DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

Use {0} initializer for all stack allocated char arrays

Browse Source 
Lots of places in the code were already using {0} to initialize stack char
arrays, but memset() was being used as well.  This commit removes all
unnecessary memset() calls against char arrays that are already initialized
via {0} (which sets all members to zero for such arrays).
This commit is contained in:
Michael Rash 2013-05-21 22:00:15 -04:00
parent 2e2e7fcc0e
commit 52462e7dba
20 changed files with 79 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
client/config_init.c
View File

@ -278,12 +278,11 @@ static int
is_rc_section(const char* line, uint16_t line_size, char* rc_section, uint16_t rc_section_size) is_rc_section(const char* line, uint16_t line_size, char* rc_section, uint16_t rc_section_size)
{ {
char *ndx, *emark; char *ndx, *emark;
char buf[MAX_LINE_LEN]; char buf[MAX_LINE_LEN] = {0};
int section_found = 0; int section_found = 0;
if (line_size < sizeof(buf)) if (line_size < sizeof(buf))
{ {
memset (buf, 0, sizeof(buf));
strlcpy(buf, line, sizeof(buf)); strlcpy(buf, line, sizeof(buf));
ndx = buf; ndx = buf;
@ -426,7 +425,7 @@ parse_time_offset(const char *offset_str)
int os_len = strlen(offset_str); int os_len = strlen(offset_str);
int is_err; int is_err;
char offset_digits[MAX_TIME_STR_LEN]; char offset_digits[MAX_TIME_STR_LEN] = {0};
j=0; j=0;
for (i=0; i < os_len; i++) { for (i=0; i < os_len; i++) {
@ -866,7 +865,7 @@ parse_rc_param(fko_cli_options_t *options, const char *var, char * val)
static void static void
add_single_var_to_rc(FILE* fhandle, uint16_t arg_ndx, fko_cli_options_t *options) add_single_var_to_rc(FILE* fhandle, uint16_t arg_ndx, fko_cli_options_t *options)
{ {
char val[MAX_LINE_LEN] = {0}; char val[MAX_LINE_LEN] = {0};
if (arg_ndx >= FWKNOP_CLI_ARG_NB) if (arg_ndx >= FWKNOP_CLI_ARG_NB)
return; return;
@ -874,10 +873,7 @@ add_single_var_to_rc(FILE* fhandle, uint16_t arg_ndx, fko_cli_options_t *options
if (fhandle == NULL) if (fhandle == NULL)
return; return;
/* Zero the val buffer */ /* Select the argument to add and store its string value into val */
memset(val, 0, sizeof(val));
/* Selecty the argument to add and store its string value into val */
switch (arg_ndx) switch (arg_ndx)
{ {
case FWKNOP_CLI_ARG_DIGEST_TYPE : case FWKNOP_CLI_ARG_DIGEST_TYPE :
@ -1033,8 +1029,8 @@ process_rc_section(char *section_name, fko_cli_options_t *options)
{ {
FILE *rc; FILE *rc;
int line_num = 0, do_exit = 0; int line_num = 0, do_exit = 0;
char line[MAX_LINE_LEN]; char line[MAX_LINE_LEN] = {0};
char rcfile[MAX_PATH_LEN]; char rcfile[MAX_PATH_LEN] = {0};
char curr_stanza[MAX_LINE_LEN] = {0}; char curr_stanza[MAX_LINE_LEN] = {0};
rc_file_param_t param; rc_file_param_t param;
int rc_section_found = 0; int rc_section_found = 0;
@ -1131,16 +1127,13 @@ update_rc(fko_cli_options_t *options, uint32_t args_bitmask)
int rcfile_fd = -1; int rcfile_fd = -1;
int stanza_found = 0; int stanza_found = 0;
int stanza_updated = 0; int stanza_updated = 0;
char line[MAX_LINE_LEN]; char line[MAX_LINE_LEN] = {0};
char rcfile[MAX_PATH_LEN]; char rcfile[MAX_PATH_LEN] = {0};
char rcfile_update[MAX_PATH_LEN]; char rcfile_update[MAX_PATH_LEN] = {0};
char curr_stanza[MAX_LINE_LEN] = {0}; char curr_stanza[MAX_LINE_LEN] = {0};
uint32_t var_bm = 0; /* Bitmask associated to a conf. variable */ uint32_t var_bm = 0; /* Bitmask associated to a conf. variable */
rc_file_param_t param; /* Structure to contain a conf. variable name with its value */ rc_file_param_t param; /* Structure to contain a conf. variable name with its value */
memset(rcfile, 0, MAX_PATH_LEN);
memset(rcfile_update, 0, MAX_PATH_LEN);
set_rc_file(rcfile, options); set_rc_file(rcfile, options);
strlcpy(rcfile_update, rcfile, sizeof(rcfile_update)); strlcpy(rcfile_update, rcfile, sizeof(rcfile_update));
@ -1821,23 +1814,24 @@ usage(void)
MY_NAME, MY_VERSION, MY_DESC, HTTP_RESOLVE_HOST); MY_NAME, MY_VERSION, MY_DESC, HTTP_RESOLVE_HOST);
log_msg(LOG_VERBOSITY_NORMAL, log_msg(LOG_VERBOSITY_NORMAL,
"Usage: fwknop -A <port list> [-s|-R|-a] -D <spa_server> [options]\n\n" "Usage: fwknop -A <port list> [-s|-R|-a] -D <spa_server> [options]\n\n"
" -h, --help Print this usage message and exit.\n" " -n, --named-config Specify a named configuration stanza in the\n"
" -A, --access Provide a list of ports/protocols to open\n"
" on the server.\n"
" -B, --save-packet Save the generated packet data to the\n"
" specified file.\n"
" -b, --save-packet-append Append the generated packet data to the\n"
" file specified with the -B option.\n"
" -a, --allow-ip Specify IP address to allow within the SPA\n"
" packet.\n"
" -C, --server-cmd Specify a command that the fwknop server will\n"
" execute on behalf of the fwknop client..\n"
" -D, --destination Specify the IP address of the fwknop server.\n"
" -n, --named-config Specify an named configuration stanza in the\n"
" '$HOME/.fwknoprc' file to provide some of all\n" " '$HOME/.fwknoprc' file to provide some of all\n"
" of the configuration parameters.\n" " of the configuration parameters.\n"
" If more arguments are set through the command\n" " If more arguments are set through the command\n"
" line, the configuration is updated accordingly\n" " line, the configuration is updated accordingly\n"
" -A, --access Provide a list of ports/protocols to open\n"
" on the server (e.g. 'tcp/22').\n"
" -a, --allow-ip Specify IP address to allow within the SPA\n"
" packet (e.g. '123.2.3.4'). If \n"
" -D, --destination Specify the hostname or IP address of the\n"
" fwknop server.\n"
" -h, --help Print this usage message and exit.\n"
" -B, --save-packet Save the generated packet data to the\n"
" specified file.\n"
" -b, --save-packet-append Append the generated packet data to the\n"
" file specified with the -B option.\n"
" -C, --server-cmd Specify a command that the fwknop server will\n"
" execute on behalf of the fwknop client..\n"
" -N, --nat-access Gain NAT access to an internal service.\n" " -N, --nat-access Gain NAT access to an internal service.\n"
" -p, --server-port Set the destination port for outgoing SPA\n" " -p, --server-port Set the destination port for outgoing SPA\n"
" packet.\n" " packet.\n"

25
client/fwknop.c
View File

@ -129,12 +129,11 @@ is_ipv6_str(char *str)
static int static int
is_hostname_str_with_port(const char *str, char *hostname, size_t hostname_bufsize, int *port) is_hostname_str_with_port(const char *str, char *hostname, size_t hostname_bufsize, int *port)
{ {
int valid = 0; /* Result of the function */ int valid = 0; /* Result of the function */
char buf[MAX_LINE_LEN]; /* Copy of the buffer eg. "hostname,port" */ char buf[MAX_LINE_LEN] = {0}; /* Copy of the buffer eg. "hostname,port" */
char *h; /* Pointer on the hostname string */ char *h; /* Pointer on the hostname string */
char *p; /* Ponter on the port string */ char *p; /* Ponter on the port string */
memset(buf, 0, sizeof(buf));
memset(hostname, 0, hostname_bufsize); memset(hostname, 0, hostname_bufsize);
*port = 0; *port = 0;
@ -185,10 +184,6 @@ main(int argc, char **argv)
fko_cli_options_t options; fko_cli_options_t options;
memset(key, 0x00, MAX_KEY_LEN+1);
memset(hmac_key, 0x00, MAX_KEY_LEN+1);
memset(access_buf, 0x00, MAX_LINE_LEN);
/* Initialize the log module */ /* Initialize the log module */
log_new(); log_new();
@ -659,7 +654,7 @@ static int
get_rand_port(fko_ctx_t ctx) get_rand_port(fko_ctx_t ctx)
{ {
char *rand_val = NULL; char *rand_val = NULL;
char port_str[MAX_PORT_STR_LEN+1]; char port_str[MAX_PORT_STR_LEN+1] = {0};
int tmpint, is_err; int tmpint, is_err;
int port = 0; int port = 0;
int res = 0; int res = 0;
@ -742,8 +737,6 @@ set_access_buf(fko_ctx_t ctx, fko_cli_options_t *options, char *access_buf)
char *ndx = NULL, tmp_nat_port[MAX_PORT_STR_LEN+1] = {0}; char *ndx = NULL, tmp_nat_port[MAX_PORT_STR_LEN+1] = {0};
int nat_port = 0; int nat_port = 0;
memset(tmp_nat_port, 0x0, MAX_PORT_STR_LEN+1);
if(options->access_str[0] != 0x0) if(options->access_str[0] != 0x0)
{ {
if (options->nat_rand_port) if (options->nat_rand_port)
@ -812,15 +805,13 @@ static int
set_nat_access(fko_ctx_t ctx, fko_cli_options_t *options, const char * const access_buf) set_nat_access(fko_ctx_t ctx, fko_cli_options_t *options, const char * const access_buf)
{ {
char nat_access_buf[MAX_LINE_LEN] = {0}; char nat_access_buf[MAX_LINE_LEN] = {0};
char tmp_access_port[MAX_PORT_STR_LEN+1], *ndx = NULL; char tmp_access_port[MAX_PORT_STR_LEN+1] = {0}, *ndx = NULL;
int access_port = 0, i = 0, is_err = 0; int access_port = 0, i = 0, is_err = 0;
char dst_ip_str[INET_ADDRSTRLEN] = {0}; char dst_ip_str[INET_ADDRSTRLEN] = {0};
char hostname[HOSTNAME_BUFSIZE] = {0}; char hostname[HOSTNAME_BUFSIZE] = {0};
int port = 0; int port = 0;
struct addrinfo hints; struct addrinfo hints;
memset(nat_access_buf, 0x0, MAX_LINE_LEN);
memset(tmp_access_port, 0x0, MAX_PORT_STR_LEN+1);
memset(&hints, 0 , sizeof(hints)); memset(&hints, 0 , sizeof(hints));
ndx = strchr(options->access_str, '/'); ndx = strchr(options->access_str, '/');
@ -938,7 +929,7 @@ prev_exec(fko_cli_options_t *options, int argc, char **argv)
static void static void
show_last_command(const char * const args_save_file) show_last_command(const char * const args_save_file)
{ {
char args_str[MAX_LINE_LEN] = ""; char args_str[MAX_LINE_LEN] = {0};
FILE *args_file_ptr = NULL; FILE *args_file_ptr = NULL;
verify_file_perms_ownership(args_save_file); verify_file_perms_ownership(args_save_file);
@ -1058,7 +1049,7 @@ get_save_file(char *args_save_file)
static void static void
save_args(int argc, char **argv, const char * const args_save_file) save_args(int argc, char **argv, const char * const args_save_file)
{ {
char args_str[MAX_LINE_LEN] = ""; char args_str[MAX_LINE_LEN] = {0};
int i = 0, args_str_len = 0, args_file_fd = -1; int i = 0, args_str_len = 0, args_file_fd = -1;
args_file_fd = open(args_save_file, O_WRONLY|O_CREAT, S_IRUSR|S_IWUSR); args_file_fd = open(args_save_file, O_WRONLY|O_CREAT, S_IRUSR|S_IWUSR);

2
client/getpasswd.c
View File

@ -175,8 +175,6 @@ get_key_file(char *key, int *key_len, const char *key_file,
char *lptr; char *lptr;
memset(key, 0x00, MAX_KEY_LEN+1); memset(key, 0x00, MAX_KEY_LEN+1);
memset(conf_line_buf, 0x00, MAX_LINE_LEN);
memset(tmp_char_buf, 0x00, MAX_LINE_LEN);
if ((pwfile_ptr = fopen(key_file, "r")) == NULL) if ((pwfile_ptr = fopen(key_file, "r")) == NULL)
{ {

2
client/http_resolve_host.c
View File

@ -58,7 +58,7 @@ try_url(struct url *url, fko_cli_options_t *options)
int bytes_read = 0, position = 0; int bytes_read = 0, position = 0;
int o1, o2, o3, o4; int o1, o2, o3, o4;
struct addrinfo *result, *rp, hints; struct addrinfo *result, *rp, hints;
char http_buf[HTTP_MAX_REQUEST_LEN]; char http_buf[HTTP_MAX_REQUEST_LEN] = {0};
char http_response[HTTP_MAX_RESPONSE_LEN] = {0}; char http_response[HTTP_MAX_RESPONSE_LEN] = {0};
char *ndx; char *ndx;

6
client/spa_comm.c
View File

@ -35,7 +35,7 @@
static void static void
dump_transmit_options(const fko_cli_options_t *options) dump_transmit_options(const fko_cli_options_t *options)
{ {
char proto_str[PROTOCOL_BUFSIZE]; /* Protocol string */ char proto_str[PROTOCOL_BUFSIZE] = {0}; /* Protocol string */
proto_inttostr(options->spa_proto, proto_str, sizeof(proto_str)); proto_inttostr(options->spa_proto, proto_str, sizeof(proto_str));
@ -89,7 +89,7 @@ send_spa_packet_tcp_or_udp(const char *spa_data, const int sd_len,
{ {
int sock, res=0, error; int sock, res=0, error;
struct addrinfo *result, *rp, hints; struct addrinfo *result, *rp, hints;
char port_str[MAX_PORT_STR_LEN+1]; char port_str[MAX_PORT_STR_LEN+1] = {0};
if (options->test) if (options->test)
{ {
@ -495,7 +495,7 @@ static int
send_spa_packet_http(const char *spa_data, const int sd_len, send_spa_packet_http(const char *spa_data, const int sd_len,
fko_cli_options_t *options) fko_cli_options_t *options)
{ {
char http_buf[HTTP_MAX_REQUEST_LEN], *spa_data_copy = NULL; char http_buf[HTTP_MAX_REQUEST_LEN] = {0}, *spa_data_copy = NULL;
char *ndx = options->http_proxy; char *ndx = options->http_proxy;
int i, proxy_port = 0, is_err; int i, proxy_port = 0, is_err;

13
lib/cipher_funcs.c
View File

@ -118,19 +118,14 @@ static void
rij_salt_and_iv(RIJNDAEL_context *ctx, const char *key, rij_salt_and_iv(RIJNDAEL_context *ctx, const char *key,
const int key_len, const unsigned char *data, const int mode_flag) const int key_len, const unsigned char *data, const int mode_flag)
{ {
char pw_buf[RIJNDAEL_MAX_KEYSIZE]; char pw_buf[RIJNDAEL_MAX_KEYSIZE] = {0};
unsigned char tmp_buf[MD5_DIGEST_LEN+RIJNDAEL_MAX_KEYSIZE+RIJNDAEL_BLOCKSIZE]; unsigned char tmp_buf[MD5_DIGEST_LEN+RIJNDAEL_MAX_KEYSIZE+RIJNDAEL_BLOCKSIZE] = {0};
unsigned char kiv_buf[RIJNDAEL_MAX_KEYSIZE+RIJNDAEL_BLOCKSIZE]; /* Key and IV buffer */ unsigned char kiv_buf[RIJNDAEL_MAX_KEYSIZE+RIJNDAEL_BLOCKSIZE] = {0}; /* Key and IV buffer */
unsigned char md5_buf[MD5_DIGEST_LEN]; /* Buffer for computed md5 hash */ unsigned char md5_buf[MD5_DIGEST_LEN] = {0}; /* Buffer for computed md5 hash */
int final_key_len = 0; int final_key_len = 0;
size_t kiv_len = 0; size_t kiv_len = 0;
memset(pw_buf, 0x00, RIJNDAEL_MAX_KEYSIZE);
memset(tmp_buf, 0x00, MD5_DIGEST_LEN+RIJNDAEL_MAX_KEYSIZE+RIJNDAEL_BLOCKSIZE);
memset(kiv_buf, 0x00, RIJNDAEL_MAX_KEYSIZE+RIJNDAEL_BLOCKSIZE);
memset(md5_buf, 0x00, MD5_DIGEST_LEN);
if(mode_flag == FKO_ENC_MODE_CBC_LEGACY_IV) if(mode_flag == FKO_ENC_MODE_CBC_LEGACY_IV)
{ {
/* Pad the pw with '0' chars up to the minimum Rijndael key size. /* Pad the pw with '0' chars up to the minimum Rijndael key size.

2
lib/fko_hmac.c
View File

@ -209,8 +209,6 @@ int fko_set_spa_hmac(fko_ctx_t ctx,
if(hmac_key_len > MAX_DIGEST_BLOCK_LEN) if(hmac_key_len > MAX_DIGEST_BLOCK_LEN)
return(FKO_ERROR_INVALID_HMAC_KEY_LEN); return(FKO_ERROR_INVALID_HMAC_KEY_LEN);
memset(hmac, 0x00, SHA512_DIGEST_STR_LEN);
if(ctx->hmac_type == FKO_HMAC_MD5) if(ctx->hmac_type == FKO_HMAC_MD5)
{ {
hmac_md5(ctx->encrypted_msg, hmac_md5(ctx->encrypted_msg,

13
lib/hmac.c
View File

@ -103,9 +103,6 @@ hmac_md5_init(hmac_md5_ctx *ctx, const char *key, const int key_len)
unsigned char init_key[MAX_DIGEST_BLOCK_LEN] = {0}; unsigned char init_key[MAX_DIGEST_BLOCK_LEN] = {0};
int final_len = key_len; int final_len = key_len;
memset(final_key, 0x00, MAX_DIGEST_BLOCK_LEN);
memset(init_key, 0x00, MAX_DIGEST_BLOCK_LEN);
if(key_len > MAX_DIGEST_BLOCK_LEN) if(key_len > MAX_DIGEST_BLOCK_LEN)
final_len = MAX_DIGEST_BLOCK_LEN; final_len = MAX_DIGEST_BLOCK_LEN;
@ -177,9 +174,6 @@ hmac_sha1_init(hmac_sha1_ctx *ctx, const char *key, const int key_len)
unsigned char init_key[MAX_DIGEST_BLOCK_LEN] = {0}; unsigned char init_key[MAX_DIGEST_BLOCK_LEN] = {0};
int final_len = key_len; int final_len = key_len;
memset(final_key, 0x00, MAX_DIGEST_BLOCK_LEN);
memset(init_key, 0x00, MAX_DIGEST_BLOCK_LEN);
if(key_len > MAX_DIGEST_BLOCK_LEN) if(key_len > MAX_DIGEST_BLOCK_LEN)
final_len = MAX_DIGEST_BLOCK_LEN; final_len = MAX_DIGEST_BLOCK_LEN;
@ -251,9 +245,6 @@ hmac_sha256_init(hmac_sha256_ctx *ctx, const char *key, const int key_len)
unsigned char init_key[MAX_DIGEST_BLOCK_LEN] = {0}; unsigned char init_key[MAX_DIGEST_BLOCK_LEN] = {0};
int final_len = key_len; int final_len = key_len;
memset(final_key, 0x00, MAX_DIGEST_BLOCK_LEN);
memset(init_key, 0x00, MAX_DIGEST_BLOCK_LEN);
if(key_len > MAX_DIGEST_BLOCK_LEN) if(key_len > MAX_DIGEST_BLOCK_LEN)
final_len = MAX_DIGEST_BLOCK_LEN; final_len = MAX_DIGEST_BLOCK_LEN;
@ -324,8 +315,6 @@ hmac_sha384_init(hmac_sha384_ctx *ctx, const char *key, const int key_len)
unsigned char final_key[MAX_DIGEST_BLOCK_LEN] = {0}; unsigned char final_key[MAX_DIGEST_BLOCK_LEN] = {0};
int final_len = key_len; int final_len = key_len;
memset(final_key, 0x00, MAX_DIGEST_BLOCK_LEN);
if(key_len > MAX_DIGEST_BLOCK_LEN) if(key_len > MAX_DIGEST_BLOCK_LEN)
final_len = MAX_DIGEST_BLOCK_LEN; final_len = MAX_DIGEST_BLOCK_LEN;
@ -388,8 +377,6 @@ hmac_sha512_init(hmac_sha512_ctx *ctx, const char *key, const int key_len)
unsigned char final_key[MAX_DIGEST_BLOCK_LEN] = {0}; unsigned char final_key[MAX_DIGEST_BLOCK_LEN] = {0};
int final_len = key_len; int final_len = key_len;
memset(final_key, 0x00, MAX_DIGEST_BLOCK_LEN);
if(key_len > MAX_DIGEST_BLOCK_LEN) if(key_len > MAX_DIGEST_BLOCK_LEN)
final_len = MAX_DIGEST_BLOCK_LEN; final_len = MAX_DIGEST_BLOCK_LEN;

18
server/access.c
View File

@ -300,7 +300,7 @@ static int
expand_acc_source(fko_srv_options_t *opts, acc_stanza_t *acc) expand_acc_source(fko_srv_options_t *opts, acc_stanza_t *acc)
{ {
char *ndx, *start; char *ndx, *start;
char buf[ACCESS_BUF_LEN]; char buf[ACCESS_BUF_LEN] = {0};
int res = 1; int res = 1;
start = acc->source; start = acc->source;
@ -346,7 +346,7 @@ static int
parse_proto_and_port(char *pstr, int *proto, int *port) parse_proto_and_port(char *pstr, int *proto, int *port)
{ {
char *ndx; char *ndx;
char proto_str[ACCESS_BUF_LEN]; char proto_str[ACCESS_BUF_LEN] = {0};
int is_err; int is_err;
/* Parse the string into its components. /* Parse the string into its components.
@ -493,7 +493,7 @@ int
expand_acc_port_list(acc_port_list_t **plist, char *plist_str) expand_acc_port_list(acc_port_list_t **plist, char *plist_str)
{ {
char *ndx, *start; char *ndx, *start;
char buf[ACCESS_BUF_LEN]; char buf[ACCESS_BUF_LEN] = {0};
start = plist_str; start = plist_str;
@ -540,7 +540,7 @@ static int
expand_acc_string_list(acc_string_list_t **stlist, char *stlist_str) expand_acc_string_list(acc_string_list_t **stlist, char *stlist_str)
{ {
char *ndx, *start; char *ndx, *start;
char buf[1024]; char buf[MAX_LINE_LEN] = {0};
start = stlist_str; start = stlist_str;
@ -553,7 +553,7 @@ expand_acc_string_list(acc_string_list_t **stlist, char *stlist_str)
while(isspace(*start)) while(isspace(*start))
start++; start++;
if(((ndx-start)+1) >= 1024) if(((ndx-start)+1) >= MAX_LINE_LEN)
return 0; return 0;
strlcpy(buf, start, (ndx-start)+1); strlcpy(buf, start, (ndx-start)+1);
@ -567,7 +567,7 @@ expand_acc_string_list(acc_string_list_t **stlist, char *stlist_str)
while(isspace(*start)) while(isspace(*start))
start++; start++;
if(((ndx-start)+1) >= 1024) if(((ndx-start)+1) >= MAX_LINE_LEN)
return 0; return 0;
strlcpy(buf, start, (ndx-start)+1); strlcpy(buf, start, (ndx-start)+1);
@ -914,8 +914,8 @@ parse_access_file(fko_srv_options_t *opts)
unsigned int num_lines = 0; unsigned int num_lines = 0;
char access_line_buf[MAX_LINE_LEN] = {0}; char access_line_buf[MAX_LINE_LEN] = {0};
char var[MAX_LINE_LEN] = {0}; char var[MAX_LINE_LEN] = {0};
char val[MAX_LINE_LEN] = {0}; char val[MAX_LINE_LEN] = {0};
struct passwd *pw; struct passwd *pw;
struct stat st; struct stat st;
@ -1370,7 +1370,7 @@ acc_check_port_access(acc_stanza_t *acc, char *port_str)
{ {
int res = 1, ctr = 0; int res = 1, ctr = 0;
char buf[ACCESS_BUF_LEN]; char buf[ACCESS_BUF_LEN] = {0};
char *ndx, *start; char *ndx, *start;
acc_port_list_t *o_pl = acc->oport_list; acc_port_list_t *o_pl = acc->oport_list;

4
server/config_init.c
View File

@ -298,7 +298,7 @@ parse_config_file(fko_srv_options_t *opts, const char *config_file)
static void static void
validate_options(fko_srv_options_t *opts) validate_options(fko_srv_options_t *opts)
{ {
char tmp_path[MAX_PATH_LEN]; char tmp_path[MAX_PATH_LEN] = {0};
/* If no conf dir is set in the config file, use the default. /* If no conf dir is set in the config file, use the default.
*/ */
@ -650,7 +650,7 @@ config_init(fko_srv_options_t *opts, int argc, char **argv)
int cmd_arg, index, is_err; int cmd_arg, index, is_err;
unsigned char got_conf_file = 0, got_override_config = 0; unsigned char got_conf_file = 0, got_override_config = 0;
char override_file[MAX_LINE_LEN]; char override_file[MAX_LINE_LEN] = {0};
char *ndx, *cmrk; char *ndx, *cmrk;
/* Zero out options and opts_track. /* Zero out options and opts_track.

2
server/extcmd.c
View File

@ -94,7 +94,7 @@ _run_extcmd(uid_t user_uid, const char *cmd, char *so_buf, const size_t so_buf_s
{ {
FILE *ipt; FILE *ipt;
int retval = 0; int retval = 0;
char so_read_buf[IO_READ_BUF_LEN]; char so_read_buf[IO_READ_BUF_LEN] = {0};
pid_t pid; pid_t pid;
int res; int res;

4
server/fw_util_ipf.c
View File

@ -152,8 +152,8 @@ check_firewall_rules(const fko_srv_options_t *opts)
/* TODO: Implement me */ /* TODO: Implement me */
char exp_str[12]; char exp_str[12] = {0};
char rule_num_str[6]; char rule_num_str[6] = {0};
char *ndx, *rn_start, *rn_end, *tmp_mark; char *ndx, *rn_start, *rn_end, *tmp_mark;
int i, res, rn_offset; int i, res, rn_offset;

4
server/fw_util_ipfw.c
View File

@ -592,8 +592,8 @@ process_spa_request(const fko_srv_options_t * const opts,
void void
check_firewall_rules(const fko_srv_options_t * const opts) check_firewall_rules(const fko_srv_options_t * const opts)
{ {
char exp_str[12]; char exp_str[12] = {0};
char rule_num_str[6]; char rule_num_str[6] = {0};
char *ndx, *rn_start, *rn_end, *tmp_mark; char *ndx, *rn_start, *rn_end, *tmp_mark;
int i=0, res=0, is_err; int i=0, res=0, is_err;

14
server/fw_util_iptables.c
View File

@ -191,8 +191,8 @@ static int
jump_rule_exists(const fko_srv_options_t * const opts, const int chain_num) jump_rule_exists(const fko_srv_options_t * const opts, const int chain_num)
{ {
int num, pos = 0; int num, pos = 0;
char cmd_buf[CMD_BUFSIZE] = {0}; char cmd_buf[CMD_BUFSIZE] = {0};
char target[CMD_BUFSIZE] = {0}; char target[CMD_BUFSIZE] = {0};
char line_buf[CMD_BUFSIZE] = {0}; char line_buf[CMD_BUFSIZE] = {0};
FILE *ipt; FILE *ipt;
@ -459,8 +459,8 @@ static void
set_fw_chain_conf(const int type, const char * const conf_str) set_fw_chain_conf(const int type, const char * const conf_str)
{ {
int i, j, is_err; int i, j, is_err;
char tbuf[1024] = {0}; char tbuf[MAX_LINE_LEN] = {0};
const char *ndx = conf_str; const char *ndx = conf_str;
char *chain_fields[FW_NUM_CHAIN_FIELDS]; char *chain_fields[FW_NUM_CHAIN_FIELDS];
@ -713,8 +713,8 @@ process_spa_request(const fko_srv_options_t * const opts,
{ {
char nat_ip[MAX_IPV4_STR_LEN] = {0}; char nat_ip[MAX_IPV4_STR_LEN] = {0};
char snat_target[SNAT_TARGET_BUFSIZE] = {0}; char snat_target[SNAT_TARGET_BUFSIZE] = {0};
char rule_buf[CMD_BUFSIZE] = {0};
char *ndx; char *ndx;
char rule_buf[CMD_BUFSIZE];
unsigned int nat_port = 0; unsigned int nat_port = 0;
@ -1076,8 +1076,8 @@ process_spa_request(const fko_srv_options_t * const opts,
void void
check_firewall_rules(const fko_srv_options_t * const opts) check_firewall_rules(const fko_srv_options_t * const opts)
{ {
char exp_str[12]; char exp_str[12] = {0};
char rule_num_str[6]; char rule_num_str[6] = {0};
char *ndx, *rn_start, *rn_end, *tmp_mark; char *ndx, *rn_start, *rn_end, *tmp_mark;
int i, res, rn_offset, rule_num, is_err; int i, res, rn_offset, rule_num, is_err;

10
server/fw_util_pf.c
View File

@ -194,8 +194,8 @@ int
process_spa_request(const fko_srv_options_t * const opts, process_spa_request(const fko_srv_options_t * const opts,
const acc_stanza_t * const acc, spa_data_t * const spadat) const acc_stanza_t * const acc, spa_data_t * const spadat)
{ {
char new_rule[MAX_PF_NEW_RULE_LEN]; char new_rule[MAX_PF_NEW_RULE_LEN] = {0};
char write_cmd[CMD_BUFSIZE]; char write_cmd[CMD_BUFSIZE] = {0};
FILE *pfctl_fd = NULL; FILE *pfctl_fd = NULL;
@ -339,9 +339,9 @@ process_spa_request(const fko_srv_options_t * const opts,
void void
check_firewall_rules(const fko_srv_options_t * const opts) check_firewall_rules(const fko_srv_options_t * const opts)
{ {
char exp_str[12]; char exp_str[12] = {0};
char anchor_rules_copy[STANDARD_CMD_OUT_BUFSIZE]; char anchor_rules_copy[STANDARD_CMD_OUT_BUFSIZE] = {0};
char write_cmd[CMD_BUFSIZE]; char write_cmd[CMD_BUFSIZE] = {0};
char *ndx, *tmp_mark, *tmp_ndx, *newline_tmp_ndx; char *ndx, *tmp_mark, *tmp_ndx, *newline_tmp_ndx;
time_t now, rule_exp, min_exp=0; time_t now, rule_exp, min_exp=0;

9
server/fwknopd_common.h
View File

@ -163,10 +163,11 @@
/* fwknopd-specific limits /* fwknopd-specific limits
*/ */
#define MAX_PCAP_FILTER_LEN 1024 #define MAX_PCAP_FILTER_LEN 1024
#define MAX_IFNAME_LEN 128 #define MAX_IFNAME_LEN 128
#define MAX_SPA_PACKET_LEN 1500 /* --DSS check this? */ #define MAX_SPA_PACKET_LEN 1500 /* --DSS check this? */
#define MAX_HOSTNAME_LEN 64 #define MAX_HOSTNAME_LEN 64
#define MAX_DECRYPTED_SPA_LEN 1024
/* The minimum possible valid SPA data size. /* The minimum possible valid SPA data size.
*/ */

2
server/incoming_spa.c
View File

@ -647,7 +647,7 @@ incoming_spa(fko_srv_options_t *opts)
break; break;
} }
strlcpy(spadat.spa_message_remain, spa_ip_demark+1, 1024); strlcpy(spadat.spa_message_remain, spa_ip_demark+1, MAX_DECRYPTED_SPA_LEN);
/* If use source IP was requested (embedded IP of 0.0.0.0), make sure it /* If use source IP was requested (embedded IP of 0.0.0.0), make sure it
* is allowed. * is allowed.

6
server/replay_cache.c
View File

@ -143,10 +143,10 @@ replay_warning(fko_srv_options_t *opts, digest_cache_info_t *digest_info)
{ {
char src_ip[INET_ADDRSTRLEN+1] = {0}; char src_ip[INET_ADDRSTRLEN+1] = {0};
char orig_src_ip[INET_ADDRSTRLEN+1] = {0}; char orig_src_ip[INET_ADDRSTRLEN+1] = {0};
char created[DATE_LEN]; char created[DATE_LEN] = {0};
#if ! USE_FILE_CACHE #if ! USE_FILE_CACHE
char first[DATE_LEN], last[DATE_LEN]; char first[DATE_LEN] = {0}, last[DATE_LEN] = {0};
#endif #endif
/* Convert the IPs to a human readable form /* Convert the IPs to a human readable form
@ -234,7 +234,7 @@ replay_file_cache_init(fko_srv_options_t *opts)
{ {
FILE *digest_file_ptr = NULL; FILE *digest_file_ptr = NULL;
unsigned int num_lines = 0, digest_ctr = 0; unsigned int num_lines = 0, digest_ctr = 0;
char line_buf[MAX_LINE_LEN] = {0}; char line_buf[MAX_LINE_LEN] = {0};
char src_ip[INET_ADDRSTRLEN+1] = {0}; char src_ip[INET_ADDRSTRLEN+1] = {0};
char dst_ip[INET_ADDRSTRLEN+1] = {0}; char dst_ip[INET_ADDRSTRLEN+1] = {0};
long int time_tmp; long int time_tmp;

2
server/tcp_server.c
View File

@ -60,7 +60,7 @@ run_tcp_server(fko_srv_options_t *opts)
fd_set sfd_set; fd_set sfd_set;
struct sockaddr_in saddr, caddr; struct sockaddr_in saddr, caddr;
struct timeval tv; struct timeval tv;
char sipbuf[MAX_IPV4_STR_LEN]; char sipbuf[MAX_IPV4_STR_LEN] = {0};
unsigned short port; unsigned short port;

3
server/utils.c
View File

@ -114,7 +114,7 @@ hex_dump(const unsigned char *data, const int size)
char * char *
dump_ctx(fko_ctx_t ctx) dump_ctx(fko_ctx_t ctx)
{ {
static char buf[CTX_DUMP_BUFSIZE]; static char buf[CTX_DUMP_BUFSIZE] = {0};
int cp = 0; int cp = 0;
size_t bytes_left; size_t bytes_left;
@ -164,7 +164,6 @@ dump_ctx(fko_ctx_t ctx)
hmac_digest_inttostr(hmac_type, hmac_str, sizeof(hmac_str)); hmac_digest_inttostr(hmac_type, hmac_str, sizeof(hmac_str));
enc_mode_inttostr(encryption_mode, enc_mode_str, sizeof(enc_mode_str)); enc_mode_inttostr(encryption_mode, enc_mode_str, sizeof(enc_mode_str));
memset(buf, 0x0, sizeof(buf));
bytes_left = sizeof(buf) - 1; bytes_left = sizeof(buf) - 1;
cp = append_msg_to_buf(buf, bytes_left, "SPA Field Values:\n=================\n"); cp = append_msg_to_buf(buf, bytes_left, "SPA Field Values:\n=================\n");