Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/dist/ipsec-tools/src/racoon From Wolfgang Schmieder <...
details: https://anonhg.NetBSD.org/src/rev/1f08be5569dc
branches: trunk
changeset: 772384:1f08be5569dc
user: tteras <tteras%NetBSD.org@localhost>
date: Sun Jan 01 15:29:28 2012 +0000
description:
>From Wolfgang Schmieder <wolfgang%die-schmieders.de@localhost>: Fix memory leaks from
configuration reading code, and clean up error handling.
diffstat:
crypto/dist/ipsec-tools/src/racoon/cfparse.y | 614 ++++++++++++--------
crypto/dist/ipsec-tools/src/racoon/cftoken.l | 8 +-
crypto/dist/ipsec-tools/src/racoon/cftoken_proto.h | 6 +-
crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c | 8 +-
crypto/dist/ipsec-tools/src/racoon/ipsec_doi.h | 6 +-
crypto/dist/ipsec-tools/src/racoon/localconf.c | 54 +-
crypto/dist/ipsec-tools/src/racoon/localconf.h | 5 +-
crypto/dist/ipsec-tools/src/racoon/remoteconf.c | 7 +-
crypto/dist/ipsec-tools/src/racoon/sainfo.c | 5 +-
9 files changed, 439 insertions(+), 274 deletions(-)
diffs (truncated from 1941 to 300 lines):
diff -r d141840234ee -r 1f08be5569dc crypto/dist/ipsec-tools/src/racoon/cfparse.y
--- a/crypto/dist/ipsec-tools/src/racoon/cfparse.y Sun Jan 01 14:48:40 2012 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/cfparse.y Sun Jan 01 15:29:28 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cfparse.y,v 1.44 2011/11/15 13:51:23 tteras Exp $ */
+/* $NetBSD: cfparse.y,v 1.45 2012/01/01 15:29:28 tteras Exp $ */
/* Id: cfparse.y,v 1.66 2006/08/22 18:17:17 manubsd Exp */
@@ -137,10 +137,10 @@
OAKLEY_ATTR_GRP_DESC_MODP8192
};
-static struct remoteconf *cur_rmconf;
-static int tmpalgtype[MAXALGCLASS];
-static struct sainfo *cur_sainfo;
-static int cur_algclass;
+static struct remoteconf *cur_rmconf = NULL;
+static int tmpalgtype[MAXALGCLASS] = {0};
+static struct sainfo *cur_sainfo = NULL;
+static int cur_algclass = 0;
static int oldloglevel = LLV_BASE;
static struct secprotospec *newspspec __P((void));
@@ -238,10 +238,39 @@
}
insrmconf(cur_rmconf);
+ cur_rmconf = NULL;
return 0;
}
+/* some frequently used warning texts */
+static const char error_message_hybrid_config_not_configured[] = "racoon not configured with --enable-hybrid\n";
+static const char error_message_ldap_config_not_configured[] = "racoon not configured with --with-libldap\n";
+static const char error_message_admin_port_not_compiled_in[] = "admin port support not compiled in\n";
+static const char error_message_natt_not_compiled_in[] = "NAT-T support not compiled in\n";
+static const char error_message_dpd_not_compiled_in[] = "DPD support not compiled in\n";
+
+/* macros for aborting the parsing with freeing up allocated memory */
+#define ABORT_CLEANUP {delrmconf(cur_rmconf); delsainfo(cur_sainfo); YYABORT;}
+#define ABORT() ABORT_CLEANUP
+
+#define ABORT_AND_VFREE(val0) {\
+ vfree(val0); val0 = NULL;\
+ ABORT_CLEANUP}
+
+#define ABORT_AND_RACOON_FREE(val0) {\
+ racoon_free(val0); val0 = NULL;\
+ ABORT_CLEANUP}
+
+#define ABORT_AND_VFREE2(val0, val1) {\
+ vfree(val0); val0 = NULL;\
+ vfree(val1); val1 = NULL;\
+ ABORT_CLEANUP}
+
+#define ABORT_AND_RACOON_FREE2(val0, val1) {\
+ racoon_free(val0); val0 = NULL;\
+ racoon_free(val1); val1 = NULL;\
+ ABORT_CLEANUP}
%}
%union {
@@ -366,47 +395,55 @@
privsep_stmt
: USER QUOTEDSTRING
{
- struct passwd *pw;
+ struct passwd *pw = getpwnam($2->v);
+ vfree($2);
- if ((pw = getpwnam($2->v)) == NULL) {
+ if (pw == NULL) {
yyerror("unknown user \"%s\"", $2->v);
- return -1;
+ ABORT();
}
+
lcconf->uid = pw->pw_uid;
}
EOS
| USER NUMBER { lcconf->uid = $2; } EOS
| GROUP QUOTEDSTRING
{
- struct group *gr;
+ struct group *gr = getgrnam($2->v);
+ vfree($2);
- if ((gr = getgrnam($2->v)) == NULL) {
+ if (gr == NULL) {
yyerror("unknown group \"%s\"", $2->v);
- return -1;
+ ABORT();
}
+
lcconf->gid = gr->gr_gid;
}
EOS
| GROUP NUMBER { lcconf->gid = $2; } EOS
- | CHROOT QUOTEDSTRING { lcconf->chroot = $2->v; } EOS
+ | CHROOT QUOTEDSTRING
+ {
+ lcconf_setchroot(racoon_strdup($2->v));
+ vfree($2);
+ } EOS
;
/* path */
path_statement
: PATH PATHTYPE QUOTEDSTRING
{
- if ($2 >= LC_PATHTYPE_MAX) {
+ char * path = racoon_strdup($3->v);
+
+ if (path == NULL) {
+ yyerror("copy string fatal error: %s", $3->v);
+ ABORT_AND_VFREE($3);
+ }
+
+ if (lcconf_setpath(path, $2) < 0) {
yyerror("invalid path type %d", $2);
- return -1;
+ ABORT_AND_VFREE($3);
}
- /* free old pathinfo */
- if (lcconf->pathinfo[$2])
- racoon_free(lcconf->pathinfo[$2]);
-
- /* set new pathinfo */
- lcconf->pathinfo[$2] = racoon_strdup($3->v);
- STRDUP_FATAL(lcconf->pathinfo[$2]);
vfree($3);
}
EOS
@@ -427,7 +464,7 @@
LC_PATHTYPE_INCLUDE, $2->v);
vfree($2);
if (yycf_switch_buffer(path) != 0)
- return -1;
+ ABORT();
}
;
@@ -444,8 +481,9 @@
{
if ($2 >= LC_GSSENC_MAX) {
yyerror("invalid GSS ID encoding %d", $2);
- return -1;
+ ABORT();
}
+
lcconf->gss_id_enc = $2;
}
;
@@ -502,11 +540,11 @@
{
#ifdef ENABLE_NATT
myaddr_listen($2, TRUE);
- racoon_free($2);
#else
+
+ yywarn(error_message_natt_not_compiled_in);
+#endif
racoon_free($2);
- yyerror("NAT-T support not compiled in.");
-#endif
}
EOS
| ADMINSOCK QUOTEDSTRING QUOTEDSTRING QUOTEDSTRING NUMBER
@@ -514,8 +552,9 @@
#ifdef ENABLE_ADMINPORT
adminsock_conf($2, $3, $4, $5);
#else
- yywarn("admin port support not compiled in");
+ yywarn(error_message_admin_port_not_compiled_in);
#endif
+ vfree($2);vfree($3);vfree($4);
}
EOS
| ADMINSOCK QUOTEDSTRING
@@ -523,8 +562,9 @@
#ifdef ENABLE_ADMINPORT
adminsock_conf($2, NULL, NULL, -1);
#else
- yywarn("admin port support not compiled in");
+ yywarn(error_message_admin_port_not_compiled_in);
#endif
+ vfree($2);
}
EOS
| ADMINSOCK DISABLED
@@ -532,7 +572,7 @@
#ifdef ENABLE_ADMINPORT
adminsock_path = NULL;
#else
- yywarn("admin port support not compiled in");
+ yywarn(error_message_admin_port_not_compiled_in);
#endif
}
EOS
@@ -545,26 +585,27 @@
snprintf(portbuf, sizeof(portbuf), "%ld", $2);
$$ = str2saddr($1->v, portbuf);
+
vfree($1);
if (!$$)
- return -1;
+ ABORT();
}
;
ike_port
- : /* nothing */ { $$ = PORT_ISAKMP; }
- | PORT { $$ = $1; }
+ : /* nothing */ { $$ = lcconf->port_isakmp; }
+ | PORT { $$ = $1; }
;
/* radius configuration */
radcfg_statement
: RADCFG {
#ifndef ENABLE_HYBRID
- yyerror("racoon not configured with --enable-hybrid");
- return -1;
+ yyerror(error_message_hybrid_config_not_configured);
+ ABORT();
#endif
#ifndef HAVE_LIBRADIUS
yyerror("racoon not configured with --with-libradius");
- return -1;
+ ABORT();
#endif
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBRADIUS
@@ -586,15 +627,16 @@
int i = xauth_rad_config.auth_server_count;
if (i == RADIUS_MAX_SERVERS) {
yyerror("maximum radius auth servers exceeded");
- return -1;
+ ABORT_AND_VFREE2($2, $3);
}
xauth_rad_config.auth_server_list[i].host = vdup($2);
xauth_rad_config.auth_server_list[i].secret = vdup($3);
- xauth_rad_config.auth_server_list[i].port = 0; // default port
+ xauth_rad_config.auth_server_list[i].port = 0; /* default port */
xauth_rad_config.auth_server_count++;
#endif
#endif
+ vfree($2); vfree($3);
}
EOS
| RAD_AUTH QUOTEDSTRING NUMBER QUOTEDSTRING
@@ -604,7 +646,7 @@
int i = xauth_rad_config.auth_server_count;
if (i == RADIUS_MAX_SERVERS) {
yyerror("maximum radius auth servers exceeded");
- return -1;
+ ABORT_AND_VFREE2($2, $4);
}
xauth_rad_config.auth_server_list[i].host = vdup($2);
@@ -613,6 +655,7 @@
xauth_rad_config.auth_server_count++;
#endif
#endif
+ vfree($2); vfree($4);
}
EOS
| RAD_ACCT QUOTEDSTRING QUOTEDSTRING
@@ -622,15 +665,16 @@
int i = xauth_rad_config.acct_server_count;
if (i == RADIUS_MAX_SERVERS) {
yyerror("maximum radius account servers exceeded");
- return -1;
+ ABORT_AND_VFREE2($2, $3);
}
xauth_rad_config.acct_server_list[i].host = vdup($2);
xauth_rad_config.acct_server_list[i].secret = vdup($3);
- xauth_rad_config.acct_server_list[i].port = 0; // default port
+ xauth_rad_config.acct_server_list[i].port = 0; /* default port */
xauth_rad_config.acct_server_count++;
#endif
#endif
+ vfree($2); vfree($3);
}
EOS
| RAD_ACCT QUOTEDSTRING NUMBER QUOTEDSTRING
@@ -640,7 +684,7 @@
int i = xauth_rad_config.acct_server_count;
if (i == RADIUS_MAX_SERVERS) {
yyerror("maximum radius account servers exceeded");
- return -1;
+ ABORT_AND_VFREE2($2, $4);
}
xauth_rad_config.acct_server_list[i].host = vdup($2);
Home |
Main Index |
Thread Index |
Old Index