_ERR_ENTRY_NOT_FOUND, NHRP_ERR_PROTOCOL_ADDRESS_MISMATCH, + __NHRP_ERR_MAX }; +#define NHRP_ERR_MAX (__NHRP_ERR_MAX - 1) struct notifier_block; diff --git a/nhrpd/vici.c b/nhrpd/vici.c index 18faca2d5..fd01a4534 100644 --- a/nhrpd/vici.c +++ b/nhrpd/vici.c @@ -27,13 +27,13 @@ struct blob { static int blob_equal(const struct blob *b, const char *str) { - if (b->len != (int) strlen(str)) return 0; + if (!b || b->len != (int) strlen(str)) return 0; return memcmp(b->ptr, str, b->len) == 0; } static int blob2buf(const struct blob *b, char *buf, size_t n) { - if (b->len >= (int) n) return 0; + if (!b || b->len >= (int) n) return 0; memcpy(buf, b->ptr, b->len); buf[b->len] = 0; return 1; @@ -82,8 +82,8 @@ static void vici_parse_message( struct vici_message_ctx *ctx) { uint8_t *type; - struct blob key; - struct blob val; + struct blob key = { 0 }; + struct blob val = { 0 }; while ((type = zbuf_may_pull(msg, uint8_t)) != NULL) { switch (*type) { @@ -178,11 +178,15 @@ static void parse_sa_message( } break; default: + if (!key) + break; + switch (key->ptr[0]) { case 'l': if (blob_equal(key, "local-host") && ctx->nsections == 1) { if (blob2buf(val, buf, sizeof(buf))) - str2sockunion(buf, &sactx->local.host); + if (str2sockunion(buf, &sactx->local.host) < 0) + zlog_err("VICI: bad strongSwan local-host: %s", buf); } else if (blob_equal(key, "local-id") && ctx->nsections == 1) { sactx->local.id = *val; } else if (blob_equal(key, "local-cert-data") && ctx->nsections == 1) { @@ -192,7 +196,8 @@ static void parse_sa_message( case 'r': if (blob_equal(key, "remote-host") && ctx->nsections == 1) { if (blob2buf(val, buf, sizeof(buf))) - str2sockunion(buf, &sactx->remote.host); + if (str2sockunion(buf, &sactx->remote.host) < 0) + zlog_err("VICI: bad strongSwan remote-host: %s", buf); } else if (blob_equal(key, "remote-id") && ctx->nsections == 1) { sactx->remote.id = *val; } else if (blob_equal(key, "remote-cert-data") && ctx->nsections == 1) { @@ -261,6 +266,7 @@ static void vici_recv_message(struct vici_conn *vici, struct zbuf *msg) uint32_t msglen; uint8_t msgtype; struct blob name; + struct vici_message_ctx ctx; msglen = zbuf_get_be32(msg); msgtype = zbuf_get8(msg); @@ -283,7 +289,7 @@ static void vici_recv_message(struct vici_conn *vici, struct zbuf *msg) vici_recv_sa(vici, msg, 2); break; case VICI_CMD_RESPONSE: - vici_parse_message(vici, msg, parse_cmd_response, 0); + vici_parse_message(vici, msg, parse_cmd_response, &ctx); break; case VICI_EVENT_UNKNOWN: case VICI_CMD_UNKNOWN: @@ -381,8 +387,6 @@ static void vici_submit_request(struct vici_conn *vici, const char *name, ...) zbuf_put_be16(obuf, len); zbuf_put(obuf, va_arg(va, void *), len); break; - case VICI_END: - break; default: break; } @@ -491,7 +495,7 @@ int sock_open_unix(const char *path) memset(&addr, 0, sizeof (struct sockaddr_un)); addr.sun_family = AF_UNIX; - strncpy(addr.sun_path, path, strlen (path)); + strncpy(addr.sun_path, path, sizeof(addr.sun_path) - 1); ret = connect(fd, (struct sockaddr *) &addr, sizeof(addr.sun_family) + strlen(addr.sun_path)); if (ret < 0) { @@ -499,7 +503,11 @@ int sock_open_unix(const char *path) return -1; } - fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK); + ret = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK); + if (ret < 0) { + close(fd); + return -1; + } return fd; } diff --git a/nhrpd/znl.c b/nhrpd/znl.c index 2216d97eb..5e9864c4d 100644 --- a/nhrpd/znl.c +++ b/nhrpd/znl.c @@ -141,8 +141,10 @@ int znl_open(int protocol, int groups) if (fd < 0) return -1; - fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK); - fcntl(fd, F_SETFD, FD_CLOEXEC); + if (fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK) < 0) + goto error; + if (fcntl(fd, F_SETFD, FD_CLOEXEC) < 0) + goto error; if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &buf, sizeof(buf)) < 0) goto error; |