X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fsubnet.c;h=94000cc0eb8b9fcb23012162850e6b00a29e15dc;hb=28be4baae016a5a771d0d9ec6e97ef38a4fc9e46;hp=ffc82a6980b54e57cff5b029b5126ee81cd57a66;hpb=8c8dfd6686a3d4cc11c20a09c8dfbc8321b07cdb;p=tinc

diff --git a/src/subnet.c b/src/subnet.c
index ffc82a69..94000cc0 100644
--- a/src/subnet.c
+++ b/src/subnet.c
@@ -1,6 +1,6 @@
 /*
     subnet.c -- handle subnet lookups and lists
-    Copyright (C) 2000-2017 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2000-2022 Guus Sliepen <guus@tinc-vpn.org>,
                   2000-2005 Ivo Timmermans
 
     This program is free software; you can redistribute it and/or modify
@@ -22,6 +22,7 @@
 
 #include "splay_tree.h"
 #include "control_common.h"
+#include "crypto.h"
 #include "hash.h"
 #include "logger.h"
 #include "net.h"
@@ -30,6 +31,7 @@
 #include "script.h"
 #include "subnet.h"
 #include "xalloc.h"
+#include "sandbox.h"
 
 /* lists type of subnet */
 uint32_t hash_seed;
@@ -83,7 +85,7 @@ static uint32_t hash_function_ipv6_t(const ipv6_t *p) {
 	uint32_t hash = hash_seed;
 
 	for(int i = 0; i < 4; i++) {
-		hash += fullwidth[i];
+		hash = wrapping_add32(hash, fullwidth[i]);
 		hash = wrapping_mul32(hash, 0x9e370001U);
 	}
 
@@ -95,7 +97,7 @@ static uint32_t hash_function_mac_t(const mac_t *p) {
 	uint32_t hash = hash_seed;
 
 	for(int i = 0; i < 3; i++) {
-		hash += halfwidth[i];
+		hash = wrapping_add32(hash, halfwidth[i]);
 		hash = wrapping_mul32(hash, 0x9e370001U);
 	}
 
@@ -128,7 +130,10 @@ void subnet_cache_flush_table(subnet_type_t stype) {
 /* Initialising trees */
 
 void init_subnets(void) {
-	hash_seed = (uint32_t)rand();
+	hash_seed = prng(UINT32_MAX);
+
+	// tables need to be cleared on startup
+	subnet_cache_flush_tables();
 }
 
 void exit_subnets(void) {
@@ -158,7 +163,7 @@ void subnet_cache_flush_tables(void) {
 	hash_clear(mac_t, &mac_cache);
 }
 
-void subnet_cache_flush(subnet_t *subnet) {
+static void subnet_cache_flush(subnet_t *subnet) {
 	switch(subnet->type) {
 	case SUBNET_IPV4:
 		if(subnet->net.ipv4.prefixlength == 32) {
@@ -317,8 +322,12 @@ subnet_t *lookup_subnet_ipv6(const ipv6_t *address) {
 }
 
 void subnet_update(node_t *owner, subnet_t *subnet, bool up) {
+	if(!sandbox_can(START_PROCESSES, RIGHT_NOW)) {
+		return;
+	}
+
 	char netstr[MAXNETSTR];
-	char *name, *address, *port;
+	char *address, *port;
 	char empty[] = "";
 
 	// Prepare environment variables to be passed to the script
@@ -338,7 +347,7 @@ void subnet_update(node_t *owner, subnet_t *subnet, bool up) {
 	int env_subnet = environment_add(&env, NULL);
 	int env_weight = environment_add(&env, NULL);
 
-	name = up ? "subnet-up" : "subnet-down";
+	const char *name = up ? "subnet-up" : "subnet-down";
 
 	if(!subnet) {
 		for splay_each(subnet_t, subnet, &owner->subnet_tree) {