From 591416e23bc9e93c83e832bbf504837e7b24be88 Mon Sep 17 00:00:00 2001 From: Michael Rash Date: Mon, 10 Sep 2012 21:47:48 -0400 Subject: [PATCH] [server] bug fix in --disable-file-cache mode Applied patch from Vlad Glagolev to fix ndbm/gdbm usage when --disable-file-cache is used for the autoconf configure script. This functionality was broken in be4193d734850fe60f14a26b547525ea0b9ce1e9 through improper handling of #define macros from --disable-file-cache. --- CREDITS | 6 ++++++ ChangeLog | 6 ++++++ server/replay_cache.c | 10 +++------- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/CREDITS b/CREDITS index 4a3dcf7a..78171196 100644 --- a/CREDITS +++ b/CREDITS @@ -66,3 +66,9 @@ Fernando Arnaboldi (IOActive) - Found several conditions in which the server did not properly throw out maliciously constructed variables in the access.conf file. This has been fixed along with new fuzzing tests in the test suite. + +Vlad Glagolev + - Submitted a patch to fix ndbm/gdbm usage when --disable-file-cache is + used for the autoconf configure script. This functionality was broken in + be4193d734850fe60f14a26b547525ea0b9ce1e9 through improper handling of + #define macros from --disable-file-cache. diff --git a/ChangeLog b/ChangeLog index f321a59a..fc6e21e6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +fwknop-2.0.4 (09/20/2012): + - [server] (Vlad Glagolev) Submitted a patch to fix ndbm/gdbm usage when + --disable-file-cache is used for the autoconf configure script. This + functionality was broken in be4193d734850fe60f14a26b547525ea0b9ce1e9 + through improper handling of #define macros from --disable-file-cache. + fwknop-2.0.3 (09/03/2012): - [server] Fernando Arnaboldi from IOActive found several DoS/code execution vulnerabilities for malicious fwknop clients that manage to diff --git a/server/replay_cache.c b/server/replay_cache.c index 227d64c6..9bce3106 100644 --- a/server/replay_cache.c +++ b/server/replay_cache.c @@ -138,7 +138,6 @@ replay_warning(fko_srv_options_t *opts, digest_cache_info_t *digest_info) char created[DATE_LEN]; #if ! USE_FILE_CACHE - char last_ip[INET_ADDRSTRLEN+1] = {0}; char first[DATE_LEN], last[DATE_LEN]; #endif @@ -375,9 +374,10 @@ replay_db_cache_init(fko_srv_options_t *opts) GDBM_FILE rpdb; #elif HAVE_LIBNDBM DBM *rpdb; + datum db_ent; #endif - datum db_key, db_ent, db_next_key; + datum db_key, db_next_key; int db_count = 0; #ifdef HAVE_LIBGDBM @@ -565,11 +565,8 @@ is_replay_dbm_cache(fko_srv_options_t *opts, char *digest) #endif datum db_key, db_ent; - char *digest = NULL; int digest_len, res = SPA_MSG_SUCCESS; - digest_cache_info_t dc_info; - digest_len = strlen(digest); db_key.dptr = digest; @@ -638,7 +635,6 @@ add_replay_dbm_cache(fko_srv_options_t *opts, char *digest) #endif datum db_key, db_ent; - char *digest = NULL; int digest_len, res = SPA_MSG_SUCCESS; digest_cache_info_t dc_info; @@ -705,7 +701,7 @@ add_replay_dbm_cache(fko_srv_options_t *opts, char *digest) return(res); #endif /* NO_DIGEST_CACHE */ - +} #endif /* USE_FILE_CACHE */ #if USE_FILE_CACHE