From 99a33c3f51ffecc6b71086df248c699d1e7b0932 Mon Sep 17 00:00:00 2001 From: Daniel Borkmann Date: Wed, 7 Mar 2012 12:13:09 +0100 Subject: [PATCH] curvetun: cleanups, replaced memset --- src/curvetun.c | 83 +++++----------------------------------------------------- 1 file changed, 7 insertions(+), 76 deletions(-) diff --git a/src/curvetun.c b/src/curvetun.c index 3392f789..6f9e8880 100644 --- a/src/curvetun.c +++ b/src/curvetun.c @@ -310,21 +310,16 @@ static void check_file_or_die(char *home, char *file, int maybeempty) { char path[PATH_MAX]; struct stat st; - memset(path, 0, sizeof(path)); slprintf(path, sizeof(path), "%s/%s", home, file); - if (stat(path, &st)) panic("No such file %s! Type --help for further information\n", path); - if (!S_ISREG(st.st_mode)) panic("%s is not a regular file!\n", path); - if ((st.st_mode & ~S_IFREG) != (S_IRUSR | S_IWUSR)) panic("You have set too many permissions on %s (%o)!\n", path, st.st_mode); - if (maybeempty == 0 && st.st_size == 0) panic("%s is empty!\n", path); } @@ -353,21 +348,16 @@ static void write_username(char *home) int fd, ret; char path[PATH_MAX], *eof; char user[512]; - memset(path, 0, sizeof(path)); slprintf(path, sizeof(path), "%s/%s", home, FILE_USERNAM); - printf("Username: [%s] ", getenv("USER")); fflush(stdout); - memset(user, 0, sizeof(user)); eof = fgets(user, sizeof(user), stdin); user[sizeof(user) - 1] = 0; user[strlen(user) - 1] = 0; /* omit last \n */ - if (strlen(user) == 0) strlcpy(user, getenv("USER"), sizeof(user)); - fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); if (fd < 0) panic("Cannot open your username file!\n"); @@ -375,7 +365,6 @@ static void write_username(char *home) if (ret != strlen(user)) panic("Could not write username!\n"); close(fd); - info("Username written to %s!\n", path); } @@ -383,51 +372,39 @@ static void create_curvedir(char *home) { int ret, fd; char path[PATH_MAX]; - memset(path, 0, sizeof(path)); slprintf(path, sizeof(path), "%s/%s", home, ".curvetun/"); - errno = 0; ret = mkdir(path, S_IRWXU); if (ret < 0 && errno != EEXIST) panic("Cannot create curvetun dir!\n"); - info("curvetun directory %s created!\n", path); - /* We also create empty files for clients and servers! */ memset(path, 0, sizeof(path)); slprintf(path, sizeof(path), "%s/%s", home, FILE_CLIENTS); - fd = open(path, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR); if (fd < 0) panic("Cannot open clients file!\n"); close(fd); - info("Empty client file written to %s!\n", path); - memset(path, 0, sizeof(path)); slprintf(path, sizeof(path), "%s/%s", home, FILE_SERVERS); - fd = open(path, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR); if (fd < 0) panic("Cannot open servers file!\n"); close(fd); - info("Empty server file written to %s!\n", path); } static void create_keypair(char *home) { - int fd; + int fd, err = 0; ssize_t ret; unsigned char publickey[crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES] = { 0 }; unsigned char secretkey[crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES] = { 0 }; char path[PATH_MAX]; const char * errstr = NULL; - int err = 0; - info("Reading from %s (this may take a while) ...\n", CURVETUN_ENTROPY_SOURCE); - fd = open_or_die(CURVETUN_ENTROPY_SOURCE, O_RDONLY); ret = read_exact(fd, secretkey, sizeof(secretkey), 0); if (ret != sizeof(secretkey)) { @@ -436,12 +413,9 @@ static void create_keypair(char *home) goto out; } close(fd); - crypto_scalarmult_curve25519_base(publickey, secretkey); - memset(path, 0, sizeof(path)); slprintf(path, sizeof(path), "%s/%s", home, FILE_PUBKEY); - fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); if (fd < 0) { err = EIO; @@ -455,19 +429,15 @@ static void create_keypair(char *home) goto out; } close(fd); - info("Public key written to %s!\n", path); - memset(path, 0, sizeof(path)); slprintf(path, sizeof(path), "%s/%s", home, FILE_PRIVKEY); - fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); if (fd < 0) { err = EIO; errstr = "Cannot open privkey file!\n"; goto out; } - ret = write(fd, secretkey, sizeof(secretkey)); if (ret != sizeof(secretkey)) { err = EIO; @@ -476,9 +446,8 @@ static void create_keypair(char *home) } out: close(fd); - - memset(publickey, 0, sizeof(publickey)); - memset(secretkey, 0, sizeof(secretkey)); + xmemset(publickey, 0, sizeof(publickey)); + xmemset(secretkey, 0, sizeof(secretkey)); if (err) panic("%s: %s", errstr, strerror(errno)); else @@ -487,18 +456,15 @@ out: static void check_config_keypair_or_die(char *home) { - int fd; + int fd, err; ssize_t ret; - int err; const char * errstr = NULL; unsigned char publickey[crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES]; unsigned char publicres[crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES]; unsigned char secretkey[crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES]; char path[PATH_MAX]; - memset(path, 0, sizeof(path)); slprintf(path, sizeof(path), "%s/%s", home, FILE_PRIVKEY); - fd = open(path, O_RDONLY); if (fd < 0) { err = EIO; @@ -512,10 +478,8 @@ static void check_config_keypair_or_die(char *home) goto out; } close(fd); - memset(path, 0, sizeof(path)); slprintf(path, sizeof(path), "%s/%s", home, FILE_PUBKEY); - fd = open(path, O_RDONLY); if (fd < 0) { err = EIO; @@ -528,7 +492,6 @@ static void check_config_keypair_or_die(char *home) errstr = "Cannot read public key!\n"; goto out; } - crypto_scalarmult_curve25519_base(publicres, secretkey); err = crypto_verify_32(publicres, publickey); if (err) { @@ -539,9 +502,9 @@ static void check_config_keypair_or_die(char *home) } out: close(fd); - memset(publickey, 0, sizeof(publickey)); - memset(publicres, 0, sizeof(publicres)); - memset(secretkey, 0, sizeof(secretkey)); + xmemset(publickey, 0, sizeof(publickey)); + xmemset(publicres, 0, sizeof(publicres)); + xmemset(secretkey, 0, sizeof(secretkey)); if (err) panic("%s: %s\n", errstr, strerror(errno)); } @@ -563,23 +526,17 @@ static int main_export(char *home) check_config_exists_or_die(home); check_config_keypair_or_die(home); - printf("Your exported public information:\n\n"); - memset(path, 0, sizeof(path)); slprintf(path, sizeof(path), "%s/%s", home, FILE_USERNAM); - fd = open_or_die(path, O_RDONLY); while ((ret = read(fd, tmp, sizeof(tmp))) > 0) { ret = write(STDOUT_FILENO, tmp, ret); } close(fd); - printf(";"); - memset(path, 0, sizeof(path)); slprintf(path, sizeof(path), "%s/%s", home, FILE_PUBKEY); - fd = open_or_die(path, O_RDONLY); ret = read(fd, tmp, sizeof(tmp)); if (ret != crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES) @@ -591,7 +548,6 @@ static int main_export(char *home) printf("%02x:", (unsigned char) tmp[i]); close(fd); fflush(stdout); - return 0; } @@ -599,13 +555,10 @@ static int main_dumpc(char *home) { check_config_exists_or_die(home); check_config_keypair_or_die(home); - printf("Your clients:\n\n"); - parse_userfile_and_generate_user_store_or_die(home); dump_user_store(); destroy_user_store(); - printf("\n"); die(); return 0; @@ -615,13 +568,10 @@ static int main_dumps(char *home) { check_config_exists_or_die(home); check_config_keypair_or_die(home); - printf("Your servers:\n\n"); - parse_userfile_and_generate_serv_store_or_die(home); dump_serv_store(); destroy_serv_store(); - printf("\n"); die(); return 0; @@ -632,22 +582,17 @@ static void daemonize(const char *lockfile) char pidstr[8]; mode_t lperm = S_IRWXU | S_IRGRP | S_IXGRP; /* 0750 */ int lfp; - if (getppid() == 1) return; - if (daemon(0, 0)) panic("Cannot daemonize: %s", strerror(errno)); - umask(lperm); - if (lockfile) { lfp = open(lockfile, O_RDWR | O_CREAT | O_EXCL, 0640); if (lfp < 0) syslog_panic("Cannot create lockfile at %s! " "curvetun server already running?\n", lockfile); - slprintf(pidstr, sizeof(pidstr), "%u", getpid()); if (write(lfp, pidstr, strlen(pidstr)) <= 0) syslog_panic("Could not write pid to pidfile %s", @@ -660,10 +605,8 @@ static int main_client(char *home, char *dev, char *alias, int daemon) { int ret, udp; char *host, *port; - check_config_exists_or_die(home); check_config_keypair_or_die(home); - parse_userfile_and_generate_serv_store_or_die(home); get_serv_store_entry_by_alias(alias, alias ? strlen(alias) + 1 : 0, &host, &port, &udp); @@ -671,12 +614,10 @@ static int main_client(char *home, char *dev, char *alias, int daemon) panic("Did not find alias/entry in configuration!\n"); printf("Using [%s] -> %s:%s via %s as endpoint!\n", alias ? : "default", host, port, udp ? "udp" : "tcp"); - if (daemon) daemonize(NULL); ret = client_main(home, dev, host, port, udp); destroy_serv_store(); - return ret; } @@ -684,14 +625,12 @@ static int main_server(char *home, char *dev, char *port, int udp, int ipv4, int daemon, int log) { int ret; - check_config_exists_or_die(home); check_config_keypair_or_die(home); if (daemon) daemonize(LOCKFILE); ret = server_main(home, dev, port, udp, ipv4, log); unlink(LOCKFILE); - return ret; } @@ -700,16 +639,13 @@ int main(int argc, char **argv) int ret = 0, c, opt_index, udp = 0, ipv4 = -1, daemon = 1, log = 1; char *port = NULL, *stun = NULL, *dev = NULL, *home = NULL, *alias=NULL; enum working_mode wmode = MODE_UNKNOW; - if (getuid() != geteuid()) seteuid(getuid()); if (getenv("LD_PRELOAD")) panic("curvetun cannot be preloaded!\n"); if (ptrace(PTRACE_TRACEME, 0, 1, 0) < 0) panic("curvetun cannot be ptraced!\n"); - home = fetch_home_dir(); - while ((c = getopt_long(argc, argv, short_options, long_options, &opt_index)) != EOF) { switch (c) { @@ -787,15 +723,12 @@ int main(int argc, char **argv) if (argc < 2) help(); - register_signal(SIGINT, signal_handler); register_signal(SIGHUP, signal_handler); register_signal(SIGTERM, signal_handler); register_signal(SIGPIPE, signal_handler); - header(); curve25519_selftest(); - switch (wmode) { case MODE_KEYGEN: ret = main_keygen(home); @@ -822,7 +755,6 @@ int main(int argc, char **argv) default: die(); } - if (dev) xfree(dev); if (stun) @@ -833,4 +765,3 @@ int main(int argc, char **argv) xfree(alias); return ret; } - -- 2.11.4.GIT