From 93b3db9e309432de0242c23d38c90dcec977c747 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 27 Aug 2014 11:34:03 +0200 Subject: [PATCH] do not take ownership of any of the provided strings Signed-off-by: Nikos Mavrogiannopoulos Signed-off-by: David Woodhouse --- http.c | 5 ++- library.c | 69 +++++++++++++++++++++++++----------------- openconnect-internal.h | 6 ++++ openconnect.h | 27 +++++++---------- tun.c | 2 +- 5 files changed, 61 insertions(+), 48 deletions(-) diff --git a/http.c b/http.c index 07205430..e6c5a02c 100644 --- a/http.c +++ b/http.c @@ -2184,7 +2184,7 @@ int process_proxy(struct openconnect_info *vpninfo, int ssl_sock) int openconnect_set_proxy_auth(struct openconnect_info *vpninfo, char *methods) { int i, len; - char *p, *start = methods; + char *p; for (i = 0; i < sizeof(auth_methods) / sizeof(auth_methods[0]); i++) vpninfo->auth[auth_methods[i].state_index].state = AUTH_DISABLED; @@ -2208,13 +2208,12 @@ int openconnect_set_proxy_auth(struct openconnect_info *vpninfo, char *methods) methods = p; } vpninfo->authmethods_set = 1; - free(start); return 0; } int openconnect_set_http_proxy(struct openconnect_info *vpninfo, char *proxy) { - char *url = proxy, *p; + char *url = strdup(proxy), *p; int ret; if (!url) diff --git a/library.c b/library.c index 25b791ce..1620907a 100644 --- a/library.c +++ b/library.c @@ -120,18 +120,20 @@ int openconnect_set_reported_os(struct openconnect_info *vpninfo, const char *os else return -EINVAL; - vpninfo->platname = os; + STRDUP(vpninfo->platname, os); return 0; } -void openconnect_set_mobile_info(struct openconnect_info *vpninfo, +int openconnect_set_mobile_info(struct openconnect_info *vpninfo, char *mobile_platform_version, char *mobile_device_type, char *mobile_device_uniqueid) { - vpninfo->mobile_platform_version = mobile_platform_version; - vpninfo->mobile_device_type = mobile_device_type; - vpninfo->mobile_device_uniqueid = mobile_device_uniqueid; + STRDUP(vpninfo->mobile_platform_version, mobile_platform_version); + STRDUP(vpninfo->mobile_device_type, mobile_device_type); + STRDUP(vpninfo->mobile_device_uniqueid, mobile_device_uniqueid); + + return 0; } static void free_optlist(struct oc_vpn_option *opt) @@ -257,16 +259,18 @@ char *openconnect_get_hostname(struct openconnect_info *vpninfo) return vpninfo->unique_hostname?:vpninfo->hostname; } -void openconnect_set_hostname(struct openconnect_info *vpninfo, char *hostname) +int openconnect_set_hostname(struct openconnect_info *vpninfo, char *hostname) { - UTF8CHECK_VOID(hostname); + UTF8CHECK(hostname); free(vpninfo->hostname); - vpninfo->hostname = hostname; + STRDUP(vpninfo->hostname, hostname); free(vpninfo->unique_hostname); vpninfo->unique_hostname = NULL; free(vpninfo->peer_addr); vpninfo->peer_addr = NULL; + + return 0; } char *openconnect_get_urlpath(struct openconnect_info *vpninfo) @@ -274,11 +278,12 @@ char *openconnect_get_urlpath(struct openconnect_info *vpninfo) return vpninfo->urlpath; } -void openconnect_set_urlpath(struct openconnect_info *vpninfo, char *urlpath) +int openconnect_set_urlpath(struct openconnect_info *vpninfo, char *urlpath) { - UTF8CHECK_VOID(urlpath); + UTF8CHECK(urlpath); - vpninfo->urlpath = urlpath; + STRDUP(vpninfo->urlpath, urlpath); + return 0; } void openconnect_set_xmlsha1(struct openconnect_info *vpninfo, const char *xmlsha1, int size) @@ -289,16 +294,18 @@ void openconnect_set_xmlsha1(struct openconnect_info *vpninfo, const char *xmlsh memcpy(&vpninfo->xmlsha1, xmlsha1, size); } -void openconnect_set_cafile(struct openconnect_info *vpninfo, char *cafile) +int openconnect_set_cafile(struct openconnect_info *vpninfo, char *cafile) { - UTF8CHECK_VOID(cafile); + UTF8CHECK(cafile); - vpninfo->cafile = cafile; + STRDUP(vpninfo->cafile, cafile); + return 0; } -void openconnect_set_server_cert_sha1(struct openconnect_info *vpninfo, char *servercert) +int openconnect_set_server_cert_sha1(struct openconnect_info *vpninfo, char *servercert) { - vpninfo->servercert = servercert; + STRDUP(vpninfo->servercert, servercert); + return 0; } const char *openconnect_get_ifname(struct openconnect_info *vpninfo) @@ -334,11 +341,13 @@ int openconnect_get_ip_info(struct openconnect_info *vpninfo, return 0; } -void openconnect_setup_csd(struct openconnect_info *vpninfo, uid_t uid, int silent, char *wrapper) +int openconnect_setup_csd(struct openconnect_info *vpninfo, uid_t uid, int silent, char *wrapper) { vpninfo->uid_csd = uid; vpninfo->uid_csd_given = silent ? 2 : 1; - vpninfo->csd_wrapper = wrapper; + STRDUP(vpninfo->csd_wrapper, wrapper); + + return 0; } void openconnect_set_xmlpost(struct openconnect_info *vpninfo, int enable) @@ -346,16 +355,20 @@ void openconnect_set_xmlpost(struct openconnect_info *vpninfo, int enable) vpninfo->xmlpost = enable; } -void openconnect_set_client_cert(struct openconnect_info *vpninfo, char *cert, char *sslkey) +int openconnect_set_client_cert(struct openconnect_info *vpninfo, char *cert, char *sslkey) { - UTF8CHECK_VOID(cert); - UTF8CHECK_VOID(sslkey); + UTF8CHECK(cert); + UTF8CHECK(sslkey); - vpninfo->cert = cert; - if (sslkey) - vpninfo->sslkey = sslkey; - else - vpninfo->sslkey = cert; + STRDUP(vpninfo->cert, cert); + + if (sslkey) { + STRDUP(vpninfo->sslkey, sslkey); + } else { + vpninfo->sslkey = vpninfo->cert; + } + + return 0; } OPENCONNECT_X509 *openconnect_get_peer_cert(struct openconnect_info *vpninfo) @@ -620,8 +633,8 @@ int openconnect_setup_tun_device(struct openconnect_info *vpninfo, char *vpnc_sc UTF8CHECK(vpnc_script); UTF8CHECK(ifname); - vpninfo->vpnc_script = vpnc_script; - vpninfo->ifname = ifname; + STRDUP(vpninfo->vpnc_script, vpnc_script); + STRDUP(vpninfo->ifname, ifname); set_script_env(vpninfo); script_config_tun(vpninfo, "pre-init"); diff --git a/openconnect-internal.h b/openconnect-internal.h index 562ce659..bf62b5d5 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -716,6 +716,12 @@ int digest_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *b /* version.c */ extern const char *openconnect_version_str; +#define STRDUP(res, arg) \ + if (arg) { \ + res = strdup(arg); \ + if (res == NULL) return -ENOMEM; \ + } else res = NULL + #define UTF8CHECK(arg) \ if ((arg) && buf_append_utf16le(NULL, (arg))) { \ vpn_progress(vpninfo, PRG_ERR, \ diff --git a/openconnect.h b/openconnect.h index 6ec9abf5..dc6e5adf 100644 --- a/openconnect.h +++ b/openconnect.h @@ -267,9 +267,8 @@ typedef enum { appropriate to do so. Library functions may (but probably don't yet) return -EILSEQ if passed invalid UTF-8 strings. */ -/* Unless otherwise specified, all functions which set strings will take - ownership of those strings and the library will free them later in - openconnect_vpninfo_free() */ +/* Unlike previous versions of openconnect, no functions will take ownership + of the provided strings. */ /* The buffer 'buf' must be at least 41 bytes. It will receive a hex string @@ -292,9 +291,9 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo); void openconnect_init_ssl(void); char *openconnect_get_hostname(struct openconnect_info *); -void openconnect_set_hostname(struct openconnect_info *, char *); +int openconnect_set_hostname(struct openconnect_info *, char *); char *openconnect_get_urlpath(struct openconnect_info *); -void openconnect_set_urlpath(struct openconnect_info *, char *); +int openconnect_set_urlpath(struct openconnect_info *, char *); /* Some software tokens, such as HOTP tokens, include a counter which * needs to be stored in persistent storage. @@ -318,21 +317,17 @@ int openconnect_set_token_callbacks(struct openconnect_info *, void *tokdata, openconnect_lock_token_vfn, openconnect_unlock_token_vfn); -/* These functions do *not* take ownership of the string; it is parsed - and then discarded. */ int openconnect_set_token_mode(struct openconnect_info *, oc_token_mode_t, const char *token_str); /* Legacy stoken-only function; do not use */ int openconnect_set_stoken_mode(struct openconnect_info *, int, const char *); -/* This function does *not* take ownership of the string; it's copied - into a static buffer in the vpninfo. The size must be 41 bytes, - since that's the size of a 20-byte SHA1 represented as hex with - a trailing NUL. */ +/* The size must be 41 bytes, since that's the size of a 20-byte SHA1 + represented as hex with a trailing NUL. */ void openconnect_set_xmlsha1(struct openconnect_info *, const char *, int size); -void openconnect_set_cafile(struct openconnect_info *, char *); -void openconnect_setup_csd(struct openconnect_info *, uid_t, int silent, char *wrapper); +int openconnect_set_cafile(struct openconnect_info *, char *); +int openconnect_setup_csd(struct openconnect_info *, uid_t, int silent, char *wrapper); void openconnect_set_xmlpost(struct openconnect_info *, int enable); /* Valid choices are: "linux", "linux-64", "win", "mac-intel", @@ -340,12 +335,12 @@ void openconnect_set_xmlpost(struct openconnect_info *, int enable); trojan binary. */ int openconnect_set_reported_os(struct openconnect_info *, const char *os); -void openconnect_set_mobile_info(struct openconnect_info *vpninfo, +int openconnect_set_mobile_info(struct openconnect_info *vpninfo, char *mobile_platform_version, char *mobile_device_type, char *mobile_device_uniqueid); -void openconnect_set_client_cert(struct openconnect_info *, char *cert, char *sslkey); -void openconnect_set_server_cert_sha1(struct openconnect_info *, char *); +int openconnect_set_client_cert(struct openconnect_info *, char *cert, char *sslkey); +int openconnect_set_server_cert_sha1(struct openconnect_info *, char *); const char *openconnect_get_ifname(struct openconnect_info *); void openconnect_set_reqmtu(struct openconnect_info *, int reqmtu); void openconnect_set_dpd(struct openconnect_info *, int min_seconds); diff --git a/tun.c b/tun.c index 851762c5..9cbdcbbe 100644 --- a/tun.c +++ b/tun.c @@ -361,7 +361,7 @@ int openconnect_setup_tun_script(struct openconnect_info *vpninfo, char *tun_scr pid_t child; int fds[2]; - vpninfo->vpnc_script = tun_script; + STRDUP(vpninfo->vpnc_script, tun_script); vpninfo->script_tun = 1; set_script_env(vpninfo);