From 0a35b8ffdb3e211a5a554ff0e416cf33de95b46c Mon Sep 17 00:00:00 2001 From: Paul Mackerras Date: Wed, 21 Aug 2024 17:52:08 +1000 Subject: [PATCH] plugins/pppoatm: Remove dead code ans_byaddr and related functions Provoked by apparent possible out-of-bounds memory access in the unused code. Signed-off-by: Paul Mackerras --- pppd/plugins/pppoatm/ans.c | 130 ---------------------------------- pppd/plugins/pppoatm/atmres.h | 2 - 2 files changed, 132 deletions(-) diff --git a/pppd/plugins/pppoatm/ans.c b/pppd/plugins/pppoatm/ans.c index 973eb33..c949f23 100644 --- a/pppd/plugins/pppoatm/ans.c +++ b/pppd/plugins/pppoatm/ans.c @@ -31,10 +31,6 @@ #define MAX_ANSWER 2048 #define MAX_NAME 1024 -#define MAX_LINE 2048 /* in /etc/e164_cc */ -#define E164_CC_DEFAULT_LEN 2 -#define E164_CC_FILE "/etc/e164_cc" - #define GET16(pos) (((pos)[0] << 8) | (pos)[1]) @@ -134,129 +130,3 @@ int ans_byname(const char *text,struct sockaddr_atmsvc *addr,int length, if (!ans(text,T_ATMA,addr,length)) return 0; return ans(text,T_NSAP,addr,length); } - - -static int encode_nsap(char *buf,const unsigned char *addr) -{ - static int fmt_dcc[] = { 2,12,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, - 4,2,0 }; - static int fmt_e164[] = { 2,12,1,1,1,1,1,1,1,1,16,2,0 }; - int *fmt; - int pos,i,j; - - switch (*addr) { - case ATM_AFI_DCC: - case ATM_AFI_ICD: - case ATM_AFI_LOCAL: - case ATM_AFI_DCC_GROUP: - case ATM_AFI_ICD_GROUP: - case ATM_AFI_LOCAL_GROUP: - fmt = fmt_dcc; - break; - case ATM_AFI_E164: - case ATM_AFI_E164_GROUP: - fmt = fmt_e164; - break; - default: - return TRY_OTHER; - } - pos = 2*ATM_ESA_LEN; - for (i = 0; fmt[i]; i++) { - pos -= fmt[i]; - for (j = 0; j < fmt[i]; j++) - sprintf(buf++,"%x", - (addr[(pos+j) >> 1] >> 4*(1-((pos+j) & 1))) & 0xf); - *buf++ = '.'; - } - strcpy(buf,"AESA.ATMA.INT."); - return 0; -} - - -static int encode_nsap_new(char *buf,const unsigned char *addr) -{ - int i; - int digit; - - for (i = 20; i; ) { - i--; - digit = addr[i] & 0x0F; - *(buf++) = digit + (digit >= 10 ? '7' : '0'); - *(buf++) = '.'; - digit = ((unsigned char) (addr[i])) >> 4; - *(buf++) = digit + (digit >= 10 ? '7' : '0'); - *(buf++) = '.'; - } - strcpy (buf, "NSAP.INT."); - return 0; -} - - -static int cc_len(int p0,int p1) -{ - static char *cc_table = NULL; - FILE *file; - char buffer[MAX_LINE]; - char *here; - int cc; - - if (!cc_table) { - if (!(cc_table = malloc(100))) { - perror("malloc"); - return E164_CC_DEFAULT_LEN; - } - memset(cc_table,E164_CC_DEFAULT_LEN,100); - if (!(file = fopen(E164_CC_FILE,"r"))) - perror(E164_CC_FILE); - else { - while (fgets(buffer,MAX_LINE,file)) { - here = strchr(buffer,'#'); - if (here) *here = 0; - if (sscanf(buffer,"%d",&cc) == 1) { - if (cc < 10) cc_table[cc] = 1; - else if (cc < 100) cc_table[cc] = 2; - else cc_table[cc/10] = 3; - } - } - fclose(file); - } - } - if (cc_table[p0] == 1) return 1; - return cc_table[p0*10+p1]; -} - - -static int encode_e164(char *buf,const char *addr) -{ - const char *prefix,*here; - - prefix = addr+cc_len(addr[0]-48,addr[1]-48); - here = strchr(addr,0); - while (here > prefix) { - *buf++ = *--here; - *buf++ = '.'; - } - while (here > addr) *buf++ = *addr++; - strcpy(buf,".E164.ATMA.INT."); - return 0; -} - - -int ans_byaddr(char *buffer,int length,const struct sockaddr_atmsvc *addr, - int flags) -{ - char tmp[MAX_NAME]; /* could be smaller ... */ - int res; - - if (addr->sas_addr.prv) { - res = encode_nsap(tmp,addr->sas_addr.prv); - if (!res && !ans(tmp,T_PTR,buffer,length)) return 0; - res = encode_nsap_new(tmp,addr->sas_addr.prv); - if (res < 0) return res; - return ans(tmp,T_PTR,buffer,length); - } else { - res = encode_e164(tmp,addr->sas_addr.pub); - if (res < 0) return res; - return ans(tmp,T_PTR,buffer,length); - } -} diff --git a/pppd/plugins/pppoatm/atmres.h b/pppd/plugins/pppoatm/atmres.h index d5b3b8c..3cbc77e 100644 --- a/pppd/plugins/pppoatm/atmres.h +++ b/pppd/plugins/pppoatm/atmres.h @@ -30,7 +30,5 @@ int ans_byname(const char *text,struct sockaddr_atmsvc *addr,int length, int flags); -int ans_byaddr(char *buffer,int length,const struct sockaddr_atmsvc *addr, - int flags); #endif -- 2.39.5