X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fsubnet.c;h=94000cc0eb8b9fcb23012162850e6b00a29e15dc;hb=4436af55e55e79b496264fe114039fbc1198d71f;hp=17dd39e83b334d1f7774f54dafdb26dd3b7d4f8f;hpb=04d8a8e34e1fe7f33f1946863b36a24ee358175f;p=tinc

diff --git a/src/subnet.c b/src/subnet.c
index 17dd39e8..94000cc0 100644
--- a/src/subnet.c
+++ b/src/subnet.c
@@ -1,6 +1,6 @@
 /*
     subnet.c -- handle subnet lookups and lists
-    Copyright (C) 2000-2017 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2000-2022 Guus Sliepen <guus@tinc-vpn.org>,
                   2000-2005 Ivo Timmermans
 
     This program is free software; you can redistribute it and/or modify
@@ -22,6 +22,7 @@
 
 #include "splay_tree.h"
 #include "control_common.h"
+#include "crypto.h"
 #include "hash.h"
 #include "logger.h"
 #include "net.h"
@@ -30,6 +31,7 @@
 #include "script.h"
 #include "subnet.h"
 #include "xalloc.h"
+#include "sandbox.h"
 
 /* lists type of subnet */
 uint32_t hash_seed;
@@ -128,7 +130,7 @@ void subnet_cache_flush_table(subnet_type_t stype) {
 /* Initialising trees */
 
 void init_subnets(void) {
-	hash_seed = (uint32_t)rand();
+	hash_seed = prng(UINT32_MAX);
 
 	// tables need to be cleared on startup
 	subnet_cache_flush_tables();
@@ -161,7 +163,7 @@ void subnet_cache_flush_tables(void) {
 	hash_clear(mac_t, &mac_cache);
 }
 
-void subnet_cache_flush(subnet_t *subnet) {
+static void subnet_cache_flush(subnet_t *subnet) {
 	switch(subnet->type) {
 	case SUBNET_IPV4:
 		if(subnet->net.ipv4.prefixlength == 32) {
@@ -320,8 +322,12 @@ subnet_t *lookup_subnet_ipv6(const ipv6_t *address) {
 }
 
 void subnet_update(node_t *owner, subnet_t *subnet, bool up) {
+	if(!sandbox_can(START_PROCESSES, RIGHT_NOW)) {
+		return;
+	}
+
 	char netstr[MAXNETSTR];
-	char *name, *address, *port;
+	char *address, *port;
 	char empty[] = "";
 
 	// Prepare environment variables to be passed to the script
@@ -341,7 +347,7 @@ void subnet_update(node_t *owner, subnet_t *subnet, bool up) {
 	int env_subnet = environment_add(&env, NULL);
 	int env_weight = environment_add(&env, NULL);
 
-	name = up ? "subnet-up" : "subnet-down";
+	const char *name = up ? "subnet-up" : "subnet-down";
 
 	if(!subnet) {
 		for splay_each(subnet_t, subnet, &owner->subnet_tree) {