OpenVPN/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2025-05-09 05:31:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove openvpn_snprintf and similar functions

Browse Source 
Old Microsoft versions did strange behaviour but according to the
newly added unit test and
https://stackoverflow.com/questions/7706936/is-snprintf-always-null-terminating
this is now standard conforming and we can use the normal snprintf
method.

Microsoft own documentation to swprintf also says you nowadays need to
define _CRT_NON_CONFORMING_SWPRINTFS to get to non-standard behaviour.

Change-Id: I07096977e3b562bcb5d2c6f11673a4175b8e12ac
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20240506102710.8976-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28617.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
Arne Schwabe 2024-05-06 12:27:10 +02:00 committed by Gert Doering
parent 9d92221eb4
commit 130548fe4d
38 changed files with 291 additions and 333 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/openvpn/buffer.c
View File

@ -279,32 +279,6 @@ buf_puts(struct buffer *buf, const char *str)
return ret; return ret;
} }
/*
* This is necessary due to certain buggy implementations of snprintf,
* that don't guarantee null termination for size > 0.
*
* Return false on overflow.
*
* This functionality is duplicated in src/openvpnserv/common.c
* Any modifications here should be done to the other place as well.
*/
bool
openvpn_snprintf(char *str, size_t size, const char *format, ...)
{
va_list arglist;
int len = -1;
if (size > 0)
{
va_start(arglist, format);
len = vsnprintf(str, size, format, arglist);
va_end(arglist);
str[size - 1] = 0;
}
return (len >= 0 && len < size);
}
/* /*
* write a string to the end of a buffer that was * write a string to the end of a buffer that was
* truncated by buf_printf * truncated by buf_printf

13
src/openvpn/buffer.h
View File

@ -448,19 +448,6 @@ __attribute__ ((format(__printf__, 2, 3)))
*/ */
bool buf_puts(struct buffer *buf, const char *str); bool buf_puts(struct buffer *buf, const char *str);
/*
* Like snprintf but guarantees null termination for size > 0
*/
bool openvpn_snprintf(char *str, size_t size, const char *format, ...)
#ifdef __GNUC__
#if __USE_MINGW_ANSI_STDIO
__attribute__ ((format(gnu_printf, 3, 4)))
#else
__attribute__ ((format(__printf__, 3, 4)))
#endif
#endif
;
/* /*
* remove/add trailing characters * remove/add trailing characters

4
src/openvpn/crypto.c
View File

@ -874,11 +874,11 @@ init_key_ctx_bi(struct key_ctx_bi *ctx, const struct key2 *key2,
key_direction_state_init(&kds, key_direction); key_direction_state_init(&kds, key_direction);
openvpn_snprintf(log_prefix, sizeof(log_prefix), "Outgoing %s", name); snprintf(log_prefix, sizeof(log_prefix), "Outgoing %s", name);
init_key_ctx(&ctx->encrypt, &key2->keys[kds.out_key], kt, init_key_ctx(&ctx->encrypt, &key2->keys[kds.out_key], kt,
OPENVPN_OP_ENCRYPT, log_prefix); OPENVPN_OP_ENCRYPT, log_prefix);
openvpn_snprintf(log_prefix, sizeof(log_prefix), "Incoming %s", name); snprintf(log_prefix, sizeof(log_prefix), "Incoming %s", name);
init_key_ctx(&ctx->decrypt, &key2->keys[kds.in_key], kt, init_key_ctx(&ctx->decrypt, &key2->keys[kds.in_key], kt,
OPENVPN_OP_DECRYPT, log_prefix); OPENVPN_OP_DECRYPT, log_prefix);

10
src/openvpn/crypto_mbedtls.c
View File

@ -128,7 +128,7 @@ mbed_log_func_line(unsigned int flags, int errval, const char *func,
{ {
char prefix[256]; char prefix[256];
if (!openvpn_snprintf(prefix, sizeof(prefix), "%s:%d", func, line)) if (!snprintf(prefix, sizeof(prefix), "%s:%d", func, line))
{ {
return mbed_log_err(flags, errval, func); return mbed_log_err(flags, errval, func);
} }
@ -239,11 +239,11 @@ crypto_pem_encode(const char *name, struct buffer *dst,
char header[1000+1] = { 0 }; char header[1000+1] = { 0 };
char footer[1000+1] = { 0 }; char footer[1000+1] = { 0 };
if (!openvpn_snprintf(header, sizeof(header), "-----BEGIN %s-----\n", name)) if (!snprintf(header, sizeof(header), "-----BEGIN %s-----\n", name))
{ {
return false; return false;
} }
if (!openvpn_snprintf(footer, sizeof(footer), "-----END %s-----\n", name)) if (!snprintf(footer, sizeof(footer), "-----END %s-----\n", name))
{ {
return false; return false;
} }
@ -278,11 +278,11 @@ crypto_pem_decode(const char *name, struct buffer *dst,
char header[1000+1] = { 0 }; char header[1000+1] = { 0 };
char footer[1000+1] = { 0 }; char footer[1000+1] = { 0 };
if (!openvpn_snprintf(header, sizeof(header), "-----BEGIN %s-----", name)) if (!snprintf(header, sizeof(header), "-----BEGIN %s-----", name))
{ {
return false; return false;
} }
if (!openvpn_snprintf(footer, sizeof(footer), "-----END %s-----", name)) if (!snprintf(footer, sizeof(footer), "-----END %s-----", name))
{ {
return false; return false;
} }

4
src/openvpn/dns.c
View File

@ -349,11 +349,11 @@ setenv_dns_option(struct env_set *es,
if (j < 0) if (j < 0)
{ {
name_ok = openvpn_snprintf(name, sizeof(name), format, i); name_ok = snprintf(name, sizeof(name), format, i);
} }
else else
{ {
name_ok = openvpn_snprintf(name, sizeof(name), format, i, j); name_ok = snprintf(name, sizeof(name), format, i, j);
} }
if (!name_ok) if (!name_ok)

8
src/openvpn/env_set.c
View File

@ -259,7 +259,7 @@ void
setenv_counter(struct env_set *es, const char *name, counter_type value) setenv_counter(struct env_set *es, const char *name, counter_type value)
{ {
char buf[64]; char buf[64];
openvpn_snprintf(buf, sizeof(buf), counter_format, value); snprintf(buf, sizeof(buf), counter_format, value);
setenv_str(es, name, buf); setenv_str(es, name, buf);
} }
@ -267,7 +267,7 @@ void
setenv_int(struct env_set *es, const char *name, int value) setenv_int(struct env_set *es, const char *name, int value)
{ {
char buf[64]; char buf[64];
openvpn_snprintf(buf, sizeof(buf), "%d", value); snprintf(buf, sizeof(buf), "%d", value);
setenv_str(es, name, buf); setenv_str(es, name, buf);
} }
@ -275,7 +275,7 @@ void
setenv_long_long(struct env_set *es, const char *name, long long value) setenv_long_long(struct env_set *es, const char *name, long long value)
{ {
char buf[64]; char buf[64];
openvpn_snprintf(buf, sizeof(buf), "%" PRIi64, (int64_t)value); snprintf(buf, sizeof(buf), "%" PRIi64, (int64_t)value);
setenv_str(es, name, buf); setenv_str(es, name, buf);
} }
@ -310,7 +310,7 @@ setenv_str_incr(struct env_set *es, const char *name, const char *value)
strcpy(tmpname, name); strcpy(tmpname, name);
while (NULL != env_set_get(es, tmpname) && counter < 1000) while (NULL != env_set_get(es, tmpname) && counter < 1000)
{ {
ASSERT(openvpn_snprintf(tmpname, tmpname_len, "%s_%u", name, counter)); ASSERT(snprintf(tmpname, tmpname_len, "%s_%u", name, counter));
counter++; counter++;
} }
if (counter < 1000) if (counter < 1000)

14
src/openvpn/error.c
View File

@ -274,14 +274,14 @@ x_msg_va(const unsigned int flags, const char *format, va_list arglist)
if ((flags & M_ERRNO) && e) if ((flags & M_ERRNO) && e)
{ {
openvpn_snprintf(m2, ERR_BUF_SIZE, "%s: %s (errno=%d)", snprintf(m2, ERR_BUF_SIZE, "%s: %s (errno=%d)",
m1, openvpn_strerror(e, crt_error, &gc), e); m1, openvpn_strerror(e, crt_error, &gc), e);
SWAP; SWAP;
} }
if (flags & M_OPTERR) if (flags & M_OPTERR)
{ {
openvpn_snprintf(m2, ERR_BUF_SIZE, "Options error: %s", m1); snprintf(m2, ERR_BUF_SIZE, "Options error: %s", m1);
SWAP; SWAP;
} }
@ -321,10 +321,10 @@ x_msg_va(const unsigned int flags, const char *format, va_list arglist)
const struct virtual_output *vo = msg_get_virtual_output(); const struct virtual_output *vo = msg_get_virtual_output();
if (vo) if (vo)
{ {
openvpn_snprintf(m2, ERR_BUF_SIZE, "%s%s%s", snprintf(m2, ERR_BUF_SIZE, "%s%s%s",
prefix, prefix,
prefix_sep, prefix_sep,
m1); m1);
virtual_output_print(vo, flags, m2); virtual_output_print(vo, flags, m2);
} }
} }

2
src/openvpn/init.c
View File

@ -359,7 +359,7 @@ management_callback_remote_entry_get(void *arg, unsigned int index, char **remot
char *out = malloc(len); char *out = malloc(len);
check_malloc_return(out); check_malloc_return(out);
openvpn_snprintf(out, len, "%s,%s,%s,%s", ce->remote, ce->remote_port, proto, status); snprintf(out, len, "%s,%s,%s,%s", ce->remote, ce->remote_port, proto, status);
*remote = out; *remote = out;
} }
else else

8
src/openvpn/manage.c
View File

@ -515,8 +515,8 @@ man_bytecount_output_client(struct management *man,
char out[32]; char out[32];
/* do in a roundabout way to work around possible mingw or mingw-glibc bug */ /* do in a roundabout way to work around possible mingw or mingw-glibc bug */
openvpn_snprintf(in, sizeof(in), counter_format, man->persist.bytes_in + dco_read_bytes); snprintf(in, sizeof(in), counter_format, man->persist.bytes_in + dco_read_bytes);
openvpn_snprintf(out, sizeof(out), counter_format, man->persist.bytes_out + dco_write_bytes); snprintf(out, sizeof(out), counter_format, man->persist.bytes_out + dco_write_bytes);
msg(M_CLIENT, ">BYTECOUNT:%s,%s", in, out); msg(M_CLIENT, ">BYTECOUNT:%s,%s", in, out);
} }
@ -528,8 +528,8 @@ man_bytecount_output_server(const counter_type *bytes_in_total,
char in[32]; char in[32];
char out[32]; char out[32];
/* do in a roundabout way to work around possible mingw or mingw-glibc bug */ /* do in a roundabout way to work around possible mingw or mingw-glibc bug */
openvpn_snprintf(in, sizeof(in), counter_format, *bytes_in_total); snprintf(in, sizeof(in), counter_format, *bytes_in_total);
openvpn_snprintf(out, sizeof(out), counter_format, *bytes_out_total); snprintf(out, sizeof(out), counter_format, *bytes_out_total);
msg(M_CLIENT, ">BYTECOUNT_CLI:%lu,%s,%s", mdac->cid, in, out); msg(M_CLIENT, ">BYTECOUNT_CLI:%lu,%s,%s", mdac->cid, in, out);
mdac->bytecount_last_update = now; mdac->bytecount_last_update = now;
} }

8
src/openvpn/options.c
View File

@ -1427,7 +1427,7 @@ foreign_options_copy_dns(struct options *o, struct env_set *es)
for (int i = 1; i <= opt_max; ++i) for (int i = 1; i <= opt_max; ++i)
{ {
char name[32]; char name[32];
openvpn_snprintf(name, sizeof(name), "foreign_option_%d", i); snprintf(name, sizeof(name), "foreign_option_%d", i);
const char *env_str = env_set_get(es, name); const char *env_str = env_set_get(es, name);
const char *value = strchr(env_str, '=') + 1; const char *value = strchr(env_str, '=') + 1;
@ -1482,7 +1482,7 @@ foreign_options_copy_dns(struct options *o, struct env_set *es)
while (o->foreign_option_index < opt_max) while (o->foreign_option_index < opt_max)
{ {
char name[32]; char name[32];
openvpn_snprintf(name, sizeof(name), "foreign_option_%d", opt_max--); snprintf(name, sizeof(name), "foreign_option_%d", opt_max--);
setenv_del(es, name); setenv_del(es, name);
} }
} }
@ -5674,8 +5674,8 @@ set_user_script(struct options *options,
#ifndef ENABLE_SMALL #ifndef ENABLE_SMALL
{ {
char script_name[100]; char script_name[100];
openvpn_snprintf(script_name, sizeof(script_name), snprintf(script_name, sizeof(script_name),
"--%s script", type); "--%s script", type);
if (check_cmd_access(*script, script_name, (in_chroot ? options->chroot_dir : NULL))) if (check_cmd_access(*script, script_name, (in_chroot ? options->chroot_dir : NULL)))
{ {

6
src/openvpn/pkcs11.c
View File

@ -201,7 +201,7 @@ _pkcs11_openvpn_token_prompt(
CLEAR(token_resp); CLEAR(token_resp);
token_resp.defined = false; token_resp.defined = false;
token_resp.nocache = true; token_resp.nocache = true;
openvpn_snprintf( snprintf(
token_resp.username, token_resp.username,
sizeof(token_resp.username), sizeof(token_resp.username),
"Please insert %s token", "Please insert %s token",
@ -245,7 +245,7 @@ _pkcs11_openvpn_pin_prompt(
ASSERT(token!=NULL); ASSERT(token!=NULL);
openvpn_snprintf(prompt, sizeof(prompt), "%s token", token->label); snprintf(prompt, sizeof(prompt), "%s token", token->label);
token_pass.defined = false; token_pass.defined = false;
token_pass.nocache = true; token_pass.nocache = true;
@ -719,7 +719,7 @@ tls_ctx_use_pkcs11(
id_resp.defined = false; id_resp.defined = false;
id_resp.nocache = true; id_resp.nocache = true;
openvpn_snprintf( snprintf(
id_resp.username, id_resp.username,
sizeof(id_resp.username), sizeof(id_resp.username),
"Please specify PKCS#11 id to use" "Please specify PKCS#11 id to use"

6
src/openvpn/platform.c
View File

@ -564,9 +564,9 @@ platform_create_temp_file(const char *directory, const char *prefix, struct gc_a
{ {
++attempts; ++attempts;
if (!openvpn_snprintf(fname, sizeof(fname), fname_fmt, max_prefix_len, if (!snprintf(fname, sizeof(fname), fname_fmt, max_prefix_len,
prefix, (unsigned long) get_random(), prefix, (unsigned long) get_random(),
(unsigned long) get_random())) (unsigned long) get_random()))
{ {
msg(M_WARN, "ERROR: temporary filename too long"); msg(M_WARN, "ERROR: temporary filename too long");
return NULL; return NULL;

4
src/openvpn/plugin.c
View File

@ -260,7 +260,7 @@ plugin_init_item(struct plugin *p, const struct plugin_option *o)
{ {
char full[PATH_MAX]; char full[PATH_MAX];
openvpn_snprintf(full, sizeof(full), "%s/%s", PLUGIN_LIBDIR, p->so_pathname); snprintf(full, sizeof(full), "%s/%s", PLUGIN_LIBDIR, p->so_pathname);
p->handle = dlopen(full, RTLD_NOW); p->handle = dlopen(full, RTLD_NOW);
} }
else else
@ -409,7 +409,7 @@ plugin_vlog(openvpn_plugin_log_flags_t flags, const char *name, const char *form
gc_init(&gc); gc_init(&gc);
msg_fmt = gc_malloc(ERR_BUF_SIZE, false, &gc); msg_fmt = gc_malloc(ERR_BUF_SIZE, false, &gc);
openvpn_snprintf(msg_fmt, ERR_BUF_SIZE, "PLUGIN %s: %s", name, format); snprintf(msg_fmt, ERR_BUF_SIZE, "PLUGIN %s: %s", name, format);
x_msg_va(msg_flags, msg_fmt, arglist); x_msg_va(msg_flags, msg_fmt, arglist);
gc_free(&gc); gc_free(&gc);

2
src/openvpn/pool.c
View File

@ -766,7 +766,7 @@ ifconfig_pool_test(in_addr_t start, in_addr_t end)
ifconfig_pool_handle h; ifconfig_pool_handle h;
in_addr_t local, remote; in_addr_t local, remote;
char buf[256]; char buf[256];
openvpn_snprintf(buf, sizeof(buf), "common-name-%d", i); snprintf(buf, sizeof(buf), "common-name-%d", i);
#ifdef DUP_CN #ifdef DUP_CN
cn = NULL; cn = NULL;
#else #else

87
src/openvpn/proxy.c
View File

@ -582,9 +582,9 @@ add_proxy_headers(struct http_proxy_info *p,
{ {
if (p->options.custom_headers[i].content) if (p->options.custom_headers[i].content)
{ {
openvpn_snprintf(buf, sizeof(buf), "%s: %s", snprintf(buf, sizeof(buf), "%s: %s",
p->options.custom_headers[i].name, p->options.custom_headers[i].name,
p->options.custom_headers[i].content); p->options.custom_headers[i].content);
if (!strcasecmp(p->options.custom_headers[i].name, "Host")) if (!strcasecmp(p->options.custom_headers[i].name, "Host"))
{ {
host_header_sent = true; host_header_sent = true;
@ -592,8 +592,8 @@ add_proxy_headers(struct http_proxy_info *p,
} }
else else
{ {
openvpn_snprintf(buf, sizeof(buf), "%s", snprintf(buf, sizeof(buf), "%s",
p->options.custom_headers[i].name); p->options.custom_headers[i].name);
if (!strncasecmp(p->options.custom_headers[i].name, "Host:", 5)) if (!strncasecmp(p->options.custom_headers[i].name, "Host:", 5))
{ {
host_header_sent = true; host_header_sent = true;
@ -609,7 +609,7 @@ add_proxy_headers(struct http_proxy_info *p,
if (!host_header_sent) if (!host_header_sent)
{ {
openvpn_snprintf(buf, sizeof(buf), "Host: %s", host); snprintf(buf, sizeof(buf), "Host: %s", host);
msg(D_PROXY, "Send to HTTP proxy: '%s'", buf); msg(D_PROXY, "Send to HTTP proxy: '%s'", buf);
if (!send_line_crlf(sd, buf)) if (!send_line_crlf(sd, buf))
{ {
@ -620,8 +620,8 @@ add_proxy_headers(struct http_proxy_info *p,
/* send User-Agent string if provided */ /* send User-Agent string if provided */
if (p->options.user_agent) if (p->options.user_agent)
{ {
openvpn_snprintf(buf, sizeof(buf), "User-Agent: %s", snprintf(buf, sizeof(buf), "User-Agent: %s",
p->options.user_agent); p->options.user_agent);
msg(D_PROXY, "Send to HTTP proxy: '%s'", buf); msg(D_PROXY, "Send to HTTP proxy: '%s'", buf);
if (!send_line_crlf(sd, buf)) if (!send_line_crlf(sd, buf))
{ {
@ -667,10 +667,10 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
else else
{ {
/* format HTTP CONNECT message */ /* format HTTP CONNECT message */
openvpn_snprintf(buf, sizeof(buf), "CONNECT %s:%s HTTP/%s", snprintf(buf, sizeof(buf), "CONNECT %s:%s HTTP/%s",
host, host,
port, port,
p->options.http_version); p->options.http_version);
msg(D_PROXY, "Send to HTTP proxy: '%s'", buf); msg(D_PROXY, "Send to HTTP proxy: '%s'", buf);
@ -692,8 +692,8 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
break; break;
case HTTP_AUTH_BASIC: case HTTP_AUTH_BASIC:
openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: Basic %s", snprintf(buf, sizeof(buf), "Proxy-Authorization: Basic %s",
username_password_as_base64(p, &gc)); username_password_as_base64(p, &gc));
msg(D_PROXY, "Attempting Basic Proxy-Authorization"); msg(D_PROXY, "Attempting Basic Proxy-Authorization");
dmsg(D_SHOW_KEYS, "Send to HTTP proxy: '%s'", buf); dmsg(D_SHOW_KEYS, "Send to HTTP proxy: '%s'", buf);
if (!send_line_crlf(sd, buf)) if (!send_line_crlf(sd, buf))
@ -705,14 +705,14 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
#if NTLM #if NTLM
case HTTP_AUTH_NTLM2: case HTTP_AUTH_NTLM2:
/* keep-alive connection */ /* keep-alive connection */
openvpn_snprintf(buf, sizeof(buf), "Proxy-Connection: Keep-Alive"); snprintf(buf, sizeof(buf), "Proxy-Connection: Keep-Alive");
if (!send_line_crlf(sd, buf)) if (!send_line_crlf(sd, buf))
{ {
goto error; goto error;
} }
openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: NTLM %s", snprintf(buf, sizeof(buf), "Proxy-Authorization: NTLM %s",
ntlm_phase_1(p, &gc)); ntlm_phase_1(p, &gc));
msg(D_PROXY, "Attempting NTLM Proxy-Authorization phase 1"); msg(D_PROXY, "Attempting NTLM Proxy-Authorization phase 1");
dmsg(D_SHOW_KEYS, "Send to HTTP proxy: '%s'", buf); dmsg(D_SHOW_KEYS, "Send to HTTP proxy: '%s'", buf);
if (!send_line_crlf(sd, buf)) if (!send_line_crlf(sd, buf))
@ -773,7 +773,7 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
char get[80]; char get[80];
CLEAR(buf2); CLEAR(buf2);
openvpn_snprintf(get, sizeof(get), "%%*s NTLM %%%zus", sizeof(buf2) - 1); snprintf(get, sizeof(get), "%%*s NTLM %%%zus", sizeof(buf2) - 1);
nparms = sscanf(buf, get, buf2); nparms = sscanf(buf, get, buf2);
/* check for "Proxy-Authenticate: NTLM TlRM..." */ /* check for "Proxy-Authenticate: NTLM TlRM..." */
@ -795,10 +795,10 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
/* now send the phase 3 reply */ /* now send the phase 3 reply */
/* format HTTP CONNECT message */ /* format HTTP CONNECT message */
openvpn_snprintf(buf, sizeof(buf), "CONNECT %s:%s HTTP/%s", snprintf(buf, sizeof(buf), "CONNECT %s:%s HTTP/%s",
host, host,
port, port,
p->options.http_version); p->options.http_version);
msg(D_PROXY, "Send to HTTP proxy: '%s'", buf); msg(D_PROXY, "Send to HTTP proxy: '%s'", buf);
@ -809,7 +809,7 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
} }
/* keep-alive connection */ /* keep-alive connection */
openvpn_snprintf(buf, sizeof(buf), "Proxy-Connection: Keep-Alive"); snprintf(buf, sizeof(buf), "Proxy-Connection: Keep-Alive");
if (!send_line_crlf(sd, buf)) if (!send_line_crlf(sd, buf))
{ {
goto error; goto error;
@ -829,7 +829,7 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
msg(D_PROXY, "NTLM Proxy-Authorization phase 3 failed: received corrupted data from proxy server"); msg(D_PROXY, "NTLM Proxy-Authorization phase 3 failed: received corrupted data from proxy server");
goto error; goto error;
} }
openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: NTLM %s", np3); snprintf(buf, sizeof(buf), "Proxy-Authorization: NTLM %s", np3);
} }
msg(D_PROXY, "Send to HTTP proxy: '%s'", buf); msg(D_PROXY, "Send to HTTP proxy: '%s'", buf);
@ -899,15 +899,15 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
/* build the digest response */ /* build the digest response */
openvpn_snprintf(uri, sizeof(uri), "%s:%s", snprintf(uri, sizeof(uri), "%s:%s",
host, host,
port); port);
if (opaque) if (opaque)
{ {
const int len = strlen(opaque)+16; const int len = strlen(opaque)+16;
opaque_kv = gc_malloc(len, false, &gc); opaque_kv = gc_malloc(len, false, &gc);
openvpn_snprintf(opaque_kv, len, ", opaque=\"%s\"", opaque); snprintf(opaque_kv, len, ", opaque=\"%s\"", opaque);
} }
DigestCalcHA1(algor, DigestCalcHA1(algor,
@ -928,10 +928,10 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
response); response);
/* format HTTP CONNECT message */ /* format HTTP CONNECT message */
openvpn_snprintf(buf, sizeof(buf), "%s %s HTTP/%s", snprintf(buf, sizeof(buf), "%s %s HTTP/%s",
http_method, http_method,
uri, uri,
p->options.http_version); p->options.http_version);
msg(D_PROXY, "Send to HTTP proxy: '%s'", buf); msg(D_PROXY, "Send to HTTP proxy: '%s'", buf);
@ -948,21 +948,22 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
} }
/* send digest response */ /* send digest response */
int sret = openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", qop=%s, nc=%s, cnonce=\"%s\", response=\"%s\"%s", int sret = snprintf(buf, sizeof(buf), "Proxy-Authorization: Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", qop=%s, nc=%s, cnonce=\"%s\", response=\"%s\"%s",
username, username,
realm, realm,
nonce, nonce,
uri, uri,
qop, qop,
nonce_count, nonce_count,
cnonce, cnonce,
response, response,
opaque_kv opaque_kv
); );
if (sret >= sizeof(buf)) if (sret >= sizeof(buf))
{ {
goto error; goto error;
} }
msg(D_PROXY, "Send to HTTP proxy: '%s'", buf); msg(D_PROXY, "Send to HTTP proxy: '%s'", buf);
if (!send_line_crlf(sd, buf)) if (!send_line_crlf(sd, buf))
{ {

2
src/openvpn/ps.c
View File

@ -354,7 +354,7 @@ journal_add(const char *journal_dir, struct proxy_connection *pc, struct proxy_c
fnlen = strlen(journal_dir) + strlen(t) + 2; fnlen = strlen(journal_dir) + strlen(t) + 2;
jfn = (char *) malloc(fnlen); jfn = (char *) malloc(fnlen);
check_malloc_return(jfn); check_malloc_return(jfn);
openvpn_snprintf(jfn, fnlen, "%s/%s", journal_dir, t); snprintf(jfn, fnlen, "%s/%s", journal_dir, t);
dmsg(D_PS_PROXY_DEBUG, "PORT SHARE PROXY: client origin %s -> %s", jfn, f); dmsg(D_PS_PROXY_DEBUG, "PORT SHARE PROXY: client origin %s -> %s", jfn, f);
fd = platform_open(jfn, O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IWUSR | S_IRGRP); fd = platform_open(jfn, O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IWUSR | S_IRGRP);
if (fd != -1) if (fd != -1)

6
src/openvpn/route.c
View File

@ -1621,11 +1621,11 @@ add_route(struct route_ipv4 *r,
if (rgi) if (rgi)
{ {
openvpn_snprintf(out, sizeof(out), "%s %s %s dev %s", network, netmask, gateway, rgi->iface); snprintf(out, sizeof(out), "%s %s %s dev %s", network, netmask, gateway, rgi->iface);
} }
else else
{ {
openvpn_snprintf(out, sizeof(out), "%s %s %s", network, netmask, gateway); snprintf(out, sizeof(out), "%s %s %s", network, netmask, gateway);
} }
bool ret = management_android_control(management, "ROUTE", out); bool ret = management_android_control(management, "ROUTE", out);
status = ret ? RTA_SUCCESS : RTA_ERROR; status = ret ? RTA_SUCCESS : RTA_ERROR;
@ -2000,7 +2000,7 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt,
#elif defined (TARGET_ANDROID) #elif defined (TARGET_ANDROID)
char out[64]; char out[64];
openvpn_snprintf(out, sizeof(out), "%s/%d %s", network, r6->netbits, device); snprintf(out, sizeof(out), "%s/%d %s", network, r6->netbits, device);
status = management_android_control(management, "ROUTE6", out); status = management_android_control(management, "ROUTE6", out);

4
src/openvpn/run_command.h
View File

@ -66,8 +66,8 @@ openvpn_run_script(const struct argv *a, const struct env_set *es,
{ {
char msg[256]; char msg[256];
openvpn_snprintf(msg, sizeof(msg), snprintf(msg, sizeof(msg),
"WARNING: Failed running command (%s)", hook); "WARNING: Failed running command (%s)", hook);
return openvpn_execve_check(a, es, flags | S_SCRIPT, msg); return openvpn_execve_check(a, es, flags | S_SCRIPT, msg);
} }

12
src/openvpn/socket.c
View File

@ -2983,11 +2983,11 @@ setenv_sockaddr(struct env_set *es, const char *name_prefix, const struct openvp
case AF_INET: case AF_INET:
if (flags & SA_IP_PORT) if (flags & SA_IP_PORT)
{ {
openvpn_snprintf(name_buf, sizeof(name_buf), "%s_ip", name_prefix); snprintf(name_buf, sizeof(name_buf), "%s_ip", name_prefix);
} }
else else
{ {
openvpn_snprintf(name_buf, sizeof(name_buf), "%s", name_prefix); snprintf(name_buf, sizeof(name_buf), "%s", name_prefix);
} }
inet_ntop(AF_INET, &addr->addr.in4.sin_addr, buf, sizeof(buf)); inet_ntop(AF_INET, &addr->addr.in4.sin_addr, buf, sizeof(buf));
@ -2995,7 +2995,7 @@ setenv_sockaddr(struct env_set *es, const char *name_prefix, const struct openvp
if ((flags & SA_IP_PORT) && addr->addr.in4.sin_port) if ((flags & SA_IP_PORT) && addr->addr.in4.sin_port)
{ {
openvpn_snprintf(name_buf, sizeof(name_buf), "%s_port", name_prefix); snprintf(name_buf, sizeof(name_buf), "%s_port", name_prefix);
setenv_int(es, name_buf, ntohs(addr->addr.in4.sin_port)); setenv_int(es, name_buf, ntohs(addr->addr.in4.sin_port));
} }
break; break;
@ -3006,19 +3006,19 @@ setenv_sockaddr(struct env_set *es, const char *name_prefix, const struct openvp
struct in_addr ia; struct in_addr ia;
memcpy(&ia.s_addr, &addr->addr.in6.sin6_addr.s6_addr[12], memcpy(&ia.s_addr, &addr->addr.in6.sin6_addr.s6_addr[12],
sizeof(ia.s_addr)); sizeof(ia.s_addr));
openvpn_snprintf(name_buf, sizeof(name_buf), "%s_ip", name_prefix); snprintf(name_buf, sizeof(name_buf), "%s_ip", name_prefix);
inet_ntop(AF_INET, &ia, buf, sizeof(buf)); inet_ntop(AF_INET, &ia, buf, sizeof(buf));
} }
else else
{ {
openvpn_snprintf(name_buf, sizeof(name_buf), "%s_ip6", name_prefix); snprintf(name_buf, sizeof(name_buf), "%s_ip6", name_prefix);
inet_ntop(AF_INET6, &addr->addr.in6.sin6_addr, buf, sizeof(buf)); inet_ntop(AF_INET6, &addr->addr.in6.sin6_addr, buf, sizeof(buf));
} }
setenv_str(es, name_buf, buf); setenv_str(es, name_buf, buf);
if ((flags & SA_IP_PORT) && addr->addr.in6.sin6_port) if ((flags & SA_IP_PORT) && addr->addr.in6.sin6_port)
{ {
openvpn_snprintf(name_buf, sizeof(name_buf), "%s_port", name_prefix); snprintf(name_buf, sizeof(name_buf), "%s_port", name_prefix);
setenv_int(es, name_buf, ntohs(addr->addr.in6.sin6_port)); setenv_int(es, name_buf, ntohs(addr->addr.in6.sin6_port));
} }
break; break;

7
src/openvpn/socks.c
View File

@ -109,9 +109,10 @@ socks_username_password_auth(struct socks_proxy_info *p,
"Authentication not possible."); "Authentication not possible.");
goto cleanup; goto cleanup;
} }
int sret = openvpn_snprintf(to_send, sizeof(to_send), "\x01%c%s%c%s",
(int) strlen(creds.username), creds.username, int sret = snprintf(to_send, sizeof(to_send), "\x01%c%s%c%s",
(int) strlen(creds.password), creds.password); (int) strlen(creds.username), creds.username,
(int) strlen(creds.password), creds.password);
ASSERT(sret <= sizeof(to_send)); ASSERT(sret <= sizeof(to_send));
size = send(sd, to_send, strlen(to_send), MSG_NOSIGNAL); size = send(sd, to_send, strlen(to_send), MSG_NOSIGNAL);

12
src/openvpn/ssl_mbedtls.c
View File

@ -1531,16 +1531,16 @@ print_details(struct key_state_ssl *ks_ssl, const char *prefix)
char s2[256]; char s2[256];
s1[0] = s2[0] = 0; s1[0] = s2[0] = 0;
openvpn_snprintf(s1, sizeof(s1), "%s %s, cipher %s", snprintf(s1, sizeof(s1), "%s %s, cipher %s",
prefix, prefix,
mbedtls_ssl_get_version(ks_ssl->ctx), mbedtls_ssl_get_version(ks_ssl->ctx),
mbedtls_ssl_get_ciphersuite(ks_ssl->ctx)); mbedtls_ssl_get_ciphersuite(ks_ssl->ctx));
cert = mbedtls_ssl_get_peer_cert(ks_ssl->ctx); cert = mbedtls_ssl_get_peer_cert(ks_ssl->ctx);
if (cert != NULL) if (cert != NULL)
{ {
openvpn_snprintf(s2, sizeof(s2), ", %u bit key", snprintf(s2, sizeof(s2), ", %u bit key",
(unsigned int) mbedtls_pk_get_bitlen(&cert->pk)); (unsigned int) mbedtls_pk_get_bitlen(&cert->pk));
} }
msg(D_HANDSHAKE, "%s%s", s1, s2); msg(D_HANDSHAKE, "%s%s", s1, s2);

4
src/openvpn/ssl_ncp.c
View File

@ -198,8 +198,8 @@ append_cipher_to_ncp_list(struct options *o, const char *ciphername)
size_t newlen = strlen(o->ncp_ciphers) + 1 + strlen(ciphername) + 1; size_t newlen = strlen(o->ncp_ciphers) + 1 + strlen(ciphername) + 1;
char *ncp_ciphers = gc_malloc(newlen, false, &o->gc); char *ncp_ciphers = gc_malloc(newlen, false, &o->gc);
ASSERT(openvpn_snprintf(ncp_ciphers, newlen, "%s:%s", o->ncp_ciphers, ASSERT(snprintf(ncp_ciphers, newlen, "%s:%s", o->ncp_ciphers,
ciphername)); ciphername));
o->ncp_ciphers = ncp_ciphers; o->ncp_ciphers = ncp_ciphers;
} }

32
src/openvpn/ssl_openssl.c
View File

@ -1774,7 +1774,7 @@ open_biofp(void)
if (!biofp) if (!biofp)
{ {
char fn[256]; char fn[256];
openvpn_snprintf(fn, sizeof(fn), "bio/%d-%d.log", pid, biofp_toggle); snprintf(fn, sizeof(fn), "bio/%d-%d.log", pid, biofp_toggle);
biofp = fopen(fn, "w"); biofp = fopen(fn, "w");
ASSERT(biofp); ASSERT(biofp);
biofp_last_open = time(NULL); biofp_last_open = time(NULL);
@ -2116,8 +2116,8 @@ print_pkey_details(EVP_PKEY *pkey, char *buf, size_t buflen)
#endif /* if OPENSSL_VERSION_NUMBER < 0x30000000L */ #endif /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
} }
openvpn_snprintf(buf, buflen, "%d bits %s%s", snprintf(buf, buflen, "%d bits %s%s",
EVP_PKEY_bits(pkey), type, curve); EVP_PKEY_bits(pkey), type, curve);
} }
/** /**
@ -2137,12 +2137,12 @@ print_cert_details(X509 *cert, char *buf, size_t buflen)
int signature_nid = X509_get_signature_nid(cert); int signature_nid = X509_get_signature_nid(cert);
if (signature_nid != 0) if (signature_nid != 0)
{ {
openvpn_snprintf(sig, sizeof(sig), ", signature: %s", snprintf(sig, sizeof(sig), ", signature: %s",
OBJ_nid2sn(signature_nid)); OBJ_nid2sn(signature_nid));
} }
openvpn_snprintf(buf, buflen, ", peer certificate: %s%s", snprintf(buf, buflen, ", peer certificate: %s%s",
pkeybuf, sig); pkeybuf, sig);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
} }
@ -2160,8 +2160,8 @@ print_server_tempkey(SSL *ssl, char *buf, size_t buflen)
char pkeybuf[128] = { 0 }; char pkeybuf[128] = { 0 };
print_pkey_details(pkey, pkeybuf, sizeof(pkeybuf)); print_pkey_details(pkey, pkeybuf, sizeof(pkeybuf));
openvpn_snprintf(buf, buflen, ", peer temporary key: %s", snprintf(buf, buflen, ", peer temporary key: %s",
pkeybuf); pkeybuf);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
} }
@ -2238,8 +2238,8 @@ print_peer_signature(SSL *ssl, char *buf, size_t buflen)
return; return;
} }
openvpn_snprintf(buf, buflen, ", peer signing digest/type: %s %s", snprintf(buf, buflen, ", peer signing digest/type: %s %s",
peer_sig, peer_sig_type); peer_sig, peer_sig_type);
} }
@ -2262,11 +2262,11 @@ print_details(struct key_state_ssl *ks_ssl, const char *prefix)
s1[0] = s2[0] = s3[0] = s4[0] = 0; s1[0] = s2[0] = s3[0] = s4[0] = 0;
ciph = SSL_get_current_cipher(ks_ssl->ssl); ciph = SSL_get_current_cipher(ks_ssl->ssl);
openvpn_snprintf(s1, sizeof(s1), "%s %s, cipher %s %s", snprintf(s1, sizeof(s1), "%s %s, cipher %s %s",
prefix, prefix,
SSL_get_version(ks_ssl->ssl), SSL_get_version(ks_ssl->ssl),
SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_version(ciph),
SSL_CIPHER_get_name(ciph)); SSL_CIPHER_get_name(ciph));
X509 *cert = SSL_get_peer_certificate(ks_ssl->ssl); X509 *cert = SSL_get_peer_certificate(ks_ssl->ssl);
if (cert) if (cert)

22
src/openvpn/ssl_verify.c
View File

@ -421,12 +421,12 @@ verify_cert_set_env(struct env_set *es, openvpn_x509_cert_t *peer_cert, int cert
} }
/* export subject name string as environmental variable */ /* export subject name string as environmental variable */
openvpn_snprintf(envname, sizeof(envname), "tls_id_%d", cert_depth); snprintf(envname, sizeof(envname), "tls_id_%d", cert_depth);
setenv_str(es, envname, subject); setenv_str(es, envname, subject);
#if 0 #if 0
/* export common name string as environmental variable */ /* export common name string as environmental variable */
openvpn_snprintf(envname, sizeof(envname), "tls_common_name_%d", cert_depth); snprintf(envname, sizeof(envname), "tls_common_name_%d", cert_depth);
setenv_str(es, envname, common_name); setenv_str(es, envname, common_name);
#endif #endif
@ -435,24 +435,24 @@ verify_cert_set_env(struct env_set *es, openvpn_x509_cert_t *peer_cert, int cert
struct buffer sha1 = x509_get_sha1_fingerprint(peer_cert, &gc); struct buffer sha1 = x509_get_sha1_fingerprint(peer_cert, &gc);
struct buffer sha256 = x509_get_sha256_fingerprint(peer_cert, &gc); struct buffer sha256 = x509_get_sha256_fingerprint(peer_cert, &gc);
openvpn_snprintf(envname, sizeof(envname), "tls_digest_%d", cert_depth); snprintf(envname, sizeof(envname), "tls_digest_%d", cert_depth);
setenv_str(es, envname, setenv_str(es, envname,
format_hex_ex(BPTR(&sha1), BLEN(&sha1), 0, 1, ":", &gc)); format_hex_ex(BPTR(&sha1), BLEN(&sha1), 0, 1, ":", &gc));
openvpn_snprintf(envname, sizeof(envname), "tls_digest_sha256_%d", snprintf(envname, sizeof(envname), "tls_digest_sha256_%d",
cert_depth); cert_depth);
setenv_str(es, envname, setenv_str(es, envname,
format_hex_ex(BPTR(&sha256), BLEN(&sha256), 0, 1, ":", &gc)); format_hex_ex(BPTR(&sha256), BLEN(&sha256), 0, 1, ":", &gc));
} }
/* export serial number as environmental variable */ /* export serial number as environmental variable */
serial = backend_x509_get_serial(peer_cert, &gc); serial = backend_x509_get_serial(peer_cert, &gc);
openvpn_snprintf(envname, sizeof(envname), "tls_serial_%d", cert_depth); snprintf(envname, sizeof(envname), "tls_serial_%d", cert_depth);
setenv_str(es, envname, serial); setenv_str(es, envname, serial);
/* export serial number in hex as environmental variable */ /* export serial number in hex as environmental variable */
serial = backend_x509_get_serial_hex(peer_cert, &gc); serial = backend_x509_get_serial_hex(peer_cert, &gc);
openvpn_snprintf(envname, sizeof(envname), "tls_serial_hex_%d", cert_depth); snprintf(envname, sizeof(envname), "tls_serial_hex_%d", cert_depth);
setenv_str(es, envname, serial); setenv_str(es, envname, serial);
gc_free(&gc); gc_free(&gc);
@ -569,7 +569,7 @@ verify_check_crl_dir(const char *crl_dir, openvpn_x509_cert_t *cert,
goto cleanup; goto cleanup;
} }
if (!openvpn_snprintf(fn, sizeof(fn), "%s%c%s", crl_dir, PATH_SEPARATOR, serial)) if (!snprintf(fn, sizeof(fn), "%s%c%s", crl_dir, PATH_SEPARATOR, serial))
{ {
msg(D_HANDSHAKE, "VERIFY CRL: filename overflow"); msg(D_HANDSHAKE, "VERIFY CRL: filename overflow");
goto cleanup; goto cleanup;
@ -938,9 +938,9 @@ key_state_check_auth_pending_file(struct auth_deferred_status *ads,
if (!check_auth_pending_method(multi->peer_info, pending_method)) if (!check_auth_pending_method(multi->peer_info, pending_method))
{ {
char buf[128]; char buf[128];
openvpn_snprintf(buf, sizeof(buf), snprintf(buf, sizeof(buf),
"Authentication failed, required pending auth " "Authentication failed, required pending auth "
"method '%s' not supported", pending_method); "method '%s' not supported", pending_method);
auth_set_client_reason(multi, buf); auth_set_client_reason(multi, buf);
msg(M_INFO, "Client does not supported auth pending method " msg(M_INFO, "Client does not supported auth pending method "
"'%s'", pending_method); "'%s'", pending_method);

14
src/openvpn/ssl_verify_mbedtls.c
View File

@ -86,8 +86,8 @@ verify_callback(void *session_obj, mbedtls_x509_crt *cert, int cert_depth,
char *serial = backend_x509_get_serial(cert, &gc); char *serial = backend_x509_get_serial(cert, &gc);
ret = mbedtls_x509_crt_verify_info(errstr, sizeof(errstr)-1, "", *flags); ret = mbedtls_x509_crt_verify_info(errstr, sizeof(errstr)-1, "", *flags);
if (ret <= 0 && !openvpn_snprintf(errstr, sizeof(errstr), if (ret <= 0 && !snprintf(errstr, sizeof(errstr),
"Could not retrieve error string, flags=%" PRIx32, *flags)) "Could not retrieve error string, flags=%" PRIx32, *flags))
{ {
errstr[0] = '\0'; errstr[0] = '\0';
} }
@ -307,7 +307,7 @@ do_setenv_x509(struct env_set *es, const char *name, char *value, int depth)
name_expand_size = 64 + strlen(name); name_expand_size = 64 + strlen(name);
name_expand = (char *) malloc(name_expand_size); name_expand = (char *) malloc(name_expand_size);
check_malloc_return(name_expand); check_malloc_return(name_expand);
openvpn_snprintf(name_expand, name_expand_size, "X509_%d_%s", depth, name); snprintf(name_expand, name_expand_size, "X509_%d_%s", depth, name);
setenv_str(es, name_expand, value); setenv_str(es, name_expand, value);
free(name_expand); free(name_expand);
} }
@ -431,13 +431,13 @@ x509_setenv(struct env_set *es, int cert_depth, mbedtls_x509_crt *cert)
if (0 == mbedtls_oid_get_attr_short_name(&name->oid, &shortname) ) if (0 == mbedtls_oid_get_attr_short_name(&name->oid, &shortname) )
{ {
openvpn_snprintf(name_expand, sizeof(name_expand), "X509_%d_%s", snprintf(name_expand, sizeof(name_expand), "X509_%d_%s",
cert_depth, shortname); cert_depth, shortname);
} }
else else
{ {
openvpn_snprintf(name_expand, sizeof(name_expand), "X509_%d_\?\?", snprintf(name_expand, sizeof(name_expand), "X509_%d_\?\?",
cert_depth); cert_depth);
} }
for (i = 0; i < name->val.len; i++) for (i = 0; i < name->val.len; i++)

8
src/openvpn/ssl_verify_openssl.c
View File

@ -279,7 +279,7 @@ backend_x509_get_username(char *common_name, int cn_len,
gc_free(&gc); gc_free(&gc);
return FAILURE; return FAILURE;
} }
openvpn_snprintf(common_name, cn_len, "0x%s", serial); snprintf(common_name, cn_len, "0x%s", serial);
gc_free(&gc); gc_free(&gc);
} }
else else
@ -454,7 +454,7 @@ do_setenv_x509(struct env_set *es, const char *name, char *value, int depth)
name_expand_size = 64 + strlen(name); name_expand_size = 64 + strlen(name);
name_expand = (char *) malloc(name_expand_size); name_expand = (char *) malloc(name_expand_size);
check_malloc_return(name_expand); check_malloc_return(name_expand);
openvpn_snprintf(name_expand, name_expand_size, "X509_%d_%s", depth, name); snprintf(name_expand, name_expand_size, "X509_%d_%s", depth, name);
setenv_str(es, name_expand, value); setenv_str(es, name_expand, value);
free(name_expand); free(name_expand);
} }
@ -597,8 +597,8 @@ x509_setenv(struct env_set *es, int cert_depth, openvpn_x509_cert_t *peer_cert)
name_expand_size = 64 + strlen(objbuf); name_expand_size = 64 + strlen(objbuf);
name_expand = (char *) malloc(name_expand_size); name_expand = (char *) malloc(name_expand_size);
check_malloc_return(name_expand); check_malloc_return(name_expand);
openvpn_snprintf(name_expand, name_expand_size, "X509_%d_%s", cert_depth, snprintf(name_expand, name_expand_size, "X509_%d_%s", cert_depth,
objbuf); objbuf);
string_mod(name_expand, CC_PRINT, CC_CRLF, '_'); string_mod(name_expand, CC_PRINT, CC_CRLF, '_');
string_mod((char *)buf, CC_PRINT, CC_CRLF, '_'); string_mod((char *)buf, CC_PRINT, CC_CRLF, '_');
setenv_str_incr(es, name_expand, (char *)buf); setenv_str_incr(es, name_expand, (char *)buf);

4
src/openvpn/tls_crypt.c
View File

@ -574,8 +574,8 @@ tls_crypt_v2_verify_metadata(const struct tls_wrap_ctx *ctx,
} }
char metadata_type_str[4] = { 0 }; /* Max value: 255 */ char metadata_type_str[4] = { 0 }; /* Max value: 255 */
openvpn_snprintf(metadata_type_str, sizeof(metadata_type_str), snprintf(metadata_type_str, sizeof(metadata_type_str),
"%i", (uint8_t) metadata_type); "%i", (uint8_t) metadata_type);
struct env_set *es = env_set_create(NULL); struct env_set *es = env_set_create(NULL);
setenv_str(es, "script_type", "tls-crypt-v2-verify"); setenv_str(es, "script_type", "tls-crypt-v2-verify");
setenv_str(es, "metadata_type", metadata_type_str); setenv_str(es, "metadata_type", metadata_type_str);

68
src/openvpn/tun.c
View File

@ -1114,8 +1114,8 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname, int tun_mtu,
#elif defined(TARGET_ANDROID) #elif defined(TARGET_ANDROID)
char out6[64]; char out6[64];
openvpn_snprintf(out6, sizeof(out6), "%s/%d %d", snprintf(out6, sizeof(out6), "%s/%d %d",
ifconfig_ipv6_local, tt->netbits_ipv6, tun_mtu); ifconfig_ipv6_local, tt->netbits_ipv6, tun_mtu);
management_android_control(management, "IFCONFIG6", out6); management_android_control(management, "IFCONFIG6", out6);
#elif defined(TARGET_SOLARIS) #elif defined(TARGET_SOLARIS)
argv_printf(&argv, "%s %s inet6 unplumb", IFCONFIG_PATH, ifname); argv_printf(&argv, "%s %s inet6 unplumb", IFCONFIG_PATH, ifname);
@ -1362,8 +1362,8 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu,
top = "undef"; top = "undef";
} }
openvpn_snprintf(out, sizeof(out), "%s %s %d %s", ifconfig_local, snprintf(out, sizeof(out), "%s %s %d %s", ifconfig_local,
ifconfig_remote_netmask, tun_mtu, top); ifconfig_remote_netmask, tun_mtu, top);
management_android_control(management, "IFCONFIG", out); management_android_control(management, "IFCONFIG", out);
#elif defined(TARGET_SOLARIS) #elif defined(TARGET_SOLARIS)
@ -1912,7 +1912,7 @@ open_tun_generic(const char *dev, const char *dev_type, const char *dev_node,
*/ */
if (dev_node) if (dev_node)
{ {
openvpn_snprintf(tunname, sizeof(tunname), "%s", dev_node); snprintf(tunname, sizeof(tunname), "%s", dev_node);
} }
else else
{ {
@ -1926,10 +1926,10 @@ open_tun_generic(const char *dev, const char *dev_type, const char *dev_node,
{ {
for (int i = 0; i < 256; ++i) for (int i = 0; i < 256; ++i)
{ {
openvpn_snprintf(tunname, sizeof(tunname), snprintf(tunname, sizeof(tunname),
"/dev/%s%d", dev, i); "/dev/%s%d", dev, i);
openvpn_snprintf(dynamic_name, sizeof(dynamic_name), snprintf(dynamic_name, sizeof(dynamic_name),
"%s%d", dev, i); "%s%d", dev, i);
if ((tt->fd = open(tunname, O_RDWR)) > 0) if ((tt->fd = open(tunname, O_RDWR)) > 0)
{ {
dynamic_opened = true; dynamic_opened = true;
@ -1947,7 +1947,7 @@ open_tun_generic(const char *dev, const char *dev_type, const char *dev_node,
*/ */
else else
{ {
openvpn_snprintf(tunname, sizeof(tunname), "/dev/%s", dev); snprintf(tunname, sizeof(tunname), "/dev/%s", dev);
} }
} }
@ -2002,8 +2002,8 @@ open_tun_dco_generic(const char *dev, const char *dev_type,
{ {
for (int i = 0; i < 256; ++i) for (int i = 0; i < 256; ++i)
{ {
openvpn_snprintf(dynamic_name, sizeof(dynamic_name), snprintf(dynamic_name, sizeof(dynamic_name),
"%s%d", dev, i); "%s%d", dev, i);
int ret = open_tun_dco(tt, ctx, dynamic_name); int ret = open_tun_dco(tt, ctx, dynamic_name);
if (ret == 0) if (ret == 0)
{ {
@ -2519,7 +2519,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun
tt->actual_name = (char *) malloc(32); tt->actual_name = (char *) malloc(32);
check_malloc_return(tt->actual_name); check_malloc_return(tt->actual_name);
openvpn_snprintf(tt->actual_name, 32, "%s%d", dev_tuntap_type, ppa); snprintf(tt->actual_name, 32, "%s%d", dev_tuntap_type, ppa);
if (tt->type == DEV_TYPE_TAP) if (tt->type == DEV_TYPE_TAP)
{ {
@ -3509,7 +3509,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun
int i; int i;
for (i = 0; i<99; i++) for (i = 0; i<99; i++)
{ {
openvpn_snprintf(tunname, sizeof(tunname), "/dev/tap%d", i); snprintf(tunname, sizeof(tunname), "/dev/tap%d", i);
if (access( tunname, F_OK ) < 0 && errno == ENOENT) if (access( tunname, F_OK ) < 0 && errno == ENOENT)
{ {
break; break;
@ -3520,7 +3520,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun
msg( M_FATAL, "cannot find unused tap device" ); msg( M_FATAL, "cannot find unused tap device" );
} }
openvpn_snprintf( dynamic_name, sizeof(dynamic_name), "tap%d", i ); snprintf( dynamic_name, sizeof(dynamic_name), "tap%d", i );
dev = dynamic_name; dev = dynamic_name;
} }
else /* name given, sanity check */ else /* name given, sanity check */
@ -3536,7 +3536,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun
msg( M_FATAL, "TAP device name must be '--dev tapNNNN'" ); msg( M_FATAL, "TAP device name must be '--dev tapNNNN'" );
} }
openvpn_snprintf(tunname, sizeof(tunname), "/dev/%s", dev); snprintf(tunname, sizeof(tunname), "/dev/%s", dev);
} }
/* pre-existing device? /* pre-existing device?
@ -3956,8 +3956,8 @@ get_tap_reg(struct gc_arena *gc)
ADAPTER_KEY); ADAPTER_KEY);
} }
openvpn_snprintf(unit_string, sizeof(unit_string), "%s\\%s", snprintf(unit_string, sizeof(unit_string), "%s\\%s",
ADAPTER_KEY, enum_name); ADAPTER_KEY, enum_name);
status = RegOpenKeyEx( status = RegOpenKeyEx(
HKEY_LOCAL_MACHINE, HKEY_LOCAL_MACHINE,
@ -4098,9 +4098,9 @@ get_panel_reg(struct gc_arena *gc)
NETWORK_CONNECTIONS_KEY); NETWORK_CONNECTIONS_KEY);
} }
openvpn_snprintf(connection_string, sizeof(connection_string), snprintf(connection_string, sizeof(connection_string),
"%s\\%s\\Connection", "%s\\%s\\Connection",
NETWORK_CONNECTIONS_KEY, enum_name); NETWORK_CONNECTIONS_KEY, enum_name);
status = RegOpenKeyEx( status = RegOpenKeyEx(
HKEY_LOCAL_MACHINE, HKEY_LOCAL_MACHINE,
@ -4984,7 +4984,7 @@ get_adapter_index_method_1(const char *guid)
DWORD index; DWORD index;
ULONG aindex; ULONG aindex;
wchar_t wbuf[256]; wchar_t wbuf[256];
openvpn_swprintf(wbuf, SIZE(wbuf), L"\\DEVICE\\TCPIP_%hs", guid); swprintf(wbuf, SIZE(wbuf), L"\\DEVICE\\TCPIP_%hs", guid);
if (GetAdapterIndex(wbuf, &aindex) != NO_ERROR) if (GetAdapterIndex(wbuf, &aindex) != NO_ERROR)
{ {
index = TUN_ADAPTER_INDEX_INVALID; index = TUN_ADAPTER_INDEX_INVALID;
@ -5164,10 +5164,10 @@ tap_allow_nonadmin_access(const char *dev_node)
} }
/* Open Windows TAP-Windows adapter */ /* Open Windows TAP-Windows adapter */
openvpn_snprintf(device_path, sizeof(device_path), "%s%s%s", snprintf(device_path, sizeof(device_path), "%s%s%s",
USERMODEDEVICEDIR, USERMODEDEVICEDIR,
device_guid, device_guid,
TAP_WIN_SUFFIX); TAP_WIN_SUFFIX);
hand = CreateFile( hand = CreateFile(
device_path, device_path,
@ -5208,10 +5208,10 @@ tap_allow_nonadmin_access(const char *dev_node)
} }
/* Open Windows TAP-Windows adapter */ /* Open Windows TAP-Windows adapter */
openvpn_snprintf(device_path, sizeof(device_path), "%s%s%s", snprintf(device_path, sizeof(device_path), "%s%s%s",
USERMODEDEVICEDIR, USERMODEDEVICEDIR,
device_guid, device_guid,
TAP_WIN_SUFFIX); TAP_WIN_SUFFIX);
hand = CreateFile( hand = CreateFile(
device_path, device_path,
@ -6607,10 +6607,10 @@ tun_try_open_device(struct tuntap *tt, const char *device_guid, const struct dev
else else
{ {
/* Open TAP-Windows */ /* Open TAP-Windows */
openvpn_snprintf(tuntap_device_path, sizeof(tuntap_device_path), "%s%s%s", snprintf(tuntap_device_path, sizeof(tuntap_device_path), "%s%s%s",
USERMODEDEVICEDIR, USERMODEDEVICEDIR,
device_guid, device_guid,
TAP_WIN_SUFFIX); TAP_WIN_SUFFIX);
path = tuntap_device_path; path = tuntap_device_path;
} }

25
src/openvpn/win32.c
View File

@ -885,8 +885,8 @@ env_block(const struct env_set *es)
char force_path[256]; char force_path[256];
char *sysroot = get_win_sys_path(); char *sysroot = get_win_sys_path();
if (!openvpn_snprintf(force_path, sizeof(force_path), "PATH=%s\\System32;%s;%s\\System32\\Wbem", if (!snprintf(force_path, sizeof(force_path), "PATH=%s\\System32;%s;%s\\System32\\Wbem",
sysroot, sysroot, sysroot)) sysroot, sysroot, sysroot))
{ {
msg(M_WARN, "env_block: default path truncated to %s", force_path); msg(M_WARN, "env_block: default path truncated to %s", force_path);
} }
@ -1482,27 +1482,12 @@ send_msg_iservice(HANDLE pipe, const void *data, size_t size,
return ret; return ret;
} }
bool
openvpn_swprintf(wchar_t *const str, const size_t size, const wchar_t *const format, ...)
{
va_list arglist;
int len = -1;
if (size > 0)
{
va_start(arglist, format);
len = vswprintf(str, size, format, arglist);
va_end(arglist);
str[size - 1] = L'\0';
}
return (len >= 0 && len < size);
}
bool bool
get_openvpn_reg_value(const WCHAR *key, WCHAR *value, DWORD size) get_openvpn_reg_value(const WCHAR *key, WCHAR *value, DWORD size)
{ {
WCHAR reg_path[256]; WCHAR reg_path[256];
HKEY hkey; HKEY hkey;
openvpn_swprintf(reg_path, _countof(reg_path), L"SOFTWARE\\" PACKAGE_NAME); swprintf(reg_path, _countof(reg_path), L"SOFTWARE\\" PACKAGE_NAME);
LONG status = RegOpenKeyExW(HKEY_LOCAL_MACHINE, reg_path, 0, KEY_READ, &hkey); LONG status = RegOpenKeyExW(HKEY_LOCAL_MACHINE, reg_path, 0, KEY_READ, &hkey);
if (status != ERROR_SUCCESS) if (status != ERROR_SUCCESS)
@ -1528,7 +1513,7 @@ set_openssl_env_vars()
/* if we cannot find installation path from the registry, /* if we cannot find installation path from the registry,
* use Windows directory as a fallback * use Windows directory as a fallback
*/ */
openvpn_swprintf(install_path, _countof(install_path), L"%ls", ssl_fallback_dir); swprintf(install_path, _countof(install_path), L"%ls", ssl_fallback_dir);
} }
if ((install_path[wcslen(install_path) - 1]) == L'\\') if ((install_path[wcslen(install_path) - 1]) == L'\\')
@ -1553,7 +1538,7 @@ set_openssl_env_vars()
if (size == 0) if (size == 0)
{ {
WCHAR val[MAX_PATH] = {0}; WCHAR val[MAX_PATH] = {0};
openvpn_swprintf(val, _countof(val), L"%ls\\ssl\\%ls", install_path, ossl_env[i].value); swprintf(val, _countof(val), L"%ls\\ssl\\%ls", install_path, ossl_env[i].value);
_wputenv_s(ossl_env[i].name, val); _wputenv_s(ossl_env[i].name, val);
} }
} }

8
src/openvpn/win32.h
View File

@ -319,14 +319,6 @@ bool send_msg_iservice(HANDLE pipe, const void *data, size_t size,
int int
openvpn_execve(const struct argv *a, const struct env_set *es, const unsigned int flags); openvpn_execve(const struct argv *a, const struct env_set *es, const unsigned int flags);
/*
* openvpn_swprintf() is currently only used by Windows code paths
* and when enabled for all platforms it will currently break older
* OpenBSD versions lacking vswprintf(3) support in their libc.
*/
bool
openvpn_swprintf(wchar_t *const str, const size_t size, const wchar_t *const format, ...);
/* Sleep that can be interrupted by signals and exit event */ /* Sleep that can be interrupted by signals and exit event */
void win32_sleep(const int n); void win32_sleep(const int n);

10
src/openvpn/xkey_helper.c
View File

@ -205,7 +205,7 @@ xkey_management_sign(void *unused, unsigned char *sig, size_t *siglen,
} }
else else
{ {
openvpn_snprintf(alg_str, sizeof(alg_str), "ECDSA,hashalg=%s", alg.mdname); snprintf(alg_str, sizeof(alg_str), "ECDSA,hashalg=%s", alg.mdname);
} }
} }
else if (!strcmp(alg.keytype, "ED448") || !strcmp(alg.keytype, "ED25519")) else if (!strcmp(alg.keytype, "ED448") || !strcmp(alg.keytype, "ED25519"))
@ -229,8 +229,8 @@ xkey_management_sign(void *unused, unsigned char *sig, size_t *siglen,
/* For undigested message, add hashalg=digest parameter */ /* For undigested message, add hashalg=digest parameter */
else else
{ {
openvpn_snprintf(alg_str, sizeof(alg_str), "%s,hashalg=%s", snprintf(alg_str, sizeof(alg_str), "%s,hashalg=%s",
"RSA_PKCS1_PADDING", alg.mdname); "RSA_PKCS1_PADDING", alg.mdname);
} }
} }
else if (!strcmp(alg.padmode, "none") && (flags & MF_EXTERNAL_KEY_NOPADDING) else if (!strcmp(alg.padmode, "none") && (flags & MF_EXTERNAL_KEY_NOPADDING)
@ -240,8 +240,8 @@ xkey_management_sign(void *unused, unsigned char *sig, size_t *siglen,
} }
else if (!strcmp(alg.padmode, "pss") && (flags & MF_EXTERNAL_KEY_PSSPAD)) else if (!strcmp(alg.padmode, "pss") && (flags & MF_EXTERNAL_KEY_PSSPAD))
{ {
openvpn_snprintf(alg_str, sizeof(alg_str), "%s,hashalg=%s,saltlen=%s", snprintf(alg_str, sizeof(alg_str), "%s,hashalg=%s,saltlen=%s",
"RSA_PKCS1_PSS_PADDING", alg.mdname, alg.saltlen); "RSA_PKCS1_PSS_PADDING", alg.mdname, alg.saltlen);
} }
else else
{ {

52
src/openvpnserv/common.c
View File

@ -27,36 +27,6 @@
LPCTSTR service_instance = TEXT(""); LPCTSTR service_instance = TEXT("");
static wchar_t win_sys_path[MAX_PATH]; static wchar_t win_sys_path[MAX_PATH];
/*
* These are necessary due to certain buggy implementations of (v)snprintf,
* that don't guarantee null termination for size > 0.
*/
BOOL
openvpn_vswprintf(LPTSTR str, size_t size, LPCTSTR format, va_list arglist)
{
int len = -1;
if (size > 0)
{
len = vswprintf_s(str, size, format, arglist);
str[size - 1] = 0;
}
return (len >= 0 && (size_t)len < size);
}
BOOL
openvpn_swprintf(LPTSTR str, size_t size, LPCTSTR format, ...)
{
va_list arglist;
BOOL res = FALSE;
if (size > 0)
{
va_start(arglist, format);
res = openvpn_vswprintf(str, size, format, arglist);
va_end(arglist);
}
return res;
}
static DWORD static DWORD
GetRegString(HKEY key, LPCTSTR value, LPTSTR data, DWORD size, LPCTSTR default_value) GetRegString(HKEY key, LPCTSTR value, LPTSTR data, DWORD size, LPCTSTR default_value)
{ {
@ -66,7 +36,7 @@ GetRegString(HKEY key, LPCTSTR value, LPTSTR data, DWORD size, LPCTSTR default_v
if (status == ERROR_FILE_NOT_FOUND && default_value) if (status == ERROR_FILE_NOT_FOUND && default_value)
{ {
size_t len = size/sizeof(data[0]); size_t len = size/sizeof(data[0]);
if (openvpn_swprintf(data, len, default_value)) if (swprintf(data, len, default_value))
{ {
status = ERROR_SUCCESS; status = ERROR_SUCCESS;
} }
@ -93,7 +63,7 @@ GetOpenvpnSettings(settings_t *s)
TCHAR install_path[MAX_PATH]; TCHAR install_path[MAX_PATH];
TCHAR default_value[MAX_PATH]; TCHAR default_value[MAX_PATH];
openvpn_swprintf(reg_path, _countof(reg_path), TEXT("SOFTWARE\\" PACKAGE_NAME "%ls"), service_instance); swprintf(reg_path, _countof(reg_path), TEXT("SOFTWARE\\" PACKAGE_NAME "%ls"), service_instance);
LONG status = RegOpenKeyEx(HKEY_LOCAL_MACHINE, reg_path, 0, KEY_READ, &key); LONG status = RegOpenKeyEx(HKEY_LOCAL_MACHINE, reg_path, 0, KEY_READ, &key);
if (status != ERROR_SUCCESS) if (status != ERROR_SUCCESS)
@ -110,15 +80,15 @@ GetOpenvpnSettings(settings_t *s)
goto out; goto out;
} }
openvpn_swprintf(default_value, _countof(default_value), TEXT("%ls\\bin\\openvpn.exe"), swprintf(default_value, _countof(default_value), TEXT("%ls\\bin\\openvpn.exe"),
install_path); install_path);
error = GetRegString(key, TEXT("exe_path"), s->exe_path, sizeof(s->exe_path), default_value); error = GetRegString(key, TEXT("exe_path"), s->exe_path, sizeof(s->exe_path), default_value);
if (error != ERROR_SUCCESS) if (error != ERROR_SUCCESS)
{ {
goto out; goto out;
} }
openvpn_swprintf(default_value, _countof(default_value), TEXT("%ls\\config"), install_path); swprintf(default_value, _countof(default_value), TEXT("%ls\\config"), install_path);
error = GetRegString(key, TEXT("config_dir"), s->config_dir, sizeof(s->config_dir), error = GetRegString(key, TEXT("config_dir"), s->config_dir, sizeof(s->config_dir),
default_value); default_value);
if (error != ERROR_SUCCESS) if (error != ERROR_SUCCESS)
@ -133,7 +103,7 @@ GetOpenvpnSettings(settings_t *s)
goto out; goto out;
} }
openvpn_swprintf(default_value, _countof(default_value), TEXT("%ls\\log"), install_path); swprintf(default_value, _countof(default_value), TEXT("%ls\\log"), install_path);
error = GetRegString(key, TEXT("log_dir"), s->log_dir, sizeof(s->log_dir), default_value); error = GetRegString(key, TEXT("log_dir"), s->log_dir, sizeof(s->log_dir), default_value);
if (error != ERROR_SUCCESS) if (error != ERROR_SUCCESS)
{ {
@ -229,7 +199,7 @@ GetLastErrorText()
else else
{ {
tmp[wcslen(tmp) - 2] = TEXT('\0'); /* remove CR/LF characters */ tmp[wcslen(tmp) - 2] = TEXT('\0'); /* remove CR/LF characters */
openvpn_swprintf(buf, _countof(buf), TEXT("%ls (0x%x)"), tmp, error); swprintf(buf, _countof(buf), TEXT("%ls (0x%x)"), tmp, error);
} }
if (tmp) if (tmp)
@ -259,12 +229,12 @@ MsgToEventLog(DWORD flags, LPCTSTR format, ...)
hEventSource = RegisterEventSource(NULL, APPNAME); hEventSource = RegisterEventSource(NULL, APPNAME);
if (hEventSource != NULL) if (hEventSource != NULL)
{ {
openvpn_swprintf(msg[0], _countof(msg[0]), swprintf(msg[0], _countof(msg[0]),
TEXT("%ls%ls%ls: %ls"), APPNAME, service_instance, TEXT("%ls%ls%ls: %ls"), APPNAME, service_instance,
(flags & MSG_FLAGS_ERROR) ? TEXT(" error") : TEXT(""), err_msg); (flags & MSG_FLAGS_ERROR) ? TEXT(" error") : TEXT(""), err_msg);
va_start(arglist, format); va_start(arglist, format);
openvpn_vswprintf(msg[1], _countof(msg[1]), format, arglist); vswprintf(msg[1], _countof(msg[1]), format, arglist);
va_end(arglist); va_end(arglist);
const TCHAR *mesg[] = { msg[0], msg[1] }; const TCHAR *mesg[] = { msg[0], msg[1] };

57
src/openvpnserv/interactive.c
View File

@ -311,7 +311,7 @@ ReturnProcessId(HANDLE pipe, DWORD pid, DWORD count, LPHANDLE events)
* Same format as error messages (3 line string) with error = 0 in * Same format as error messages (3 line string) with error = 0 in
* 0x%08x format, PID on line 2 and a description "Process ID" on line 3 * 0x%08x format, PID on line 2 and a description "Process ID" on line 3
*/ */
openvpn_swprintf(buf, _countof(buf), L"0x%08x\n0x%08x\n%ls", 0, pid, msg); swprintf(buf, _countof(buf), L"0x%08x\n0x%08x\n%ls", 0, pid, msg);
WritePipeAsync(pipe, buf, (DWORD)(wcslen(buf) * 2), count, events); WritePipeAsync(pipe, buf, (DWORD)(wcslen(buf) * 2), count, events);
} }
@ -385,9 +385,9 @@ ValidateOptions(HANDLE pipe, const WCHAR *workdir, const WCHAR *options, WCHAR *
if (!argv) if (!argv)
{ {
openvpn_swprintf(errmsg, capacity, swprintf(errmsg, capacity,
L"Cannot validate options: CommandLineToArgvW failed with error = 0x%08x", L"Cannot validate options: CommandLineToArgvW failed with error = 0x%08x",
GetLastError()); GetLastError());
goto out; goto out;
} }
@ -407,8 +407,8 @@ ValidateOptions(HANDLE pipe, const WCHAR *workdir, const WCHAR *options, WCHAR *
if (!CheckOption(workdir, 2, argv_tmp, &settings)) if (!CheckOption(workdir, 2, argv_tmp, &settings))
{ {
openvpn_swprintf(errmsg, capacity, msg1, argv[0], workdir, swprintf(errmsg, capacity, msg1, argv[0], workdir,
settings.ovpn_admin_group); settings.ovpn_admin_group);
} }
goto out; goto out;
} }
@ -424,13 +424,13 @@ ValidateOptions(HANDLE pipe, const WCHAR *workdir, const WCHAR *options, WCHAR *
{ {
if (wcscmp(L"--config", argv[i]) == 0 && argc-i > 1) if (wcscmp(L"--config", argv[i]) == 0 && argc-i > 1)
{ {
openvpn_swprintf(errmsg, capacity, msg1, argv[i+1], workdir, swprintf(errmsg, capacity, msg1, argv[i+1], workdir,
settings.ovpn_admin_group); settings.ovpn_admin_group);
} }
else else
{ {
openvpn_swprintf(errmsg, capacity, msg2, argv[i], swprintf(errmsg, capacity, msg2, argv[i],
settings.ovpn_admin_group); settings.ovpn_admin_group);
} }
goto out; goto out;
} }
@ -985,7 +985,7 @@ RegisterDNS(LPVOID unused)
HANDLE wait_handles[2] = {rdns_semaphore, exit_event}; HANDLE wait_handles[2] = {rdns_semaphore, exit_event};
openvpn_swprintf(ipcfg, MAX_PATH, L"%ls\\%ls", get_win_sys_path(), L"ipconfig.exe"); swprintf(ipcfg, MAX_PATH, L"%ls\\%ls", get_win_sys_path(), L"ipconfig.exe");
if (WaitForMultipleObjects(2, wait_handles, FALSE, timeout) == WAIT_OBJECT_0) if (WaitForMultipleObjects(2, wait_handles, FALSE, timeout) == WAIT_OBJECT_0)
{ {
@ -1064,7 +1064,7 @@ netsh_dns_cmd(const wchar_t *action, const wchar_t *proto, const wchar_t *if_nam
} }
/* Path of netsh */ /* Path of netsh */
openvpn_swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"netsh.exe"); swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"netsh.exe");
/* cmd template: /* cmd template:
* netsh interface $proto $action dns $if_name $addr [validate=no] * netsh interface $proto $action dns $if_name $addr [validate=no]
@ -1080,7 +1080,7 @@ netsh_dns_cmd(const wchar_t *action, const wchar_t *proto, const wchar_t *if_nam
goto out; goto out;
} }
openvpn_swprintf(cmdline, ncmdline, fmt, proto, action, if_name, addr); swprintf(cmdline, ncmdline, fmt, proto, action, if_name, addr);
if (IsWindows7OrGreater()) if (IsWindows7OrGreater())
{ {
@ -1124,7 +1124,7 @@ netsh_wins_cmd(const wchar_t *action, const wchar_t *if_name, const wchar_t *add
} }
/* Path of netsh */ /* Path of netsh */
openvpn_swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"netsh.exe"); swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"netsh.exe");
/* cmd template: /* cmd template:
* netsh interface ip $action wins $if_name $static $addr * netsh interface ip $action wins $if_name $static $addr
@ -1141,7 +1141,7 @@ netsh_wins_cmd(const wchar_t *action, const wchar_t *if_name, const wchar_t *add
goto out; goto out;
} }
openvpn_swprintf(cmdline, ncmdline, fmt, action, if_name, addr_static, addr); swprintf(cmdline, ncmdline, fmt, action, if_name, addr_static, addr);
err = ExecCommand(argv0, cmdline, timeout); err = ExecCommand(argv0, cmdline, timeout);
@ -1167,7 +1167,7 @@ wmic_nicconfig_cmd(const wchar_t *action, const NET_IFINDEX if_index,
wchar_t *cmdline = NULL; wchar_t *cmdline = NULL;
int timeout = 10000; /* in msec */ int timeout = 10000; /* in msec */
openvpn_swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"wbem\\wmic.exe"); swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"wbem\\wmic.exe");
const wchar_t *fmt; const wchar_t *fmt;
/* comma separated list must be enclosed in parenthesis */ /* comma separated list must be enclosed in parenthesis */
@ -1188,8 +1188,8 @@ wmic_nicconfig_cmd(const wchar_t *action, const NET_IFINDEX if_index,
return ERROR_OUTOFMEMORY; return ERROR_OUTOFMEMORY;
} }
openvpn_swprintf(cmdline, ncmdline, fmt, if_index, action, swprintf(cmdline, ncmdline, fmt, if_index, action,
data ? data : L""); data ? data : L"");
err = ExecCommand(argv0, cmdline, timeout); err = ExecCommand(argv0, cmdline, timeout);
free(cmdline); free(cmdline);
@ -1453,7 +1453,7 @@ HandleEnableDHCPMessage(const enable_dhcp_message_t *dhcp)
wchar_t argv0[MAX_PATH]; wchar_t argv0[MAX_PATH];
/* Path of netsh */ /* Path of netsh */
openvpn_swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"netsh.exe"); swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"netsh.exe");
/* cmd template: /* cmd template:
* netsh interface ipv4 set address name=$if_index source=dhcp * netsh interface ipv4 set address name=$if_index source=dhcp
@ -1471,7 +1471,7 @@ HandleEnableDHCPMessage(const enable_dhcp_message_t *dhcp)
return err; return err;
} }
openvpn_swprintf(cmdline, ncmdline, fmt, dhcp->iface.index); swprintf(cmdline, ncmdline, fmt, dhcp->iface.index);
err = ExecCommand(argv0, cmdline, timeout); err = ExecCommand(argv0, cmdline, timeout);
@ -1970,8 +1970,8 @@ RunOpenvpn(LPVOID p)
goto out; goto out;
} }
openvpn_swprintf(ovpn_pipe_name, _countof(ovpn_pipe_name), swprintf(ovpn_pipe_name, _countof(ovpn_pipe_name),
TEXT("\\\\.\\pipe\\" PACKAGE "%ls\\service_%lu"), service_instance, GetCurrentThreadId()); TEXT("\\\\.\\pipe\\" PACKAGE "%ls\\service_%lu"), service_instance, GetCurrentThreadId());
ovpn_pipe = CreateNamedPipe(ovpn_pipe_name, ovpn_pipe = CreateNamedPipe(ovpn_pipe_name,
PIPE_ACCESS_DUPLEX | FILE_FLAG_FIRST_PIPE_INSTANCE | FILE_FLAG_OVERLAPPED, PIPE_ACCESS_DUPLEX | FILE_FLAG_FIRST_PIPE_INSTANCE | FILE_FLAG_OVERLAPPED,
PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT, 1, 128, 128, 0, NULL); PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT, 1, 128, 128, 0, NULL);
@ -2003,8 +2003,11 @@ RunOpenvpn(LPVOID p)
ReturnLastError(pipe, L"malloc"); ReturnLastError(pipe, L"malloc");
goto out; goto out;
} }
openvpn_swprintf(cmdline, cmdline_size, L"openvpn %ls --msg-channel %" PRIuPTR, /* there seem to be no common printf specifier that works on all
sud.options, svc_pipe); * mingw/msvc platforms without trickery, so convert to void* and use
* PRIuPTR to print that as best compromise */
swprintf(cmdline, cmdline_size, L"openvpn %ls --msg-channel %" PRIuPTR,
sud.options, (uintptr_t)svc_pipe);
if (!CreateEnvironmentBlock(&user_env, imp_token, FALSE)) if (!CreateEnvironmentBlock(&user_env, imp_token, FALSE))
{ {
@ -2079,8 +2082,8 @@ RunOpenvpn(LPVOID p)
else if (exit_code != 0) else if (exit_code != 0)
{ {
WCHAR buf[256]; WCHAR buf[256];
openvpn_swprintf(buf, _countof(buf), swprintf(buf, _countof(buf),
L"OpenVPN exited with error: exit code = %lu", exit_code); L"OpenVPN exited with error: exit code = %lu", exit_code);
ReturnError(pipe, ERROR_OPENVPN_STARTUP, buf, 1, &exit_event); ReturnError(pipe, ERROR_OPENVPN_STARTUP, buf, 1, &exit_event);
} }
Undo(&undo_lists); Undo(&undo_lists);
@ -2174,7 +2177,7 @@ CreateClientPipeInstance(VOID)
initialized = TRUE; initialized = TRUE;
} }
openvpn_swprintf(pipe_name, _countof(pipe_name), TEXT("\\\\.\\pipe\\" PACKAGE "%ls\\service"), service_instance); swprintf(pipe_name, _countof(pipe_name), TEXT("\\\\.\\pipe\\" PACKAGE "%ls\\service"), service_instance);
pipe = CreateNamedPipe(pipe_name, flags, pipe = CreateNamedPipe(pipe_name, flags,
PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_REJECT_REMOTE_CLIENTS, PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_REJECT_REMOTE_CLIENTS,
PIPE_UNLIMITED_INSTANCES, 1024, 1024, 0, NULL); PIPE_UNLIMITED_INSTANCES, 1024, 1024, 0, NULL);

6
src/openvpnserv/service.h
View File

@ -81,12 +81,6 @@ VOID WINAPI ServiceStartInteractiveOwn(DWORD argc, LPTSTR *argv);
VOID WINAPI ServiceStartInteractive(DWORD argc, LPTSTR *argv); VOID WINAPI ServiceStartInteractive(DWORD argc, LPTSTR *argv);
BOOL openvpn_vsntprintf(LPTSTR str, size_t size, LPCTSTR format, va_list arglist);
BOOL openvpn_sntprintf(LPTSTR str, size_t size, LPCTSTR format, ...);
BOOL openvpn_swprintf(wchar_t *const str, const size_t size, const wchar_t *const format, ...);
DWORD GetOpenvpnSettings(settings_t *s); DWORD GetOpenvpnSettings(settings_t *s);
BOOL ReportStatusToSCMgr(SERVICE_STATUS_HANDLE service, SERVICE_STATUS *status); BOOL ReportStatusToSCMgr(SERVICE_STATUS_HANDLE service, SERVICE_STATUS *status);

2
src/openvpnserv/validate.c
View File

@ -68,7 +68,7 @@ CheckConfigPath(const WCHAR *workdir, const WCHAR *fname, const settings_t *s)
/* convert fname to full path */ /* convert fname to full path */
if (PathIsRelativeW(fname) ) if (PathIsRelativeW(fname) )
{ {
openvpn_swprintf(tmp, _countof(tmp), L"%ls\\%ls", workdir, fname); swprintf(tmp, _countof(tmp), L"%ls\\%ls", workdir, fname);
config_file = tmp; config_file = tmp;
} }
else else

51
tests/unit_tests/openvpn/test_buffer.c
View File

@ -354,6 +354,56 @@ test_character_class(void **state)
assert_string_equal(buf, "There is a .'nice.' \"1234\" [.] year old .tree!"); assert_string_equal(buf, "There is a .'nice.' \"1234\" [.] year old .tree!");
} }
static void
test_snprintf(void **state)
{
/* we used to have a custom openvpn_snprintf function because some
* OS (the comment did not specify which) did not always put the
* null byte there. So we unit test this to be sure.
*
* This probably refers to the MSVC behaviour, see also
* https://stackoverflow.com/questions/7706936/is-snprintf-always-null-terminating
*/
/* Instead of trying to trick the compiler here, disable the warnings
* for this unit test. We know that the results will be truncated
* and we want to test that */
#if defined(__GNUC__)
/* some clang version do not understand -Wformat-truncation, so ignore the
* warning to avoid warnings/errors (-Werror) about unknown pragma/option */
#if defined(__clang__)
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wunknown-warning-option"
#endif
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wformat-truncation"
#endif
char buf[10] = { 'a' };
int ret = 0;
ret = snprintf(buf, sizeof(buf), "0123456789abcde");
assert_int_equal(ret, 15);
assert_int_equal(buf[9], '\0');
memset(buf, 'b', sizeof(buf));
ret = snprintf(buf, sizeof(buf), "- %d - %d -", 77, 88);
assert_int_equal(ret, 11);
assert_int_equal(buf[9], '\0');
memset(buf, 'c', sizeof(buf));
ret = snprintf(buf, sizeof(buf), "- %8.2f", 77.8899);
assert_int_equal(ret, 10);
assert_int_equal(buf[9], '\0');
#if defined(__GNUC__)
#pragma GCC diagnostic pop
#if defined(__clang__)
#pragma clang diagnostic pop
#endif
#endif
}
int int
main(void) main(void)
{ {
@ -387,6 +437,7 @@ main(void)
cmocka_unit_test(test_buffer_free_gc_two), cmocka_unit_test(test_buffer_free_gc_two),
cmocka_unit_test(test_buffer_gc_realloc), cmocka_unit_test(test_buffer_gc_realloc),
cmocka_unit_test(test_character_class), cmocka_unit_test(test_character_class),
cmocka_unit_test(test_snprintf)
}; };
return cmocka_run_group_tests_name("buffer", tests, NULL, NULL); return cmocka_run_group_tests_name("buffer", tests, NULL, NULL);

10
tests/unit_tests/openvpn/test_cryptoapi.c
View File

@ -271,7 +271,7 @@ test_find_cert_bythumb(void **state)
for (struct test_cert *c = certs; c->cert; c++) for (struct test_cert *c = certs; c->cert; c++)
{ {
openvpn_snprintf(select_string, sizeof(select_string), "THUMB:%s", c->hash); snprintf(select_string, sizeof(select_string), "THUMB:%s", c->hash);
ctx = find_certificate_in_store(select_string, user_store); ctx = find_certificate_in_store(select_string, user_store);
if (ctx) if (ctx)
{ {
@ -304,7 +304,7 @@ test_find_cert_byname(void **state)
for (struct test_cert *c = certs; c->cert; c++) for (struct test_cert *c = certs; c->cert; c++)
{ {
openvpn_snprintf(select_string, sizeof(select_string), "SUBJ:%s", c->cname); snprintf(select_string, sizeof(select_string), "SUBJ:%s", c->cname);
ctx = find_certificate_in_store(select_string, user_store); ctx = find_certificate_in_store(select_string, user_store);
/* In this case we expect a successful return as there is at least one valid /* In this case we expect a successful return as there is at least one valid
* cert that matches the common name. But the returned cert may not exactly match * cert that matches the common name. But the returned cert may not exactly match
@ -337,7 +337,7 @@ test_find_cert_byissuer(void **state)
for (struct test_cert *c = certs; c->cert; c++) for (struct test_cert *c = certs; c->cert; c++)
{ {
openvpn_snprintf(select_string, sizeof(select_string), "ISSUER:%s", c->issuer); snprintf(select_string, sizeof(select_string), "ISSUER:%s", c->issuer);
ctx = find_certificate_in_store(select_string, user_store); ctx = find_certificate_in_store(select_string, user_store);
/* In this case we expect a successful return as there is at least one valid /* In this case we expect a successful return as there is at least one valid
* cert that matches the issuer. But the returned cert may not exactly match * cert that matches the issuer. But the returned cert may not exactly match
@ -411,7 +411,7 @@ test_cryptoapi_sign(void **state)
{ {
continue; continue;
} }
openvpn_snprintf(select_string, sizeof(select_string), "THUMB:%s", c->hash); snprintf(select_string, sizeof(select_string), "THUMB:%s", c->hash);
if (Load_CryptoAPI_certificate(select_string, &x509, &privkey) != 1) if (Load_CryptoAPI_certificate(select_string, &x509, &privkey) != 1)
{ {
fail_msg("Load_CryptoAPI_certificate failed: <%s>", c->friendly_name); fail_msg("Load_CryptoAPI_certificate failed: <%s>", c->friendly_name);
@ -446,7 +446,7 @@ test_ssl_ctx_use_cryptoapicert(void **state)
SSL_CTX *ssl_ctx = SSL_CTX_new_ex(tls_libctx, NULL, SSLv23_client_method()); SSL_CTX *ssl_ctx = SSL_CTX_new_ex(tls_libctx, NULL, SSLv23_client_method());
assert_non_null(ssl_ctx); assert_non_null(ssl_ctx);
openvpn_snprintf(select_string, sizeof(select_string), "THUMB:%s", c->hash); snprintf(select_string, sizeof(select_string), "THUMB:%s", c->hash);
if (!SSL_CTX_use_CryptoAPI_certificate(ssl_ctx, select_string)) if (!SSL_CTX_use_CryptoAPI_certificate(ssl_ctx, select_string))
{ {
fail_msg("SSL_CTX_use_CryptoAPI_certificate failed: <%s>", c->friendly_name); fail_msg("SSL_CTX_use_CryptoAPI_certificate failed: <%s>", c->friendly_name);

6
tests/unit_tests/openvpn/test_pkcs11.c
View File

@ -161,7 +161,7 @@ get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix
} }
else if (flags & GET_USER_PASS_PASSWORD_ONLY) else if (flags & GET_USER_PASS_PASSWORD_ONLY)
{ {
openvpn_snprintf(up->password, sizeof(up->password), "%s", PIN); snprintf(up->password, sizeof(up->password), "%s", PIN);
} }
else else
{ {
@ -204,8 +204,8 @@ init(void **state)
{ {
fail_msg("make tmpfile using template <%s> failed (error = %d)", softhsm2_conf_path, errno); fail_msg("make tmpfile using template <%s> failed (error = %d)", softhsm2_conf_path, errno);
} }
openvpn_snprintf(config, sizeof(config), "directories.tokendir=%s/", snprintf(config, sizeof(config), "directories.tokendir=%s/",
softhsm2_tokens_path); softhsm2_tokens_path);
assert_int_equal(write(fd, config, strlen(config)), strlen(config)); assert_int_equal(write(fd, config, strlen(config)), strlen(config));
close(fd); close(fd);