/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.c

  • Committer: Teddy Hogeborn
  • Date: 2016-08-06 00:53:13 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 350.
  • Revision ID: teddy@recompile.se-20160806005313-q9n4b1b7707hnjj4
Makefile: Replace "-fsanitize=address" with "-fsanitize=leak"

The Address Sanitizer is a debugging feature, not a security feature -
it has security issues:  <http://seclists.org/oss-sec/2016/q1/363>
Therefore, it should only be used when debugging.  Replace it with
"-fsanitize=leak", which is needed since -fsanitize=address no longer
includes it implicitly.

* Makefile (DEBUG): Add "-fsanitize=address".
  (ALL_SANITIZE_OPTIONS): Replace "-fsanitize=address" with
                          "-fsanitize=leak".

Show diffs side-by-side

added added

removed removed

Lines of Context:
47
47
                                   strtof(), abort() */
48
48
#include <stdbool.h>            /* bool, false, true */
49
49
#include <string.h>             /* strcmp(), strlen(), strerror(),
50
 
                                   asprintf(), strncpy() */
 
50
                                   asprintf(), strncpy(), strsignal()
 
51
                                */
51
52
#include <sys/ioctl.h>          /* ioctl */
52
53
#include <sys/types.h>          /* socket(), inet_pton(), sockaddr,
53
54
                                   sockaddr_in6, PF_INET6,
1237
1238
           with an explicit route added with the server's address.
1238
1239
           
1239
1240
           Avahi bug reference:
1240
 
           http://lists.freedesktop.org/archives/avahi/2010-February/001833.html
 
1241
           https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1241
1242
           https://bugs.debian.org/587961
1242
1243
        */
1243
1244
        if(debug){
1423
1424
                                               &decrypted_buffer, mc);
1424
1425
    if(decrypted_buffer_size >= 0){
1425
1426
      
 
1427
      clearerr(stdout);
1426
1428
      written = 0;
1427
1429
      while(written < (size_t) decrypted_buffer_size){
1428
1430
        if(quit_now){
1444
1446
        }
1445
1447
        written += (size_t)ret;
1446
1448
      }
 
1449
      ret = fflush(stdout);
 
1450
      if(ret != 0){
 
1451
        int e = errno;
 
1452
        if(debug){
 
1453
          fprintf_plus(stderr, "Error writing encrypted data: %s\n",
 
1454
                       strerror(errno));
 
1455
        }
 
1456
        errno = e;
 
1457
        goto mandos_end;
 
1458
      }
1447
1459
      retval = 0;
1448
1460
    }
1449
1461
  }
2485
2497
  
2486
2498
  {
2487
2499
    /* Work around Debian bug #633582:
2488
 
       <http://bugs.debian.org/633582> */
 
2500
       <https://bugs.debian.org/633582> */
2489
2501
    
2490
2502
    /* Re-raise privileges */
2491
2503
    ret = raise_privileges();
2946
2958
 end:
2947
2959
  
2948
2960
  if(debug){
2949
 
    fprintf_plus(stderr, "%s exiting\n", argv[0]);
 
2961
    if(signal_received){
 
2962
      fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
 
2963
                   argv[0], signal_received,
 
2964
                   strsignal(signal_received));
 
2965
    } else {
 
2966
      fprintf_plus(stderr, "%s exiting\n", argv[0]);
 
2967
    }
2950
2968
  }
2951
2969
  
2952
2970
  /* Cleanup things */