From: Michael Rash Date: Tue, 11 Sep 2012 01:47:48 +0000 (-0400) Subject: [server] bug fix in --disable-file-cache mode X-Git-Tag: fwknop-2.0.4~119 X-Git-Url: http://www.cipherdyne.com/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff_plain;h=591416e23bc9e93c83e832bbf504837e7b24be88 [server] bug fix in --disable-file-cache mode Applied patch from Vlad Glagolev to fix ndbm/gdbm usage when --disable-file-cache is used for the autoconf configure script. This functionality was broken in be4193d734850fe60f14a26b547525ea0b9ce1e9 through improper handling of #define macros from --disable-file-cache. --- diff --git a/CREDITS b/CREDITS index 4a3dcf7..7817119 100644 --- a/CREDITS +++ b/CREDITS @@ -66,3 +66,9 @@ Fernando Arnaboldi (IOActive) - Found several conditions in which the server did not properly throw out maliciously constructed variables in the access.conf file. This has been fixed along with new fuzzing tests in the test suite. + +Vlad Glagolev + - Submitted a patch to fix ndbm/gdbm usage when --disable-file-cache is + used for the autoconf configure script. This functionality was broken in + be4193d734850fe60f14a26b547525ea0b9ce1e9 through improper handling of + #define macros from --disable-file-cache. diff --git a/ChangeLog b/ChangeLog index f321a59..fc6e21e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +fwknop-2.0.4 (09/20/2012): + - [server] (Vlad Glagolev) Submitted a patch to fix ndbm/gdbm usage when + --disable-file-cache is used for the autoconf configure script. This + functionality was broken in be4193d734850fe60f14a26b547525ea0b9ce1e9 + through improper handling of #define macros from --disable-file-cache. + fwknop-2.0.3 (09/03/2012): - [server] Fernando Arnaboldi from IOActive found several DoS/code execution vulnerabilities for malicious fwknop clients that manage to diff --git a/server/replay_cache.c b/server/replay_cache.c index 227d64c..9bce310 100644 --- a/server/replay_cache.c +++ b/server/replay_cache.c @@ -138,7 +138,6 @@ replay_warning(fko_srv_options_t *opts, digest_cache_info_t *digest_info) char created[DATE_LEN]; #if ! USE_FILE_CACHE - char last_ip[INET_ADDRSTRLEN+1] = {0}; char first[DATE_LEN], last[DATE_LEN]; #endif @@ -375,9 +374,10 @@ replay_db_cache_init(fko_srv_options_t *opts) GDBM_FILE rpdb; #elif HAVE_LIBNDBM DBM *rpdb; + datum db_ent; #endif - datum db_key, db_ent, db_next_key; + datum db_key, db_next_key; int db_count = 0; #ifdef HAVE_LIBGDBM @@ -565,11 +565,8 @@ is_replay_dbm_cache(fko_srv_options_t *opts, char *digest) #endif datum db_key, db_ent; - char *digest = NULL; int digest_len, res = SPA_MSG_SUCCESS; - digest_cache_info_t dc_info; - digest_len = strlen(digest); db_key.dptr = digest; @@ -638,7 +635,6 @@ add_replay_dbm_cache(fko_srv_options_t *opts, char *digest) #endif datum db_key, db_ent; - char *digest = NULL; int digest_len, res = SPA_MSG_SUCCESS; digest_cache_info_t dc_info; @@ -705,7 +701,7 @@ add_replay_dbm_cache(fko_srv_options_t *opts, char *digest) return(res); #endif /* NO_DIGEST_CACHE */ - +} #endif /* USE_FILE_CACHE */ #if USE_FILE_CACHE