diff --git a/programs/pluto/ikev2_crypto.c b/programs/pluto/ikev2_crypto.c index 58c62c8..4a305c7 100644 --- a/programs/pluto/ikev2_crypto.c +++ b/programs/pluto/ikev2_crypto.c @@ -65,8 +65,8 @@ void ikev2_derive_child_keys(struct state *st, enum phase1_role role) st->st_ah.present? &st->st_ah : NULL; - assert(ipi != NULL); /* ESP or AH must be present */ - assert(st->st_esp.present != st->st_ah.present); /* only one */ + passert(ipi != NULL); /* ESP or AH must be present */ + passert(st->st_esp.present != st->st_ah.present); /* only one */ /* ??? there is no kernel_alg_ah_info */ ipi->attrs.transattrs.ei = kernel_alg_esp_info( @@ -142,14 +142,6 @@ void ikev2_derive_child_keys(struct state *st, enum phase1_role role) v2genbytes(&rkeymat, ipi->keymat_len, "responder keys", &childsacalc); - /* This should really be role == O_INITIATOR, but then our keys are - * installed reversed. This is a workaround until we locate the - * real problem. It's better not to release copies of our code - * that will be incompatible with everything else, including our - * own updated version - * Found by Herbert Xu - * if(role == O_INITIATOR) { - */ if (role != O_INITIATOR) { DBG(DBG_CRYPT, { DBG_dump_chunk("our keymat", ikeymat); @@ -167,4 +159,3 @@ void ikev2_derive_child_keys(struct state *st, enum phase1_role role) } } - diff --git a/programs/pluto/pluto_crypt.c b/programs/pluto/pluto_crypt.c index 7bf3a2a..080d2a0 100644 --- a/programs/pluto/pluto_crypt.c +++ b/programs/pluto/pluto_crypt.c @@ -657,7 +657,7 @@ static void kill_helper(struct pluto_crypto_worker *w) } void log_crypto_workers(void) { - bool first_time = TRUE; + static bool first_time = TRUE; int i; if (!first_time) diff --git a/programs/pluto/rcv_whack.c b/programs/pluto/rcv_whack.c index 483f34c..9c6fb11 100644 --- a/programs/pluto/rcv_whack.c +++ b/programs/pluto/rcv_whack.c @@ -690,7 +690,7 @@ bool whack_prompt_for(int whackfd, return FALSE; } - if (strlen(ansbuf) == 0) { + if (n == 0) { whack_log(RC_LOG_SERIOUS, "no %s entered, aborted", prompt2); return FALSE; } diff --git a/programs/rsasigkey/rsasigkey.c b/programs/rsasigkey/rsasigkey.c index f3f0194..d853365 100644 --- a/programs/rsasigkey/rsasigkey.c +++ b/programs/rsasigkey/rsasigkey.c @@ -321,7 +321,14 @@ int main(int argc, char *argv[]) device = optarg; break; case 'H': /* set hostname for output */ - strcpy(outputhostname, optarg); + { + size_t full_len = strlen(optarg); + bool oflow = sizeof(outputhostname) - 1 < full_len; + size_t copy_len = oflow ? sizeof(outputhostname) - 1 : full_len; + + memcpy(outputhostname, optarg, copy_len); + outputhostname[copy_len] = '\0'; + } break; case 'h': /* help */ printf("Usage:\t%s\n", usage);