|
|
55a8512 |
diff --git a/programs/pluto/ikev2_crypto.c b/programs/pluto/ikev2_crypto.c
|
|
|
55a8512 |
index 58c62c8..4a305c7 100644
|
|
|
55a8512 |
--- a/programs/pluto/ikev2_crypto.c
|
|
|
55a8512 |
+++ b/programs/pluto/ikev2_crypto.c
|
|
|
55a8512 |
@@ -65,8 +65,8 @@ void ikev2_derive_child_keys(struct state *st, enum phase1_role role)
|
|
|
55a8512 |
st->st_ah.present? &st->st_ah :
|
|
|
55a8512 |
NULL;
|
|
|
55a8512 |
|
|
|
55a8512 |
- assert(ipi != NULL); /* ESP or AH must be present */
|
|
|
55a8512 |
- assert(st->st_esp.present != st->st_ah.present); /* only one */
|
|
|
55a8512 |
+ passert(ipi != NULL); /* ESP or AH must be present */
|
|
|
55a8512 |
+ passert(st->st_esp.present != st->st_ah.present); /* only one */
|
|
|
55a8512 |
|
|
|
55a8512 |
/* ??? there is no kernel_alg_ah_info */
|
|
|
55a8512 |
ipi->attrs.transattrs.ei = kernel_alg_esp_info(
|
|
|
55a8512 |
@@ -142,14 +142,6 @@ void ikev2_derive_child_keys(struct state *st, enum phase1_role role)
|
|
|
55a8512 |
v2genbytes(&rkeymat, ipi->keymat_len,
|
|
|
55a8512 |
"responder keys", &childsacalc);
|
|
|
55a8512 |
|
|
|
55a8512 |
- /* This should really be role == O_INITIATOR, but then our keys are
|
|
|
55a8512 |
- * installed reversed. This is a workaround until we locate the
|
|
|
55a8512 |
- * real problem. It's better not to release copies of our code
|
|
|
55a8512 |
- * that will be incompatible with everything else, including our
|
|
|
55a8512 |
- * own updated version
|
|
|
55a8512 |
- * Found by Herbert Xu
|
|
|
55a8512 |
- * if(role == O_INITIATOR) {
|
|
|
55a8512 |
- */
|
|
|
55a8512 |
if (role != O_INITIATOR) {
|
|
|
55a8512 |
DBG(DBG_CRYPT, {
|
|
|
55a8512 |
DBG_dump_chunk("our keymat", ikeymat);
|
|
|
55a8512 |
@@ -167,4 +159,3 @@ void ikev2_derive_child_keys(struct state *st, enum phase1_role role)
|
|
|
55a8512 |
}
|
|
|
55a8512 |
|
|
|
55a8512 |
}
|
|
|
55a8512 |
-
|
|
|
55a8512 |
diff --git a/programs/pluto/pluto_crypt.c b/programs/pluto/pluto_crypt.c
|
|
|
55a8512 |
index 7bf3a2a..080d2a0 100644
|
|
|
55a8512 |
--- a/programs/pluto/pluto_crypt.c
|
|
|
55a8512 |
+++ b/programs/pluto/pluto_crypt.c
|
|
|
55a8512 |
@@ -657,7 +657,7 @@ static void kill_helper(struct pluto_crypto_worker *w)
|
|
|
55a8512 |
}
|
|
|
55a8512 |
|
|
|
55a8512 |
void log_crypto_workers(void) {
|
|
|
55a8512 |
- bool first_time = TRUE;
|
|
|
55a8512 |
+ static bool first_time = TRUE;
|
|
|
55a8512 |
int i;
|
|
|
55a8512 |
|
|
|
55a8512 |
if (!first_time)
|
|
|
55a8512 |
diff --git a/programs/pluto/rcv_whack.c b/programs/pluto/rcv_whack.c
|
|
|
55a8512 |
index 483f34c..9c6fb11 100644
|
|
|
55a8512 |
--- a/programs/pluto/rcv_whack.c
|
|
|
55a8512 |
+++ b/programs/pluto/rcv_whack.c
|
|
|
55a8512 |
@@ -690,7 +690,7 @@ bool whack_prompt_for(int whackfd,
|
|
|
55a8512 |
return FALSE;
|
|
|
55a8512 |
}
|
|
|
55a8512 |
|
|
|
55a8512 |
- if (strlen(ansbuf) == 0) {
|
|
|
55a8512 |
+ if (n == 0) {
|
|
|
55a8512 |
whack_log(RC_LOG_SERIOUS, "no %s entered, aborted", prompt2);
|
|
|
55a8512 |
return FALSE;
|
|
|
55a8512 |
}
|
|
|
55a8512 |
diff --git a/programs/rsasigkey/rsasigkey.c b/programs/rsasigkey/rsasigkey.c
|
|
|
55a8512 |
index f3f0194..d853365 100644
|
|
|
55a8512 |
--- a/programs/rsasigkey/rsasigkey.c
|
|
|
55a8512 |
+++ b/programs/rsasigkey/rsasigkey.c
|
|
|
55a8512 |
@@ -321,7 +321,14 @@ int main(int argc, char *argv[])
|
|
|
55a8512 |
device = optarg;
|
|
|
55a8512 |
break;
|
|
|
55a8512 |
case 'H': /* set hostname for output */
|
|
|
55a8512 |
- strcpy(outputhostname, optarg);
|
|
|
55a8512 |
+ {
|
|
|
55a8512 |
+ size_t full_len = strlen(optarg);
|
|
|
55a8512 |
+ bool oflow = sizeof(outputhostname) - 1 < full_len;
|
|
|
55a8512 |
+ size_t copy_len = oflow ? sizeof(outputhostname) - 1 : full_len;
|
|
|
55a8512 |
+
|
|
|
55a8512 |
+ memcpy(outputhostname, optarg, copy_len);
|
|
|
55a8512 |
+ outputhostname[copy_len] = '\0';
|
|
|
55a8512 |
+ }
|
|
|
55a8512 |
break;
|
|
|
55a8512 |
case 'h': /* help */
|
|
|
55a8512 |
printf("Usage:\t%s\n", usage);
|