/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

  • Committer: Teddy Hogeborn
  • Date: 2014-06-14 23:29:00 UTC
  • Revision ID: teddy@recompile.se-20140614232900-vhcywskev4u8rz2d
mandos-client: Fix some bugs on error conditions.

* plugins.d/mandos-client.c (run_network_hooks): Init "dirent" to NULL
                                                 and, later, always
                                                 free() it unless
                                                 scandirat() or
                                                 scandir() failed.
  (main): Fix free() of uninitalized memory in case scandirat() or
          scandir() of "/sys/class/net" failed.  Also, when cleaning
          up, even if GPGME temp directory is empty, do
          free(direntries) and remove the directory.

Show diffs side-by-side

added added

removed removed

Lines of Context:
plugins.d/mandos-client.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
 
<!ENTITY TIMESTAMP "2014-06-22">
 
5
<!ENTITY TIMESTAMP "2014-03-05">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
748
748
    <para>
749
749
      It will also help if the checker program on the server is
750
750
      configured to request something from the client which can not be
751
 
      spoofed by someone else on the network, like SSH server key
752
 
      fingerprints, and unlike unencrypted <acronym>ICMP</acronym>
753
 
      echo (<quote>ping</quote>) replies.
 
751
      spoofed by someone else on the network, unlike unencrypted
 
752
      <acronym>ICMP</acronym> echo (<quote>ping</quote>) replies.
754
753
    </para>
755
754
    <para>
756
755
      <emphasis>Note</emphasis>: This makes it completely insecure to