Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check return values for chdir and asprintf #44

Merged
merged 2 commits into from
Nov 9, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions src/config.c
Original file line number Diff line number Diff line change
Expand Up @@ -369,7 +369,7 @@ static const char *config_def_app_version(void)
char *version;

uname(&uts);
asprintf(&version, "Cisco Systems VPN Client %s:%s", VERSION, uts.sysname);
ASPRINTF(&version, "Cisco Systems VPN Client %s:%s", VERSION, uts.sysname);
return version;
}

Expand Down Expand Up @@ -686,7 +686,7 @@ static char *get_config_filename(const char *name, int add_dot_conf)
{
char *realname;

asprintf(&realname, "%s%s%s", strchr(name, '/') ? "" : "/etc/vpnc/", name, add_dot_conf ? ".conf" : "");
ASPRINTF(&realname, "%s%s%s", strchr(name, '/') ? "" : "/etc/vpnc/", name, add_dot_conf ? ".conf" : "");
return realname;
}

Expand Down Expand Up @@ -1019,14 +1019,14 @@ void do_config(int argc, char **argv)
printf("Enter IPSec ID for %s: ", config[CONFIG_IPSEC_GATEWAY]);
break;
case CONFIG_IPSEC_SECRET:
asprintf(&prompt, "Enter IPSec secret for %s@%s: ",
ASPRINTF(&prompt, "Enter IPSec secret for %s@%s: ",
config[CONFIG_IPSEC_ID], config[CONFIG_IPSEC_GATEWAY]);
break;
case CONFIG_XAUTH_USERNAME:
printf("Enter username for %s: ", config[CONFIG_IPSEC_GATEWAY]);
break;
case CONFIG_XAUTH_PASSWORD:
asprintf(&prompt, "Enter password for %s@%s: ",
ASPRINTF(&prompt, "Enter password for %s@%s: ",
config[CONFIG_XAUTH_USERNAME],
config[CONFIG_IPSEC_GATEWAY]);
break;
Expand Down
6 changes: 4 additions & 2 deletions src/tunip.c
Original file line number Diff line number Diff line change
Expand Up @@ -1144,7 +1144,8 @@ void vpnc_doit(struct sa_block *s)

/* save cwd */
cwd = get_current_dir_name();
chdir("/");
if (chdir("/"))
fprintf(stderr, "Failed to chdir to /");

if (!opt_nd) {
pid_t pid;
Expand Down Expand Up @@ -1173,7 +1174,8 @@ void vpnc_doit(struct sa_block *s)
vpnc_main_loop(s);

/* restore cwd */
chdir(cwd);
if (chdir(cwd))
fprintf(stderr, "Failed to chdir to %s", cwd);
free(cwd);

if (pidfile)
Expand Down
56 changes: 34 additions & 22 deletions src/vpnc.c
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,21 @@ static void addenv_ipv4(const void *name, uint8_t * data)
addenv(name, inet_ntoa(*((struct in_addr *)data)));
}

static void run_script(const char *reason)
{
int ret;

setenv("reason", reason, 1);
ret = system(config[CONFIG_SCRIPT]);

if (ret == -1)
error(1, errno, "failed to create child process");
else if (!WIFEXITED(ret) || WEXITSTATUS(ret) == 127)
fprintf(stderr, "failed to execute %s script\n", reason);
else
DEBUG(2, printf("%s script returned %d\n", reason, WEXITSTATUS(ret)));
}

static int make_socket(struct sa_block *s, uint16_t src_port, uint16_t dst_port)
{
int sock;
Expand Down Expand Up @@ -324,8 +339,7 @@ static void init_netaddr(struct in_addr *net, const char *string)

static void setup_tunnel(struct sa_block *s)
{
setenv("reason", "pre-init", 1);
system(config[CONFIG_SCRIPT]);
run_script("pre-init");

if (config[CONFIG_IF_NAME])
memcpy(s->tun_name, config[CONFIG_IF_NAME], strlen(config[CONFIG_IF_NAME]));
Expand Down Expand Up @@ -359,7 +373,7 @@ static void setup_tunnel(struct sa_block *s)
}
if (mtu > 0) {
char *strbuf;
asprintf(&strbuf, "%d", mtu);
ASPRINTF(&strbuf, "%d", mtu);
setenv("INTERNAL_IP4_MTU", strbuf, 1);
free(strbuf);
}
Expand All @@ -377,16 +391,14 @@ static void atexit_close(void)
static void config_tunnel(struct sa_block *s)
{
setenv("VPNGATEWAY", inet_ntoa(s->dst), 1);
setenv("reason", "connect", 1);
system(config[CONFIG_SCRIPT]);
run_script("connect");
s_atexit_sa = s;
atexit(atexit_close);
}

static void close_tunnel(struct sa_block *s)
{
setenv("reason", "disconnect", 1);
system(config[CONFIG_SCRIPT]);
run_script("disconnect");
tun_close(s->tun_fd, s->tun_name);
}

Expand Down Expand Up @@ -971,7 +983,7 @@ static int do_config_to_env(struct sa_block *s, struct isakmp_attribute *a)
else {
uint32_t netaddr = s->our_address.s_addr & ((struct in_addr *)(a->u.lots.data))->s_addr;
addenv_ipv4("INTERNAL_IP4_NETMASK", a->u.lots.data);
asprintf(&strbuf, "%d", mask_to_masklen(*((struct in_addr *)a->u.lots.data)));
ASPRINTF(&strbuf, "%d", mask_to_masklen(*((struct in_addr *)a->u.lots.data)));
setenv("INTERNAL_IP4_NETMASKLEN", strbuf, 1);
free(strbuf);
addenv_ipv4("INTERNAL_IP4_NETADDR", (uint8_t *)&netaddr);
Expand Down Expand Up @@ -1048,47 +1060,47 @@ static int do_config_to_env(struct sa_block *s, struct isakmp_attribute *a)
}

DEBUG(2, printf("got %d acls for split include\n", a->u.acl.count));
asprintf(&strbuf, "%d", a->u.acl.count);
ASPRINTF(&strbuf, "%d", a->u.acl.count);
setenv("CISCO_SPLIT_INC", strbuf, 1);
free(strbuf);

for (i = 0; i < a->u.acl.count; i++) {
DEBUG(2, printf("acl %d: ", i));
/* NOTE: inet_ntoa returns one static buffer */

asprintf(&strbuf, "CISCO_SPLIT_INC_%d_ADDR", i);
asprintf(&strbuf2, "%s", inet_ntoa(a->u.acl.acl_ent[i].addr));
ASPRINTF(&strbuf, "CISCO_SPLIT_INC_%d_ADDR", i);
ASPRINTF(&strbuf2, "%s", inet_ntoa(a->u.acl.acl_ent[i].addr));
DEBUG(2, printf("addr: %s/", strbuf2));
setenv(strbuf, strbuf2, 1);
free(strbuf); free(strbuf2);

asprintf(&strbuf, "CISCO_SPLIT_INC_%d_MASK", i);
asprintf(&strbuf2, "%s", inet_ntoa(a->u.acl.acl_ent[i].mask));
ASPRINTF(&strbuf, "CISCO_SPLIT_INC_%d_MASK", i);
ASPRINTF(&strbuf2, "%s", inet_ntoa(a->u.acl.acl_ent[i].mask));
DEBUG(2, printf("%s ", strbuf2));
setenv(strbuf, strbuf2, 1);
free(strbuf); free(strbuf2);

/* this is just here because ip route does not accept netmasks */
asprintf(&strbuf, "CISCO_SPLIT_INC_%d_MASKLEN", i);
asprintf(&strbuf2, "%d", mask_to_masklen(a->u.acl.acl_ent[i].mask));
ASPRINTF(&strbuf, "CISCO_SPLIT_INC_%d_MASKLEN", i);
ASPRINTF(&strbuf2, "%d", mask_to_masklen(a->u.acl.acl_ent[i].mask));
DEBUG(2, printf("(%s), ", strbuf2));
setenv(strbuf, strbuf2, 1);
free(strbuf); free(strbuf2);

asprintf(&strbuf, "CISCO_SPLIT_INC_%d_PROTOCOL", i);
asprintf(&strbuf2, "%hu", a->u.acl.acl_ent[i].protocol);
ASPRINTF(&strbuf, "CISCO_SPLIT_INC_%d_PROTOCOL", i);
ASPRINTF(&strbuf2, "%hu", a->u.acl.acl_ent[i].protocol);
DEBUG(2, printf("protocol: %s, ", strbuf2));
setenv(strbuf, strbuf2, 1);
free(strbuf); free(strbuf2);

asprintf(&strbuf, "CISCO_SPLIT_INC_%d_SPORT", i);
asprintf(&strbuf2, "%hu", a->u.acl.acl_ent[i].sport);
ASPRINTF(&strbuf, "CISCO_SPLIT_INC_%d_SPORT", i);
ASPRINTF(&strbuf2, "%hu", a->u.acl.acl_ent[i].sport);
DEBUG(2, printf("sport: %s, ", strbuf2));
setenv(strbuf, strbuf2, 1);
free(strbuf); free(strbuf2);

asprintf(&strbuf, "CISCO_SPLIT_INC_%d_DPORT", i);
asprintf(&strbuf2, "%hu", a->u.acl.acl_ent[i].dport);
ASPRINTF(&strbuf, "CISCO_SPLIT_INC_%d_DPORT", i);
ASPRINTF(&strbuf2, "%hu", a->u.acl.acl_ent[i].dport);
DEBUG(2, printf("dport: %s\n", strbuf2));
setenv(strbuf, strbuf2, 1);
free(strbuf); free(strbuf2);
Expand Down Expand Up @@ -2366,7 +2378,7 @@ static int do_phase2_xauth(struct sa_block *s)
} else if (seen_answer || passwd_used || config[CONFIG_XAUTH_INTERACTIVE]) {
char *pass, *prompt = NULL;

asprintf(&prompt, "%s for VPN %s@%s: ",
ASPRINTF(&prompt, "%s for VPN %s@%s: ",
(ap->type == ISAKMP_XAUTH_06_ATTRIB_ANSWER) ?
"Answer" :
(ap->type == ISAKMP_XAUTH_06_ATTRIB_USER_PASSWORD) ?
Expand Down
3 changes: 3 additions & 0 deletions src/vpnc.h
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,15 @@
#define VPNC_VPNC_H

#include "tunip.h"
#include "syslog.h"

void process_late_ike(struct sa_block *s, uint8_t *r_packet, ssize_t r_length);
void keepalive_ike(struct sa_block *s);
void dpd_ike(struct sa_block *s);
void print_vid(const unsigned char *vid, uint16_t len);
void rekey_phase1(struct sa_block *s);

#define ASPRINTF(strp, ...) if (asprintf(strp, __VA_ARGS__) < 0) \
{ if (**strp) { free(*strp);} logmsg(LOG_ERR, "Failed to call asprintf() at %s:%d", __FILE__, __LINE__);}

#endif /* VPNC_VPNC_H */