Backport fixes from trunk since revision 1555.

diff --git a/src/conf.c b/src/conf.c
index 4108d8b..5dc7017 100644 (file)
--- a/src/conf.c
+++ b/src/conf.c
@@ -328,6 +328,11 @@ int read_config_file(splay_tree_t *config_tree, const char *fname) {
        buffer = xmalloc(bufsize);
 
        for(;;) {
+               if(feof(fp)) {
+                       err = 0;
+                       break;
+               }
+
                line = readline(fp, &buffer, &bufsize);
 
                if(!line) {
@@ -335,11 +340,6 @@ int read_config_file(splay_tree_t *config_tree, const char *fname) {
                        break;
                }
 
-               if(feof(fp)) {
-                       err = 0;
-                       break;
-               }
-
                lineno++;
 
                if(!*line || *line == '#')

diff --git a/src/net_socket.c b/src/net_socket.c
index a6fe54b..c2c1da9 100644 (file)
--- a/src/net_socket.c
+++ b/src/net_socket.c
@@ -294,7 +294,8 @@ begin:
        }
 
        if(!c->outgoing->aip) {
-               freeaddrinfo(c->outgoing->ai);
+               if(c->outgoing->ai)
+                       freeaddrinfo(c->outgoing->ai);
                c->outgoing->ai = NULL;
                goto begin;
        }

diff --git a/src/process.c b/src/process.c
index e9f65d4..aaddcbc 100644 (file)
--- a/src/process.c
+++ b/src/process.c
@@ -148,6 +148,9 @@ bool remove_service(void) {
 
 DWORD WINAPI controlhandler(DWORD request, DWORD type, LPVOID boe, LPVOID bah) {
        switch(request) {
+               case SERVICE_CONTROL_INTERROGATE:
+                       SetServiceStatus(statushandle, &status);
+                       return NO_ERROR;
                case SERVICE_CONTROL_STOP:
                        logger(LOG_NOTICE, _("Got %s request"), "SERVICE_CONTROL_STOP");
                        break;

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index 0471932..1fb37fc 100644 (file)
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -207,7 +207,7 @@ bool metakey_h(connection_t *c, char *request) {
        /* Decrypt the meta key */
 
        if(!rsa_private_decrypt(&myself->connection->rsa, enckey, len, key)) {
-               logger(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname);
+               logger(LOG_ERR, _("Error during decryption of meta key for %s (%s)"), c->name, c->hostname);
                return false;
        }
 

diff --git a/src/protocol_key.c b/src/protocol_key.c
index 52666d9..71f28bf 100644 (file)
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -128,6 +128,12 @@ bool req_key_h(connection_t *c, char *request) {
                if(tunnelserver)
                        return false;
 
+               if(!to->status.reachable) {
+                       logger(LOG_WARNING, _("Got %s from %s (%s) destination %s which is not reachable"),
+                               "REQ_KEY", c->name, c->hostname, to_name);
+                       return true;
+               }
+
                send_req_key(to->nexthop->connection, from, to);
        }
 
@@ -190,6 +196,12 @@ bool ans_key_h(connection_t *c, char *request) {
                if(tunnelserver)
                        return false;
 
+               if(!to->status.reachable) {
+                       logger(LOG_WARNING, _("Got %s from %s (%s) destination %s which is not reachable"),
+                                  "ANS_KEY", c->name, c->hostname, to_name);
+                       return true;
+               }
+
                return send_request(to->nexthop->connection, "%s", request);
        }
 

diff --git a/src/subnet.c b/src/subnet.c
index 9d84ec2..46006a1 100644 (file)
--- a/src/subnet.c
+++ b/src/subnet.c
@@ -188,11 +188,17 @@ bool str2net(subnet_t *subnet, const char *subnetstr)
 
        if(sscanf(subnetstr, "%hu.%hu.%hu.%hu/%d",
                          &x[0], &x[1], &x[2], &x[3], &l) == 5) {
+               if(l < 0 || l > 32)
+                       return false;
+
                subnet->type = SUBNET_IPV4;
                subnet->net.ipv4.prefixlength = l;
 
-               for(i = 0; i < 4; i++)
+               for(i = 0; i < 4; i++) {
+                       if(x[i] > 255)
+                               return false;
                        subnet->net.ipv4.address.x[i] = x[i];
+               }
 
                return true;
        }
@@ -200,6 +206,9 @@ bool str2net(subnet_t *subnet, const char *subnetstr)
        if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%d",
                          &x[0], &x[1], &x[2], &x[3], &x[4], &x[5], &x[6], &x[7],
                          &l) == 9) {
+               if(l < 0 || l > 128)
+                       return false;
+
                subnet->type = SUBNET_IPV6;
                subnet->net.ipv6.prefixlength = l;
 
@@ -210,17 +219,26 @@ bool str2net(subnet_t *subnet, const char *subnetstr)
        }
 
        if(sscanf(subnetstr, "%hu.%hu.%hu.%hu", &x[0], &x[1], &x[2], &x[3]) == 4) {
+               if(l < 0 || l > 32)
+                       return false;
+
                subnet->type = SUBNET_IPV4;
                subnet->net.ipv4.prefixlength = 32;
 
-               for(i = 0; i < 4; i++)
+               for(i = 0; i < 4; i++) {
+                       if(x[i] > 255)
+                               return false;
                        subnet->net.ipv4.address.x[i] = x[i];
+               }
 
                return true;
        }
 
        if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx",
                          &x[0], &x[1], &x[2], &x[3], &x[4], &x[5], &x[6], &x[7]) == 8) {
+               if(l < 0 || l > 128)
+                       return false;
+
                subnet->type = SUBNET_IPV6;
                subnet->net.ipv6.prefixlength = 128;
 
@@ -348,6 +366,8 @@ subnet_t *lookup_subnet_ipv4(const ipv4_t *address)
                                /* Otherwise, see if there is a bigger enclosing subnet */
 
                                subnet.net.ipv4.prefixlength = p->net.ipv4.prefixlength - 1;
+                               if(subnet.net.ipv4.prefixlength < 0 || subnet.net.ipv4.prefixlength > 32)
+                                       return NULL;
                                maskcpy(&subnet.net.ipv4.address, &p->net.ipv4.address, subnet.net.ipv4.prefixlength, sizeof(ipv4_t));
                        }
                }
@@ -384,6 +404,8 @@ subnet_t *lookup_subnet_ipv6(const ipv6_t *address)
                                /* Otherwise, see if there is a bigger enclosing subnet */
 
                                subnet.net.ipv6.prefixlength = p->net.ipv6.prefixlength - 1;
+                               if(subnet.net.ipv6.prefixlength < 0 || subnet.net.ipv6.prefixlength > 128)
+                                       return NULL;
                                maskcpy(&subnet.net.ipv6.address, &p->net.ipv6.address, subnet.net.ipv6.prefixlength, sizeof(ipv6_t));
                        }
                }