exit(EXIT_FAILURE);
}
- /* If this is not the first entry, we walk our pointer to the
- * end of the list.
- */
- if(acc->source_list == NULL)
- {
- acc->source_list = new_sle;
- }
- else
- {
- tmp_sle = acc->source_list;
-
- do {
- last_sle = tmp_sle;
- } while((tmp_sle = tmp_sle->next));
-
- last_sle->next = new_sle;
- }
-
/* Convert the IP data into the appropriate mask
*/
if(strcasecmp(ip, "ANY") == 0)
*/
if((ndx = strchr(ip, '/')) != NULL)
{
+ if(((ndx-ip)) >= MAX_IPV4_STR_LEN)
+ {
+ log_msg(LOG_ERR, "Error parsing string to IP");
+ free(new_sle);
+ new_sle = NULL;
+ return 0;
+ }
+
mask = atoi(ndx+1);
strlcpy(ip_str, ip, (ndx-ip)+1);
}
else
{
mask = 32;
+ if(strnlen(ip, MAX_IPV4_STR_LEN+1) >= MAX_IPV4_STR_LEN)
+ {
+ log_msg(LOG_ERR, "Error parsing string to IP");
+ free(new_sle);
+ new_sle = NULL;
+ return 0;
+ }
strlcpy(ip_str, ip, strlen(ip)+1);
}
*/
new_sle->maddr = ntohl(in.s_addr) & new_sle->mask;
}
+
+ /* If this is not the first entry, we walk our pointer to the
+ * end of the list.
+ */
+ if(acc->source_list == NULL)
+ {
+ acc->source_list = new_sle;
+ }
+ else
+ {
+ tmp_sle = acc->source_list;
+
+ do {
+ last_sle = tmp_sle;
+ } while((tmp_sle = tmp_sle->next));
+
+ last_sle->next = new_sle;
+ }
+
return 1;
}
/* Take a proto/port string and convert it to appropriate integer values
* for comparisons of incoming SPA requests.
*/
-static void
+static int
add_port_list_ent(acc_port_list_t **plist, char *port_str)
{
int proto_int, port;
* are no problems with the incoming string.
*/
if(parse_proto_and_port(port_str, &proto_int, &port) != 0)
- return;
+ return 0;
if((new_plist = calloc(1, sizeof(acc_port_list_t))) == NULL)
{
new_plist->proto = proto_int;
new_plist->port = port;
+
+ return 1;
}
/* Add a string list entry to the given acc_string_list.
return 0;
strlcpy(buf, start, (ndx-start)+1);
- add_port_list_ent(plist, buf);
+
+ if(add_port_list_ent(plist, buf) == 0)
+ return 0;
+
start = ndx+1;
}
}
strlcpy(buf, start, (ndx-start)+1);
- add_port_list_ent(plist, buf);
+ if(add_port_list_ent(plist, buf) == 0)
+ return 0;
return 1;
}
/* Expand a comma-separated string into a simple acc_string_list.
*/
-static void
+static int
expand_acc_string_list(acc_string_list_t **stlist, char *stlist_str)
{
char *ndx, *start;
start++;
if(((ndx-start)+1) >= 1024)
- {
- fprintf(stderr, "Fatal str->list too long");
- exit(EXIT_FAILURE);
- }
+ return 0;
strlcpy(buf, start, (ndx-start)+1);
add_string_list_ent(stlist, buf);
start++;
if(((ndx-start)+1) >= 1024)
- {
- fprintf(stderr, "Fatal str->list too long");
- exit(EXIT_FAILURE);
- }
+ return 0;
strlcpy(buf, start, (ndx-start)+1);
add_string_list_ent(stlist, buf);
+
+ return 1;
}
/* Free the acc source_list
*/
if(expand_acc_source(acc) == 0)
{
- acc = acc->next;
- continue;
+ log_msg(LOG_ERR, "Fatal invalid SOURCE in access stanza");
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
/* Now expand the open_ports string.
*/
if(acc->open_ports != NULL && strlen(acc->open_ports))
- expand_acc_port_list(&(acc->oport_list), acc->open_ports);
+ {
+ if(expand_acc_port_list(&(acc->oport_list), acc->open_ports) == 0)
+ {
+ log_msg(LOG_ERR, "Fatal invalid OPEN_PORTS in access stanza");
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
+ }
+ }
if(acc->restrict_ports != NULL && strlen(acc->restrict_ports))
- expand_acc_port_list(&(acc->rport_list), acc->restrict_ports);
+ {
+ if(expand_acc_port_list(&(acc->rport_list), acc->restrict_ports) == 0)
+ {
+ log_msg(LOG_ERR, "Fatal invalid RESTRICT_PORTS in access stanza");
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
+ }
+ }
/* Expand the GPG_REMOTE_ID string.
*/
/* Expand our the expandable fields into their respective data buckets.
*/
-
expand_acc_ent_lists(opts);
/* Make sure default values are set where needed.
return(0);
}
strlcpy(buf, start, (ndx-start)+1);
- add_port_list_ent(&in_pl, buf);
+ if(add_port_list_ent(&in_pl, buf) == 0)
+ {
+ log_msg(LOG_ERR, "Invalid proto/port string");
+ return 0;
+ }
+
start = ndx+1;
ctr = 0;
}
return(0);
}
strlcpy(buf, start, (ndx-start)+1);
- add_port_list_ent(&in_pl, buf);
+ if(add_port_list_ent(&in_pl, buf) == 0)
+ {
+ log_msg(LOG_ERR, "Invalid proto/port string");
+ return 0;
+ }
if(in_pl == NULL)
{
'ip_src_match' => "$conf_dir/ip_source_match_access.conf",
'subnet_src_match' => "$conf_dir/ip_source_match_access.conf",
'disable_aging' => "$conf_dir/disable_aging_fwknopd.conf",
+ 'fuzz_source' => "$conf_dir/fuzzing_source_access.conf",
+ 'fuzz_open_ports' => "$conf_dir/fuzzing_open_ports_access.conf",
+ 'fuzz_restrict_ports' => "$conf_dir/fuzzing_restrict_ports_access.conf",
);
my $default_digest_file = "$run_dir/digest.cache";
"-d $default_digest_file -p $default_pid_file $intf_str",
'fatal' => $NO
},
+ {
+ 'category' => 'FUZZING',
+ 'subcategory' => 'server',
+ 'detail' => 'invalid SOURCE access.conf',
+ 'err_msg' => 'server crashed or did not detect error condition',
+ 'function' => \&generic_exec,
+ 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+ "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'fuzz_source'} " .
+ "-d $default_digest_file -p $default_pid_file $intf_str",
+ 'positive_output_matches' => [qr/Fatal\sinvalid/],
+ 'exec_err' => $YES,
+ 'fatal' => $NO
+ },
+ {
+ 'category' => 'FUZZING',
+ 'subcategory' => 'server',
+ 'detail' => 'invalid OPEN_PORTS access.conf',
+ 'err_msg' => 'server crashed or did not detect error condition',
+ 'function' => \&generic_exec,
+ 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+ "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'fuzz_open_ports'} " .
+ "-d $default_digest_file -p $default_pid_file $intf_str",
+ 'positive_output_matches' => [qr/Fatal\sinvalid/],
+ 'exec_err' => $YES,
+ 'fatal' => $NO
+ },
+ {
+ 'category' => 'FUZZING',
+ 'subcategory' => 'server',
+ 'detail' => 'invalid RESTRICT_PORTS access.conf',
+ 'err_msg' => 'server crashed or did not detect error condition',
+ 'function' => \&generic_exec,
+ 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+ "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'fuzz_restrict_ports'} " .
+ "-d $default_digest_file -p $default_pid_file $intf_str",
+ 'positive_output_matches' => [qr/Fatal\sinvalid/],
+ 'exec_err' => $YES,
+ 'fatal' => $NO
+ },
{
'category' => 'Rijndael SPA',
projects / fwknop.git / commitdiff