diff options
author | David Sommerseth <dazo@users.sourceforge.net> | 2009-10-04 23:13:06 +0200 |
---|---|---|
committer | David Sommerseth <dazo@users.sourceforge.net> | 2009-10-04 23:13:06 +0200 |
commit | 53611ee129ab91c60f61a591b32e46bfac39abf7 (patch) | |
tree | 30e660503318f20568282cd83f960acbd6c2f328 /plugin/eurephia.c | |
parent | 5a4b0d9ec4202e9a1f035b6d8df63535431f2cbb (diff) | |
download | eurephia-53611ee129ab91c60f61a591b32e46bfac39abf7.tar.gz eurephia-53611ee129ab91c60f61a591b32e46bfac39abf7.tar.xz eurephia-53611ee129ab91c60f61a591b32e46bfac39abf7.zip |
Restrict input data length for plug-in arguments from openvpn
This only affects functions related to MAC address and certificate depth
Diffstat (limited to 'plugin/eurephia.c')
-rw-r--r-- | plugin/eurephia.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/plugin/eurephia.c b/plugin/eurephia.c index b571a59..f06c684 100644 --- a/plugin/eurephia.c +++ b/plugin/eurephia.c @@ -319,7 +319,7 @@ int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth) } // Check if certificate digest is blacklisted - tls_digest = (char *) get_env(ctx, 0, 60, env, "tls_digest_%s", depth); + tls_digest = (char *) get_env(ctx, 0, 60, env, "tls_digest_%i", atoi_nullsafe(depth)); if( eDBblacklist_check(ctx, attempt_CERTIFICATE, tls_digest) == 1 ) { eDBregister_attempt(ctx, attempt_IPADDR, ATTEMPT_REGISTER, ipaddr); eDBregister_attempt(ctx, attempt_CERTIFICATE, ATTEMPT_REGISTER, tls_digest); @@ -673,7 +673,7 @@ int eurephia_learn_address(eurephiaCTX *ctx, const char *mode, const char *macad char *fwprofile = NULL, *fwdest = NULL; int ret = 0, fw_enabled = 0; - DEBUG(ctx, 10, "** Function call: eurephia_learn_address(ctx, '%s', '%s', ...)", + DEBUG(ctx, 10, "** Function call: eurephia_learn_address(ctx, '%.10s', '%.18s', ...)", mode, macaddr); // Get firewall information |