diff options
author | David Sommerseth <dazo@users.sourceforge.net> | 2009-10-04 23:13:06 +0200 |
---|---|---|
committer | David Sommerseth <dazo@users.sourceforge.net> | 2009-10-04 23:13:06 +0200 |
commit | 53611ee129ab91c60f61a591b32e46bfac39abf7 (patch) | |
tree | 30e660503318f20568282cd83f960acbd6c2f328 /plugin/firewall | |
parent | 5a4b0d9ec4202e9a1f035b6d8df63535431f2cbb (diff) | |
download | eurephia-53611ee129ab91c60f61a591b32e46bfac39abf7.tar.gz eurephia-53611ee129ab91c60f61a591b32e46bfac39abf7.tar.xz eurephia-53611ee129ab91c60f61a591b32e46bfac39abf7.zip |
Restrict input data length for plug-in arguments from openvpn
This only affects functions related to MAC address and certificate depth
Diffstat (limited to 'plugin/firewall')
-rw-r--r-- | plugin/firewall/eurephiafw.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/plugin/firewall/eurephiafw.c b/plugin/firewall/eurephiafw.c index 2c6755f..deec3db 100644 --- a/plugin/firewall/eurephiafw.c +++ b/plugin/firewall/eurephiafw.c @@ -381,26 +381,29 @@ int eFW_UpdateFirewall(eurephiaCTX *ctx, int mode, memset(&buf, 0, 1026); switch( mode ) { case FWRULE_ADD: - eurephia_log(ctx, LOG_INFO, 3, "Function call: eFW_UpdateFirewall(ctx, %s, '%s', '%s', '%s')", + eurephia_log(ctx, LOG_INFO, 3, + "Function call: eFW_UpdateFirewall(ctx, %s, '%.18s', '%s', '%s')", "ADD", addr, fwdest, fwprofile); - snprintf(buf, 1024, "A %s %s %s", addr, fwdest, fwprofile); + snprintf(buf, 1024, "A %.18s %s %s", addr, fwdest, fwprofile); mq_send((*ctx->fwcfg).thrdata.msgq, buf, strlen(buf)+1, 1); return 1; case FWRULE_DELETE: - eurephia_log(ctx, LOG_INFO, 3, "Function call: eFW_UpdateFirewall(ctx, %s, '%s', '%s', '%s')", + eurephia_log(ctx, LOG_INFO, 3, + "Function call: eFW_UpdateFirewall(ctx, %s, '%.18s', '%s', '%s')", "DELETE", addr, fwdest, fwprofile); - snprintf(buf, 1024, "D %s %s %s", addr, fwdest, fwprofile); + snprintf(buf, 1024, "D %.18s %s %s", addr, fwdest, fwprofile); mq_send((*ctx->fwcfg).thrdata.msgq, buf, strlen(buf)+1, 1); return 1; case FWRULE_BLACKLIST: - eurephia_log(ctx, LOG_INFO, 3, "Function call: eFW_UpdateFirewall(ctx, %s, '%s','%s', NULL)", + eurephia_log(ctx, LOG_INFO, 3, + "Function call: eFW_UpdateFirewall(ctx, %s, '%.34s','%s', NULL)", "BLACKLIST", addr, fwdest); // Check if IP address is already registered as blacklisted if( (blchk = eGet_value(ctx->fwcfg->blacklisted, addr)) == NULL ) { - snprintf(buf, 1024, "B %s %s %s", addr, fwdest, ctx->fwcfg->fwblacklist_sendto); + snprintf(buf, 1024, "B %.34s %s %s", addr, fwdest, ctx->fwcfg->fwblacklist_sendto); mq_send((*ctx->fwcfg).thrdata.msgq, buf, strlen(buf)+1, 1); eAdd_value(ctx, ctx->fwcfg->blacklisted, addr, fwdest); } else { |