rpms/ipsec-tools/devel ipsec-tools-0.7.2-moreleaks.patch, NONE, 1.1 ipsec-tools-0.7.2-nodevel.patch, NONE, 1.1 ipsec-tools-0.7.2-review.patch, NONE, 1.1
Tomáš Mráz
tmraz at fedoraproject.org
Wed Jul 15 12:02:16 UTC 2009
Author: tmraz
Update of /cvs/pkgs/rpms/ipsec-tools/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14450
Added Files:
ipsec-tools-0.7.2-moreleaks.patch
ipsec-tools-0.7.2-nodevel.patch ipsec-tools-0.7.2-review.patch
Log Message:
* Wed Jul 15 2009 Tomas Mraz <tmraz at redhat.com> - 0.7.2-2
- fix FTBFS (#511556)
- fix some memory leaks and compilation warnings found by review
ipsec-tools-0.7.2-moreleaks.patch:
--- NEW FILE ipsec-tools-0.7.2-moreleaks.patch ---
diff -up ipsec-tools-0.7.2/src/racoon/crypto_openssl.c.moreleaks ipsec-tools-0.7.2/src/racoon/crypto_openssl.c
--- ipsec-tools-0.7.2/src/racoon/crypto_openssl.c.moreleaks 2009-04-20 15:33:30.000000000 +0200
+++ ipsec-tools-0.7.2/src/racoon/crypto_openssl.c 2009-05-13 20:07:27.000000000 +0200
@@ -201,26 +201,24 @@ eay_str2asn1dn(str, len)
}
i = i2d_X509_NAME(name, NULL);
- if (!i)
+ if (i <= 0)
goto err;
ret = vmalloc(i);
if (!ret)
goto err;
p = ret->v;
i = i2d_X509_NAME(name, (void *)&p);
- if (!i)
- goto err;
-
- return ret;
+ if (i <= 0) {
+ vfree(ret);
+ ret = NULL;
+ }
err:
if (buf)
racoon_free(buf);
if (name)
X509_NAME_free(name);
- if (ret)
- vfree(ret);
- return NULL;
+ return ret;
}
/*
ipsec-tools-0.7.2-nodevel.patch:
--- NEW FILE ipsec-tools-0.7.2-nodevel.patch ---
diff -up ipsec-tools-0.7.2/src/libipsec/Makefile.am.nodevel ipsec-tools-0.7.2/src/libipsec/Makefile.am
--- ipsec-tools-0.7.2/src/libipsec/Makefile.am.nodevel 2009-07-15 10:15:40.000000000 +0200
+++ ipsec-tools-0.7.2/src/libipsec/Makefile.am 2009-07-15 10:15:40.000000000 +0200
@@ -1,11 +1,10 @@
#bin_PROGRAMS = test-policy test-policy-priority
-lib_LTLIBRARIES = libipsec.la
+noinst_LTLIBRARIES = libipsec.la
libipsecdir = $(includedir)/libipsec
-libipsec_HEADERS = libpfkey.h
-man3_MANS = ipsec_set_policy.3 ipsec_strerror.3
+#man3_MANS = ipsec_set_policy.3 ipsec_strerror.3
AM_CFLAGS = @GLIBC_BUGS@ -fPIE
AM_YFLAGS = -d -p __libipsec
@@ -28,7 +27,7 @@ libipsec_la_SOURCES = \
libipsec_la_LDFLAGS = -version-info 0:1:0
libipsec_la_LIBADD = $(LEXLIB)
-noinst_HEADERS = ipsec_strerror.h
+noinst_HEADERS = ipsec_strerror.h libpfkey.h
#test_policy_SOURCES = test-policy.c
#test_policy_LDFLAGS = libipsec.la
diff -up ipsec-tools-0.7.2/src/racoon/Makefile.am.nodevel ipsec-tools-0.7.2/src/racoon/Makefile.am
--- ipsec-tools-0.7.2/src/racoon/Makefile.am.nodevel 2009-07-15 10:15:40.000000000 +0200
+++ ipsec-tools-0.7.2/src/racoon/Makefile.am 2009-07-15 10:31:18.000000000 +0200
@@ -2,10 +2,10 @@
sbin_PROGRAMS = racoon racoonctl plainrsa-gen
noinst_PROGRAMS = eaytest
-include_racoon_HEADERS = racoonctl.h var.h vmbuf.h misc.h gcmalloc.h admin.h \
+racoonhdr = racoonctl.h var.h vmbuf.h misc.h gcmalloc.h admin.h \
schedule.h sockmisc.h vmbuf.h isakmp_var.h isakmp.h isakmp_xauth.h \
isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h
-lib_LTLIBRARIES = libracoon.la
+noinst_LTLIBRARIES = libracoon.la
adminsockdir=${localstatedir}/racoon
@@ -63,7 +63,7 @@ eaytest_LDADD = crypto_openssl_test.o vm
eaytest_DEPENDENCIES = crypto_openssl_test.o vmbuf.o str2val.o \
misc_noplog.o $(CRYPTOBJS)
-noinst_HEADERS = \
+noinst_HEADERS = $(racoonhdr) \
admin.h dnssec.h isakmp_base.h oakley.h session.h \
admin_var.h dump.h isakmp_ident.h pfkey.h sockmisc.h \
algorithm.h gcmalloc.h isakmp_inf.h plog.h str2val.h \
ipsec-tools-0.7.2-review.patch:
--- NEW FILE ipsec-tools-0.7.2-review.patch ---
diff -up ipsec-tools-0.7.2/src/racoon/ipsec_doi.c.review ipsec-tools-0.7.2/src/racoon/ipsec_doi.c
--- ipsec-tools-0.7.2/src/racoon/ipsec_doi.c.review 2008-07-03 08:54:08.000000000 +0200
+++ ipsec-tools-0.7.2/src/racoon/ipsec_doi.c 2009-05-14 16:58:53.000000000 +0200
@@ -750,7 +750,7 @@ t2isakmpsa(trns, sa)
int error = -1;
iconv_t cd = (iconv_t) -1;
size_t srcleft, dstleft, rv;
- __iconv_const char *src;
+ char *src;
char *dst;
int len = ntohs(d->lorv);
@@ -799,13 +799,13 @@ t2isakmpsa(trns, sa)
goto out;
}
- src = (__iconv_const char *)(d + 1);
+ src = (char *)(d + 1);
srcleft = len;
dst = sa->gssid->v;
dstleft = len / 2;
- rv = iconv(cd, (__iconv_const char **)&src, &srcleft,
+ rv = iconv(cd, &src, &srcleft,
&dst, &dstleft);
if (rv != 0) {
if (rv == -1) {
@@ -2880,7 +2880,7 @@ setph1attr(sa, buf)
} else {
size_t dstleft = sa->gssid->l * 2;
size_t srcleft = sa->gssid->l;
- const char *src = (const char *)sa->gssid->v;
+ char *src = (char *)sa->gssid->v;
char *odst, *dst = racoon_malloc(dstleft);
iconv_t cd;
size_t rv;
@@ -2896,7 +2896,7 @@ setph1attr(sa, buf)
goto gssid_done;
}
odst = dst;
- rv = iconv(cd, (__iconv_const char **)&src,
+ rv = iconv(cd, &src,
&srcleft, &dst, &dstleft);
if (rv != 0) {
if (rv == -1) {
@@ -4381,7 +4381,8 @@ ipsecdoi_id2str(id)
char *dat;
static char buf[BUFLEN];
struct ipsecdoi_id_b *id_b = (struct ipsecdoi_id_b *)id->v;
- struct sockaddr saddr;
+ union allsaddr saddr;
+
u_int plen = 0;
switch (id_b->type) {
@@ -4390,11 +4391,11 @@ ipsecdoi_id2str(id)
case IPSECDOI_ID_IPV4_ADDR_RANGE:
#ifndef __linux__
- saddr.sa_len = sizeof(struct sockaddr_in);
+ saddr.sa.sa_len = sizeof(struct sockaddr_in);
#endif
- saddr.sa_family = AF_INET;
- ((struct sockaddr_in *)&saddr)->sin_port = IPSEC_PORT_ANY;
- memcpy(&((struct sockaddr_in *)&saddr)->sin_addr,
+ saddr.sa.sa_family = AF_INET;
+ saddr.sin.sin_port = IPSEC_PORT_ANY;
+ memcpy(&saddr.sin.sin_addr,
id->v + sizeof(*id_b), sizeof(struct in_addr));
break;
#ifdef INET6
@@ -4403,11 +4404,11 @@ ipsecdoi_id2str(id)
case IPSECDOI_ID_IPV6_ADDR_RANGE:
#ifndef __linux__
- saddr.sa_len = sizeof(struct sockaddr_in6);
+ saddr.sa.sa_len = sizeof(struct sockaddr_in6);
#endif
- saddr.sa_family = AF_INET6;
- ((struct sockaddr_in6 *)&saddr)->sin6_port = IPSEC_PORT_ANY;
- memcpy(&((struct sockaddr_in6 *)&saddr)->sin6_addr,
+ saddr.sa.sa_family = AF_INET6;
+ saddr.sin6.sin6_port = IPSEC_PORT_ANY;
+ memcpy(&saddr.sin6.sin6_addr,
id->v + sizeof(*id_b), sizeof(struct in6_addr));
break;
#endif
@@ -4418,7 +4419,7 @@ ipsecdoi_id2str(id)
#ifdef INET6
case IPSECDOI_ID_IPV6_ADDR:
#endif
- len = snprintf( buf, BUFLEN, "%s", saddrwop2str(&saddr));
+ len = snprintf( buf, BUFLEN, "%s", saddrwop2str(&saddr.sa));
break;
case IPSECDOI_ID_IPV4_ADDR_SUBNET:
@@ -4474,42 +4475,42 @@ ipsecdoi_id2str(id)
plen += l;
}
- len = snprintf( buf, BUFLEN, "%s/%i", saddrwop2str(&saddr), plen);
+ len = snprintf( buf, BUFLEN, "%s/%i", saddrwop2str(&saddr.sa), plen);
}
break;
case IPSECDOI_ID_IPV4_ADDR_RANGE:
- len = snprintf( buf, BUFLEN, "%s-", saddrwop2str(&saddr));
+ len = snprintf( buf, BUFLEN, "%s-", saddrwop2str(&saddr.sa));
#ifndef __linux__
- saddr.sa_len = sizeof(struct sockaddr_in);
+ saddr.sa.sa_len = sizeof(struct sockaddr_in);
#endif
- saddr.sa_family = AF_INET;
- ((struct sockaddr_in *)&saddr)->sin_port = IPSEC_PORT_ANY;
- memcpy(&((struct sockaddr_in *)&saddr)->sin_addr,
+ saddr.sa.sa_family = AF_INET;
+ saddr.sin.sin_port = IPSEC_PORT_ANY;
+ memcpy(&saddr.sin.sin_addr,
id->v + sizeof(*id_b) + sizeof(struct in_addr),
sizeof(struct in_addr));
- len += snprintf( buf + len, BUFLEN - len, "%s", saddrwop2str(&saddr));
+ len += snprintf( buf + len, BUFLEN - len, "%s", saddrwop2str(&saddr.sa));
break;
#ifdef INET6
case IPSECDOI_ID_IPV6_ADDR_RANGE:
- len = snprintf( buf, BUFLEN, "%s-", saddrwop2str(&saddr));
+ len = snprintf( buf, BUFLEN, "%s-", saddrwop2str(&saddr.sa));
#ifndef __linux__
- saddr.sa_len = sizeof(struct sockaddr_in6);
+ saddr.sa.sa_len = sizeof(struct sockaddr_in6);
#endif
- saddr.sa_family = AF_INET6;
- ((struct sockaddr_in6 *)&saddr)->sin6_port = IPSEC_PORT_ANY;
- memcpy(&((struct sockaddr_in6 *)&saddr)->sin6_addr,
+ saddr.sa.sa_family = AF_INET6;
+ saddr.sin6.sin6_port = IPSEC_PORT_ANY;
+ memcpy(&saddr.sin6.sin6_addr,
id->v + sizeof(*id_b) + sizeof(struct in6_addr),
sizeof(struct in6_addr));
- len += snprintf( buf + len, BUFLEN - len, "%s", saddrwop2str(&saddr));
+ len += snprintf( buf + len, BUFLEN - len, "%s", saddrwop2str(&saddr.sa));
break;
#endif
diff -up ipsec-tools-0.7.2/src/racoon/isakmp.c.review ipsec-tools-0.7.2/src/racoon/isakmp.c
--- ipsec-tools-0.7.2/src/racoon/isakmp.c.review 2009-05-14 16:58:53.000000000 +0200
+++ ipsec-tools-0.7.2/src/racoon/isakmp.c 2009-05-14 16:58:53.000000000 +0200
@@ -198,13 +198,15 @@ isakmp_handler(so_isakmp)
union {
char buf[sizeof (isakmp) + 4];
u_int32_t non_esp[2];
- char lbuf[sizeof(struct udphdr) +
+ struct {
+ struct udphdr udp;
#ifdef __linux
- sizeof(struct iphdr) +
+ struct iphdr ip;
#else
- sizeof(struct ip) +
+ struct ip ip;
#endif
- sizeof(isakmp) + 4];
+ char buf[sizeof(isakmp) + 4];
+ } lbuf;
} x;
struct sockaddr_storage remote;
struct sockaddr_storage local;
@@ -240,22 +242,13 @@ isakmp_handler(so_isakmp)
/* Lucent IKE in UDP encapsulation */
{
- struct udphdr *udp;
#ifdef __linux__
- struct iphdr *ip;
-
- udp = (struct udphdr *)&x.lbuf[0];
- if (ntohs(udp->dest) == 501) {
- ip = (struct iphdr *)(x.lbuf + sizeof(*udp));
- extralen += sizeof(*udp) + ip->ihl;
+ if (ntohs(x.lbuf.udp.dest) == 501) {
+ extralen += sizeof(x.lbuf.udp) + x.lbuf.ip.ihl;
}
#else
- struct ip *ip;
-
- udp = (struct udphdr *)&x.lbuf[0];
- if (ntohs(udp->uh_dport) == 501) {
- ip = (struct ip *)(x.lbuf + sizeof(*udp));
- extralen += sizeof(*udp) + ip->ip_hl;
+ if (ntohs(lbuf.udp.uh_dport) == 501) {
+ extralen += sizeof(x.lbuf.udp) + x.lbuf.ip.ip_hl;
}
#endif
}
diff -up ipsec-tools-0.7.2/src/racoon/isakmp_inf.c.review ipsec-tools-0.7.2/src/racoon/isakmp_inf.c
--- ipsec-tools-0.7.2/src/racoon/isakmp_inf.c.review 2009-05-14 16:58:53.000000000 +0200
+++ ipsec-tools-0.7.2/src/racoon/isakmp_inf.c 2009-05-14 16:58:53.000000000 +0200
@@ -136,7 +136,6 @@ isakmp_info_recv(iph1, msg0)
struct isakmp_gen *nd;
u_int8_t np;
int encrypted;
- int flag;
plog(LLV_DEBUG, LOCATION, NULL, "receive Information.\n");
@@ -313,11 +312,8 @@ isakmp_info_recv(iph1, msg0)
"received unexpected payload type %s.\n",
s_isakmp_nptype(gen->np));
}
- if(error < 0) {
+ if (error < 0)
break;
- } else {
- flag |= error;
- }
}
end:
if (msg != NULL)
diff -up ipsec-tools-0.7.2/src/racoon/nattraversal.c.review ipsec-tools-0.7.2/src/racoon/nattraversal.c
--- ipsec-tools-0.7.2/src/racoon/nattraversal.c.review 2009-04-20 15:27:12.000000000 +0200
+++ ipsec-tools-0.7.2/src/racoon/nattraversal.c 2009-05-14 16:58:53.000000000 +0200
@@ -287,7 +287,7 @@ natt_fill_options (struct ph1natt_option
void
natt_float_ports (struct ph1handle *iph1)
{
- if (! (iph1->natt_flags && NAT_DETECTED) )
+ if (! (iph1->natt_flags & NAT_DETECTED) )
return;
if (! iph1->natt_options->float_port){
/* Drafts 00 / 01, just schedule keepalive */
diff -up ipsec-tools-0.7.2/src/racoon/sockmisc.c.review ipsec-tools-0.7.2/src/racoon/sockmisc.c
--- ipsec-tools-0.7.2/src/racoon/sockmisc.c.review 2007-08-01 13:52:22.000000000 +0200
+++ ipsec-tools-0.7.2/src/racoon/sockmisc.c 2009-05-18 14:06:22.000000000 +0200
@@ -317,8 +317,9 @@ recvfromto(s, buf, buflen, flags, from,
u_int *tolen;
{
int otolen;
- u_int len;
- struct sockaddr_storage ss;
+ socklen_t slen;
+ int len;
+ union allsaddr sa;
struct msghdr m;
struct cmsghdr *cm;
struct iovec iov[2];
@@ -331,8 +332,8 @@ recvfromto(s, buf, buflen, flags, from,
struct sockaddr_in6 *sin6;
#endif
- len = sizeof(ss);
- if (getsockname(s, (struct sockaddr *)&ss, &len) < 0) {
+ slen = sizeof(sa);
+ if (getsockname(s, &sa.sa, &slen) < 0) {
plog(LLV_ERROR, LOCATION, NULL,
"getsockname (%s)\n", strerror(errno));
return -1;
@@ -365,7 +366,7 @@ recvfromto(s, buf, buflen, flags, from,
"cmsg %d %d\n", cm->cmsg_level, cm->cmsg_type);)
#endif
#if defined(INET6) && defined(INET6_ADVAPI)
- if (ss.ss_family == AF_INET6
+ if (sa.sa.sa_family == AF_INET6
&& cm->cmsg_level == IPPROTO_IPV6
&& cm->cmsg_type == IPV6_PKTINFO
&& otolen >= sizeof(*sin6)) {
@@ -384,14 +385,13 @@ recvfromto(s, buf, buflen, flags, from,
sin6->sin6_scope_id = pi->ipi6_ifindex;
else
sin6->sin6_scope_id = 0;
- sin6->sin6_port =
- ((struct sockaddr_in6 *)&ss)->sin6_port;
+ sin6->sin6_port = sa.sin6.sin6_port;
otolen = -1; /* "to" already set */
continue;
}
#endif
#ifdef __linux__
- if (ss.ss_family == AF_INET
+ if (sa.sa.sa_family == AF_INET
&& cm->cmsg_level == IPPROTO_IP
&& cm->cmsg_type == IP_PKTINFO
&& otolen >= sizeof(sin)) {
@@ -402,14 +402,13 @@ recvfromto(s, buf, buflen, flags, from,
sin->sin_family = AF_INET;
memcpy(&sin->sin_addr, &pi->ipi_addr,
sizeof(sin->sin_addr));
- sin->sin_port =
- ((struct sockaddr_in *)&ss)->sin_port;
+ sin->sin_port = sa.sin.sin_port;
otolen = -1; /* "to" already set */
continue;
}
#endif
#if defined(INET6) && defined(IPV6_RECVDSTADDR)
- if (ss.ss_family == AF_INET6
+ if (sa.sa.sa_family == AF_INET6
&& cm->cmsg_level == IPPROTO_IPV6
&& cm->cmsg_type == IPV6_RECVDSTADDR
&& otolen >= sizeof(*sin6)) {
@@ -420,14 +419,13 @@ recvfromto(s, buf, buflen, flags, from,
sin6->sin6_len = sizeof(*sin6);
memcpy(&sin6->sin6_addr, CMSG_DATA(cm),
sizeof(sin6->sin6_addr));
- sin6->sin6_port =
- ((struct sockaddr_in6 *)&ss)->sin6_port;
+ sin6->sin6_port = sa.sin6.sin6_port;
otolen = -1; /* "to" already set */
continue;
}
#endif
#ifndef __linux__
- if (ss.ss_family == AF_INET
+ if (sa.sa.sa_family == AF_INET
&& cm->cmsg_level == IPPROTO_IP
&& cm->cmsg_type == IP_RECVDSTADDR
&& otolen >= sizeof(*sin)) {
@@ -438,7 +436,7 @@ recvfromto(s, buf, buflen, flags, from,
sin->sin_len = sizeof(*sin);
memcpy(&sin->sin_addr, CMSG_DATA(cm),
sizeof(sin->sin_addr));
- sin->sin_port = ((struct sockaddr_in *)&ss)->sin_port;
+ sin->sin_port = sa.sin.sin_port;
otolen = -1; /* "to" already set */
continue;
}
@@ -458,7 +456,8 @@ sendfromto(s, buf, buflen, src, dst, cnt
struct sockaddr *dst;
{
struct sockaddr_storage ss;
- u_int len;
+ socklen_t slen;
+ int len = 0;
int i;
if (src->sa_family != dst->sa_family) {
@@ -467,8 +466,8 @@ sendfromto(s, buf, buflen, src, dst, cnt
return -1;
}
- len = sizeof(ss);
- if (getsockname(s, (struct sockaddr *)&ss, &len) < 0) {
+ slen = sizeof(ss);
+ if (getsockname(s, (struct sockaddr *)&ss, &slen) < 0) {
plog(LLV_ERROR, LOCATION, NULL,
"getsockname (%s)\n", strerror(errno));
return -1;
diff -up ipsec-tools-0.7.2/src/racoon/sockmisc.h.review ipsec-tools-0.7.2/src/racoon/sockmisc.h
--- ipsec-tools-0.7.2/src/racoon/sockmisc.h.review 2006-09-09 18:22:10.000000000 +0200
+++ ipsec-tools-0.7.2/src/racoon/sockmisc.h 2009-05-14 16:58:53.000000000 +0200
@@ -34,12 +34,14 @@
#ifndef _SOCKMISC_H
#define _SOCKMISC_H
+union allsaddr {
+ struct sockaddr sa;
+ struct sockaddr_in sin;
+ struct sockaddr_in6 sin6;
+};
+
struct netaddr {
- union {
- struct sockaddr sa;
- struct sockaddr_in sin;
- struct sockaddr_in6 sin6;
- } sa;
+ union allsaddr sa;
unsigned long prefix;
};
More information about the fedora-extras-commits
mailing list