Update upstream source from tag 'upstream/1.0.36'

Update to upstream version '1.0.36'
with Debian dir 1c07c6f457
This commit is contained in:
Guus Sliepen 2019-08-26 13:52:00 +02:00
commit 6932380624
19 changed files with 264 additions and 222 deletions

View file

@ -1,4 +1,4 @@
Copyright (C) 1998-2018 Ivo Timmermans, Guus Sliepen and others.
Copyright (C) 1998-2019 Ivo Timmermans, Guus Sliepen and others.
See the AUTHORS file for a complete list.
This program is free software; you can redistribute it and/or modify it under

View file

@ -1,3 +1,26 @@
Version 1.0.36 August 26 2019
------------------------------------------------------------------------
Guus Sliepen (8):
Remove the call to RAND_load_file().
Update THANKS.
Backport tinc 1.1's str2net() function.
Update THANKS.
Fix spelling errors found by codespell.
Reformat all code using astyle.
Add a missing check for a pathname being too long.
Releasing 1.0.36.
Rosen Penev (2):
Fix compilation when OpenSSL has no ENGINE support
Fix compilation without deprecated OpenSSL APIs
Quentin Rameau (1):
Double-quote nodes in graphviz network file
Werner Schreiber (1):
Fix segfault when dest->mtu is 0.
Version 1.0.35 October 05 2018
------------------------------------------------------------------------

View file

@ -166,7 +166,7 @@ CSCOPE = cscope
DIST_SUBDIRS = $(SUBDIRS)
am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in AUTHORS \
COPYING ChangeLog INSTALL NEWS README THANKS compile \
config.guess config.sub install-sh missing
config.guess config.sub depcomp install-sh missing
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)

14
NEWS
View file

@ -1,7 +1,21 @@
Version 1.0.36 August 26 2019
* Fix compiling tinc with certain versions of the OpenSSL library.
* Fix parsing some IPv6 addresses with :: in them.
* Fix GraphDumpFile output to handle node names starting with a digit.
* Fix a potential segmentation fault when fragmenting packets.
Thanks to Rosen Penev, Quentin Rameau and Werner Schreiber for their
contributions to this version of tinc.
Version 1.0.35 October 5 2018
* Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738).
* Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758).
* Minor fixes in the documentation.
Thanks to Amine Amri and Rafael Sadowski for their contributions to this
version of tinc.
Version 1.0.34 June 12 2018

4
README
View file

@ -1,7 +1,7 @@
This is the README file for tinc version 1.0.35. Installation
This is the README file for tinc version 1.0.36. Installation
instructions may be found in the INSTALL file.
tinc is Copyright (C) 1998-2018 by:
tinc is Copyright (C) 1998-2019 by:
Ivo Timmermans,
Guus Sliepen <guus@tinc-vpn.org>,

6
THANKS
View file

@ -22,6 +22,7 @@ We would like to thank the following people for their contributions to tinc:
* Delf Eldkraft
* Dennis Joachimsthaler
* dnk
* Егор Палкин
* Élie Bouttier
* Enrique Zanardi
* Erik Tews
@ -42,6 +43,7 @@ We would like to thank the following people for their contributions to tinc:
* James Cook
* James MacLean
* Jamie Briggs
* Jan Štembera
* Jason Harper
* Jason Livesay
* Jasper Krijgsman
@ -71,6 +73,7 @@ We would like to thank the following people for their contributions to tinc:
* Max Rijevski
* Menno Smits
* Mesar Hameed
* Michael Taylor
* Michael Tokarev
* Michael Yonli
* Miles Nordin
@ -82,10 +85,12 @@ We would like to thank the following people for their contributions to tinc:
* Philipp Babel
* Pierre Emeriaud
* Pierre-Olivier Mercier
* Rafael Wolf
* Rafael Sadowski
* Rafał Leśniak
* Rhosyn Celyn
* Robert van der Meulen
* Robert Waniek
* Rumko
* Ryan Miller
* Sam Bryan
@ -104,6 +109,7 @@ We would like to thank the following people for their contributions to tinc:
* Tonnerre Lombard
* Ulrich Seifert
* Vil Brekin
* Vincent Laurent
* Vittorio Gambaletta
* Wendy Willard
* Wessel Dankers

20
configure vendored
View file

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for tinc 1.0.35.
# Generated by GNU Autoconf 2.69 for tinc 1.0.36.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@ -577,8 +577,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='tinc'
PACKAGE_TARNAME='tinc'
PACKAGE_VERSION='1.0.35'
PACKAGE_STRING='tinc 1.0.35'
PACKAGE_VERSION='1.0.36'
PACKAGE_STRING='tinc 1.0.36'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@ -1321,7 +1321,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures tinc 1.0.35 to adapt to many kinds of systems.
\`configure' configures tinc 1.0.36 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1392,7 +1392,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of tinc 1.0.35:";;
short | recursive ) echo "Configuration of tinc 1.0.36:";;
esac
cat <<\_ACEOF
@ -1509,7 +1509,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
tinc configure 1.0.35
tinc configure 1.0.36
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -1974,7 +1974,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by tinc $as_me 1.0.35, which was
It was created by tinc $as_me 1.0.36, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -2838,7 +2838,7 @@ fi
# Define the identity of the package.
PACKAGE='tinc'
VERSION='1.0.35'
VERSION='1.0.36'
cat >>confdefs.h <<_ACEOF
@ -7333,7 +7333,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by tinc $as_me 1.0.35, which was
This file was extended by tinc $as_me 1.0.36, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -7399,7 +7399,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
tinc config.status 1.0.35
tinc config.status 1.0.36
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

View file

@ -1,7 +1,7 @@
dnl Process this file with autoconf to produce a configure script.
AC_PREREQ(2.61)
AC_INIT([tinc], [1.0.35])
AC_INIT([tinc], [1.0.36])
AC_CONFIG_SRCDIR([src/tincd.c])
AM_INIT_AUTOMAKE([1.11 check-news std-options subdir-objects nostdinc silent-rules -Wall])
AC_CONFIG_HEADERS([config.h])
@ -237,7 +237,7 @@ AC_ARG_ENABLE(jumbograms,
]
)
dnl Ensure runstatedir is set if we are using a version of autoconf that does not suppport it
dnl Ensure runstatedir is set if we are using a version of autoconf that does not support it
if test "x$runstatedir" = "x"; then
AC_SUBST([runstatedir], ['${localstatedir}/run'])
fi

View file

@ -1,14 +1,14 @@
This is tinc.info, produced by makeinfo version 6.5 from tinc.texi.
This is tinc.info, produced by makeinfo version 6.6 from tinc.texi.
INFO-DIR-SECTION Networking tools
START-INFO-DIR-ENTRY
* tinc: (tinc). The tinc Manual.
END-INFO-DIR-ENTRY
This is the info manual for tinc version 1.0.35, a Virtual Private
This is the info manual for tinc version 1.0.36, a Virtual Private
Network daemon.
Copyright (C) 1998-2018 Ivo Timmermans, Guus Sliepen
Copyright (C) 1998-2019 Ivo Timmermans, Guus Sliepen
<guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>.
Permission is granted to make and distribute verbatim copies of this
@ -117,10 +117,10 @@ for both the receiving and sending end, it has become largely
runtime-configurable--in short, it has become a full-fledged
professional package.
Tinc also allows more than two sites to connect to eachother and form
a single VPN. Traditionally VPNs are created by making tunnels, which
only have two endpoints. Larger VPNs with more sites are created by
adding more tunnels. Tinc takes another approach: only endpoints are
Tinc also allows more than two sites to connect to each other and
form a single VPN. Traditionally VPNs are created by making tunnels,
which only have two endpoints. Larger VPNs with more sites are created
by adding more tunnels. Tinc takes another approach: only endpoints are
specified, the software itself will take care of creating the tunnels.
This allows for easier configuration and improved scalability.
@ -2278,7 +2278,7 @@ address these issues in tinc 2.0.
Cryptography is a hard thing to get right. We cannot make any
guarantees. Time, review and feedback are the only things that can
prove the security of any cryptographic product. If you wish to review
tinc or give us feedback, you are stronly encouraged to do so.
tinc or give us feedback, you are strongly encouraged to do so.

File: tinc.info, Node: Platform specific information, Next: About us, Prev: Technical information, Up: Top
@ -2720,66 +2720,66 @@ Node: Top806
Node: Introduction1105
Node: Virtual Private Networks1915
Node: tinc3639
Node: Supported platforms5166
Node: Preparations5867
Node: Configuring the kernel6123
Node: Configuration of Linux kernels6533
Node: Configuration of FreeBSD kernels7388
Node: Configuration of OpenBSD kernels7853
Node: Configuration of NetBSD kernels8210
Node: Configuration of Solaris kernels8615
Node: Configuration of Darwin (Mac OS X) kernels9278
Node: Configuration of Windows10097
Node: Libraries10637
Node: LibreSSL/OpenSSL11046
Node: zlib13588
Node: lzo14617
Node: Installation15600
Node: Building and installing tinc16510
Node: Darwin (Mac OS X) build environment17170
Node: Cygwin (Windows) build environment17735
Node: MinGW (Windows) build environment18324
Node: System files18918
Node: Device files19183
Node: Other files19599
Node: Configuration20212
Node: Configuration introduction20523
Node: Multiple networks21791
Node: How connections work23217
Node: Configuration files24439
Node: Main configuration variables25933
Node: Host configuration variables42189
Node: Scripts47721
Node: How to configure50987
Node: Generating keypairs52245
Node: Network interfaces52744
Node: Example configuration54592
Node: Running tinc59917
Node: Runtime options60507
Node: Signals64136
Node: Debug levels65327
Node: Solving problems66263
Node: Error messages67815
Node: Sending bug reports71824
Node: Technical information72771
Node: The connection73002
Node: The UDP tunnel73314
Node: The meta-connection76366
Node: The meta-protocol77835
Node: Security82852
Node: Authentication protocol83994
Node: Encryption of network packets89039
Node: Security issues90415
Node: Platform specific information92054
Node: Interface configuration92314
Node: Routes94610
Node: Automatically starting tinc96660
Node: Linux96883
Node: Windows98104
Node: Other platforms98609
Node: About us98891
Node: Contact information99066
Node: Authors99469
Node: Concept Index99874
Node: Supported platforms5167
Node: Preparations5868
Node: Configuring the kernel6124
Node: Configuration of Linux kernels6534
Node: Configuration of FreeBSD kernels7389
Node: Configuration of OpenBSD kernels7854
Node: Configuration of NetBSD kernels8211
Node: Configuration of Solaris kernels8616
Node: Configuration of Darwin (Mac OS X) kernels9279
Node: Configuration of Windows10098
Node: Libraries10638
Node: LibreSSL/OpenSSL11047
Node: zlib13589
Node: lzo14618
Node: Installation15601
Node: Building and installing tinc16511
Node: Darwin (Mac OS X) build environment17171
Node: Cygwin (Windows) build environment17736
Node: MinGW (Windows) build environment18325
Node: System files18919
Node: Device files19184
Node: Other files19600
Node: Configuration20213
Node: Configuration introduction20524
Node: Multiple networks21792
Node: How connections work23218
Node: Configuration files24440
Node: Main configuration variables25934
Node: Host configuration variables42190
Node: Scripts47722
Node: How to configure50988
Node: Generating keypairs52246
Node: Network interfaces52745
Node: Example configuration54593
Node: Running tinc59918
Node: Runtime options60508
Node: Signals64137
Node: Debug levels65328
Node: Solving problems66264
Node: Error messages67816
Node: Sending bug reports71825
Node: Technical information72772
Node: The connection73003
Node: The UDP tunnel73315
Node: The meta-connection76367
Node: The meta-protocol77836
Node: Security82853
Node: Authentication protocol83995
Node: Encryption of network packets89040
Node: Security issues90416
Node: Platform specific information92056
Node: Interface configuration92316
Node: Routes94612
Node: Automatically starting tinc96662
Node: Linux96885
Node: Windows98106
Node: Other platforms98611
Node: About us98893
Node: Contact information99068
Node: Authors99471
Node: Concept Index99876

End Tag Table

View file

@ -15,7 +15,7 @@
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
Copyright @copyright{} 1998-2018 Ivo Timmermans,
Copyright @copyright{} 1998-2019 Ivo Timmermans,
Guus Sliepen <guus@@tinc-vpn.org> and
Wessel Dankers <wsl@@tinc-vpn.org>.
@ -39,7 +39,7 @@ permission notice identical to this one.
@vskip 0pt plus 1filll
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
Copyright @copyright{} 1998-2018 Ivo Timmermans,
Copyright @copyright{} 1998-2019 Ivo Timmermans,
Guus Sliepen <guus@@tinc-vpn.org> and
Wessel Dankers <wsl@@tinc-vpn.org>.
@ -155,7 +155,7 @@ professional package.
@cindex traditional VPNs
@cindex scalability
Tinc also allows more than two sites to connect to eachother and form a single VPN.
Tinc also allows more than two sites to connect to each other and form a single VPN.
Traditionally VPNs are created by making tunnels, which only have two endpoints.
Larger VPNs with more sites are created by adding more tunnels.
Tinc takes another approach: only endpoints are specified,
@ -2433,7 +2433,7 @@ We will address these issues in tinc 2.0.
Cryptography is a hard thing to get right. We cannot make any
guarantees. Time, review and feedback are the only things that can
prove the security of any cryptographic product. If you wish to review
tinc or give us feedback, you are stronly encouraged to do so.
tinc or give us feedback, you are strongly encouraged to do so.
@c ==================================================================

View file

@ -1,4 +1,4 @@
@set VERSION 1.0.35
@set VERSION 1.0.36
@set PACKAGE tinc
@set sysconfdir /etc
@set localstatedir /var

View file

@ -467,9 +467,14 @@ static void disable_old_keys(const char *filename) {
return;
}
snprintf(tmpfile, sizeof(tmpfile), "%s.tmp", filename);
int len = snprintf(tmpfile, sizeof(tmpfile), "%s.tmp", filename);
w = fopen(tmpfile, "w");
if(len < 0 || len >= PATH_MAX) {
fprintf(stderr, "Pathname too long: %s.tmp\n", filename);
w = NULL;
} else {
w = fopen(tmpfile, "w");
}
while(fgets(buf, sizeof(buf), r)) {
if(!strncmp(buf, "-----BEGIN RSA", 14)) {

View file

@ -96,13 +96,13 @@ void free_connection_partially(connection_t *c) {
c->outbudget = 0;
if(c->inctx) {
EVP_CIPHER_CTX_cleanup(c->inctx);
EVP_CIPHER_CTX_reset(c->inctx);
free(c->inctx);
c->inctx = NULL;
}
if(c->outctx) {
EVP_CIPHER_CTX_cleanup(c->outctx);
EVP_CIPHER_CTX_reset(c->outctx);
free(c->outctx);
c->outctx = NULL;
}

View file

@ -24,6 +24,10 @@
#include <openssl/rsa.h>
#include <openssl/evp.h>
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#define EVP_CIPHER_CTX_reset(c) EVP_CIPHER_CTX_cleanup(c)
#endif
#include "avl_tree.h"
#define OPTION_INDIRECT 0x0001

View file

@ -360,13 +360,13 @@ void dump_graph(void) {
/* dump all nodes first */
for(node = node_tree->head; node; node = node->next) {
n = node->data;
fprintf(file, " %s [label = \"%s\"];\n", n->name, n->name);
fprintf(file, " \"%s\" [label = \"%s\"];\n", n->name, n->name);
}
/* now dump all edges */
for(node = edge_weight_tree->head; node; node = node->next) {
e = node->data;
fprintf(file, " %s -> %s;\n", e->from->name, e->to->name);
fprintf(file, " \"%s\" -> \"%s\";\n", e->from->name, e->to->name);
}
fprintf(file, "}\n");

View file

@ -27,6 +27,7 @@
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
#include "avl_tree.h"
#include "conf.h"

View file

@ -581,7 +581,7 @@ static void fragment_ipv4_packet(node_t *dest, vpn_packet_t *packet, length_t et
ifdebug(TRAFFIC) logger(LOG_INFO, "Fragmenting packet of %d bytes to %s (%s)", packet->len, dest->name, dest->hostname);
offset = packet->data + ether_size + ip_size;
maxlen = (dest->mtu - ether_size - ip_size) & ~0x7;
maxlen = (MAX(dest->mtu, 590) - ether_size - ip_size) & ~0x7;
ip_off = ntohs(ip.ip_off);
origf = ip_off & ~IP_OFFMASK;
ip_off &= IP_OFFMASK;

View file

@ -1,6 +1,6 @@
/*
subnet.c -- handle subnet lookups and lists
Copyright (C) 2000-2014 Guus Sliepen <guus@tinc-vpn.org>,
Copyright (C) 2000-2019 Guus Sliepen <guus@tinc-vpn.org>,
2000-2005 Ivo Timmermans
This program is free software; you can redistribute it and/or modify
@ -205,177 +205,162 @@ void subnet_del(node_t *n, subnet_t *subnet) {
/* Ascii representation of subnets */
bool str2net(subnet_t *subnet, const char *subnetstr) {
int i, l;
uint16_t x[8];
char str[1024];
strncpy(str, subnetstr, sizeof(str));
str[sizeof(str) - 1] = 0;
int consumed;
int weight = 10;
char *weight_separator = strchr(str, '#');
if(sscanf(subnetstr, "%hu.%hu.%hu.%hu/%d#%d",
&x[0], &x[1], &x[2], &x[3], &l, &weight) >= 5) {
if(l < 0 || l > 32) {
if(weight_separator) {
char *weight_str = weight_separator + 1;
if(sscanf(weight_str, "%d%n", &weight, &consumed) < 1) {
return false;
}
subnet->type = SUBNET_IPV4;
subnet->net.ipv4.prefixlength = l;
subnet->weight = weight;
for(i = 0; i < 4; i++) {
if(x[i] > 255) {
return false;
}
subnet->net.ipv4.address.x[i] = x[i];
}
return true;
}
if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%d#%d",
&x[0], &x[1], &x[2], &x[3], &x[4], &x[5], &x[6], &x[7],
&l, &weight) >= 9) {
if(l < 0 || l > 128) {
if(weight_str[consumed]) {
return false;
}
subnet->type = SUBNET_IPV6;
subnet->net.ipv6.prefixlength = l;
subnet->weight = weight;
for(i = 0; i < 8; i++) {
subnet->net.ipv6.address.x[i] = htons(x[i]);
}
return true;
*weight_separator = 0;
}
if(sscanf(subnetstr, "%hu.%hu.%hu.%hu#%d", &x[0], &x[1], &x[2], &x[3], &weight) >= 4) {
subnet->type = SUBNET_IPV4;
subnet->net.ipv4.prefixlength = 32;
subnet->weight = weight;
int prefixlength = -1;
char *prefixlength_separator = strchr(str, '/');
for(i = 0; i < 4; i++) {
if(x[i] > 255) {
return false;
}
if(prefixlength_separator) {
char *prefixlength_str = prefixlength_separator + 1;
subnet->net.ipv4.address.x[i] = x[i];
if(sscanf(prefixlength_str, "%d%n", &prefixlength, &consumed) < 1) {
return false;
}
return true;
}
if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx#%d",
&x[0], &x[1], &x[2], &x[3], &x[4], &x[5], &x[6], &x[7], &weight) >= 8) {
subnet->type = SUBNET_IPV6;
subnet->net.ipv6.prefixlength = 128;
subnet->weight = weight;
for(i = 0; i < 8; i++) {
subnet->net.ipv6.address.x[i] = htons(x[i]);
if(prefixlength_str[consumed]) {
return false;
}
return true;
*prefixlength_separator = 0;
if(prefixlength < 0) {
return false;
}
}
if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx#%d",
&x[0], &x[1], &x[2], &x[3], &x[4], &x[5], &weight) >= 6) {
uint16_t x[8];
if(sscanf(str, "%hx:%hx:%hx:%hx:%hx:%hx%n", &x[0], &x[1], &x[2], &x[3], &x[4], &x[5], &consumed) >= 6 && !str[consumed]) {
/*
Normally we should check that each part has two digits to prevent ambiguities.
However, in old tinc versions net2str() will aggressively return MAC addresses with one-digit parts,
so we have to accept them otherwise we would be unable to parse ADD_SUBNET messages.
*/
if(prefixlength >= 0) {
return false;
}
subnet->type = SUBNET_MAC;
subnet->weight = weight;
for(i = 0; i < 6; i++) {
for(int i = 0; i < 6; i++) {
subnet->net.mac.address.x[i] = x[i];
}
return true;
}
// IPv6 short form
if(strstr(subnetstr, "::")) {
const char *p;
char *q;
int colons = 0;
if(sscanf(str, "%hu.%hu.%hu.%hu%n", &x[0], &x[1], &x[2], &x[3], &consumed) >= 4 && !str[consumed]) {
if(prefixlength == -1) {
prefixlength = 32;
}
// Count number of colons
for(p = subnetstr; *p; p++)
if(*p == ':') {
colons++;
}
if(colons > 7) {
if(prefixlength > 32) {
return false;
}
// Scan numbers before the double colon
p = subnetstr;
subnet->type = SUBNET_IPV4;
subnet->net.ipv4.prefixlength = prefixlength;
subnet->weight = weight;
for(i = 0; i < colons; i++) {
if(*p == ':') {
break;
}
x[i] = strtoul(p, &q, 0x10);
if(!q || p == q || *q != ':') {
for(int i = 0; i < 4; i++) {
if(x[i] > 255) {
return false;
}
p = ++q;
subnet->net.ipv4.address.x[i] = x[i];
}
p++;
colons -= i;
return true;
}
if(!i) {
p++;
colons--;
}
/* IPv6 */
if(!*p || *p == '/' || *p == '#') {
colons--;
}
char *last_colon = strrchr(str, ':');
// Fill in the blanks
for(; i < 8 - colons; i++) {
x[i] = 0;
}
// Scan the remaining numbers
for(; i < 8; i++) {
x[i] = strtoul(p, &q, 0x10);
if(!q || p == q) {
if(last_colon && sscanf(last_colon, ":%hu.%hu.%hu.%hu%n", &x[0], &x[1], &x[2], &x[3], &consumed) >= 4 && !last_colon[consumed]) {
/* Dotted quad suffix notation, convert to standard IPv6 notation */
for(int i = 0; i < 4; i++)
if(x[i] > 255) {
return false;
}
if(i == 7) {
p = q;
break;
snprintf(last_colon, sizeof(str) - (last_colon - str), ":%02x%02x:%02x%02x", x[0], x[1], x[2], x[3]);
}
char *double_colon = strstr(str, "::");
if(double_colon) {
/* Figure out how many zero groups we need to expand */
int zero_group_count = 8;
for(const char *cur = str; *cur; cur++)
if(*cur != ':') {
zero_group_count--;
while(cur[1] && cur[1] != ':') {
cur++;
}
}
if(*q != ':') {
return false;
}
p = ++q;
if(zero_group_count < 1) {
return false;
}
l = 128;
/* Split the double colon in the middle to make room for zero groups */
double_colon++;
memmove(double_colon + (zero_group_count * 2 - 1), double_colon, strlen(double_colon) + 1);
if(*p == '/') {
sscanf(p, "/%d#%d", &l, &weight);
} else if(*p == '#') {
sscanf(p, "#%d", &weight);
/* Write zero groups in the resulting gap, overwriting the second colon */
for(int i = 0; i < zero_group_count; i++) {
memcpy(&double_colon[i * 2], "0:", 2);
}
if(l < 0 || l > 128) {
/* Remove any leading or trailing colons */
if(str[0] == ':') {
memmove(&str[0], &str[1], strlen(&str[1]) + 1);
}
if(str[strlen(str) - 1] == ':') {
str[strlen(str) - 1] = 0;
}
}
if(sscanf(str, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx%n",
&x[0], &x[1], &x[2], &x[3], &x[4], &x[5], &x[6], &x[7], &consumed) >= 8 && !str[consumed]) {
if(prefixlength == -1) {
prefixlength = 128;
}
if(prefixlength > 128) {
return false;
}
subnet->type = SUBNET_IPV6;
subnet->net.ipv6.prefixlength = l;
subnet->net.ipv6.prefixlength = prefixlength;
subnet->weight = weight;
for(i = 0; i < 8; i++) {
for(int i = 0; i < 8; i++) {
subnet->net.ipv6.address.x[i] = htons(x[i]);
}

View file

@ -1,7 +1,7 @@
/*
tincd.c -- the main file for tincd
Copyright (C) 1998-2005 Ivo Timmermans
2000-2018 Guus Sliepen <guus@tinc-vpn.org>
2000-2019 Guus Sliepen <guus@tinc-vpn.org>
2008 Max Rijevski <maksuf@gmail.com>
2009 Michael Tokarev <mjt@tls.msk.ru>
2010 Julien Muchembled <jm@jmuchemb.eu>
@ -37,7 +37,10 @@
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#include <openssl/bn.h>
#ifdef HAVE_LZO
#include LZO1X_H
@ -651,7 +654,7 @@ int main(int argc, char **argv) {
if(show_version) {
printf("%s version %s\n", PACKAGE, VERSION);
printf("Copyright (C) 1998-2018 Ivo Timmermans, Guus Sliepen and others.\n"
printf("Copyright (C) 1998-2019 Ivo Timmermans, Guus Sliepen and others.\n"
"See the AUTHORS file for a complete list.\n\n"
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
"and you are welcome to redistribute it under certain conditions;\n"
@ -685,17 +688,14 @@ int main(int argc, char **argv) {
init_configuration(&config_tree);
/* Slllluuuuuuurrrrp! */
if(RAND_load_file("/dev/urandom", 1024) != 1024) {
logger(LOG_ERR, "Error initializing RNG!");
return 1;
}
#ifndef OPENSSL_NO_ENGINE
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000L
OpenSSL_add_all_algorithms();
#endif
if(generate_keys) {
read_server_config();
@ -814,9 +814,13 @@ end:
free(priority);
#if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_cleanup();
ERR_free_strings();
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
#endif
#endif
exit_configuration(&config_tree);
list_delete_list(cmdline_conf);