diff options
| -rw-r--r-- | configure.ac | 6 | ||||
| -rwxr-xr-x | debian/rules | 7 | ||||
| -rw-r--r-- | src/options.c | 10 | ||||
| -rw-r--r-- | src/pkt.c | 6 | ||||
| -rw-r--r-- | src/ptunnel.c | 2 | ||||
| -rw-r--r-- | src/utils.c | 20 |
6 files changed, 28 insertions, 23 deletions
diff --git a/configure.ac b/configure.ac index eeb6634..6d907bd 100644 --- a/configure.ac +++ b/configure.ac @@ -149,11 +149,7 @@ dnl Check for more secure randomization functions AC_CHECK_HEADERS([bsd/stdlib.h],, [random_enabled=yes]) AC_SEARCH_LIBS([arc4random], [bsd],,,) AC_CHECK_FUNCS([arc4random], [random_enabled=],) -if test x"${random_enabled}" != x; then - AC_CHECK_FUNCS([timespec_get srandom random], - [random_enabled=yes], - [random_enabled=]) -else +if test x"${random_enabled}" = x; then arc4random_enabled=yes fi diff --git a/debian/rules b/debian/rules index 2a24ea5..89a0767 100755 --- a/debian/rules +++ b/debian/rules @@ -8,4 +8,9 @@ LDFLAGS:=$(shell dpkg-buildflags --get LDFLAGS) dh $@ --with autoreconf override_dh_auto_build: - dh_auto_build -- CFLAGS="-Wall $(CFLAGS)" LDFLAGS="$(LDFLAGS)" CPPFLAGS="$(CPPFLAGS)" + dh_auto_build -- CFLAGS="-Wall -Werror $(CFLAGS)" LDFLAGS="$(LDFLAGS)" CPPFLAGS="$(CPPFLAGS)" + +override_dh_auto_install: + dh_auto_install + install -D -m644 contrib/ptunnel-ng.conf debian/ptunnel-ng/etc/conf.d/ptunnel-ng + install -D -m644 contrib/ptunnel-ng.service debian/ptunnel-ng/etc/systemd/system/ptunnel-ng.service diff --git a/src/options.c b/src/options.c index 66c44a6..ad43380 100644 --- a/src/options.c +++ b/src/options.c @@ -242,7 +242,7 @@ static struct option long_options[] = { static const void *get_default_optval(enum option_type opttype, const char *optname) { for (unsigned i = 0; i < ARRAY_SIZE(long_options); ++i) { - if (strncmp(long_options[i].name, optname, strlen(long_options[i].name)) == 0) { + if (strncmp(long_options[i].name, optname, BUFSIZ /* not optimal */) == 0) { assert(usage[i].otype == opttype); return &usage[i].str; } @@ -307,9 +307,9 @@ static void print_multiline(const char *prefix, const char *multiline) { do { if (start) { end = strstr(start, sep); - if (end) { + if (end && *end != '\0') { printf("%s%.*s\n", prefix, (int)(end-start), start); - start = end + strlen(sep); + start = end + strnlen(sep, BUFSIZ /* not optimal */); } } } while (start && end); @@ -495,10 +495,10 @@ int parse_options(int argc, char **argv) { pt_log(kLog_debug, "Password set - unauthenicated connections will be refused.\n"); // Compute the password digest md5_init(&state); - md5_append(&state, (md5_byte_t*)optarg, strlen(opts.password)); + md5_append(&state, (md5_byte_t*)optarg, strnlen(opts.password, BUFSIZ /* not optimal */)); md5_finish(&state, &opts.password_digest[0]); // Hide the password in process listing - memset(optarg, '*', strlen(optarg)); + memset(optarg, '*', strnlen(optarg, BUFSIZ /* not optimal */)); break; #ifndef WIN32 case 'd': @@ -373,6 +373,8 @@ void handle_data(icmp_echo_packet_t *pkt, int total_len, forward_desc_t *ring[], } return; } + if (!next_expected_seq) + return; if (pt_pkt->seq_no == *next_expected_seq) { /* hmm, what happens if this test is true? */ if (!ring[*insert_idx]) { /* && pt_pkt->state == kProto_data */ @@ -407,12 +409,12 @@ void handle_data(icmp_echo_packet_t *pkt, int total_len, forward_desc_t *ring[], d = s - r; if (d < 0) { /* This packet _may_ be old, or seq_no may have wrapped around */ d = (s+0xFFFF) - r; - if (d < window_size) { + if (window_size && d < window_size) { /* Counter has wrapped, so we should add this packet to the recv ring */ pos = ((*insert_idx)+d) % window_size; } } - else if (d < window_size) + else if (window_size && d < window_size) pos = ((*insert_idx)+d) % window_size; if (pos != -1) { diff --git a/src/ptunnel.c b/src/ptunnel.c index 1c4d8fd..4463077 100644 --- a/src/ptunnel.c +++ b/src/ptunnel.c @@ -178,7 +178,7 @@ int main(int argc, char *argv[]) { } if (opts.chroot) { pt_log(kLog_info, "Restricting file access to %s\n", opts.root_dir); - if (-1 == chdir(opts.root_dir) || -1 == chroot(opts.root_dir)) { + if (-1 == chdir(opts.root_dir) || -1 == chroot(".") || -1 == chdir("/")) { pt_log(kLog_error, "chdir/chroot `%s': %s\n", opts.root_dir, strerror(errno)); exit(1); } diff --git a/src/utils.c b/src/utils.c index bd3ea0e..6188543 100644 --- a/src/utils.c +++ b/src/utils.c @@ -48,6 +48,8 @@ #endif #include <stdio.h> #include <stdlib.h> +#include <unistd.h> +#include <fcntl.h> #include <stdarg.h> #include <string.h> #include <time.h> @@ -59,6 +61,7 @@ #ifndef WIN32 #include <syslog.h> #include <sys/types.h> +#include <sys/stat.h> #include <sys/socket.h> #include <netdb.h> #include <netinet/in.h> @@ -157,15 +160,14 @@ int pt_random(void) { #ifdef HAVE_ARC4RANDOM return arc4random(); #else -#ifdef HAVE_RANDOM -#ifndef TIME_UTC -#define TIME_UTC 1 -#endif - struct timespec ts; - - assert(timespec_get(&ts, TIME_UTC)); - srandom(ts.tv_nsec ^ ts.tv_sec); - return random(); +#if defined(HAVE_RANDOM) && !defined(_WIN32) + static int rng_fd = -1; + int rnd_val; + if (rng_fd < 0) + rng_fd = open("/dev/random", O_RDONLY); + assert(rng_fd >= 0); + assert( read(rng_fd, &rnd_val, sizeof rnd_val) == sizeof rnd_val ); + return rnd_val; #else srand(time(0)); return rand(); |