]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/commitdiff
projects / people / teissler / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b5c00b8)
openvpnctrl: Save the binary from crashing with wrong input.
authorMichael Tremer <michael.tremer@ipfire.org>
Wed, 17 Jul 2013 16:53:13 +0000 (18:53 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Wed, 17 Jul 2013 16:53:13 +0000 (18:53 +0200)
See #10390.

src/misc-progs/openvpnctrl.c patch | blob | blame | history

diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index e366294b572ab796e54fc6deb196e920af27365d..76916f147cb009a587fdee449a2f37303468e70a 100644 (file)
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -362,6 +362,10 @@ char* calcTransferNetAddress(const connection* conn) {
        char *subnetmask = strdup(conn->transfer_subnet);
        char *address = strsep(&subnetmask, "/");
 
        char *subnetmask = strdup(conn->transfer_subnet);
        char *address = strsep(&subnetmask, "/");
 
+       if ((address == NULL) || (subnetmask == NULL)) {
+               goto ERROR;
+       }
+
        in_addr_t _address    = inet_addr(address);
        in_addr_t _subnetmask = inet_addr(subnetmask);
        _address &= _subnetmask;
        in_addr_t _address    = inet_addr(address);
        in_addr_t _subnetmask = inet_addr(subnetmask);
        _address &= _subnetmask;
@@ -496,12 +500,11 @@ void setFirewallRules(void) {
                        local_subnet_address = getLocalSubnetAddress(conn);
                        transfer_subnet_address = calcTransferNetAddress(conn);
 
                        local_subnet_address = getLocalSubnetAddress(conn);
                        transfer_subnet_address = calcTransferNetAddress(conn);
 
-                       if ((!local_subnet_address) || (!transfer_subnet_address))
-                               continue;
-
-                       snprintf(command, STRING_SIZE, "/sbin/iptables -t nat -A %s -s %s -j SNAT --to-source %s",
-                               OVPNNAT, transfer_subnet_address, local_subnet_address);
-                       executeCommand(command);
+                       if ((local_subnet_address) && (transfer_subnet_address)) {
+                               snprintf(command, STRING_SIZE, "/sbin/iptables -t nat -A %s -s %s -j SNAT --to-source %s",
+                                       OVPNNAT, transfer_subnet_address, local_subnet_address);
+                               executeCommand(command);
+                       }
                }
 
                conn = conn->next;
                }
 
                conn = conn->next;
Timo's tree of IPFire 2.x