another merge from master
authorMichael Rash <mbr@cipherdyne.org>
Tue, 4 Sep 2012 02:32:44 +0000 (22:32 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Tue, 4 Sep 2012 02:32:44 +0000 (22:32 -0400)
1  2 
client/config_init.c
client/fwknop.c
client/utils.c
configure.ac
lib/fko.h
lib/fko_message.h
server/access.c
server/utils.c
test/test-fwknop.pl

@@@ -477,48 -414,41 +477,48 @@@ process_rc(fko_cli_options_t *options
  
      char    *ndx, *emark, *homedir;
  
 +    memset(rcfile, 0x0, MAX_PATH_LEN);
 +
 +    if(options->rc_file[0] == 0x0)
 +    {
  #ifdef WIN32
 -    homedir = getenv("USERPROFILE");
 +        homedir = getenv("USERPROFILE");
  #else
 -    homedir = getenv("HOME");
 +        homedir = getenv("HOME");
  #endif
  
 -    if(homedir == NULL)
 -    {
 -        fprintf(stderr, "Warning: Unable to determine HOME directory.\n"
 -            " No .fwknoprc file processed.\n");
 -        return;
 -    }
 +        if(homedir == NULL)
 +        {
 +            fprintf(stderr, "Warning: Unable to determine HOME directory.\n"
 +                " No .fwknoprc file processed.\n");
 +            return;
 +        }
  
 -    memset(rcfile, 0x0, MAX_PATH_LEN);
 +        strlcpy(rcfile, homedir, MAX_PATH_LEN);
  
 -    strlcpy(rcfile, homedir, MAX_PATH_LEN);
 +        rcf_offset = strlen(rcfile);
  
 -    rcf_offset = strlen(rcfile);
 +        /* Sanity check the path to .fwknoprc.
 +         * The preceeding path plus the path separator and '.fwknoprc' = 11
 +         * cannot exceed MAX_PATH_LEN.
 +        */
 +        if(rcf_offset > (MAX_PATH_LEN - 11))
 +        {
 +            fprintf(stderr, "Warning: Path to .fwknoprc file is too long.\n"
 +                " No .fwknoprc file processed.\n");
 +            return;
 +        }
  
 -    /* Sanity check the path to .fwknoprc.
 -     * The preceeding path plus the path separator and '.fwknoprc' = 11
 -     * cannot exceed MAX_PATH_LEN.
 -    */
 -    if(rcf_offset > (MAX_PATH_LEN - 11))
 +        rcfile[rcf_offset] = PATH_SEP;
 +        strlcat(rcfile, ".fwknoprc", MAX_PATH_LEN);
 +    }
 +    else
      {
 -        fprintf(stderr, "Warning: Path to .fwknoprc file is too long.\n"
 -            " No .fwknoprc file processed.\n");
 -        return;
 +        strlcpy(rcfile, options->rc_file, MAX_PATH_LEN);
      }
  
 -    rcfile[rcf_offset] = PATH_SEP;
 -    strlcat(rcfile, ".fwknoprc", MAX_PATH_LEN);
 -
      /* Check rc file permissions - if anything other than user read/write,
-      * then don't process it.  This change was made to help ensure that the
+      * then throw a warning.  This change was made to help ensure that the
       * client consumes a proper rc file with strict permissions set (thanks
       * to Fernando Arnaboldi from IOActive for pointing this out).
      */
diff --cc client/fwknop.c
Simple merge
diff --cc client/utils.c
Simple merge
diff --cc configure.ac
Simple merge
diff --cc lib/fko.h
+++ b/lib/fko.h
  
  #include <time.h>
  #include "fko_limits.h"
+ #include "fko_message.h"
  
 +#include "rijndael.h"   /* For encryption modes */
 +#include "digest.h"
 +
  #ifdef __cplusplus
  extern "C" {
  #endif
  #ifndef FKO_MESSAGE_H
  #define FKO_MESSAGE_H 1
  
+ #if PLATFORM_OPENBSD
+   #include <sys/types.h>
+   #include <netinet/in.h>
+ #else
+   #if HAVE_SYS_SOCKET_H
+     #include <sys/socket.h>
+   #endif
+ #endif
+ #include <arpa/inet.h>
 -#define MAX_PROTO_STR_LEN   4  /* tcp, udp, icmp for now */
 -#define MAX_PORT_STR_LEN    5
 +#define MAX_PROTO_STR_LEN   5  /* tcp, udp, icmp for now */
 +#define MAX_PORT_STR_LEN    6
  
  /* SPA message format validation functions.
  */
diff --cc server/access.c
@@@ -229,27 -184,9 +229,9 @@@ add_source_mask(fko_srv_options_t *opts
          log_msg(LOG_ERR,
              "Fatal memory allocation error adding stanza source_list entry"
          );
 -        exit(EXIT_FAILURE);
 +        clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
      }
  
-     /* If this is not the first entry, we walk our pointer to the
-      * end of the list.
-     */
-     if(acc->source_list == NULL)
-     {
-         acc->source_list = new_sle;
-     }
-     else
-     {
-         tmp_sle = acc->source_list;
-         do {
-             last_sle = tmp_sle;
-         } while((tmp_sle = tmp_sle->next));
-         last_sle->next = new_sle;
-     }
      /* Convert the IP data into the appropriate mask
      */
      if(strcasecmp(ip, "ANY") == 0)
@@@ -692,10 -665,10 +722,10 @@@ expand_acc_ent_lists(fko_srv_options_t 
      {
          /* Expand the source string to 32-bit integer masks foreach entry.
          */
 -        if(expand_acc_source(acc) == 0)
 +        if(expand_acc_source(opts, acc) == 0)
          {
-             acc = acc->next;
-             continue;
+             log_msg(LOG_ERR, "Fatal invalid SOURCE in access stanza");
+             clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
          }
  
          /* Now expand the open_ports string.
diff --cc server/utils.c
Simple merge
@@@ -55,13 -48,10 +55,16 @@@ my %cf = 
      'multi_src_access'        => "$conf_dir/multi_source_match_access.conf",
      'ip_src_match'            => "$conf_dir/ip_source_match_access.conf",
      'subnet_src_match'        => "$conf_dir/ip_source_match_access.conf",
 +    'rc_file_def_key'         => "$conf_dir/fwknoprc_with_default_key",
 +    'rc_file_def_b64_key'     => "$conf_dir/fwknoprc_with_default_base64_key",
 +    'rc_file_named_key'       => "$conf_dir/fwknoprc_named_key",
 +    'rc_file_invalid_b64_key' => "$conf_dir/fwknoprc_invalid_base64_key",
 +    'rc_file_hmac_b64_key'    => "$conf_dir/fwknoprc_default_hmac_base64_key",
 +    'base64_key_access'       => "$conf_dir/base64_key_access.conf",
      'disable_aging'           => "$conf_dir/disable_aging_fwknopd.conf",
+     'fuzz_source'             => "$conf_dir/fuzzing_source_access.conf",
+     'fuzz_open_ports'         => "$conf_dir/fuzzing_open_ports_access.conf",
+     'fuzz_restrict_ports'     => "$conf_dir/fuzzing_restrict_ports_access.conf",
  );
  
  my $default_digest_file = "$run_dir/digest.cache";