GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
413edf38bfb29d76d9c5ac3beb615555f1c0bb60
ocserv/src/config-ports.c
Nikos Mavrogiannopoulos 85912c705e Fixed incorrect pointer arithmetic on configuration error 
This addresses a crash on incorrect configuration.
Reported by Zero King <l2dy@icloud.com>

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
2020-02-29 19:43:57 +01:00

157 lines
3.5 KiB
C
Raw Blame History

/*
* Copyright (C) 2015 Red Hat, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <common-config.h>
#include <c-strcase.h>
#include <c-ctype.h>
#include <talloc.h>
#include <vpn.h>
static int append_port(void *pool, FwPortSt ***fw_ports, size_t *n_fw_ports, int port, fw_proto_t proto, unsigned negate)
{
FwPortSt *current;
*fw_ports = talloc_realloc(pool, *fw_ports, FwPortSt*, (*n_fw_ports)+1);
if (*fw_ports == NULL)
return -1;
current = talloc(pool, FwPortSt);
if (current == NULL) {
talloc_free(*fw_ports);
*fw_ports = NULL;
return -1;
}
fw_port_st__init(current);
current->port = port;
current->proto = proto;
current->negate = negate;
(*fw_ports)[*n_fw_ports] = current;
(*n_fw_ports)++;
return 0;
}
/* Parse strings of the format tcp(443), udp(111), and fill in
* allowed_tcp_ports and allowed_udp_ports.
*/
int cfg_parse_ports(void *pool, FwPortSt ***fw_ports, size_t *n_fw_ports, const char *str)
{
const char *p, *p2;
unsigned finish = 0;
int port, ret;
fw_proto_t proto;
int negate = 0, bracket_start = 0;
if (str == NULL)
return 0;
p = str;
while (c_isspace(*p))
p++;
if (*p == '!') {
negate = 1;
p++;
while (c_isspace(*p) || (*p == '(')) {
if (*p == '(')
bracket_start = 1;
p++;
}
if (bracket_start == 0) {
syslog(LOG_ERR, "no bracket following negation at %d '%s'", (int)(ptrdiff_t)(p-str), str);
return -1;
}
}
do {
while (c_isspace(*p))
p++;
if (strncasecmp(p, "tcp", 3) == 0) {
proto = PROTO_TCP;
p += 3;
} else if (strncasecmp(p, "udp", 3) == 0) {
proto = PROTO_UDP;
p += 3;
} else if (strncasecmp(p, "sctp", 4) == 0) {
proto = PROTO_SCTP;
p += 4;
} else if (strncasecmp(p, "icmpv6", 6) == 0) {
proto = PROTO_ICMPv6;
p += 6;
} else if (strncasecmp(p, "icmp", 4) == 0) {
proto = PROTO_ICMP;
p += 4;
} else if (strncasecmp(p, "esp", 3) == 0) {
proto = PROTO_ESP;
p += 3;
} else {
syslog(LOG_ERR, "unknown protocol on restrict-user-to-ports at %d '%s'", (int)(ptrdiff_t)(p-str), str);
return -1;
}
while (c_isspace(*p))
p++;
if (*p != '(') {
syslog(LOG_ERR, "expected parenthesis on restrict-user-to-ports at %d '%s'", (int)(ptrdiff_t)(p-str), str);
return -1;
}
p++;
port = atoi(p);
ret = append_port(pool, fw_ports, n_fw_ports, port, proto, negate);
if (ret < 0) {
syslog(LOG_ERR, "memory error");
return -1;
}
p2 = strchr(p, ')');
if (p2 == NULL) {
syslog(LOG_ERR, "expected closing parenthesis on restrict-user-to-ports at %d '%s'", (int)(ptrdiff_t)(p-str), str);
return -1;
}
p2++;
while (c_isspace(*p2))
p2++;
if (*p2 == 0 || (negate != 0 && *p2 == ')')) {
finish = 1;
} else if (*p2 != ',') {
syslog(LOG_ERR, "expected comma or end of line on restrict-user-to-ports at %d '%s'", (int)(ptrdiff_t)(p2-str), str);
return -1;
}
p=p2;
p++;
} while(finish == 0);
return 0;
}
Reference in New Issue View Git Blame Copy Permalink