From: Daniel Lenski <dlenski@gmail.com>
Date: Tue, 4 May 2021 20:16:02 +0000 (-0700)
Subject: Replace all use of inet_ntoa() with inet_ntop()
X-Git-Tag: v8.20~231^2
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=71bf1d939f55ff206e9f149bcc1bf2f4be2d7450;p=users%2Fdwmw2%2Fopenconnect.git

Replace all use of inet_ntoa() with inet_ntop()

inet_ntoa() uses a statically-allocated buffer, which means that it wouldn't
be safe for use by an a multithreaded application using libopenconnect (as
yet hypothetical).

We should use inet_ntop() instead in all cases, even though it's slightly
less convenient.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---

diff --git a/gpst.c b/gpst.c
index 86f357c6..1d59c2f6 100644
--- a/gpst.c
+++ b/gpst.c
@@ -549,8 +549,9 @@ static int gpst_parse_config_xml(struct openconnect_info *vpninfo, xmlNode *xml_
 				inet_aton(new_ip_info.addr, &net_addr);
 				net_addr.s_addr &= nm_bits; /* clear host bits */
 
+				char abuf[INET_ADDRSTRLEN];
 				if ((inc = malloc(sizeof(*inc))) == NULL ||
-				    asprintf(&s, "%s/%s", inet_ntoa(net_addr), original_netmask) <= 0)
+				    asprintf(&s, "%s/%s", inet_ntop(AF_INET, &net_addr, abuf, sizeof(abuf)), original_netmask) <= 0)
 					return -ENOMEM;
 				inc->route = add_option_steal(&new_opts, "split-include", &s);
 				inc->next = new_ip_info.split_includes;
diff --git a/ppp.c b/ppp.c
index 37aab047..568fc0b5 100644
--- a/ppp.c
+++ b/ppp.c
@@ -390,6 +390,7 @@ static int handle_config_request(struct openconnect_info *vpninfo,
 	int ret;
 	struct oc_ncp *ncp;
 	unsigned char *p;
+	char abuf[MAX(INET_ADDRSTRLEN, INET6_ADDRSTRLEN)];
 
 	switch (proto) {
 	case PPP_LCP: ncp = &ppp->lcp; break;
@@ -462,10 +463,9 @@ static int handle_config_request(struct openconnect_info *vpninfo,
 			memcpy(&ppp->in_ipv4_addr, p+2, 4);
 			vpn_progress(vpninfo, PRG_DEBUG,
 				     _("Received peer IPv4 address %s from server\n"),
-				     inet_ntoa(ppp->in_ipv4_addr));
+				     inet_ntop(AF_INET, &ppp->in_ipv4_addr, abuf, sizeof(abuf)));
 			break;
 		case PROTO_TAG_LEN(PPP_IP6CP, IP6CP_INT_ID, 8): {
-			char buf[40];
 			unsigned char ipv6_ll[16] = {0xfe, 0x80, 0, 0, 0, 0, 0, 0};
 
 			/* XX: The server has allegedly sent us its link-local IPv6 address.
@@ -477,11 +477,9 @@ static int handle_config_request(struct openconnect_info *vpninfo,
 			 */
 			memcpy(ipv6_ll + 8, p+2, 8);
 			memcpy(&ppp->in_ipv6_addr, ipv6_ll, 16);
-			if (!inet_ntop(AF_INET6, &ppp->in_ipv6_addr, buf, sizeof(buf)))
-				return -EINVAL;
 			vpn_progress(vpninfo, PRG_DEBUG,
 				     _("Received peer IPv6 link-local address %s from server\n"),
-				     buf);
+				     inet_ntop(AF_INET6, &ppp->in_ipv6_addr, abuf, sizeof(abuf)));
 			break;
 		}
 		default:
@@ -648,6 +646,7 @@ static int handle_config_rejnak(struct openconnect_info *vpninfo,
 	struct oc_ppp *ppp = vpninfo->ppp;
 	struct oc_ncp *ncp;
 	unsigned char *p;
+	char abuf[MAX(INET_ADDRSTRLEN, INET6_ADDRSTRLEN)];
 
 	switch (proto) {
 	case PPP_LCP: ncp = &ppp->lcp; break;
@@ -698,10 +697,10 @@ static int handle_config_rejnak(struct openconnect_info *vpninfo,
 			break;
 		case PROTO_TAG_LEN(PPP_IPCP, IPCP_IPADDR, 4): {
 			struct in_addr *a = (void *)(p + 2);
-			const char *s = inet_ntoa(*a);
+			inet_ntop(AF_INET, a, abuf, sizeof(abuf));
 			if (code == CONFNAK && a->s_addr) {
 				vpn_progress(vpninfo, PRG_DEBUG,
-					     _("Server nak-offered IPv4 address: %s\n"), s);
+					     _("Server nak-offered IPv4 address: %s\n"), abuf);
 				ppp->out_ipv4_addr = *a;
 				if (vpninfo->ip_info.addr) {
 					vpn_progress(vpninfo, PRG_ERR,
@@ -711,7 +710,7 @@ static int handle_config_rejnak(struct openconnect_info *vpninfo,
 				}
 			} else {
 				vpn_progress(vpninfo, PRG_DEBUG,
-					     _("Server rejected/nak'ed our IPv4 address or request: %s\n"), s);
+					     _("Server rejected/nak'ed our IPv4 address or request: %s\n"), abuf);
 				return -EINVAL;
 			}
 			break;
@@ -721,14 +720,14 @@ static int handle_config_rejnak(struct openconnect_info *vpninfo,
 		case PROTO_TAG_LEN(PPP_IPCP, IPCP_xNS_BASE + 2, 4):
 		case PROTO_TAG_LEN(PPP_IPCP, IPCP_xNS_BASE + 3, 4): {
 			struct in_addr *a = (void *)(p + 2);
-			const char *s = inet_ntoa(*a);
 			/* XX: see ppp.h for why bitfields work here */
 			int is_dns = t&1;
 			int entry = (t&2)>>1;
+			inet_ntop(AF_INET, a, abuf, sizeof(abuf));
 			if (code == CONFNAK && a->s_addr) {
 				vpn_progress(vpninfo, PRG_DEBUG,
 					     _("Server nak-offered IPCP request for %s[%d] server: %s\n"),
-					     is_dns ? "DNS" : "NBNS", entry, s);
+					     is_dns ? "DNS" : "NBNS", entry, abuf);
 				ppp->nameservers[t & 3] = *a;
 				ppp->got_peerns |= (1<<(t-IPCP_xNS_BASE));
 			} else {
@@ -743,14 +742,12 @@ static int handle_config_rejnak(struct openconnect_info *vpninfo,
 		case PROTO_TAG_LEN(PPP_IP6CP, IP6CP_INT_ID, 8): {
 			uint64_t *val = (void *)(p + 2);
 			if (code == CONFNAK && *val != 0) {
-				char buf[40];
 				unsigned char ipv6_ll[16] = {0xfe, 0x80, 0, 0, 0, 0, 0, 0};
 				memcpy(ipv6_ll + 8, val, 8);
-				if (!inet_ntop(AF_INET6, ipv6_ll, buf, sizeof(buf)))
-					return -EINVAL;
+				inet_ntop(AF_INET6, ipv6_ll, abuf, sizeof(abuf));
 
 				vpn_progress(vpninfo, PRG_DEBUG,
-					     _("Server nak-offered IPv6 link-local address %s\n"), buf);
+					     _("Server nak-offered IPv6 link-local address %s\n"), abuf);
 				/* If we don't already have a valid global IPv6 address, then we are
 				 * supposed to use this one to create a valid link-local IPv6
 				 * address to allow autoconfiguration (https://tools.ietf.org/html/rfc5072)
diff --git a/script.c b/script.c
index 2ab66735..d6f8bb8f 100644
--- a/script.c
+++ b/script.c
@@ -118,7 +118,7 @@ static int process_split_xxclude(struct openconnect_info *vpninfo,
 {
 	struct in_addr net_addr, mask_addr;
 	const char *in_ex = include ? "IN" : "EX";
-	char envname[80], uptoslash[20];
+	char envname[80], uptoslash[20], abuf[INET_ADDRSTRLEN];
 	const char *slash;
 	char *endp;
 	int masklen;
@@ -201,21 +201,22 @@ static int process_split_xxclude(struct openconnect_info *vpninfo,
 	/* Fix incorrectly-set host bits */
 	if (net_addr.s_addr & ~mask_addr.s_addr) {
 		net_addr.s_addr &= mask_addr.s_addr;
+		inet_ntop(AF_INET, &net_addr, abuf, sizeof(abuf));
 		if (include)
 			vpn_progress(vpninfo, PRG_ERR,
 				     _("WARNING: Split include \"%s\" has host bits set, replacing with \"%s/%d\".\n"),
-				     route, inet_ntoa(net_addr), masklen);
+				     route, abuf, masklen);
 		else
 			vpn_progress(vpninfo, PRG_ERR,
 				     _("WARNING: Split exclude \"%s\" has host bits set, replacing with \"%s/%d\".\n"),
-				     route, inet_ntoa(net_addr), masklen);
+				     route, abuf, masklen);
 	}
 
 	snprintf(envname, 79, "CISCO_SPLIT_%sC_%d_ADDR", in_ex, *v4_incs);
-	script_setenv(vpninfo, envname, inet_ntoa(net_addr), 0, 0);
+	script_setenv(vpninfo, envname, inet_ntop(AF_INET, &net_addr, abuf, sizeof(abuf)), 0, 0);
 
 	snprintf(envname, 79, "CISCO_SPLIT_%sC_%d_MASK", in_ex, *v4_incs);
-	script_setenv(vpninfo, envname, inet_ntoa(mask_addr), 0, 0);
+	script_setenv(vpninfo, envname, inet_ntop(AF_INET, &mask_addr, abuf, sizeof(abuf)), 0, 0);
 
 	snprintf(envname, 79, "CISCO_SPLIT_%sC_%d_MASKLEN", in_ex, *v4_incs);
 	script_setenv_int(vpninfo, envname, masklen);
@@ -322,13 +323,13 @@ void prepare_script_env(struct openconnect_info *vpninfo)
 					     _("Ignoring legacy network because netmask \"%s\" is invalid.\n"),
 					     vpninfo->ip_info.netmask);
 			else {
-				char *netaddr;
+				char netaddr[INET_ADDRSTRLEN];
 				int masklen = netmasklen(mask);
 
 				if (netmaskbits(masklen) != mask.s_addr)
 					goto bad_netmask;
 				addr.s_addr &= mask.s_addr;
-				netaddr = inet_ntoa(addr);
+				inet_ntop(AF_INET, &addr, netaddr, sizeof(netaddr));
 
 				script_setenv(vpninfo, "INTERNAL_IP4_NETADDR", netaddr, 0, 0);
 				script_setenv(vpninfo, "INTERNAL_IP4_NETMASK", vpninfo->ip_info.netmask, 0, 0);