projects / tinc / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix a few more issues found by Coverity.
[tinc] / src / net_setup.c
diff --git a/src/net_setup.c b/src/net_setup.c
index a179228..34e042a 100644 (file)
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -1,7 +1,7 @@
 /*
     net_setup.c -- Setup.
     Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
                   2006      Scott Lamb <slamb@slamb.org>
                   2010      Brandon Black <blblack@gmail.com>
 
@@ -47,9 +47,16 @@
 char *myport;
 devops_t devops;
 
+char *proxyhost;
+char *proxyport;
+char *proxyuser;
+char *proxypass;
+proxytype_t proxytype;
+
 bool read_rsa_public_key(connection_t *c) {
        FILE *fp;
-       char *fname;
+       char *pubname;
+       char *hcfname;
        char *key;
 
        if(!c->rsa_key) {
@@ -60,7 +67,10 @@ bool read_rsa_public_key(connection_t *c) {
        /* First, check for simple PublicKey statement */
 
        if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key)) {
-               BN_hex2bn(&c->rsa_key->n, key);
+               if(BN_hex2bn(&c->rsa_key->n, key) != strlen(key)) {
+                       logger(LOG_ERR, "Invalid PublicKey for %s!", c->name);
+                       return false;
+               }
                BN_hex2bn(&c->rsa_key->e, "FFFF");
                free(key);
                return true;
@@ -68,80 +78,79 @@ bool read_rsa_public_key(connection_t *c) {
 
        /* Else, check for PublicKeyFile statement and read it */
 
-       if(get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname)) {
-               fp = fopen(fname, "r");
+       if(get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &pubname)) {
+               fp = fopen(pubname, "r");
 
                if(!fp) {
-                       logger(LOG_ERR, "Error reading RSA public key file `%s': %s",
-                                  fname, strerror(errno));
-                       free(fname);
+                       logger(LOG_ERR, "Error reading RSA public key file `%s': %s", pubname, strerror(errno));
+                       free(pubname);
                        return false;
                }
 
-               free(fname);
                c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL);
                fclose(fp);
 
-               if(c->rsa_key)
+               if(c->rsa_key) {
+                       free(pubname);
                        return true;            /* Woohoo. */
+               }
 
                /* If it fails, try PEM_read_RSA_PUBKEY. */
-               fp = fopen(fname, "r");
+               fp = fopen(pubname, "r");
 
                if(!fp) {
-                       logger(LOG_ERR, "Error reading RSA public key file `%s': %s",
-                                  fname, strerror(errno));
-                       free(fname);
+                       logger(LOG_ERR, "Error reading RSA public key file `%s': %s", pubname, strerror(errno));
+                       free(pubname);
                        return false;
                }
 
-               free(fname);
                c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
                fclose(fp);
 
                if(c->rsa_key) {
 //                             RSA_blinding_on(c->rsa_key, NULL);
+                       free(pubname);
                        return true;
                }
 
-               logger(LOG_ERR, "Reading RSA public key file `%s' failed: %s",
-                          fname, strerror(errno));
+               logger(LOG_ERR, "Reading RSA public key file `%s' failed: %s", pubname, strerror(errno));
+               free(pubname);
                return false;
        }
 
        /* Else, check if a harnessed public key is in the config file */
 
-       xasprintf(&fname, "%s/hosts/%s", confbase, c->name);
-       fp = fopen(fname, "r");
+       xasprintf(&hcfname, "%s/hosts/%s", confbase, c->name);
+       fp = fopen(hcfname, "r");
 
        if(!fp) {
-               logger(LOG_ERR, "Error reading RSA public key file `%s': %s", fname, strerror(errno));
-               free(fname);
+               logger(LOG_ERR, "Error reading RSA public key file `%s': %s", hcfname, strerror(errno));
+               free(hcfname);
                return false;
        }
 
        c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL);
        fclose(fp);
-       free(fname);
 
-       if(c->rsa_key)
+       if(c->rsa_key) {
+               free(hcfname);
                return true;
+       }
 
        /* Try again with PEM_read_RSA_PUBKEY. */
 
-       xasprintf(&fname, "%s/hosts/%s", confbase, c->name);
-       fp = fopen(fname, "r");
+       fp = fopen(hcfname, "r");
 
        if(!fp) {
-               logger(LOG_ERR, "Error reading RSA public key file `%s': %s", fname, strerror(errno));
-               free(fname);
+               logger(LOG_ERR, "Error reading RSA public key file `%s': %s", hcfname, strerror(errno));
+               free(hcfname);
                return false;
        }
 
+       free(hcfname);
        c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
 //     RSA_blinding_on(c->rsa_key, NULL);
        fclose(fp);
-       free(fname);
 
        if(c->rsa_key)
                return true;
@@ -154,20 +163,27 @@ bool read_rsa_public_key(connection_t *c) {
 static bool read_rsa_private_key(void) {
        FILE *fp;
        char *fname, *key, *pubkey;
-       struct stat s;
 
        if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) {
+               myself->connection->rsa_key = RSA_new();
+//             RSA_blinding_on(myself->connection->rsa_key, NULL);
+               if(BN_hex2bn(&myself->connection->rsa_key->d, key) != strlen(key)) {
+                       logger(LOG_ERR, "Invalid PrivateKey for myself!");
+                       free(key);
+                       return false;
+               }
+               free(key);
                if(!get_config_string(lookup_config(config_tree, "PublicKey"), &pubkey)) {
                        logger(LOG_ERR, "PrivateKey used but no PublicKey found!");
                        return false;
                }
-               myself->connection->rsa_key = RSA_new();
-//             RSA_blinding_on(myself->connection->rsa_key, NULL);
-               BN_hex2bn(&myself->connection->rsa_key->d, key);
-               BN_hex2bn(&myself->connection->rsa_key->n, pubkey);
-               BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
-               free(key);
+               if(BN_hex2bn(&myself->connection->rsa_key->n, pubkey) != strlen(pubkey)) {
+                       logger(LOG_ERR, "Invalid PublicKey for myself!");
+                       free(pubkey);
+                       return false;
+               }
                free(pubkey);
+               BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
                return true;
        }
 
@@ -184,15 +200,14 @@ static bool read_rsa_private_key(void) {
        }
 
 #if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
-       if(fstat(fileno(fp), &s)) {
-               logger(LOG_ERR, "Could not stat RSA private key file `%s': %s'",
-                               fname, strerror(errno));
-               free(fname);
-               return false;
-       }
+       struct stat s;
 
-       if(s.st_mode & ~0100700)
-               logger(LOG_WARNING, "Warning: insecure file permissions for RSA private key file `%s'!", fname);
+       if(!fstat(fileno(fp), &s)) {
+               if(s.st_mode & ~0100700)
+                       logger(LOG_WARNING, "Warning: insecure file permissions for RSA private key file `%s'!", fname);
+       } else {
+               logger(LOG_WARNING, "Could not stat RSA private key file `%s': %s'", fname, strerror(errno));
+       }
 #endif
 
        myself->connection->rsa_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
@@ -279,17 +294,20 @@ char *get_name(void) {
 
        if(*name == '$') {
                char *envname = getenv(name + 1);
+               char hostname[32] = "";
                if(!envname) {
                        if(strcmp(name + 1, "HOST")) {
                                fprintf(stderr, "Invalid Name: environment variable %s does not exist\n", name + 1);
+                               free(name);
                                return false;
                        }
-                       envname = alloca(32);
-                       if(gethostname(envname, 32)) {
+                       if(gethostname(hostname, sizeof hostname) || !*hostname) {
                                fprintf(stderr, "Could not get hostname: %s\n", strerror(errno));
+                               free(name);
                                return false;
                        }
-                       envname[31] = 0;
+                       hostname[31] = 0;
+                       envname = hostname;
                }
                free(name);
                name = xstrdup(envname);
@@ -316,11 +334,14 @@ static bool setup_myself(void) {
        char *name, *hostname, *mode, *afname, *cipher, *digest, *type;
        char *fname = NULL;
        char *address = NULL;
-       char *envp[5];
+       char *proxy = NULL;
+       char *space;
+       char *envp[5] = {NULL};
        struct addrinfo *ai, *aip, hint = {0};
        bool choice;
        int i, err;
        int replaywin_int;
+       bool port_specified = false;
 
        myself = new_node();
        myself->connection = new_connection();
@@ -336,6 +357,8 @@ static bool setup_myself(void) {
                return false;
        }
 
+       /* Read tinc.conf and our own host config file */
+
        myself->name = name;
        myself->connection->name = xstrdup(name);
        xasprintf(&fname, "%s/hosts/%s", confbase, name);
@@ -348,6 +371,10 @@ static bool setup_myself(void) {
 
        if(!get_config_string(lookup_config(config_tree, "Port"), &myport))
                myport = xstrdup("655");
+       else
+               port_specified = true;
+
+       /* Ensure myport is numeric */
 
        if(!atoi(myport)) {
                struct addrinfo *ai = str2addrinfo("localhost", myport, SOCK_DGRAM);
@@ -359,6 +386,70 @@ static bool setup_myself(void) {
                sockaddr2str(&sa, NULL, &myport);
        }
 
+       if(get_config_string(lookup_config(config_tree, "Proxy"), &proxy)) {
+               if((space = strchr(proxy, ' ')))
+                       *space++ = 0;
+
+               if(!strcasecmp(proxy, "none")) {
+                       proxytype = PROXY_NONE;
+               } else if(!strcasecmp(proxy, "socks4")) {
+                       proxytype = PROXY_SOCKS4;
+               } else if(!strcasecmp(proxy, "socks4a")) {
+                       proxytype = PROXY_SOCKS4A;
+               } else if(!strcasecmp(proxy, "socks5")) {
+                       proxytype = PROXY_SOCKS5;
+               } else if(!strcasecmp(proxy, "http")) {
+                       proxytype = PROXY_HTTP;
+               } else if(!strcasecmp(proxy, "exec")) {
+                       proxytype = PROXY_EXEC;
+               } else {
+                       logger(LOG_ERR, "Unknown proxy type %s!", proxy);
+                       free(proxy);
+                       return false;
+               }
+
+               switch(proxytype) {
+                       case PROXY_NONE:
+                       default:
+                               break;
+
+                       case PROXY_EXEC:
+                               if(!space || !*space) {
+                                       logger(LOG_ERR, "Argument expected for proxy type exec!");
+                                       free(proxy);
+                                       return false;
+                               }
+                               proxyhost =  xstrdup(space);
+                               break;
+
+                       case PROXY_SOCKS4:
+                       case PROXY_SOCKS4A:
+                       case PROXY_SOCKS5:
+                       case PROXY_HTTP:
+                               proxyhost = space;
+                               if(space && (space = strchr(space, ' ')))
+                                       *space++ = 0, proxyport = space;
+                               if(space && (space = strchr(space, ' ')))
+                                       *space++ = 0, proxyuser = space;
+                               if(space && (space = strchr(space, ' ')))
+                                       *space++ = 0, proxypass = space;
+                               if(!proxyhost || !*proxyhost || !proxyport || !*proxyport) {
+                                       logger(LOG_ERR, "Host and port argument expected for proxy!");
+                                       free(proxy);
+                                       return false;
+                               }
+                               proxyhost = xstrdup(proxyhost);
+                               proxyport = xstrdup(proxyport);
+                               if(proxyuser && *proxyuser)
+                                       proxyuser = xstrdup(proxyuser);
+                               if(proxypass && *proxypass)
+                                       proxypass = xstrdup(proxypass);
+                               break;
+               }
+
+               free(proxy);
+       }
+
        /* Read in all the subnets specified in the host configuration file */
 
        cfg = lookup_config(config_tree, "Subnet");
@@ -398,6 +489,7 @@ static bool setup_myself(void) {
                        routing_mode = RMODE_HUB;
                else {
                        logger(LOG_ERR, "Invalid routing mode!");
+                       free(mode);
                        return false;
                }
                free(mode);
@@ -412,6 +504,7 @@ static bool setup_myself(void) {
                        forwarding_mode = FMODE_KERNEL;
                else {
                        logger(LOG_ERR, "Invalid forwarding mode!");
+                       free(mode);
                        return false;
                }
                free(mode);
@@ -429,7 +522,20 @@ static bool setup_myself(void) {
 
        get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance);
        get_config_bool(lookup_config(config_tree, "DecrementTTL"), &decrement_ttl);
-       get_config_bool(lookup_config(config_tree, "Broadcast"), &broadcast);
+       if(get_config_string(lookup_config(config_tree, "Broadcast"), &mode)) {
+               if(!strcasecmp(mode, "no"))
+                       broadcast_mode = BMODE_NONE;
+               else if(!strcasecmp(mode, "yes") || !strcasecmp(mode, "mst"))
+                       broadcast_mode = BMODE_MST;
+               else if(!strcasecmp(mode, "direct"))
+                       broadcast_mode = BMODE_DIRECT;
+               else {
+                       logger(LOG_ERR, "Invalid broadcast mode!");
+                       free(mode);
+                       return false;
+               }
+               free(mode);
+       }
 
 #if !defined(SOL_IP) || !defined(IP_TOS)
        if(priorityinheritance)
@@ -478,6 +584,7 @@ static bool setup_myself(void) {
                        addressfamily = AF_UNSPEC;
                else {
                        logger(LOG_ERR, "Invalid address family!");
+                       free(afname);
                        return false;
                }
                free(afname);
@@ -487,8 +594,7 @@ static bool setup_myself(void) {
 
        /* Generate packet encryption key */
 
-       if(get_config_string
-          (lookup_config(config_tree, "Cipher"), &cipher)) {
+       if(get_config_string(lookup_config(config_tree, "Cipher"), &cipher)) {
                if(!strcasecmp(cipher, "none")) {
                        myself->incipher = NULL;
                } else {
@@ -496,9 +602,11 @@ static bool setup_myself(void) {
 
                        if(!myself->incipher) {
                                logger(LOG_ERR, "Unrecognized cipher type!");
+                               free(cipher);
                                return false;
                        }
                }
+               free(cipher);
        } else
                myself->incipher = EVP_bf_cbc();
 
@@ -524,9 +632,12 @@ static bool setup_myself(void) {
 
                        if(!myself->indigest) {
                                logger(LOG_ERR, "Unrecognized digest type!");
+                               free(digest);
                                return false;
                        }
                }
+
+               free(digest);
        } else
                myself->indigest = EVP_sha1();
 
@@ -590,6 +701,7 @@ static bool setup_myself(void) {
                else if(!strcasecmp(type, "vde"))
                        devops = vde_devops;
 #endif
+               free(type);
        }
 
        if(!devops.setup())
@@ -600,11 +712,10 @@ static bool setup_myself(void) {
        xasprintf(&envp[1], "DEVICE=%s", device ? : "");
        xasprintf(&envp[2], "INTERFACE=%s", iface ? : "");
        xasprintf(&envp[3], "NAME=%s", myself->name);
-       envp[4] = NULL;
 
        execute_script("tinc-up", envp);
 
-       for(i = 0; i < 5; i++)
+       for(i = 0; i < 4; i++)
                free(envp[i]);
 
        /* Run subnet-up scripts for our own subnets */
@@ -720,13 +831,27 @@ static bool setup_myself(void) {
                } while(cfg);
        }
 
-       if(listen_sockets)
-               logger(LOG_NOTICE, "Ready");
-       else {
+       if(!listen_sockets) {
                logger(LOG_ERR, "Unable to create any listening socket!");
                return false;
        }
 
+       /* If no Port option was specified, set myport to the port used by the first listening socket. */
+
+       if(!port_specified) {
+               sockaddr_t sa;
+               socklen_t salen = sizeof sa;
+               if(!getsockname(listen_socket[0].udp, &sa.sa, &salen)) {
+                       free(myport);
+                       sockaddr2str(&sa, NULL, &myport);
+                       if(!myport)
+                               myport = xstrdup("655");
+               }
+       }
+
+       /* Done. */
+
+       logger(LOG_NOTICE, "Ready");
        return true;
 }
 
@@ -770,7 +895,7 @@ bool setup_network(void) {
 void close_network_connections(void) {
        avl_node_t *node, *next;
        connection_t *c;
-       char *envp[5];
+       char *envp[5] = {NULL};
        int i;
 
        for(node = connection_tree->head; node; node = next) {
@@ -804,7 +929,6 @@ void close_network_connections(void) {
        xasprintf(&envp[1], "DEVICE=%s", device ? : "");
        xasprintf(&envp[2], "INTERFACE=%s", iface ? : "");
        xasprintf(&envp[3], "NAME=%s", myself->name);
-       envp[4] = NULL;
 
        exit_requests();
        exit_edges();
tinc, the VPN daemon