[Swan-commit] Changes to ref refs/heads/master
D. Hugh Redelmeier
hugh at vault.libreswan.fi
Thu Jan 10 02:18:32 UTC 2019
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Jan 9 21:12:25 2019 -0500
pluto: fix two bugs in parse_redirect_payload and one in allow_to_be_redirected; simplify
- stack smash: if the gateway is GW_FQDN, the ID string was read over a
pointer in the stack (&gw_identity.ptr). Of course the pointer will
be garbage, but if the string is longer than a pointer, other things
on the stack will be over-written.
- if the gateway is GW_FQDN, the string is assumed to be NUL-terminated.
On the wire it should not be, so this assumption is wrong.
- eliminate a redundant argument "global_red". The same information
is indicated by whether nonce is NULL.
- reduce scope of variables
- remove redundant initializers: they can only serve to mask real bugs
- strtok scribbles on its first argument. Since allow_to_be_redirected
called strtok with its allowed_targets_list argument, that was being
scribbled upon. Direct and indirect callers were not coded taking
this into account.
Fix: rewrite using strspn and strcspn; sprinkle const to enforce.
None of these were found by testing.
More comprehensive testing might reveal more problems.
These fixes are not well tested.
More information about the Swan-commit