Fixing buffer overflow issue in chat.c There were two issues here, the report_buffer is too small to hold the value, and accessing the memory outside its bounds. The following fixes was made: - Expand the size of report_buffer to 4096 from 256, this is to account for handling of really long GSM USSD report strings - Make sure to not to access memory outside the bounds of the buffer Signed-off-by: Robert Bartel <r.bartel@gmx.net> Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Fix several issues uncovered by Coverity (#397) * Fix for coverity issue 436265, we should cap copy to size of destination buffer Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Fix for coverity issue 436262, llv6_ntoa() returns a pointer to a buffer that can be up to 64 bytes long; likely not a problem, but this will quiet coverity Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Fix for coverity issue 436251, not freeing path in the normal flow of the code Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Fixing coverity issue #436258, Digest maybe uninitialized in some paths of this code Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Fix for coverity issue 436254, forgot to free 's' before returning from the function? Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Fixing coverity issue #436251, memory leak in put_string() function Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Fixing coverity issue 436215, should copy at most sizeof(devname) bytes Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Fixing coverity issue #436203, if no authentication (or no accounting) server was found, we still need to free the allocated local instance Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Fixing coverity issue #436171, use of uninitialized variable Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Use of signed vs unsigned variable in printf for MD4Update Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Fixing coverity issue #436182, fixing possible buffer overrun in handling of PW_CLASS attribute Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Fixing coverity issue #436156 Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Compile errors Signed-off-by: Eivind Næss <eivnaes@yahoo.com> [paulus@ozlabs.org - Squashed to avoid breaking bisection] Signed-off-by: Eivind Næss <eivnaes@yahoo.com> Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
chat: Improve signal handling This improves the way that signals are handled in chat. First, signal handlers should not be calling functions which are not async-signal-safe; doing so incurs the possibility of deadlock. Thus we can't call fatal() in signal handlers; instead we set 'fatalsig', which functions both as a flag and as an indication of which signal occurred, and check that at various points (basically after any operation which might block) using the new function checksigs(). Secondly, using sigaction rather than signal() means that we can control whether calls such as read() get restarted after a signal, and whether the signal disposition gets reset when the signal is delivered. That simplifies sigalrm(); we no longer need to re-register the handler, and we don't need the kludge of setting stdin to non-blocking mode in order to get the read() in get_char() to return. This also removes a #ifdef ultrix since ultrix is no longer supported. Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Use autoconf/automake to configure and make ppp This change brings in autoconf/automake scripts to configure the ppp project. Current change doesn't eliminate the previous build system, but the new script autogen.sh will overwrite configure, and generate the basic Makefile.in and Makefile files. Features can now be enabled by command line: * Microsoft Extensions, - MSCHAP - MPPE - MS LAN Manager support * IPXCP protocol * CBCP protocol * PAM support * EAP-TLS support * EAP-SRP support * Max session lifetime by byte count * Plugins * Packet activity filter support * Multilink * IPv6 support Control linkage with * OpenSSL (-lssl -lcrypto) * systemd (-lsystemd) * libatm (-latm) * libsrp (-lsrp) * pam (-lpam) Also, the configure script is made sensitive to features of OpenSSL. Like the presence or absence of DES, SHA, MD4 and MD5 crypto support. In the cases where either of these are missing, the support will be directly compiled into pppd and plugins. In addition, package maintainers can now control the installation paths with standard --prefix=, or --localstatedir=, or --sysconfdir= to configure. On top of that, they can now control the following directories: * runtime directory w/--with-runtime-dir * logfile directory w/--with-logfile-dir * plugin directory w/--with-plugin-dir In the case where automake isn't the right solution, namely: SunOS kernel module build, the original Makefile infrastructure is preserved and reused. Care was taken to only cosmetically touchup the source files in this change. This means: * Insert HAVE_CONFIG_H and include config.h in all .c files. * Change HAS_SHADOW to HAVE_SHADOW_H * Change HAVE_LOGWTMP to HAVE_UTMP_H * Introduce HAVE_CRYPT_H into the source code where appropriate * Added ifdef MPPE where appropriate * USE_SRP required a few changes as it didn't compile * Touchup some compile warning in pppstats directory on SunOS Introduced a new pppdconf.h file that exports the appropriate defines to a module that wants to provide a module that pppd can dynamically load. This will define/undef features like MPPE, CHAPMS such that the project doesn't have to guess what features pppd is compiled with. Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
chat: Clean up usage of clean() function In a couple of places, we were calling clean(), which does environment variable substitution among other things, but then using the original string not the "cleaned" string when logging a message about what we're doing. Also, this removes a couple of checks that the "cleaned" string is not longer than the original string, which date back to the first version of the code checked into CVS. Those checks were appropriate before environment variable substitution was added in commit eaca954c2d4a ("add -E option to use environment variables, from Andreas Arens") and dynamic reallocation of the result buffer was added in commit 86dd2eec100d ("clean(): Fix buffer overflow.") but are no longer necessary. These changes were prompted by github issue #294 and redhat bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=1650539 Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Add pkgconfig support to PPP project (#270) This adds pppd.pc into $(INSTROOT)/$(LIBDIR)/pkgconfig. On some distributions this would be /lib/pkgconfig, or /usr/lib/pkgconfig, but other distributions may consider specifying --libdir=/usr/lib/x86_x64-linux-gnu/ and the pkgconfig directory would be under that. Allowing --libdir to be specified at configure time fixes #223, providing pkgconfig support fixes #19 and allows third party packages pickup the plugin directory. Manually cherry picking parts of two commits by @lkundrak from: https://github.com/NetworkManager/ppp/tree/lr/pkgconfig Mainly, the difference between the original commit is not to replace DESTDIR with "prefix". Leave DESTDIR alone, and add needed pkgconfig (pppd.pc.in) as a part of the linux distribution (previously in pppd/plugin directory). This fixes GitHub issues: #19 #47 and #223 Signed-off-by: Eivind Naess <eivnaes@yahoo.com>
Add cross-compilation support on Linux This adds three new command-line options to the configure script: --cross_compile=<prefix> (default "") --cc=<compiler> (default cc) --cflags=<compile flags> (default -g -O2 -pipe) These get propagated to the Makefiles in the subdirectories. The cross-compile prefix is prepended to the CC value, so for example if you do "./configure --cross_compile=powerpc64le-linux-" then everything gets compiled and linked using powerpc64le-linux-cc. Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Convert to ANSI C This gets rid of the __P and __V macros that were used so that the code was in theory compilable by a K&R C compiler, and converts the function definitions to ANSI C style. In fact there were already quite a few function definitions in the ANSI C style, so it would not have been compilable by a K&R C compiler in fact. The Solaris and BSD kernel code modules have had __P removed but the function definitions have not been converted. There are some other minor changes here to remove warnings. Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Honor LDFLAGS This makes the makefiles include $(LDFLAGS) as a parameter when linking executables. Distros use this as a way of applying linker flags across all the executables they build. [paulus@ozlabs.org - supplied the patch description] Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
chat: Fix some text that was intended to be literal This escapes a \c and adds a .br so that the "$ \c" comes out in the nroff output, instead of the \c being interpreted as a line continuation. This seems to be what was intended and makes sense as part of the chat script fragment. Signed-off-by: Paul Mackerras <paulus@samba.org>
chat: Fix *roff errors in the man page Fixes these errors: $ nroff -man -ww chat/chat.8 chat/chat.8:227: warning: number register `"' not defined chat/chat.8:291: warning: macro `'' not defined chat/chat.8:368: warning: macro `PR' not defined Patch partly from Debian BTS by Bjarni Ingi Gislason. Signed-off-by: Paul Mackerras <paulus@samba.org>