diff --git a/src/conf.c b/src/conf.c index 4108d8ba..5dc70171 100644 --- a/src/conf.c +++ b/src/conf.c @@ -328,6 +328,11 @@ int read_config_file(splay_tree_t *config_tree, const char *fname) { buffer = xmalloc(bufsize); for(;;) { + if(feof(fp)) { + err = 0; + break; + } + line = readline(fp, &buffer, &bufsize); if(!line) { @@ -335,11 +340,6 @@ int read_config_file(splay_tree_t *config_tree, const char *fname) { break; } - if(feof(fp)) { - err = 0; - break; - } - lineno++; if(!*line || *line == '#') diff --git a/src/net_socket.c b/src/net_socket.c index a6fe54bc..c2c1da96 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -294,7 +294,8 @@ begin: } if(!c->outgoing->aip) { - freeaddrinfo(c->outgoing->ai); + if(c->outgoing->ai) + freeaddrinfo(c->outgoing->ai); c->outgoing->ai = NULL; goto begin; } diff --git a/src/process.c b/src/process.c index e9f65d46..aaddcbc1 100644 --- a/src/process.c +++ b/src/process.c @@ -148,6 +148,9 @@ bool remove_service(void) { DWORD WINAPI controlhandler(DWORD request, DWORD type, LPVOID boe, LPVOID bah) { switch(request) { + case SERVICE_CONTROL_INTERROGATE: + SetServiceStatus(statushandle, &status); + return NO_ERROR; case SERVICE_CONTROL_STOP: logger(LOG_NOTICE, _("Got %s request"), "SERVICE_CONTROL_STOP"); break; diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 0471932a..1fb37fcf 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -207,7 +207,7 @@ bool metakey_h(connection_t *c, char *request) { /* Decrypt the meta key */ if(!rsa_private_decrypt(&myself->connection->rsa, enckey, len, key)) { - logger(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); + logger(LOG_ERR, _("Error during decryption of meta key for %s (%s)"), c->name, c->hostname); return false; } diff --git a/src/protocol_key.c b/src/protocol_key.c index 52666d99..71f28bf7 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -128,6 +128,12 @@ bool req_key_h(connection_t *c, char *request) { if(tunnelserver) return false; + if(!to->status.reachable) { + logger(LOG_WARNING, _("Got %s from %s (%s) destination %s which is not reachable"), + "REQ_KEY", c->name, c->hostname, to_name); + return true; + } + send_req_key(to->nexthop->connection, from, to); } @@ -190,6 +196,12 @@ bool ans_key_h(connection_t *c, char *request) { if(tunnelserver) return false; + if(!to->status.reachable) { + logger(LOG_WARNING, _("Got %s from %s (%s) destination %s which is not reachable"), + "ANS_KEY", c->name, c->hostname, to_name); + return true; + } + return send_request(to->nexthop->connection, "%s", request); } diff --git a/src/subnet.c b/src/subnet.c index 9d84ec2b..46006a16 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -188,11 +188,17 @@ bool str2net(subnet_t *subnet, const char *subnetstr) if(sscanf(subnetstr, "%hu.%hu.%hu.%hu/%d", &x[0], &x[1], &x[2], &x[3], &l) == 5) { + if(l < 0 || l > 32) + return false; + subnet->type = SUBNET_IPV4; subnet->net.ipv4.prefixlength = l; - for(i = 0; i < 4; i++) + for(i = 0; i < 4; i++) { + if(x[i] > 255) + return false; subnet->net.ipv4.address.x[i] = x[i]; + } return true; } @@ -200,6 +206,9 @@ bool str2net(subnet_t *subnet, const char *subnetstr) if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%d", &x[0], &x[1], &x[2], &x[3], &x[4], &x[5], &x[6], &x[7], &l) == 9) { + if(l < 0 || l > 128) + return false; + subnet->type = SUBNET_IPV6; subnet->net.ipv6.prefixlength = l; @@ -210,17 +219,26 @@ bool str2net(subnet_t *subnet, const char *subnetstr) } if(sscanf(subnetstr, "%hu.%hu.%hu.%hu", &x[0], &x[1], &x[2], &x[3]) == 4) { + if(l < 0 || l > 32) + return false; + subnet->type = SUBNET_IPV4; subnet->net.ipv4.prefixlength = 32; - for(i = 0; i < 4; i++) + for(i = 0; i < 4; i++) { + if(x[i] > 255) + return false; subnet->net.ipv4.address.x[i] = x[i]; + } return true; } if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", &x[0], &x[1], &x[2], &x[3], &x[4], &x[5], &x[6], &x[7]) == 8) { + if(l < 0 || l > 128) + return false; + subnet->type = SUBNET_IPV6; subnet->net.ipv6.prefixlength = 128; @@ -348,6 +366,8 @@ subnet_t *lookup_subnet_ipv4(const ipv4_t *address) /* Otherwise, see if there is a bigger enclosing subnet */ subnet.net.ipv4.prefixlength = p->net.ipv4.prefixlength - 1; + if(subnet.net.ipv4.prefixlength < 0 || subnet.net.ipv4.prefixlength > 32) + return NULL; maskcpy(&subnet.net.ipv4.address, &p->net.ipv4.address, subnet.net.ipv4.prefixlength, sizeof(ipv4_t)); } } @@ -384,6 +404,8 @@ subnet_t *lookup_subnet_ipv6(const ipv6_t *address) /* Otherwise, see if there is a bigger enclosing subnet */ subnet.net.ipv6.prefixlength = p->net.ipv6.prefixlength - 1; + if(subnet.net.ipv6.prefixlength < 0 || subnet.net.ipv6.prefixlength > 128) + return NULL; maskcpy(&subnet.net.ipv6.address, &p->net.ipv6.address, subnet.net.ipv6.prefixlength, sizeof(ipv6_t)); } }