DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

Continue atoi() replacement with strtol() wrapper, closes issue #21

Browse Source 
This commit completes the conversion to the strtol() wrapper function in order
to remove all atoi() calls.  In addition, variable max values are enforced
using more broadly defined RCHK_* values.
This commit is contained in:
Michael Rash 2013-02-19 23:11:01 -05:00
parent 6a475bbe54
commit a413c6cf94
15 changed files with 156 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
client/config_init.c
View File

@ -139,7 +139,8 @@ parse_time_offset(const char *offset_str)
exit(EXIT_FAILURE);
}
offset = strtol_wrapper(offset_digits, 0, (2 << 15), EXIT_UPON_ERR, &is_err);
offset = strtol_wrapper(offset_digits, 0, (2 << 15),
EXIT_UPON_ERR, &is_err);
/* Apply the offset_type value
*/
@ -831,10 +832,11 @@ config_init(fko_cli_options_t *options, int argc, char **argv)
break;
case 'f':
options->fw_timeout = strtol_wrapper(optarg, 0,
(2 << 15), NO_EXIT_UPON_ERR, &is_err);
(2 << 16), NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
fprintf(stderr, "--fw-timeout must be >= 0\n");
fprintf(stderr, "--fw-timeout must be within [%d-%d]\n",
0, (2 << 16));
exit(EXIT_FAILURE);
}
break;
@ -858,12 +860,14 @@ config_init(fko_cli_options_t *options, int argc, char **argv)
case 'K':
options->key_gen = 1;
strlcpy(options->key_gen_file, optarg, MAX_PATH_LEN);
break;
case SPA_ICMP_TYPE:
options->spa_icmp_type = strtol_wrapper(optarg, 0,
MAX_ICMP_TYPE, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
fprintf(stderr, "Unrecognized icmp type value: %s\n", optarg);
fprintf(stderr, "Invalid icmp type '%s', must be in [%d-%d]\n",
optarg, 0, MAX_ICMP_TYPE);
exit(EXIT_FAILURE);
}
break;
@ -872,7 +876,8 @@ config_init(fko_cli_options_t *options, int argc, char **argv)
MAX_ICMP_CODE, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
fprintf(stderr, "Unrecognized icmp code value: %s\n", optarg);
fprintf(stderr, "Invalid icmp code '%s', must be in [%d-%d]\n",
optarg, 0, MAX_ICMP_CODE);
exit(EXIT_FAILURE);
}
break;
@ -911,12 +916,7 @@ config_init(fko_cli_options_t *options, int argc, char **argv)
break;
case 'p':
options->spa_dst_port = strtol_wrapper(optarg, 0,
MAX_PORT, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
fprintf(stderr, "Unrecognized port: %s\n", optarg);
exit(EXIT_FAILURE);
}
MAX_PORT, EXIT_UPON_ERR, &is_err);
break;
case 'P':
if((options->spa_proto = proto_strtoint(optarg)) < 0)
@ -956,12 +956,7 @@ config_init(fko_cli_options_t *options, int argc, char **argv)
break;
case 'S':
options->spa_src_port = strtol_wrapper(optarg, 0,
MAX_PORT, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
fprintf(stderr, "Unrecognized port: %s\n", optarg);
exit(EXIT_FAILURE);
}
MAX_PORT, EXIT_UPON_ERR, &is_err);
break;
case 'T':
options->test = 1;
@ -1002,12 +997,8 @@ config_init(fko_cli_options_t *options, int argc, char **argv)
options->nat_rand_port = 1;
break;
case NAT_PORT:
options->nat_port = strtol_wrapper(optarg, 0, MAX_PORT, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
fprintf(stderr, "Unrecognized port: %s\n", optarg);
exit(EXIT_FAILURE);
}
options->nat_port = strtol_wrapper(optarg, 0,
MAX_PORT, EXIT_UPON_ERR, &is_err);
break;
case TIME_OFFSET_PLUS:
options->time_offset_plus = parse_time_offset(optarg);

2
client/fwknop.c
View File

@ -523,7 +523,7 @@ get_rand_port(fko_ctx_t ctx)
strlcpy(port_str, rand_val, 6);
tmpint = strtol_wrapper(port_str, 0, 0, NO_EXIT_UPON_ERR, &is_err);
tmpint = strtol_wrapper(port_str, 0, -1, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
fprintf(stderr,

6
client/http_resolve_host.c
View File

@ -225,7 +225,7 @@ parse_url(char *res_url, struct url* url)
*/
if(strncasecmp(res_url, "https", 5) == 0)
{
fprintf(stderr, "https is not yet supported for http-resolve-ip.\n");
fprintf(stderr, "[*] https is not yet supported for http-resolve-ip.\n");
return(-1);
}
@ -244,7 +244,9 @@ parse_url(char *res_url, struct url* url)
port = strtol_wrapper(e_ndx+1, 1, MAX_PORT, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
fprintf(stderr, "resolve-url port value is invalid.\n");
fprintf(stderr,
"[*] resolve-url port value is invalid, must be in [%d-%d]\n",
1, MAX_PORT);
return(-1);
}

6
client/spa_comm.c
View File

@ -558,10 +558,12 @@ send_spa_packet_http(const char *spa_data, const int sd_len,
if(ndx)
{
*ndx = '\0';
proxy_port = strtol_wrapper(ndx+1, 0, MAX_PORT, NO_EXIT_UPON_ERR, &is_err);
proxy_port = strtol_wrapper(ndx+1, 1, MAX_PORT, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
fprintf(stderr, "proxy port value is invalid.\n");
fprintf(stderr,
"[-] proxy port value is invalid, must be in [%d-%d]\n",
1, MAX_PORT);
return 0;
}
}

2
lib/fko_decode.c
View File

@ -228,7 +228,7 @@ fko_decode_spa_data(fko_ctx_t ctx)
strlcpy(tbuf, ndx, t_size+1);
ctx->timestamp = (unsigned int) strtol_wrapper(tbuf,
0, 0, NO_EXIT_UPON_ERR, &is_err);
0, -1, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
free(tbuf);

6
lib/fko_util.c
View File

@ -95,6 +95,8 @@ strtol_wrapper(const char * const str, const int min,
if(exit_upon_err == EXIT_UPON_ERR)
{
perror("strtol");
fprintf(stderr, "[*] Value %d out of range %d - %d\n",
val, min, max);
exit(EXIT_FAILURE);
}
}
@ -110,10 +112,10 @@ strtol_wrapper(const char * const str, const int min,
}
}
/* allow max==0 to be an exception where we don't care about the
/* allow max == -1 to be an exception where we don't care about the
* maximum - note that the ERANGE check is still in place above
*/
if((max > 0) && (val > max))
if((max >= 0) && (val > max))
{
*err = FKO_ERROR_INVALID_DATA;
if(exit_upon_err == EXIT_UPON_ERR)

7
server/access.c
View File

@ -249,7 +249,7 @@ add_source_mask(fko_srv_options_t *opts, acc_stanza_t *acc, const char *ip)
return 0;
}
mask = strtol_wrapper(ndx+1, 0, 0, NO_EXIT_UPON_ERR, &is_err);
mask = strtol_wrapper(ndx+1, 0, -1, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
fprintf(stderr,
@ -395,7 +395,8 @@ parse_proto_and_port(char *pstr, int *proto, int *port)
if(is_err != FKO_SUCCESS)
{
log_msg(LOG_ERR,
"Invalid port in access request: %s", pstr);
"Invalid port '%s' in access request, must be in [%d,%d]",
pstr, 0, MAX_PORT);
return(-1);
}
@ -1074,7 +1075,7 @@ parse_access_file(fko_srv_options_t *opts)
else if(CONF_VAR_IS(var, "FW_ACCESS_TIMEOUT"))
{
curr_acc->fw_access_timeout = strtol_wrapper(val, 0,
(2 << 31), NO_EXIT_UPON_ERR, &is_err);
RCHK_MAX_FW_TIMEOUT, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
fprintf(stderr,

2
server/config_init.c
View File

@ -770,7 +770,7 @@ config_init(fko_srv_options_t *opts, int argc, char **argv)
break;
case 'C':
opts->packet_ctr_limit = strtol_wrapper(optarg,
0, (2 << 31), NO_EXIT_UPON_ERR, &is_err);
0, (2 << 30), NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
fprintf(stderr,

16
server/config_init.h
View File

@ -34,22 +34,6 @@
#include <getopt.h>
#include <sys/stat.h>
/* For integer variable range checking
*/
#define RCHK_MAX_PCAP_LOOP_SLEEP 10000000 /* microseconds, 10 seconds */
#define RCHK_MAX_SPA_PACKET_AGE 100000 /* seconds, can disable */
#define RCHK_MAX_SNIFF_BYTES 1514
#define RCHK_MAX_TCPSERV_PORT 65535
#if FIREWALL_IPFW
#define RCHK_MAX_IPFW_START_RULE_NUM 65535
#define RCHK_MAX_IPFW_MAX_RULES 10000
#define RCHK_MAX_IPFW_SET_NUM 31
#define RCHK_MAX_IPFW_PURGE_INTERVAL 65535
#elif FIREWALL_PF
#define RCHK_MAX_PF_EXPIRE_INTERVAL 65535
#endif
/* Function Prototypes
*/
void config_init(fko_srv_options_t *opts, int argc, char **argv);

137
server/fw_util_ipfw.c
View File

@ -183,6 +183,7 @@ fw_dump_rules(const fko_srv_options_t * const opts)
void
fw_config_init(fko_srv_options_t * const opts)
{
int is_err;
memset(&fwc, 0x0, sizeof(struct fw_config));
@ -190,11 +191,51 @@ fw_config_init(fko_srv_options_t * const opts)
*/
strlcpy(fwc.fw_command, opts->config[CONF_FIREWALL_EXE], MAX_PATH_LEN);
fwc.start_rule_num = atoi(opts->config[CONF_IPFW_START_RULE_NUM]);
fwc.max_rules = atoi(opts->config[CONF_IPFW_MAX_RULES]);
fwc.active_set_num = atoi(opts->config[CONF_IPFW_ACTIVE_SET_NUM]);
fwc.expire_set_num = atoi(opts->config[CONF_IPFW_EXPIRE_SET_NUM]);
fwc.purge_interval = atoi(opts->config[CONF_IPFW_EXPIRE_PURGE_INTERVAL]);
fwc.start_rule_num = strtol_wrapper(opts->config[CONF_IPFW_START_RULE_NUM],
0, RCHK_MAX_IPFW_MAX_RULES, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
fprintf(stderr, "[*] IPFW_START_RULE_NUM '%s' out of range [%d-%d].\n",
opts->config[CONF_IPFW_START_RULE_NUM], 0, RCHK_MAX_IPFW_MAX_RULES);
exit(EXIT_FAILURE);
}
fwc.max_rules = strtol_wrapper(opts->config[CONF_IPFW_MAX_RULES],
0, RCHK_MAX_IPFW_MAX_RULES, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
fprintf(stderr, "[*] IPFW_MAX_RULES_INT '%s' out of range [%d-%d].\n",
opts->config[CONF_IPFW_MAX_RULES], 0, RCHK_MAX_IPFW_MAX_RULES);
exit(EXIT_FAILURE);
}
fwc.active_set_num = strtol_wrapper(opts->config[CONF_IPFW_ACTIVE_SET_NUM],
0, RCHK_MAX_IPFW_SET_NUM, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
fprintf(stderr, "[*] IPFW_ACTIVE_SET_NUM '%s' out of range [%d-%d].\n",
opts->config[CONF_IPFW_ACTIVE_SET_NUM], 0, RCHK_MAX_IPFW_SET_NUM);
exit(EXIT_FAILURE);
}
fwc.expire_set_num = strtol_wrapper(opts->config[CONF_IPFW_EXPIRE_SET_NUM],
0, RCHK_MAX_IPFW_SET_NUM, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
fprintf(stderr, "[*] IPFW_MAX_EXPIRE_SET_NUM '%s' out of range [%d-%d].\n",
opts->config[CONF_IPFW_EXPIRE_SET_NUM], 0, RCHK_MAX_IPFW_SET_NUM);
exit(EXIT_FAILURE);
}
fwc.purge_interval = strtol_wrapper(opts->config[CONF_IPFW_EXPIRE_PURGE_INTERVAL],
0, RCHK_MAX_IPFW_PURGE_INTERVAL, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
fprintf(stderr, "[*] IPFW_EXPIRE_PURGE_INTERVAL '%s' out of range [%d-%d].\n",
opts->config[CONF_IPFW_EXPIRE_PURGE_INTERVAL], 0,
RCHK_MAX_IPFW_PURGE_INTERVAL);
exit(EXIT_FAILURE);
}
/* Let us find it via our opts struct as well.
*/
@ -206,7 +247,7 @@ fw_config_init(fko_srv_options_t * const opts)
void
fw_initialize(const fko_srv_options_t * const opts)
{
int res = 0;
int res = 0, is_err;
unsigned short curr_rule;
char *ndx;
@ -332,13 +373,16 @@ fw_initialize(const fko_srv_options_t * const opts)
if(isdigit(*ndx))
{
curr_rule = atoi(ndx);
curr_rule = strtol_wrapper(ndx, 0, -1, NO_EXIT_UPON_ERR, &is_err);
if(curr_rule >= fwc.start_rule_num
&& curr_rule < fwc.start_rule_num + fwc.max_rules)
if(is_err == FKO_SUCCESS)
{
fwc.rule_map[curr_rule - fwc.start_rule_num] = RULE_EXPIRED;
fwc.total_rules++;
if(curr_rule >= fwc.start_rule_num
&& curr_rule < fwc.start_rule_num + fwc.max_rules)
{
fwc.rule_map[curr_rule - fwc.start_rule_num] = RULE_EXPIRED;
fwc.total_rules++;
}
}
}
else
@ -350,7 +394,6 @@ fw_initialize(const fko_srv_options_t * const opts)
}
}
int
fw_cleanup(const fko_srv_options_t * const opts)
{
@ -559,7 +602,7 @@ check_firewall_rules(const fko_srv_options_t * const opts)
char rule_num_str[6];
char *ndx, *rn_start, *rn_end, *tmp_mark;
int i=0, res=0;
int i=0, res=0, is_err;
time_t now, rule_exp, min_exp = 0;
unsigned short curr_rule;
@ -683,37 +726,44 @@ check_firewall_rules(const fko_srv_options_t * const opts)
strlcpy(rule_num_str, rn_start, (rn_end - rn_start)+1);
curr_rule = atoi(rule_num_str);
curr_rule = strtol_wrapper(rule_num_str, 0, -1, NO_EXIT_UPON_ERR, &is_err);
zero_cmd_buffers();
/* Move the rule to the expired rules set.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPFW_MOVE_RULE_ARGS,
opts->fw_config->fw_command,
curr_rule,
fwc.expire_set_num
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
if (opts->verbose)
log_msg(LOG_INFO, "check_firewall_rules() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
if(EXTCMD_IS_SUCCESS(res))
if(is_err == FKO_SUCCESS)
{
log_msg(LOG_INFO, "Moved rule %s with expire time of %u to set %u.",
rule_num_str, rule_exp, fwc.expire_set_num
zero_cmd_buffers();
/* Move the rule to the expired rules set.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPFW_MOVE_RULE_ARGS,
opts->fw_config->fw_command,
curr_rule,
fwc.expire_set_num
);
if (fwc.active_rules > 0)
fwc.active_rules--;
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
fwc.rule_map[curr_rule - fwc.start_rule_num] = RULE_EXPIRED;
if (opts->verbose)
log_msg(LOG_INFO, "check_firewall_rules() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
if(EXTCMD_IS_SUCCESS(res))
{
log_msg(LOG_INFO, "Moved rule %s with expire time of %u to set %u.",
rule_num_str, rule_exp, fwc.expire_set_num
);
if (fwc.active_rules > 0)
fwc.active_rules--;
fwc.rule_map[curr_rule - fwc.start_rule_num] = RULE_EXPIRED;
}
else
log_msg(LOG_ERR, "Error %i from cmd:'%s': %s", res, cmd_buf, err_buf);
}
else
{
log_msg(LOG_ERR, "Error %i from cmd:'%s': %s", res, cmd_buf, err_buf);
}
}
else
{
@ -745,9 +795,7 @@ void
ipfw_purge_expired_rules(const fko_srv_options_t *opts)
{
char *ndx, *co_end;
int i, res;
int i, res, is_err;
unsigned short curr_rule;
/* First, we get the current active dynamic rules for the expired rule
@ -825,11 +873,14 @@ ipfw_purge_expired_rules(const fko_srv_options_t *opts)
*/
if(isdigit(*ndx))
{
curr_rule = atoi(ndx);
curr_rule = strtol_wrapper(ndx, 0, -1, NO_EXIT_UPON_ERR, &is_err);
if(curr_rule >= fwc.start_rule_num
&& curr_rule < fwc.start_rule_num + fwc.max_rules)
fwc.rule_map[curr_rule - fwc.start_rule_num] = RULE_TMP_MARKED;
if(is_err == FKO_SUCCESS)
{
if(curr_rule >= fwc.start_rule_num
&& curr_rule < fwc.start_rule_num + fwc.max_rules)
fwc.rule_map[curr_rule - fwc.start_rule_num] = RULE_TMP_MARKED;
}
}
ndx = strchr(ndx, '\n');

6
server/fw_util_iptables.c
View File

@ -492,7 +492,7 @@ set_fw_chain_conf(const int type, const char * const conf_str)
/* Pull and set Jump_rule_position */
chain->jump_rule_pos = strtol_wrapper(chain_fields[3],
0, (2 << 15), NO_EXIT_UPON_ERR, &is_err);
0, RCHK_MAX_IPT_RULE_NUM, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
log_msg(LOG_ERR, "[*] invalid jump rule position in Line: %s\n",
@ -505,7 +505,7 @@ set_fw_chain_conf(const int type, const char * const conf_str)
/* Pull and set to_chain rule position */
chain->rule_pos = strtol_wrapper(chain_fields[5],
0, (2 << 15), NO_EXIT_UPON_ERR, &is_err);
0, RCHK_MAX_IPT_RULE_NUM, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
log_msg(LOG_ERR, "[*] invalid to_chain rule position in Line: %s\n",
@ -1159,7 +1159,7 @@ check_firewall_rules(const fko_srv_options_t * const opts)
strlcpy(rule_num_str, rn_start, (rn_end - rn_start)+1);
rule_num = strtol_wrapper(rule_num_str, rn_offset, (2 << 15),
rule_num = strtol_wrapper(rule_num_str, rn_offset, RCHK_MAX_IPT_RULE_NUM,
NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{

2
server/fwknopd.c
View File

@ -691,7 +691,7 @@ get_running_pid(const fko_srv_options_t *opts)
buf[PID_BUFLEN-1] = '\0';
/* max pid value is configurable on Linux
*/
rpid = (pid_t) strtol_wrapper(buf, 0, (2 << 31),
rpid = (pid_t) strtol_wrapper(buf, 0, (2 << 30),
NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
rpid = 0;

24
server/fwknopd_common.h
View File

@ -100,6 +100,15 @@
#define DEF_FW_ACCESS_TIMEOUT 30
/* For integer variable range checking
*/
#define RCHK_MAX_PCAP_LOOP_SLEEP (2 << 22)
#define RCHK_MAX_SPA_PACKET_AGE 100000 /* seconds, can disable */
#define RCHK_MAX_SNIFF_BYTES (2 << 14)
#define RCHK_MAX_TCPSERV_PORT ((2 << 16) - 1)
#define RCHK_MAX_PCAP_DISPATCH_COUNT (2 << 22)
#define RCHK_MAX_FW_TIMEOUT (2 << 22)
/* Iptables-specific defines
*/
#if FIREWALL_IPTABLES
@ -118,6 +127,8 @@
#define DEF_IPT_SNAT_ACCESS "SNAT, nat, POSTROUTING, 1, FWKNOP_POSTROUTING, 1"
#define DEF_IPT_MASQUERADE_ACCESS "MASQUERADE, nat, POSTROUTING, 1, FWKNOP_POSTROUTING, 1"
#define RCHK_MAX_IPT_RULE_NUM (2 << 15)
/* Ipfw-specific defines
*/
#elif FIREWALL_IPFW
@ -125,16 +136,23 @@
#define DEF_FLUSH_IPFW_AT_INIT "Y"
#define DEF_FLUSH_IPFW_AT_EXIT "Y"
#define DEF_IPFW_START_RULE_NUM "10000"
#define DEF_IPFW_MAX_RULES "1000"
#define DEF_IPFW_MAX_RULES "65535"
#define DEF_IPFW_ACTIVE_SET_NUM "1"
#define DEF_IPFW_EXPIRE_SET_NUM "2"
#define DEF_IPFW_EXPIRE_PURGE_INTERVAL "30"
#define DEF_IPFW_ADD_CHECK_STATE "N"
#define RCHK_MAX_IPFW_START_RULE_NUM ((2 << 16) - 1)
#define RCHK_MAX_IPFW_MAX_RULES ((2 << 16) - 1)
#define RCHK_MAX_IPFW_SET_NUM ((2 << 5) - 1)
#define RCHK_MAX_IPFW_PURGE_INTERVAL ((2 << 16) - 1)
#elif FIREWALL_PF
#define DEF_PF_ANCHOR_NAME "fwknop"
#define DEF_PF_EXPIRE_INTERVAL "30"
#define DEF_PF_ANCHOR_NAME "fwknop"
#define DEF_PF_EXPIRE_INTERVAL "30"
#define RCHK_MAX_PF_EXPIRE_INTERVAL ((2 << 16) - 1)
#elif FIREWALL_IPF

2
server/incoming_spa.c
View File

@ -295,7 +295,7 @@ incoming_spa(fko_srv_options_t *opts)
if(strncasecmp(opts->config[CONF_ENABLE_SPA_PACKET_AGING], "Y", 1) == 0)
{
conf_pkt_age = strtol_wrapper(opts->config[CONF_MAX_SPA_PACKET_AGE],
0, (2 << 31), NO_EXIT_UPON_ERR, &is_err);
0, RCHK_MAX_SPA_PACKET_AGE, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
log_msg(LOG_ERR, "[*] invalid MAX_SPA_PACKET_AGE\n");

6
server/pcap_capture.c
View File

@ -70,7 +70,7 @@ pcap_capture(fko_srv_options_t *opts)
#endif
useconds = strtol_wrapper(opts->config[CONF_PCAP_LOOP_SLEEP],
0, (2 << 31), NO_EXIT_UPON_ERR, &is_err);
0, RCHK_MAX_PCAP_LOOP_SLEEP, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
log_msg(LOG_ERR, "[*] invalid PCAP_LOOP_SLEEP_value\n");
@ -78,7 +78,7 @@ pcap_capture(fko_srv_options_t *opts)
}
max_sniff_bytes = strtol_wrapper(opts->config[CONF_MAX_SNIFF_BYTES],
0, (2 << 14), NO_EXIT_UPON_ERR, &is_err);
0, RCHK_MAX_SNIFF_BYTES, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
log_msg(LOG_ERR, "[*] invalid MAX_SNIFF_BYTES\n");
@ -196,7 +196,7 @@ pcap_capture(fko_srv_options_t *opts)
}
pcap_dispatch_count = strtol_wrapper(opts->config[CONF_PCAP_DISPATCH_COUNT],
0, (2 << 31), NO_EXIT_UPON_ERR, &is_err);
0, RCHK_MAX_PCAP_DISPATCH_COUNT, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
log_msg(LOG_ERR, "[*] invalid PCAP_DISPATCH_COUNT\n");