From 53611ee129ab91c60f61a591b32e46bfac39abf7 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Sun, 4 Oct 2009 23:13:06 +0200 Subject: Restrict input data length for plug-in arguments from openvpn This only affects functions related to MAC address and certificate depth --- plugin/eurephia.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugin/eurephia.c') diff --git a/plugin/eurephia.c b/plugin/eurephia.c index b571a59..f06c684 100644 --- a/plugin/eurephia.c +++ b/plugin/eurephia.c @@ -319,7 +319,7 @@ int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth) } // Check if certificate digest is blacklisted - tls_digest = (char *) get_env(ctx, 0, 60, env, "tls_digest_%s", depth); + tls_digest = (char *) get_env(ctx, 0, 60, env, "tls_digest_%i", atoi_nullsafe(depth)); if( eDBblacklist_check(ctx, attempt_CERTIFICATE, tls_digest) == 1 ) { eDBregister_attempt(ctx, attempt_IPADDR, ATTEMPT_REGISTER, ipaddr); eDBregister_attempt(ctx, attempt_CERTIFICATE, ATTEMPT_REGISTER, tls_digest); @@ -673,7 +673,7 @@ int eurephia_learn_address(eurephiaCTX *ctx, const char *mode, const char *macad char *fwprofile = NULL, *fwdest = NULL; int ret = 0, fw_enabled = 0; - DEBUG(ctx, 10, "** Function call: eurephia_learn_address(ctx, '%s', '%s', ...)", + DEBUG(ctx, 10, "** Function call: eurephia_learn_address(ctx, '%.10s', '%.18s', ...)", mode, macaddr); // Get firewall information -- cgit