diff options
| author | Sander Vrijders <sander.vrijders@ugent.be> | 2018-09-27 11:36:42 +0200 |
|---|---|---|
| committer | Dimitri Staessens <dimitri.staessens@ugent.be> | 2018-09-27 13:59:29 +0200 |
| commit | c166a030a1be0e4006605dd12190741986e0f9f2 (patch) | |
| tree | 35402df575984b3e9d78d28d2f09b3db75b5675b | |
| parent | af6756b94bb8c78d2d09a28966427e68b95c5a93 (diff) | |
| download | ouroboros-c166a030a1be0e4006605dd12190741986e0f9f2.tar.gz ouroboros-c166a030a1be0e4006605dd12190741986e0f9f2.zip | |
tools: Fix memleaks and buffer overflows in irm tool
This fixes some memleaks and potential buffer overflows in the irm
tool.
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
| -rw-r--r-- | include/ouroboros/ipcp.h | 4 | ||||
| -rw-r--r-- | src/tools/irm/irm_ipcp_bootstrap.c | 7 | ||||
| -rw-r--r-- | src/tools/irm/irm_ipcp_destroy.c | 1 | ||||
| -rw-r--r-- | src/tools/irm/irm_unregister.c | 7 |
4 files changed, 14 insertions, 5 deletions
diff --git a/include/ouroboros/ipcp.h b/include/ouroboros/ipcp.h index c7013f08..e423a015 100644 --- a/include/ouroboros/ipcp.h +++ b/include/ouroboros/ipcp.h @@ -27,7 +27,7 @@ #include <unistd.h> #include <stdbool.h> -#define LAYER_NAME_SIZE 256 +#define LAYER_NAME_SIZE 255 /* * NOTE: the IRMd uses this order to select an IPCP @@ -67,7 +67,7 @@ enum pol_dir_hash { /* Info reported back to the IRMd about the layer on enrollment */ struct layer_info { - char layer_name[LAYER_NAME_SIZE]; + char layer_name[LAYER_NAME_SIZE + 1]; int dir_hash_algo; }; diff --git a/src/tools/irm/irm_ipcp_bootstrap.c b/src/tools/irm/irm_ipcp_bootstrap.c index e1f75956..3d9386ad 100644 --- a/src/tools/irm/irm_ipcp_bootstrap.c +++ b/src/tools/irm/irm_ipcp_bootstrap.c @@ -287,10 +287,15 @@ int do_bootstrap_ipcp(int argc, if (autobind && conf.type != IPCP_NORMAL) { printf("Can only bind normal IPCPs, " - "autobind disabled.\n"); + "autobind disabled.\n\n"); autobind = false; } + if (strlen(layer) > LAYER_NAME_SIZE) { + printf("Layer name too big.\n\n"); + goto fail_usage; + } + strcpy(conf.layer_info.layer_name, layer); if (conf.type != IPCP_UDP) conf.layer_info.dir_hash_algo = hash_algo; diff --git a/src/tools/irm/irm_ipcp_destroy.c b/src/tools/irm/irm_ipcp_destroy.c index cb86b167..2d5ed983 100644 --- a/src/tools/irm/irm_ipcp_destroy.c +++ b/src/tools/irm/irm_ipcp_destroy.c @@ -89,6 +89,7 @@ int do_destroy_ipcp(int argc, break; } + free(ipcps); return 0; fail_destroy: diff --git a/src/tools/irm/irm_unregister.c b/src/tools/irm/irm_unregister.c index 52491b42..137bc7e9 100644 --- a/src/tools/irm/irm_unregister.c +++ b/src/tools/irm/irm_unregister.c @@ -69,7 +69,7 @@ int do_unregister(int argc, char ** argv) char * ipcp[MAX_IPCPS]; size_t ipcp_len = 0; struct ipcp_info * ipcps; - size_t len; + ssize_t len; size_t i; while (argc > 0) { @@ -103,7 +103,10 @@ int do_unregister(int argc, char ** argv) } len = irm_list_ipcps(&ipcps); - for (i = 0; i < len; ++i) { + if (len < 0) + return -1; + + for (i = 0; i < (size_t) len; ++i) { size_t j; for (j = 0; j < layers_len; j++) { if (wildcard_match(ipcps[i].layer, layers[j]) == 0) { |