Navigation Menu

Skip to content

Commit

Permalink
Originally from Bin Li: Fix a crash with racoonctl logout user.
Browse files Browse the repository at this point in the history
  • Loading branch information
tteras committed Apr 20, 2009
1 parent c7f5847 commit a953b78
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 9 deletions.
12 changes: 7 additions & 5 deletions crypto/dist/ipsec-tools/src/racoon/admin.c
View file
@@ -1,4 +1,4 @@
/* $NetBSD: admin.c,v 1.17.6.2 2008/06/18 07:30:19 mgrooms Exp $ */
/* $NetBSD: admin.c,v 1.17.6.3 2009/04/20 13:32:57 tteras Exp $ */

/* Id: admin.c,v 1.25 2006/04/06 14:31:04 manubsd Exp */

Expand Down Expand Up @@ -307,16 +307,18 @@ admin_process(so2, combuf)
#ifdef ENABLE_HYBRID
case ADMIN_LOGOUT_USER: {
struct ph1handle *iph1;
char *user;
int found = 0;
char user[LOGINLEN+1];
int found = 0, len = com->ac_len - sizeof(com);

if (com->ac_len > sizeof(com) + LOGINLEN + 1) {
if (len > LOGINLEN) {
plog(LLV_ERROR, LOCATION, NULL,
"malformed message (login too long)\n");
break;
}

user = (char *)(com + 1);
memcpy(user, (char *)(com + 1), len);
user[len] = 0;

found = purgeph1bylogin(user);
plog(LLV_INFO, LOCATION, NULL,
"deleted %d SA for user \"%s\"\n", found, user);
Expand Down
10 changes: 6 additions & 4 deletions crypto/dist/ipsec-tools/src/racoon/racoonctl.c
View file
@@ -1,4 +1,4 @@
/* $NetBSD: racoonctl.c,v 1.7.6.1 2008/07/15 00:55:48 mgrooms Exp $ */
/* $NetBSD: racoonctl.c,v 1.7.6.2 2009/04/20 13:32:57 tteras Exp $ */

/* Id: racoonctl.c,v 1.11 2006/04/06 17:06:25 manubsd Exp */

Expand Down Expand Up @@ -834,15 +834,17 @@ f_logoutusr(ac, av)
vchar_t *buf;
struct admin_com *head;
char *user;
size_t userlen;

/* need username */
if (ac < 1)
errx(1, "insufficient arguments");
user = av[0];
if ((user == NULL) || (strlen(user) > LOGINLEN))
userlen = strlen(user);
if ((user == NULL) || (userlen > LOGINLEN))
errx(1, "bad login (too long?)");

buf = vmalloc(sizeof(*head) + strlen(user) + 1);
buf = vmalloc(sizeof(*head) + userlen);
if (buf == NULL)
return NULL;

Expand All @@ -852,7 +854,7 @@ f_logoutusr(ac, av)
head->ac_errno = 0;
head->ac_proto = 0;

strncpy((char *)(head + 1), user, LOGINLEN);
strncpy((char *)(head + 1), user, userlen);

return buf;
}
Expand Down

0 comments on commit a953b78

Please sign in to comment.