Use gnulib

Makefile.am

@@ -9,13 +9,15 @@ if WANT_SERVER
 endif
 
 SUBDIRS = \
+    gnulib \
     common \
     lib \
     $(CLIENT_DIR) \
     $(SERVER_DIR) \
     doc
 
 EXTRA_DIST = \
+    gnulib/gnulib-cache.m4 \
     android/COPYING \
     android/Application.mk \
     android/README \

autogen.sh

@@ -13,6 +13,11 @@ if [ ! -d config ]; then
 	mkdir config
 fi
 
+gnulib-tool --lib=libgnu --libtool --lgpl=3orGPLv2 --source-base=gnulib --import \
+    stdint \
+    sys_types largefile \
+    strndup
+
 if which libtoolize &> /dev/null ; then
   libtoolize --automake --copy --force
 elif which glibtoolize &> /dev/null ; then
@@ -26,5 +31,4 @@ aclocal -I config -I m4
 autoheader
 automake --add-missing --copy
 autoconf
-
 ###EOF###

client/Makefile.am

@@ -14,16 +14,15 @@ if WANT_C_UNIT_TESTS
   noinst_PROGRAMS        = fwknop_utests
   fwknop_utests_SOURCES  = fwknop_utests.c $(BASE_SOURCE_FILES)
   fwknop_utests_CPPFLAGS = -I $(top_builddir)/lib -I $(top_builddir)/common $(GPGME_CFLAGS)
-  fwknop_utests_LDADD    = $(top_builddir)/lib/libfko.la $(top_builddir)/common/libfko_util.a
+  fwknop_utests_LDADD    = $(top_builddir)/lib/libfko.la $(top_builddir)/common/libfko_util.la
   fwknop_utests_LDFLAGS  = -lcunit $(GPGME_LIBS)
 if WANT_LIBFIU_SUPPORT
   fwknop_utests_LDADD   += -lfiu
 endif
 endif
 
-fwknop_CPPFLAGS     = -I $(top_srcdir)/lib -I $(top_srcdir)/common
-
-fwknop_LDADD        = -L$(top_builddir)/common -lfko_util $(top_builddir)/lib/libfko.la
+fwknop_CPPFLAGS     = -I$(top_builddir)/gnulib -I$(top_srcdir)/gnulib -I $(top_srcdir)/lib -I $(top_srcdir)/common
+fwknop_LDADD        = $(top_builddir)/lib/libfko.la $(top_builddir)/common/libfko_util.la $(top_builddir)/gnulib/libgnu.la
 
 dist_man_MANS       = fwknop.8
 

client/config_init.c

@@ -35,6 +35,7 @@
 #include "utils.h"
 #include <sys/stat.h>
 #include <fcntl.h>
+#include <errno.h>
 
 #ifdef WIN32
   #define STDIN_FILENO 0
@@ -871,9 +872,9 @@ create_fwknoprc(const char *rcfile)
         "#FW_TIMEOUT          30\n"
         "#SPA_SERVER_PORT     62201\n"
         "#SPA_SERVER_PROTO    udp\n"
-        "#ALLOW_IP            <ip addr>\n"
+        "#ALLOW_IP            <IP address>\n"
         "#SPOOF_USER          <username>\n"
-        "#SPOOF_SOURCE_IP     <IPaddr>\n"
+        "#SPOOF_SOURCE_IP     <IP address>\n"
         "#TIME_OFFSET         0\n"
         "#USE_GPG             N\n"
         "#GPG_HOMEDIR         /path/to/.gnupg\n"

client/fwknop.c

@@ -407,7 +407,7 @@ main(int argc, char **argv)
     */
     if (options.verbose || options.test)
     {
-        res = dump_ctx_to_buffer(ctx, dump_buf, sizeof(dump_buf));
+        res = fko_dump_ctx_to_buffer(ctx, dump_buf, sizeof(dump_buf));
         if (res == FKO_SUCCESS)
             log_msg(LOG_VERBOSITY_NORMAL, "%s", dump_buf);
         else
@@ -577,7 +577,7 @@ main(int argc, char **argv)
         }
         /* Only dump out the SPA data after the test in verbose mode */
         if (options.verbose) {
-            res = dump_ctx_to_buffer(ctx2, dump_buf, sizeof(dump_buf));
+            res = fko_dump_ctx_to_buffer(ctx2, dump_buf, sizeof(dump_buf));
             if (res == FKO_SUCCESS)
                 log_msg(LOG_VERBOSITY_NORMAL, "\nDump of the Decoded Data\n%s", dump_buf);
             else

client/getpasswd.c

@@ -40,6 +40,8 @@
 #include "getpasswd.h"
 #include "utils.h"
 
+#include <errno.h>
+
 #define PW_BUFSIZE              128                 /*!< Maximum number of chars an encryption key or a password can contain */
 
 #define PW_BREAK_CHAR           0x03                /*!< Ascii code for the Ctrl-C char */

client/http_resolve_host.c

@@ -55,12 +55,42 @@ struct url
     char    path[MAX_URL_PATH_LEN+1];
 };
 
+static int resolve_ip(const char * resp, fko_cli_options_t *options, const char * extraerror1,char *extraerror2) {
+  struct  addrinfo *result=NULL;
+  struct  addrinfo *rp;
+  struct  addrinfo hints;
+  int error;
+
+  memset(&hints, 0, sizeof(struct addrinfo));
+  hints.ai_family = AF_INET;
+  hints.ai_flags  = AI_NUMERICHOST | AI_CANONNAME;
+  error = getaddrinfo(resp, NULL, &hints, &result);
+  if (error != 0)
+    {
+        log_msg(LOG_VERBOSITY_ERROR,
+		"[-] Could not resolve IP via: '%s%s'", extraerror1, extraerror2);
+        return(-1);
+    }
+    /* get last IP in case of multi IP host */
+    for (rp = result; rp != NULL; rp = rp->ai_next) {
+	/* the canonical value is in the first structure returned */
+	strlcpy(options->allow_ip_str,
+	        rp->ai_canonname, sizeof(options->allow_ip_str));
+	break;
+    }
+    freeaddrinfo(result);
+
+    log_msg(LOG_VERBOSITY_INFO,
+		"\n[+] Resolved external IP (via '%s%s') as: %s",
+	        extraerror1,extraerror2, options->allow_ip_str);
+    return 1;
+}
+
 static int
 try_url(struct url *url, fko_cli_options_t *options)
 {
-    int     sock=-1, sock_success=0, res, error, http_buf_len, i;
+    int     sock=-1, sock_success=0, res, error, http_buf_len;
     int     bytes_read = 0, position = 0;
-    int     o1, o2, o3, o4;
     struct  addrinfo *result=NULL, *rp, hints;
     char    http_buf[HTTP_MAX_REQUEST_LEN]       = {0};
     char    http_response[HTTP_MAX_RESPONSE_LEN] = {0};
@@ -91,13 +121,6 @@ try_url(struct url *url, fko_cli_options_t *options)
     );
 
     http_buf_len = strlen(http_buf);
-
-    memset(&hints, 0, sizeof(struct addrinfo));
-
-    hints.ai_family   = AF_UNSPEC; /* Allow IPv4 or IPv6 */
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = IPPROTO_TCP;
-
 #if AFL_FUZZING
     /* Make sure to not generate any resolution requests when compiled
      * for AFL fuzzing cycles
@@ -111,6 +134,10 @@ try_url(struct url *url, fko_cli_options_t *options)
     return(1);
 #endif
 
+    memset(&hints, 0, sizeof(struct addrinfo));
+    hints.ai_family   = AF_INET;
+    hints.ai_socktype = SOCK_STREAM;
+    hints.ai_protocol = IPPROTO_TCP;
     error = getaddrinfo(url->host, url->port, &hints, &result);
     if (error != 0)
     {
@@ -197,45 +224,7 @@ try_url(struct url *url, fko_cli_options_t *options)
     }
     ndx += 4;
 
-    /* Walk along the content to try to find the end of the IP address.
-     * Note: We are expecting the content to be just an IP address
-     *       (possibly followed by whitespace or other not-digit value).
-     */
-    for(i=0; i<MAX_IPV4_STR_LEN; i++) {
-        if(! isdigit((int)(unsigned char)*(ndx+i)) && *(ndx+i) != '.')
-            break;
-    }
-
-    /* Terminate at the first non-digit and non-dot.
-    */
-    *(ndx+i) = '\0';
-
-    /* Now that we have what we think is an IP address string.  We make
-     * sure the format and values are sane.
-     */
-    if((sscanf(ndx, "%u.%u.%u.%u", &o1, &o2, &o3, &o4)) == 4
-            && o1 >= 0 && o1 <= 255
-            && o2 >= 0 && o2 <= 255
-            && o3 >= 0 && o3 <= 255
-            && o4 >= 0 && o4 <= 255)
-    {
-        strlcpy(options->allow_ip_str, ndx, sizeof(options->allow_ip_str));
-
-        log_msg(LOG_VERBOSITY_INFO,
-                    "\n[+] Resolved external IP (via http://%s%s) as: %s",
-                    url->host,
-                    url->path,
-                    options->allow_ip_str);
-
-        return(1);
-    }
-    else
-    {
-        log_msg(LOG_VERBOSITY_ERROR,
-            "[-] From http://%s%s\n    Invalid IP (%s) in HTTP response:\n\n%s",
-            url->host, url->path, ndx, http_response);
-        return(-1);
-    }
+    return resolve_ip(ndx,options,url->host,url->path);
 }
 
 static int
@@ -323,8 +312,8 @@ parse_url(char *res_url, struct url* url)
 int
 resolve_ip_https(fko_cli_options_t *options)
 {
-    int     o1, o2, o3, o4, got_resp=0, i=0;
-    char   *ndx, resp[MAX_IPV4_STR_LEN+1] = {0};
+    int     got_resp=0;
+    char    resp[MAX_IPV4_STR_LEN+1] = {0};
     struct  url url; /* for validation only */
     char    wget_ssl_cmd[MAX_URL_PATH_LEN] = {0};  /* for verbose logging only */
 
@@ -493,32 +482,14 @@ resolve_ip_https(fko_cli_options_t *options)
     pclose(wget);
 #endif
 
-    if(got_resp)
+    if(! got_resp)
     {
-        ndx = resp;
-        for(i=0; i<MAX_IPV4_STR_LEN; i++) {
-            if(! isdigit((int)(unsigned char)*(ndx+i)) && *(ndx+i) != '.')
-                break;
-        }
-        *(ndx+i) = '\0';
-
-        if((sscanf(ndx, "%u.%u.%u.%u", &o1, &o2, &o3, &o4)) == 4
-                && o1 >= 0 && o1 <= 255
-                && o2 >= 0 && o2 <= 255
-                && o3 >= 0 && o3 <= 255
-                && o4 >= 0 && o4 <= 255)
-        {
-            strlcpy(options->allow_ip_str, ndx, sizeof(options->allow_ip_str));
-
-            log_msg(LOG_VERBOSITY_INFO,
-                        "\n[+] Resolved external IP (via '%s') as: %s",
-                        wget_ssl_cmd, options->allow_ip_str);
-            return 1;
-        }
+        log_msg(LOG_VERBOSITY_ERROR,
+            "[-] Could not resolve IP via: '%s'", wget_ssl_cmd);
+        return -1;
     }
-    log_msg(LOG_VERBOSITY_ERROR,
-        "[-] Could not resolve IP via: '%s'", wget_ssl_cmd);
-    return -1;
+
+    return resolve_ip(resp,options,wget_ssl_cmd,"");
 }
 
 int

client/spa_comm.c

@@ -27,6 +27,8 @@
  *
  *****************************************************************************
 */
+#include <errno.h>
+
 #include "spa_comm.h"
 #include "utils.h"
 

client/utils.c

@@ -27,6 +27,8 @@
  *
  *****************************************************************************
 */
+#include <errno.h>
+
 #include "common.h"
 #include "fwknop_common.h"
 #include "utils.h"
@@ -55,6 +57,10 @@ static fko_protocol_t fko_protocol_array[] =
     { "http",   FKO_PROTO_HTTP      }
 };
 
+#ifndef S_ISLNK
+#define S_ISLNK(x) 0
+#endif
+
 int
 verify_file_perms_ownership(const char *file, int fd)
 {
@@ -93,7 +99,7 @@ verify_file_perms_ownership(const char *file, int fd)
             res = 0;
             */
         }
-
+# if HAVE_GETUID
         if(st.st_uid != getuid())
         {
             log_msg(LOG_VERBOSITY_ERROR, "[-] file: %s not owned by current effective user id",
@@ -103,6 +109,7 @@ verify_file_perms_ownership(const char *file, int fd)
             res = 0;
             */
         }
+# endif
     }
     else
     {

common/Makefile.am

@@ -1,21 +1,24 @@
 AUTOMAKE_OPTIONS = subdir-objects
 
-noinst_LIBRARIES         	= libfko_util.a
+noinst_LTLIBRARIES         	= libfko_util.la
 
 libfko_util_source_files 	= strlcpy.c strlcat.c fko_util.c fko_util.h
 
 if WANT_C_UNIT_TESTS
 libfko_util_source_files += cunit_common.c cunit_common.h
 endif
 
-libfko_util_a_SOURCES    	= $(libfko_util_source_files)
+libfko_util_la_SOURCES    	= $(libfko_util_source_files)
+libfko_util_la_LDFLAGS = -no-undefined
 
 if USE_MINGW
-EXTRA_libfko_util_a_SOURCES = ../win32/getlogin.c ../win32/getlogin.h
-libfko_util_a_LDFLAGS = -lwsock32 -lws2_32
+EXTRA_libfko_util_la_SOURCES = ../win32/getlogin.c ../win32/getlogin.h
+libfko_util_la_LDFLAGS += -lwsock32 -lws2_32
 endif
 
-AM_CPPFLAGS         		= $(GPGME_CFLAGS) -I $(top_srcdir)/common -I $(top_srcdir)/lib
+libfko_util_la_CPPFLAGS =  -I  $(top_builddir)/gnulib -I $(top_srcdir)/gnulib -I $(top_srcdir)/common -I $(top_srcdir)/lib $(GPGME_CFLAGS)
+libfko_util_la_LIBADD = $(top_builddir)/gnulib/libgnu.la
+
 
 EXTRA_DIST = common.h netinet_common.h cunit_common.h cunit_common.c
 

common/common.h

@@ -49,14 +49,6 @@
 
 #include <stdio.h>
 
-#if HAVE_SYS_TYPES_H
-  #include <sys/types.h>
-#endif
-
-#if HAVE_ERRNO_H
-  #include <errno.h>
-#endif
-
 #if STDC_HEADERS
   #include <stdlib.h>
   #include <string.h>