Correct length of buffers used for inet_ntop

src/lib/packet.c

@@ -953,8 +953,8 @@ uint32_t fr_packet_list_num_outgoing(fr_packet_list_t *pl)
  */
 void fr_packet_header_print(FILE *fp, RADIUS_PACKET *packet, bool received)
 {
-	char src_ipaddr[128];
-	char dst_ipaddr[128];
+	char src_ipaddr[INET6_ADDRSTRLEN];
+	char dst_ipaddr[INET6_ADDRSTRLEN];
 
 	if (!fp) return;
 	if (!packet) return;

src/lib/radius.c

@@ -196,7 +196,7 @@ void rad_print_hex(RADIUS_PACKET *packet)
 #endif
 
 	if (packet->src_ipaddr.af == AF_INET) {
-		char buffer[32];
+		char buffer[INET6_ADDRSTRLEN];
 
 		fprintf(fr_log_fp, "  Src IP:\t%s\n",
 			inet_ntop(packet->src_ipaddr.af,
@@ -2307,7 +2307,7 @@ bool rad_packet_ok(RADIUS_PACKET *packet, int flags, decode_fail_t *reason)
 	size_t			totallen;
 	int			count;
 	radius_packet_t		*hdr;
-	char			host_ipaddr[128];
+	char			host_ipaddr[INET6_ADDRSTRLEN];
 	bool			require_ma = false;
 	bool			seen_ma = false;
 	uint32_t		num_attributes;
@@ -2714,7 +2714,7 @@ int rad_verify(RADIUS_PACKET *packet, RADIUS_PACKET *original, char const *secre
 	int		length;
 	int		attrlen;
 	int		rcode;
-	char		buffer[32];
+	char		buffer[INET6_ADDRSTRLEN];
 
 	if (!packet || !packet->data) return -1;
 
@@ -4129,7 +4129,7 @@ int rad_decode(RADIUS_PACKET *packet, RADIUS_PACKET *original,
 		 */
 		if ((fr_max_attributes > 0) &&
 		    (num_attributes > fr_max_attributes)) {
-			char host_ipaddr[128];
+			char host_ipaddr[INET6_ADDRSTRLEN];
 
 			fr_pair_list_free(&head);
 			fr_strerror_printf("Possible DoS attack from host %s: Too many attributes in request (received %d, max %d are allowed).",

src/lib/tcp.c

@@ -153,7 +153,7 @@ int fr_tcp_read_packet(RADIUS_PACKET *packet, int flags)
 	packet->vps = NULL;
 
 	if (fr_debug_lvl) {
-		char ip_buf[128], buffer[256];
+		char ip_buf[INET6_ADDRSTRLEN], buffer[256];
 
 		if (packet->src_ipaddr.af != AF_UNSPEC) {
 			inet_ntop(packet->src_ipaddr.af,

src/main/command.c

@@ -856,7 +856,7 @@ static void cprint_conf_parser(rad_listen_t *listener, int indent, CONF_SECTION
 	 */
 	if (variables) for (i = 0; variables[i].name != NULL; i++) {
 		void const *data;
-		char buffer[256];
+		char buffer[INET6_ADDRSTRLEN];
 
 		/*
 		 *	No base struct offset, data must be the pointer.
@@ -1096,7 +1096,7 @@ static int command_show_home_servers(rad_listen_t *listener, UNUSED int argc, UN
 	home_server_t *home;
 	char const *type, *state, *proto;
 
-	char buffer[256];
+	char buffer[INET6_ADDRSTRLEN];
 
 	for (i = 0; i < 256; i++) {
 		home = home_server_bynumber(i);
@@ -1853,11 +1853,11 @@ static int command_inject_file(rad_listen_t *listener, int argc, char *argv[])
 
 	if (rad_debug_lvl) {
 		DEBUG("Injecting %s packet from host %s port 0 code=%d, id=%d",
-				fr_packet_codes[packet->code],
-				inet_ntop(packet->src_ipaddr.af,
-					  &packet->src_ipaddr.ipaddr,
-					  buffer, sizeof(buffer)),
-				packet->code, packet->id);
+		      fr_packet_codes[packet->code],
+		      inet_ntop(packet->src_ipaddr.af,
+				&packet->src_ipaddr.ipaddr,
+				buffer, sizeof(buffer)),
+		      packet->code, packet->id);
 
 		for (vp = fr_cursor_init(&cursor, &packet->vps);
 		     vp;

src/main/listen.c

@@ -108,7 +108,7 @@ RADCLIENT *client_listener_find(rad_listen_t *listener,
 
 	client = client_find(clients, ipaddr, sock->proto);
 	if (!client) {
-		char name[256], buffer[128];
+		char name[256], buffer[INET6_ADDRSTRLEN];
 
 #ifdef WITH_DYNAMIC_CLIENTS
 	unknown:		/* used only for dynamic clients */
@@ -894,8 +894,8 @@ int common_socket_print(rad_listen_t const *this, char *buffer, size_t bufsize)
  */
 void common_packet_debug(REQUEST *request, RADIUS_PACKET *packet, bool received)
 {
-	char src_ipaddr[128];
-	char dst_ipaddr[128];
+	char src_ipaddr[INET6_ADDRSTRLEN];
+	char dst_ipaddr[INET6_ADDRSTRLEN];
 
 	if (!packet) return;
 	if (!RDEBUG_ENABLED) return;

src/main/process.c

@@ -499,9 +499,10 @@ static void request_free(REQUEST *request)
 #ifdef WITH_PROXY
 static void proxy_reply_too_late(REQUEST *request)
 {
-	char buffer[128];
+	char buffer[INET6_ADDRSTRLEN];
 
-	RDEBUG2("Reply from home server %s port %d  - ID: %d arrived too late.  Try increasing 'retry_delay' or 'max_request_time'",
+	RDEBUG2("Reply from home server %s port %d  - ID: %d arrived too late.  "
+		"Try increasing 'retry_delay' or 'max_request_time'",
 		inet_ntop(request->proxy->dst_ipaddr.af,
 			  &request->proxy->dst_ipaddr.ipaddr,
 			  buffer, sizeof(buffer)),
@@ -2137,7 +2138,7 @@ static void remove_from_proxy_hash(REQUEST *request)
 
 static int insert_into_proxy_hash(REQUEST *request)
 {
-	char buf[128];
+	char buffer[INET6_ADDRSTRLEN];
 	int tries;
 	bool success = false;
 	void *proxy_listener;
@@ -2240,8 +2241,7 @@ static int insert_into_proxy_hash(REQUEST *request)
 	PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
 
 	RDEBUG3("proxy: allocating destination %s port %d - Id %d",
-	       inet_ntop(request->proxy->dst_ipaddr.af,
-			 &request->proxy->dst_ipaddr.ipaddr, buf, sizeof(buf)),
+	       inet_ntop(request->proxy->dst_ipaddr.af, &request->proxy->dst_ipaddr.ipaddr, buffer, sizeof(buffer)),
 	       request->proxy->dst_port,
 	       request->proxy->id);
 
@@ -2396,7 +2396,7 @@ static int process_proxy_reply(REQUEST *request, RADIUS_PACKET *reply)
 
 static void mark_home_server_alive(REQUEST *request, home_server_t *home)
 {
-	char buffer[128];
+	char buffer[INET6_ADDRSTRLEN];
 
 	home->state = HOME_STATE_ALIVE;
 	home->response_timeouts = 0;
@@ -2421,7 +2421,7 @@ int request_proxy_reply(RADIUS_PACKET *packet)
 	RADIUS_PACKET **proxy_p;
 	REQUEST *request;
 	struct timeval now;
-	char buffer[128];
+	char buffer[INET6_ADDRSTRLEN];
 
 	VERIFY_PACKET(packet);
 
@@ -2869,7 +2869,7 @@ static int request_will_proxy(REQUEST *request)
 		 */
 		home = home_server_find(&dst_ipaddr, dst_port, IPPROTO_UDP);
 		if (!home) {
-			char buffer[256];
+			char buffer[INET6_ADDRSTRLEN];
 
 			WARN("No such home server %s port %u",
 			     inet_ntop(dst_ipaddr.af, &dst_ipaddr.ipaddr, buffer, sizeof(buffer)),
@@ -3114,7 +3114,7 @@ static int proxy_to_virtual_server(REQUEST *request)
 
 static int request_proxy(REQUEST *request, int retransmit)
 {
-	char buffer[128];
+	char buffer[INET6_ADDRSTRLEN];
 
 	VERIFY_REQUEST(request);
 
@@ -3306,7 +3306,7 @@ static int request_proxy_anew(REQUEST *request)
 static void request_ping(REQUEST *request, int action)
 {
 	home_server_t *home = request->home_server;
-	char buffer[128];
+	char buffer[INET6_ADDRSTRLEN];
 
 	VERIFY_REQUEST(request);
 
@@ -3565,7 +3565,7 @@ static void home_trigger(home_server_t *home, char const *trigger)
 static void mark_home_server_zombie(home_server_t *home, struct timeval *now, struct timeval *response_window)
 {
 	time_t start;
-	char buffer[128];
+	char buffer[INET6_ADDRSTRLEN];
 
 	ASSERT_MASTER;
 
@@ -3610,10 +3610,10 @@ static void mark_home_server_zombie(home_server_t *home, struct timeval *now, st
 	home->num_sent_pings = 0;
 	home->num_received_pings = 0;
 
-	PROXY( "Marking home server %s port %d as zombie (it has not responded in %d.%06d seconds).",
-	       inet_ntop(home->ipaddr.af, &home->ipaddr.ipaddr,
-			 buffer, sizeof(buffer)),
-	       home->port, (int) response_window->tv_sec, (int) response_window->tv_usec);
+	PROXY("Marking home server %s port %d as zombie (it has not responded in %d.%06d seconds).",
+	      inet_ntop(home->ipaddr.af, &home->ipaddr.ipaddr,
+			buffer, sizeof(buffer)),
+	      home->port, (int) response_window->tv_sec, (int) response_window->tv_usec);
 
 	ping_home_server(home);
 }
@@ -3622,7 +3622,7 @@ static void mark_home_server_zombie(home_server_t *home, struct timeval *now, st
 void revive_home_server(void *ctx)
 {
 	home_server_t *home = talloc_get_type_abort(ctx, home_server_t);
-	char buffer[128];
+	char buffer[INET6_ADDRSTRLEN];
 
 #ifdef WITH_TCP
 	rad_assert(home->proto != IPPROTO_TCP);
@@ -3640,16 +3640,15 @@ void revive_home_server(void *ctx)
 	ASSERT_MASTER;
 	if (home->ev) fr_event_delete(el, &home->ev);
 
-	PROXY( "Marking home server %s port %d alive again... we have no idea if it really is alive or not.",
-	       inet_ntop(home->ipaddr.af, &home->ipaddr.ipaddr,
-			 buffer, sizeof(buffer)),
-	       home->port);
+	PROXY("Marking home server %s port %d alive again... we have no idea if it really is alive or not.",
+	      inet_ntop(home->ipaddr.af, &home->ipaddr.ipaddr, buffer, sizeof(buffer)),
+	      home->port);
 }
 
 void mark_home_server_dead(home_server_t *home, struct timeval *when)
 {
 	int previous_state = home->state;
-	char buffer[128];
+	char buffer[INET6_ADDRSTRLEN];
 
 #ifdef WITH_TCP
 	if (home->proto == IPPROTO_TCP) {
@@ -3658,10 +3657,10 @@ void mark_home_server_dead(home_server_t *home, struct timeval *when)
 	}
 #endif
 
-	PROXY( "Marking home server %s port %d as dead.",
-	       inet_ntop(home->ipaddr.af, &home->ipaddr.ipaddr,
-			 buffer, sizeof(buffer)),
-	       home->port);
+	PROXY("Marking home server %s port %d as dead",
+	      inet_ntop(home->ipaddr.af, &home->ipaddr.ipaddr,
+			buffer, sizeof(buffer)),
+	      home->port);
 
 	home->state = HOME_STATE_IS_DEAD;
 	home_trigger(home, "home_server.dead");
@@ -3716,7 +3715,7 @@ static void proxy_wait_for_reply(REQUEST *request, int action)
 	struct timeval now, when;
 	struct timeval *response_window = NULL;
 	home_server_t *home = request->home_server;
-	char buffer[128];
+	char buffer[INET6_ADDRSTRLEN];
 
 	VERIFY_REQUEST(request);
 
@@ -3970,7 +3969,6 @@ static void request_coa_originate(REQUEST *request)
 	VALUE_PAIR *vp;
 	REQUEST *coa;
 	fr_ipaddr_t ipaddr;
-	char buffer[256];
 
 	VERIFY_REQUEST(request);
 
@@ -4049,15 +4047,16 @@ static void request_coa_originate(REQUEST *request)
 
 	} else if (!coa->home_server) {
 		uint16_t port = PW_COA_UDP_PORT;
+		char buffer[INET6_ADDRSTRLEN];
 
 		vp = fr_pair_find_by_num(coa->proxy->vps, PW_PACKET_DST_PORT, 0, TAG_ANY);
 		if (vp) port = vp->vp_integer;
 
 		coa->home_server = home_server_find(&ipaddr, port, IPPROTO_UDP);
 		if (!coa->home_server) {
-			RWDEBUG2("Unknown destination %s:%d for CoA request.",
-			       inet_ntop(ipaddr.af, &ipaddr.ipaddr,
-					 buffer, sizeof(buffer)), port);
+			RWDEBUG2("Unknown destination %s:%d for CoA request",
+				 inet_ntop(ipaddr.af, &ipaddr.ipaddr,
+					   buffer, sizeof(buffer)), port);
 			goto fail;
 		}
 	}
@@ -4201,7 +4200,7 @@ static void coa_retransmit(REQUEST *request)
 {
 	uint32_t delay, frac;
 	struct timeval now, when, mrd;
-	char buffer[128];
+	char buffer[INET6_ADDRSTRLEN];
 
 	VERIFY_REQUEST(request);
 
@@ -4245,10 +4244,10 @@ static void coa_retransmit(REQUEST *request)
 	    (request->num_coa_requests >= request->home_server->coa_mrc)) {
 		RERROR("Failing request - originate-coa ID %u, due to lack of any response from coa server %s port %d",
 		       request->proxy->id,
-			       inet_ntop(request->proxy->dst_ipaddr.af,
-					 &request->proxy->dst_ipaddr.ipaddr,
-					 buffer, sizeof(buffer)),
-			       request->proxy->dst_port);
+		       inet_ntop(request->proxy->dst_ipaddr.af,
+				 &request->proxy->dst_ipaddr.ipaddr,
+				 buffer, sizeof(buffer)),
+		       request->proxy->dst_port);
 
 		if (setup_post_proxy_fail(request)) {
 			request_queue_or_run(request, coa_no_reply);
@@ -4413,7 +4412,7 @@ static void coa_separate(REQUEST *request)
  */
 static void coa_no_reply(REQUEST *request, int action)
 {
-	char buffer[128];
+	char buffer[INET6_ADDRSTRLEN];
 
 	VERIFY_REQUEST(request);
 

src/main/realms.c

@@ -498,7 +498,7 @@ bool realm_home_server_add(home_server_t *home)
 	}
 
 	if (!home->server && (rbtree_finddata(home_servers_byaddr, home) != NULL)) {
-		char buffer[INET6_ADDRSTRLEN + 3];
+		char buffer[INET6_ADDRSTRLEN];
 
 		inet_ntop(home->ipaddr.af, &home->ipaddr.ipaddr, buffer, sizeof(buffer));
 

src/main/tls_listen.c

@@ -302,7 +302,7 @@ static int tls_socket_recv(rad_listen_t *listener)
 	 *	Copied from src/lib/radius.c, rad_recv();
 	 */
 	if (fr_debug_lvl) {
-		char host_ipaddr[128];
+		char host_ipaddr[INET6_ADDRSTRLEN];
 
 		if (is_radius_code(packet->code)) {
 			RDEBUG("tls_recv: %s packet from host %s port %d, id=%d, length=%d",

src/modules/proto_dhcp/dhcpd.c

@@ -895,8 +895,8 @@ static int dhcp_socket_send(rad_listen_t *listener, REQUEST *request)
  */
 static void dhcp_packet_debug(REQUEST *request, RADIUS_PACKET *packet, bool received)
 {
-	char src_ipaddr[128];
-	char dst_ipaddr[128];
+	char src_ipaddr[INET6_ADDRSTRLEN];
+	char dst_ipaddr[INET6_ADDRSTRLEN];
 
 	if (!packet) return;
 	if (!RDEBUG_ENABLED) return;

src/modules/rlm_detail/rlm_detail.c

@@ -321,7 +321,7 @@ static int detail_write(FILE *out, rlm_detail_t *inst, REQUEST *request, RADIUS_
 	if (compat) {
 #ifdef WITH_PROXY
 		if (request->proxy) {
-			char proxy_buffer[128];
+			char proxy_buffer[INET6_ADDRSTRLEN];
 
 			inet_ntop(request->proxy->dst_ipaddr.af, &request->proxy->dst_ipaddr.ipaddr,
 				  proxy_buffer, sizeof(proxy_buffer));

src/modules/rlm_eap/radeapclient.c

@@ -1337,8 +1337,8 @@ static void rc_add_socket(fr_ipaddr_t *src_ipaddr, uint16_t src_port, fr_ipaddr_
 	int mysockfd;
 
 	/* Trace what we're doing. */
-	char src_addr[15+1] = "";
-	char dst_addr[15+1] = "";
+	char src_addr[INET6_ADDRSTRLEN] = "";
+	char dst_addr[INET6_ADDRSTRLEN] = "";
 	inet_ntop(AF_INET, &(src_ipaddr->ipaddr.ip4addr.s_addr), src_addr, sizeof(src_addr));
 	inet_ntop(AF_INET, &(dst_ipaddr->ipaddr.ip4addr.s_addr), dst_addr, sizeof(dst_addr));
 
@@ -1496,7 +1496,7 @@ static int rc_recv_one_packet(struct timeval *tv_wait_time)
 	RADIUS_PACKET *reply, **packet_p;
 	volatile int max_fd;
 	bool ongoing_trans = false;
-	char buffer[128];
+	char buffer[INET6_ADDRSTRLEN];
 
 	/* Wait for reply, timing out as necessary */
 	FD_ZERO(&set);

src/modules/rlm_linelog/rlm_linelog.c

@@ -105,7 +105,7 @@ typedef struct linelog_instance_t {
 		gid_t			group;			//!< Resolved gid.
 		exfile_t		*ef;			//!< Exclusive file access handle.
 		bool			escape;			//!< Do filename escaping, yes / no.
-		xlat_escape_t	escape_func;		//!< Escape function.
+		xlat_escape_t		escape_func;		//!< Escape function.
 	} file;
 
 	struct {