projects / tinc / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add a missing check for a pathname being too long.
[tinc] / src / conf.c
diff --git a/src/conf.c b/src/conf.c
index 3289c58..3f81877 100644 (file)
--- a/src/conf.c
+++ b/src/conf.c
@@ -81,18 +81,9 @@ config_t *new_config(void) {
 }
 
 void free_config(config_t *cfg) {
-       if(cfg->variable) {
-               free(cfg->variable);
-       }
-
-       if(cfg->value) {
-               free(cfg->value);
-       }
-
-       if(cfg->file) {
-               free(cfg->file);
-       }
-
+       free(cfg->variable);
+       free(cfg->value);
+       free(cfg->file);
        free(cfg);
 }
 
@@ -204,7 +195,7 @@ bool get_config_address(const config_t *cfg, struct addrinfo **result) {
 }
 
 bool get_config_subnet(const config_t *cfg, subnet_t **result) {
-       subnet_t subnet = {NULL};
+       subnet_t subnet = {0};
 
        if(!cfg) {
                return false;
@@ -432,7 +423,11 @@ bool read_server_config(void) {
 
                                // And we try to read the ones that end with ".conf"
                                if(l > 5 && !strcmp(".conf", & ep->d_name[ l - 5 ])) {
-                                       snprintf(fname, sizeof(fname), "%s/%s", dname, ep->d_name);
+                                       if((size_t)snprintf(fname, sizeof(fname), "%s/%s", dname, ep->d_name) >= sizeof(fname)) {
+                                               logger(LOG_ERR, "Pathname too long: %s/%s", dname, ep->d_name);
+                                               return false;
+                                       }
+
                                        x = read_config_file(config_tree, fname);
                                }
                        }
@@ -472,9 +467,14 @@ static void disable_old_keys(const char *filename) {
                return;
        }
 
-       snprintf(tmpfile, sizeof(tmpfile), "%s.tmp", filename);
+       int len = snprintf(tmpfile, sizeof(tmpfile), "%s.tmp", filename);
 
-       w = fopen(tmpfile, "w");
+       if(len < 0 || len >= PATH_MAX) {
+               fprintf(stderr, "Pathname too long: %s.tmp\n", filename);
+               w = NULL;
+       } else {
+               w = fopen(tmpfile, "w");
+       }
 
        while(fgets(buf, sizeof(buf), r)) {
                if(!strncmp(buf, "-----BEGIN RSA", 14)) {
@@ -573,7 +573,12 @@ FILE *ask_and_open(const char *filename, const char *what) {
 #endif
                /* The directory is a relative path or a filename. */
                getcwd(directory, sizeof(directory));
-               snprintf(abspath, sizeof(abspath), "%s/%s", directory, fn);
+
+               if((size_t)snprintf(abspath, sizeof(abspath), "%s/%s", directory, fn) >= sizeof(abspath)) {
+                       fprintf(stderr, "Pathname too long: %s/%s\n", directory, fn);
+                       return NULL;
+               }
+
                fn = abspath;
        }
 
tinc, the VPN daemon