This commit replaces most atoi() calls (which don't report errors) with a strtol()
wrapper function for stronger string -> integer conversion validation.
int offset = 0;
int offset_type = TIME_OFFSET_SECONDS;
int os_len = strlen(offset_str);
+ int is_err;
char offset_digits[MAX_TIME_STR_LEN];
exit(EXIT_FAILURE);
}
- offset = atoi(offset_digits);
-
- if (offset < 0) {
- fprintf(stderr, "Invalid time offset: %s", offset_str);
- exit(EXIT_FAILURE);
- }
+ offset = strtol_wrapper(offset_digits, 0, (2 << 15), EXIT_UPON_ERR, &is_err);
/* Apply the offset_type value
*/
static int
parse_rc_param(fko_cli_options_t *options, const char *var, char * val)
{
- int tmpint;
+ int tmpint, is_err;
/* Digest Type */
if(CONF_VAR_IS(var, "DIGEST_TYPE"))
/* Server port */
else if(CONF_VAR_IS(var, "SPA_SERVER_PORT"))
{
- tmpint = atoi(val);
- if(tmpint < 0 || tmpint > MAX_PORT)
- return(-1);
- else
+ tmpint = strtol_wrapper(val, 0, MAX_PORT, NO_EXIT_UPON_ERR, &is_err);
+ if(is_err == FKO_SUCCESS)
options->spa_dst_port = tmpint;
+ else
+ return(-1);
}
/* Source port */
else if(CONF_VAR_IS(var, "SPA_SOURCE_PORT"))
{
- tmpint = atoi(val);
- if(tmpint < 0 || tmpint > MAX_PORT)
- return(-1);
- else
+ tmpint = strtol_wrapper(val, 0, MAX_PORT, NO_EXIT_UPON_ERR, &is_err);
+ if(is_err == FKO_SUCCESS)
options->spa_src_port = tmpint;
+ else
+ return(-1);
}
/* Firewall rule timeout */
else if(CONF_VAR_IS(var, "FW_TIMEOUT"))
{
- tmpint = atoi(val);
- if(tmpint < 0)
- return(-1);
- else
+ tmpint = strtol_wrapper(val, 0, (2 << 15), NO_EXIT_UPON_ERR, &is_err);
+ if(is_err == FKO_SUCCESS)
options->fw_timeout = tmpint;
+ else
+ return(-1);
+
}
/* Allow IP */
else if(CONF_VAR_IS(var, "ALLOW_IP"))
/* NAT port */
else if(CONF_VAR_IS(var, "NAT_PORT"))
{
- tmpint = atoi(val);
- if(tmpint < 0 || tmpint > MAX_PORT)
- return(-1);
- else
+ tmpint = strtol_wrapper(val, 0, MAX_PORT, NO_EXIT_UPON_ERR, &is_err);
+ if(is_err == FKO_SUCCESS)
options->nat_port = tmpint;
+ else
+ return(-1);
}
return(0);
void
config_init(fko_cli_options_t *options, int argc, char **argv)
{
- int cmd_arg, index;
+ int cmd_arg, index, is_err;
/* Zero out options and opts_track.
*/
strlcpy(options->args_save_file, optarg, MAX_PATH_LEN);
break;
case 'f':
- options->fw_timeout = atoi(optarg);
- if (options->fw_timeout < 0) {
+ options->fw_timeout = strtol_wrapper(optarg, 0,
+ (2 << 15), NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
+ {
fprintf(stderr, "--fw-timeout must be >= 0\n");
exit(EXIT_FAILURE);
}
options->key_gen = 1;
strlcpy(options->key_gen_file, optarg, MAX_PATH_LEN);
case SPA_ICMP_TYPE:
- options->spa_icmp_type = atoi(optarg);
- if (options->spa_icmp_type < 0 || options->spa_icmp_type > MAX_ICMP_TYPE)
+ options->spa_icmp_type = strtol_wrapper(optarg, 0,
+ MAX_ICMP_TYPE, NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
{
fprintf(stderr, "Unrecognized icmp type value: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case SPA_ICMP_CODE:
- options->spa_icmp_code = atoi(optarg);
- if (options->spa_icmp_code < 0 || options->spa_icmp_code > MAX_ICMP_CODE)
+ options->spa_icmp_code = strtol_wrapper(optarg, 0,
+ MAX_ICMP_CODE, NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
{
fprintf(stderr, "Unrecognized icmp code value: %s\n", optarg);
exit(EXIT_FAILURE);
strlcpy(options->nat_access_str, optarg, MAX_LINE_LEN);
break;
case 'p':
- options->spa_dst_port = atoi(optarg);
- if (options->spa_dst_port < 0 || options->spa_dst_port > MAX_PORT)
+ options->spa_dst_port = strtol_wrapper(optarg, 0,
+ MAX_PORT, NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
{
fprintf(stderr, "Unrecognized port: %s\n", optarg);
exit(EXIT_FAILURE);
strlcpy(options->allow_ip_str, "0.0.0.0", MAX_IPV4_STR_LEN);
break;
case 'S':
- options->spa_src_port = atoi(optarg);
- if (options->spa_src_port < 0 || options->spa_src_port > MAX_PORT)
+ options->spa_src_port = strtol_wrapper(optarg, 0,
+ MAX_PORT, NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
{
fprintf(stderr, "Unrecognized port: %s\n", optarg);
exit(EXIT_FAILURE);
options->nat_rand_port = 1;
break;
case NAT_PORT:
- options->nat_port = atoi(optarg);
- if (options->nat_port < 0 || options->nat_port > MAX_PORT)
+ options->nat_port = strtol_wrapper(optarg, 0, MAX_PORT, NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
{
fprintf(stderr, "Unrecognized port: %s\n", optarg);
exit(EXIT_FAILURE);
get_rand_port(fko_ctx_t ctx)
{
char *rand_val = NULL;
+ char port_str[6];
+ int tmpint, is_err;
int port = 0;
int res = 0;
if(res != FKO_SUCCESS)
{
errmsg("get_rand_port(), fko_get_rand_value", res);
+ fko_destroy(ctx);
+ exit(EXIT_FAILURE);
+ }
+
+ strlcpy(port_str, rand_val, 6);
+
+ tmpint = strtol_wrapper(port_str, 0, 0, NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
+ {
+ fprintf(stderr,
+ "[*] get_rand_port(), could not convert rand_val str '%s', to integer",
+ rand_val);
+ fko_destroy(ctx);
exit(EXIT_FAILURE);
}
/* Convert to a random value between 1024 and 65535
*/
- port = (MIN_HIGH_PORT + (abs(atoi(rand_val)) % (MAX_PORT - MIN_HIGH_PORT)));
+ port = (MIN_HIGH_PORT + (tmpint % (MAX_PORT - MIN_HIGH_PORT)));
/* Force libfko to calculate a new random value since we don't want to
- * given anyone a hint (via the port value) about the contents of the
+ * give anyone a hint (via the port value) about the contents of the
* encrypted SPA data.
*/
res = fko_set_rand_value(ctx, NULL);
if(res != FKO_SUCCESS)
{
errmsg("get_rand_port(), fko_get_rand_value", res);
+ fko_destroy(ctx);
exit(EXIT_FAILURE);
}
parse_url(char *res_url, struct url* url)
{
char *s_ndx, *e_ndx;
- int tlen, tlen_offset, port;
+ int tlen, tlen_offset, port, is_err;
/* https is not supported.
*/
e_ndx = strchr(s_ndx, ':');
if(e_ndx != NULL)
{
- port = atoi(e_ndx+1);
- if(port < 1 || port > MAX_PORT)
+ port = strtol_wrapper(e_ndx+1, 1, MAX_PORT, NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
{
fprintf(stderr, "resolve-url port value is invalid.\n");
return(-1);
{
char http_buf[HTTP_MAX_REQUEST_LEN], *spa_data_copy = NULL;
char *ndx = options->http_proxy;
- int i, proxy_port = 0;
+ int i, proxy_port = 0, is_err;
spa_data_copy = malloc(sd_len+1);
if (spa_data_copy == NULL)
{
+ fprintf(stderr, "[*] Fatal, could not allocate memory.\n");
exit(EXIT_FAILURE);
}
memcpy(spa_data_copy, spa_data, sd_len+1);
if(ndx)
{
*ndx = '\0';
- proxy_port = atoi(ndx+1);
+ proxy_port = strtol_wrapper(ndx+1, 0, MAX_PORT, NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
+ {
+ fprintf(stderr, "proxy port value is invalid.\n");
+ return 0;
+ }
}
/* If we have a valid port value, use it.
noinst_LIBRARIES = libfko_util.a
-libfko_util_source_files = ../lib/strlcpy.c ../lib/strlcat.c ../lib/fko_util.h
+libfko_util_source_files = ../lib/strlcpy.c ../lib/strlcat.c ../lib/fko_util.c ../lib/fko_util.h
libfko_util_a_SOURCES = $(libfko_util_source_files)
#define B64_GPG_PREFIX "hQ"
#define B64_GPG_PREFIX_STR_LEN 2
+/* Specify whether libfko is allowed to call exit()
+*/
+#define EXIT_UPON_ERR 1
+#define NO_EXIT_UPON_ERR 0
+
/* The context holds the global state and config options, as
* well as some intermediate results during processing. This
* is an opaque pointer.
fko_decode_spa_data(fko_ctx_t ctx)
{
char *tbuf, *ndx, *tmp;
- int t_size, i;
+ int t_size, i, is_err;
if (! is_valid_encoded_msg_len(ctx->encoded_msg_len))
return(FKO_ERROR_INVALID_DATA);
strlcpy(tbuf, ndx, t_size+1);
- ctx->timestamp = (unsigned int)atoi(tbuf);
+ ctx->timestamp = (unsigned int) strtol_wrapper(tbuf,
+ 0, 0, NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
+ {
+ free(tbuf);
+ return(FKO_ERROR_INVALID_DATA);
+ }
/* Extract the version string.
*/
strlcpy(tbuf, ndx, t_size+1);
- ctx->message_type = (unsigned int)atoi(tbuf);
-
- if(ctx->message_type < 0 || ctx->message_type >= FKO_LAST_MSG_TYPE)
+ ctx->message_type = strtol_wrapper(tbuf, 0,
+ FKO_LAST_MSG_TYPE, NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
{
free(tbuf);
return(FKO_ERROR_INVALID_DATA);
return(FKO_ERROR_INVALID_DATA);
}
- ctx->client_timeout = (unsigned int)atoi(ndx);
+ ctx->client_timeout = (unsigned int) strtol_wrapper(ndx, 0,
+ (2 << 15), NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
+ {
+ free(tbuf);
+ return(FKO_ERROR_INVALID_DATA);
+ }
}
}
*
* Author: Michael Rash
*
- * Purpose: Set/Get the current username.
+ * Purpose: Provide a set of common utility functions that fwknop can use.
*
* Copyright 2012 Michael Rash (mbr@cipherdyne.org)
*
*/
#include "fko_common.h"
#include "fko.h"
+#include <errno.h>
/* Validate encoded message length
*/
return(1);
}
+int
+strtol_wrapper(const char * const str, const int min,
+ const int max, const int exit_upon_err, int *err)
+{
+ int val;
+
+ errno = 0;
+ *err = FKO_SUCCESS;
+
+ val = strtol(str, (char **) NULL, 10);
+
+ if ((errno == ERANGE || (errno != 0 && val == 0)))
+ {
+ *err = errno;
+ if(exit_upon_err == EXIT_UPON_ERR)
+ {
+ perror("strtol");
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ if(val < min)
+ {
+ *err = FKO_ERROR_INVALID_DATA;
+ if(exit_upon_err == EXIT_UPON_ERR)
+ {
+ fprintf(stderr, "[*] Value %d out of range %d - %d\n",
+ val, min, max);
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ /* allow max==0 to be an exception where we don't care about the
+ * maximum - note that the ERANGE check is still in place above
+ */
+ if((max > 0) && (val > max))
+ {
+ *err = FKO_ERROR_INVALID_DATA;
+ if(exit_upon_err == EXIT_UPON_ERR)
+ {
+ fprintf(stderr, "[*] Value %d out of range %d - %d\n",
+ val, min, max);
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ return val;
+}
+
/***EOF***/
int is_valid_encoded_msg_len(const int len);
int is_valid_pt_msg_len(const int len);
int is_valid_digest_len(const int len);
+int strtol_wrapper(const char * const str, const int min,
+ const int max, const int exit_upon_err, int *is_err);
size_t strlcat(char *dst, const char *src, size_t siz);
size_t strlcpy(char *dst, const char *src, size_t siz);
static void
range_check(fko_srv_options_t *opts, char *var, char *val, int low, int high)
{
- if (low > atoi(val) || high < atoi(val))
+ int is_err;
+
+ strtol_wrapper(val, low, high, NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
{
fprintf(stderr, "[*] var %s value '%s' not in the range %d-%d\n",
var, val, low, high);
clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
+
return;
}
static void
validate_int_var_ranges(fko_srv_options_t *opts)
{
+ int is_err = FKO_SUCCESS;
+
range_check(opts, "PCAP_LOOP_SLEEP", opts->config[CONF_PCAP_LOOP_SLEEP],
1, RCHK_MAX_PCAP_LOOP_SLEEP);
range_check(opts, "MAX_SPA_PACKET_AGE", opts->config[CONF_MAX_SPA_PACKET_AGE],
/* Make sure the active and expire sets are not identical whenever
* they are non-zero
*/
- if((atoi(opts->config[CONF_IPFW_ACTIVE_SET_NUM]) > 0
- && atoi(opts->config[CONF_IPFW_EXPIRE_SET_NUM]) > 0)
- && atoi(opts->config[CONF_IPFW_ACTIVE_SET_NUM])
- == atoi(opts->config[CONF_IPFW_EXPIRE_SET_NUM]))
+ if((strtol_wrapper(opts->config[CONF_IPFW_ACTIVE_SET_NUM],
+ 0, RCHK_MAX_IPFW_SET_NUM, NO_EXIT_UPON_ERR, &is_err) > 0
+ && strtol_wrapper(opts->config[CONF_IPFW_EXPIRE_SET_NUM],
+ 0, RCHK_MAX_IPFW_SET_NUM, NO_EXIT_UPON_ERR, &is_err) > 0)
+ && strtol_wrapper(opts->config[CONF_IPFW_ACTIVE_SET_NUM],
+ 0, RCHK_MAX_IPFW_SET_NUM, NO_EXIT_UPON_ERR, &is_err)
+ == strtol_wrapper(opts->config[CONF_IPFW_EXPIRE_SET_NUM],
+ 0, RCHK_MAX_IPFW_SET_NUM, NO_EXIT_UPON_ERR, &is_err))
{
fprintf(stderr,
"[*] Cannot set identical ipfw active and expire sets.\n");
#endif /* FIREWALL type */
+ if(is_err != FKO_SUCCESS)
+ {
+ fprintf(stderr, "[*] invalid integer conversion error.\n");
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
+ }
+
return;
}
void
config_init(fko_srv_options_t *opts, int argc, char **argv)
{
- int cmd_arg, index;
+ int cmd_arg, index, is_err;
unsigned char got_conf_file = 0, got_override_config = 0;
char override_file[MAX_LINE_LEN];
/* This was handled earlier */
break;
case 'C':
- opts->packet_ctr_limit = atoi(optarg);
+ opts->packet_ctr_limit = strtol_wrapper(optarg,
+ 0, (2 << 31), NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
+ {
+ fprintf(stderr,
+ "[*] invalid -C packet count limit '%s'\n",
+ optarg);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
+ }
break;
case 'd':
#if USE_FILE_CACHE
static void
set_fw_chain_conf(const int type, const char * const conf_str)
{
- int i, j;
+ int i, j, is_err;
char tbuf[1024] = {0};
const char *ndx = conf_str;
strlcpy(chain->from_chain, chain_fields[2], MAX_CHAIN_NAME_LEN);
/* Pull and set Jump_rule_position */
- chain->jump_rule_pos = atoi(chain_fields[3]);
+ chain->jump_rule_pos = strtol_wrapper(chain_fields[3],
+ 0, (2 << 15), NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
+ {
+ log_msg(LOG_ERR, "[*] invalid jump rule position in Line: %s\n",
+ conf_str);
+ exit(EXIT_FAILURE);
+ }
/* Pull and set To_chain */
strlcpy(chain->to_chain, chain_fields[4], MAX_CHAIN_NAME_LEN);
- /* Pull and set Jump_rule_position */
- chain->rule_pos = atoi(chain_fields[5]);
-
+ /* Pull and set to_chain rule position */
+ chain->rule_pos = strtol_wrapper(chain_fields[5],
+ 0, (2 << 15), NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
+ {
+ log_msg(LOG_ERR, "[*] invalid to_chain rule position in Line: %s\n",
+ conf_str);
+ exit(EXIT_FAILURE);
+ }
}
void
struct fw_chain * const dnat_chain = &(opts->fw_config->chain[IPT_DNAT_ACCESS]);
struct fw_chain *snat_chain; /* We assign this later (if we need to). */
- int res = 0;
+ int res = 0, is_err;
time_t now;
unsigned int exp_ts;
}
}
}
-
ple = ple->next;
}
}
if(ndx != NULL)
{
strlcpy(nat_ip, spadat->nat_access, (ndx-spadat->nat_access)+1);
- nat_port = atoi(ndx+1);
+ nat_port = strtol_wrapper(ndx+1, 0, MAX_PORT, NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
+ {
+ log_msg(LOG_INFO, "Invalid NAT port in SPA message");
+ free_acc_port_list(port_list);
+ return res;
+ }
}
}
char rule_num_str[6];
char *ndx, *rn_start, *rn_end, *tmp_mark;
- int i, res, rn_offset;
+ int i, res, rn_offset, rule_num, is_err;
time_t now, rule_exp, min_exp = 0;
struct fw_chain *ch = opts->fw_config->chain;
strlcpy(rule_num_str, rn_start, (rn_end - rn_start)+1);
+ rule_num = strtol_wrapper(rule_num_str, rn_offset, (2 << 15),
+ NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
+ {
+ log_msg(LOG_ERR,
+ "Rule parse error while finding rule number in chain %i", i);
+
+ if (ch[i].active_rules > 0)
+ ch[i].active_rules--;
+
+ break;
+ }
+
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_DEL_RULE_ARGS,
opts->fw_config->fw_command,
ch[i].table,
ch[i].to_chain,
- atoi(rule_num_str) - rn_offset
+ rule_num - rn_offset
);
-
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
if (opts->verbose)
int
main(int argc, char **argv)
{
- int res, last_sig, rp_cache_count;
+ int res, last_sig, rp_cache_count, is_err;
char *locale;
pid_t old_pid;
*/
if(strncasecmp(opts.config[CONF_ENABLE_TCP_SERVER], "Y", 1) == 0)
{
- if(atoi(opts.config[CONF_TCPSERV_PORT]) <= 0
- || atoi(opts.config[CONF_TCPSERV_PORT]) > MAX_PORT)
+
+ strtol_wrapper(opts.config[CONF_TCPSERV_PORT],
+ 1, MAX_PORT, NO_EXIT_UPON_ERR, &is_err);
+ if(is_err == FKO_SUCCESS)
{
- log_msg(LOG_WARNING,
- "WARNING: ENABLE_TCP_SERVER is set, but TCPSERV_PORT is not valid. TCP server not started!"
- );
+ run_tcp_server(&opts);
}
else
{
- run_tcp_server(&opts);
+ log_msg(LOG_WARNING,
+ "WARNING: ENABLE_TCP_SERVER is set, but TCPSERV_PORT is not valid. TCP server not started!"
+ );
}
}
static pid_t
get_running_pid(const fko_srv_options_t *opts)
{
- int op_fd;
+ int op_fd, is_err;
char buf[PID_BUFLEN] = {0};
pid_t rpid = 0;
if (read(op_fd, buf, PID_BUFLEN) > 0)
{
buf[PID_BUFLEN-1] = '\0';
- rpid = (pid_t)atoi(buf);
+ /* max pid value is configurable on Linux
+ */
+ rpid = (pid_t) strtol_wrapper(buf, 0, (2 << 31),
+ NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
+ rpid = 0;
}
close(op_fd);
time_t now_ts;
int res, status, ts_diff, enc_type, stanza_num=0;
int added_replay_digest = 0, pkt_data_len=0;
+ int is_err;
+ int conf_pkt_age = 0;
spa_pkt_info_t *spa_pkt = &(opts->spa_pkt);
hex_dump(spa_pkt->packet_data, pkt_data_len);
}
+ if(strncasecmp(opts->config[CONF_ENABLE_SPA_PACKET_AGING], "Y", 1) == 0)
+ {
+ conf_pkt_age = strtol_wrapper(opts->config[CONF_MAX_SPA_PACKET_AGE],
+ 0, (2 << 31), NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
+ {
+ log_msg(LOG_ERR, "[*] invalid MAX_SPA_PACKET_AGE\n");
+ return;
+ }
+ }
+
if (is_src_match(opts->acc_stanzas, ntohl(spa_pkt->packet_src_ip)))
{
if(strncasecmp(opts->config[CONF_ENABLE_DIGEST_PERSISTENCE], "Y", 1) == 0)
ts_diff = abs(now_ts - spadat.timestamp);
- if(ts_diff > atoi(opts->config[CONF_MAX_SPA_PACKET_AGE]))
+ if(ts_diff > conf_pkt_age)
{
log_msg(LOG_WARNING, "(stanza #%d) SPA data time difference is too great (%i seconds).",
stanza_num, ts_diff);
int pcap_file_mode = 0;
int status;
int useconds;
+ int pcap_dispatch_count;
+ int max_sniff_bytes;
+ int is_err;
pid_t child_pid;
#if FIREWALL_IPFW
time_t now;
#endif
- useconds = atoi(opts->config[CONF_PCAP_LOOP_SLEEP]);
+ useconds = strtol_wrapper(opts->config[CONF_PCAP_LOOP_SLEEP],
+ 0, (2 << 31), NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
+ {
+ log_msg(LOG_ERR, "[*] invalid PCAP_LOOP_SLEEP_value\n");
+ clean_exit(opts, FW_CLEANUP, EXIT_FAILURE);
+ }
+
+ max_sniff_bytes = strtol_wrapper(opts->config[CONF_MAX_SNIFF_BYTES],
+ 0, (2 << 14), NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
+ {
+ log_msg(LOG_ERR, "[*] invalid MAX_SNIFF_BYTES\n");
+ clean_exit(opts, FW_CLEANUP, EXIT_FAILURE);
+ }
/* Set promiscuous mode if ENABLE_PCAP_PROMISC is set to 'Y'.
*/
log_msg(LOG_INFO, "Sniffing interface: %s",
opts->config[CONF_PCAP_INTF]);
- pcap = pcap_open_live(
- opts->config[CONF_PCAP_INTF],
- atoi(opts->config[CONF_MAX_SNIFF_BYTES]),
- promisc, 100, errstr
+ pcap = pcap_open_live(opts->config[CONF_PCAP_INTF],
+ max_sniff_bytes, promisc, 100, errstr
);
if(pcap == NULL)
clean_exit(opts, FW_CLEANUP, EXIT_FAILURE);
}
+ pcap_dispatch_count = strtol_wrapper(opts->config[CONF_PCAP_DISPATCH_COUNT],
+ 0, (2 << 31), NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
+ {
+ log_msg(LOG_ERR, "[*] invalid PCAP_DISPATCH_COUNT\n");
+ clean_exit(opts, FW_CLEANUP, EXIT_FAILURE);
+ }
+
/* Initialize our signal handlers. You can check the return value for
* the number of signals that were *not* set. Those that were not set
* will be listed in the log/stderr output.
got_sigchld = 0;
}
-
/* Any signal except USR1, USR2, and SIGCHLD mean break the loop.
*/
if(got_signal != 0)
got_signal = 0;
}
- res = pcap_dispatch(pcap, atoi(opts->config[CONF_PCAP_DISPATCH_COUNT]),
+ res = pcap_dispatch(pcap, pcap_dispatch_count,
(pcap_handler)&process_packet, (unsigned char *)opts);
/* Count processed packets
{
pid_t pid, ppid;
int s_sock, c_sock, sfd_flags, clen, selval;
- int reuse_addr = 1;
+ int reuse_addr = 1, is_err;
fd_set sfd_set;
struct sockaddr_in saddr, caddr;
struct timeval tv;
char sipbuf[MAX_IPV4_STR_LEN];
- unsigned short port = atoi(opts->config[CONF_TCPSERV_PORT]);
+ unsigned short port;
+ port = strtol_wrapper(opts->config[CONF_TCPSERV_PORT],
+ 0, MAX_PORT, NO_EXIT_UPON_ERR, &is_err);
+ if(is_err != FKO_SUCCESS)
+ {
+ log_msg(LOG_ERR, "[*] Invalid max TCPSERV_PORT value.\n");
+ exit(EXIT_FAILURE);
+ }
log_msg(LOG_INFO, "Kicking off TCP server to listen on port %i.", port);
/* Fork off a child process to run the command and provide its outputs.
projects / fwknop.git / commitdiff