/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.c

  • Committer: Teddy Hogeborn
  • Date: 2016-03-17 20:40:55 UTC
  • Revision ID: teddy@recompile.se-20160317204055-bhsh5xsidq7w5cxu
Client: Fix plymouth agent; broken since 1.7.2.

Fix an very old memory bug in the plymouth agent (which has been
present since its apperance in version 1.2), but which was only
recently detected at run time due to the new -fsanitize=address
compile- time flag, which has been used since version 1.7.2.  This
detection of a memory access violation causes the program to abort,
making the Plymouth graphical boot system unable to accept interactive
input of passwords when using the Mandos client.

* plugins.d/plymouth.c (exec_and_wait): Fix memory allocation bug when
  allocating new_argv.  Also tolerate a zero-length argv.

Show diffs side-by-side

added added

removed removed

Lines of Context:
plugins.d/mandos-client.c
47
47
                                   strtof(), abort() */
48
48
#include <stdbool.h>            /* bool, false, true */
49
49
#include <string.h>             /* strcmp(), strlen(), strerror(),
50
 
                                   asprintf(), strncpy(), strsignal()
51
 
                                */
 
50
                                   asprintf(), strncpy() */
52
51
#include <sys/ioctl.h>          /* ioctl */
53
52
#include <sys/types.h>          /* socket(), inet_pton(), sockaddr,
54
53
                                   sockaddr_in6, PF_INET6,
626
625
                     safer_gnutls_strerror(ret));
627
626
        dhparamsfilename = NULL;
628
627
      }
629
 
      free(params.data);
630
628
    } while(false);
631
629
  }
632
630
  if(dhparamsfilename == NULL){
1079
1077
    bool match = false;
1080
1078
    {
1081
1079
      char *interface = NULL;
1082
 
      while((interface = argz_next(mc->interfaces,
1083
 
                                   mc->interfaces_size,
1084
 
                                   interface))){
 
1080
      while((interface=argz_next(mc->interfaces, mc->interfaces_size,
 
1081
                                 interface))){
1085
1082
        if(if_nametoindex(interface) == (unsigned int)if_index){
1086
1083
          match = true;
1087
1084
          break;
1240
1237
           with an explicit route added with the server's address.
1241
1238
           
1242
1239
           Avahi bug reference:
1243
 
           https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
 
1240
           http://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1244
1241
           https://bugs.debian.org/587961
1245
1242
        */
1246
1243
        if(debug){
1426
1423
                                               &decrypted_buffer, mc);
1427
1424
    if(decrypted_buffer_size >= 0){
1428
1425
      
1429
 
      clearerr(stdout);
1430
1426
      written = 0;
1431
1427
      while(written < (size_t) decrypted_buffer_size){
1432
1428
        if(quit_now){
1448
1444
        }
1449
1445
        written += (size_t)ret;
1450
1446
      }
1451
 
      ret = fflush(stdout);
1452
 
      if(ret != 0){
1453
 
        int e = errno;
1454
 
        if(debug){
1455
 
          fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1456
 
                       strerror(errno));
1457
 
        }
1458
 
        errno = e;
1459
 
        goto mandos_end;
1460
 
      }
1461
1447
      retval = 0;
1462
1448
    }
1463
1449
  }
2197
2183
  
2198
2184
  /* Sleep checking until interface is running.
2199
2185
     Check every 0.25s, up to total time of delay */
2200
 
  for(int i = 0; i < delay * 4; i++){
 
2186
  for(int i=0; i < delay * 4; i++){
2201
2187
    if(interface_is_running(interface)){
2202
2188
      break;
2203
2189
    }
2499
2485
  
2500
2486
  {
2501
2487
    /* Work around Debian bug #633582:
2502
 
       <https://bugs.debian.org/633582> */
 
2488
       <http://bugs.debian.org/633582> */
2503
2489
    
2504
2490
    /* Re-raise privileges */
2505
2491
    ret = raise_privileges();
2960
2946
 end:
2961
2947
  
2962
2948
  if(debug){
2963
 
    if(signal_received){
2964
 
      fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
2965
 
                   argv[0], signal_received,
2966
 
                   strsignal(signal_received));
2967
 
    } else {
2968
 
      fprintf_plus(stderr, "%s exiting\n", argv[0]);
2969
 
    }
 
2949
    fprintf_plus(stderr, "%s exiting\n", argv[0]);
2970
2950
  }
2971
2951
  
2972
2952
  /* Cleanup things */
3024
3004
      /* Take down the network interfaces which were brought up */
3025
3005
      {
3026
3006
        char *interface = NULL;
3027
 
        while((interface = argz_next(interfaces_to_take_down,
3028
 
                                     interfaces_to_take_down_size,
3029
 
                                     interface))){
 
3007
        while((interface=argz_next(interfaces_to_take_down,
 
3008
                                   interfaces_to_take_down_size,
 
3009
                                   interface))){
3030
3010
          ret = take_down_interface(interface);
3031
3011
          if(ret != 0){
3032
3012
            errno = ret;