Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 303301 Details for
Bug 442333
AVC denials on start of openswan host-to-host tunnel
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
patch to forde the FD_CLOEXEC flag on all opened sockets
openswan-safe-sock.patch (text/plain), 23.28 KB, created by
Neil Horman
on 2008-04-22 12:57:15 UTC
(
hide
)
Description:
patch to forde the FD_CLOEXEC flag on all opened sockets
Filename:
MIME Type:
Creator:
Neil Horman
Created:
2008-04-22 12:57:15 UTC
Size:
23.28 KB
patch
obsolete
>diff -ruNp openswan-2.6.11/include/socket.h openswan-2.6.11-patches/include/socket.h >--- openswan-2.6.11/include/socket.h 1969-12-31 19:00:00.000000000 -0500 >+++ openswan-2.6.11-patches/include/socket.h 2008-04-22 08:02:06.000000000 -0400 >@@ -0,0 +1,43 @@ >+#ifndef _SOCKET_WRAPPER_H_ >+#define _SOCKET_WRAPPER_H_ >+ >+#include <unistd.h> >+#include <fcntl.h> >+#include <sys/types.h> >+#include <sys/socket.h> >+#include <errno.h> >+ >+#ifdef FD_CLOEXEC >+static inline int safe_socket(int domain, int type, int protocol) >+{ >+ long arg; >+ int saved_errno; >+ int fd = socket(domain, type, protocol); >+ >+ if (fd < 0) >+ return fd; >+ >+ arg = fcntl(fd, F_GETFD); >+ if (arg < 0) >+ goto out_fail; >+ >+ arg |= FD_CLOEXEC; >+ >+ arg = fcntl(fd, F_SETFD, arg); >+ if (arg < 0) >+ goto out_fail; >+ >+out: >+ return fd; >+out_fail: >+ saved_errno = errno; >+ close(fd); >+ fd = -1; >+ errno = saved_errno; >+ goto out; >+} >+#else >+#define safe_socket(d,t,p) socket(d,t,p) >+#endif >+ >+#endif >diff -ruNp openswan-2.6.11/lib/libipsecconf/interfaces.c openswan-2.6.11-patches/lib/libipsecconf/interfaces.c >--- openswan-2.6.11/lib/libipsecconf/interfaces.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/lib/libipsecconf/interfaces.c 2008-04-22 07:41:30.000000000 -0400 >@@ -26,6 +26,7 @@ > #include <openswan.h> > > #include "sysdep.h" >+#include "socket.h" > #include "openswan/ipsec_tunnel.h" > > #include "ipsecconf/interfaces.h" >@@ -103,7 +104,7 @@ int starter_iface_find(char *iface, int > > if (!iface) return -1; > >- sock = socket(af, SOCK_DGRAM, 0); >+ sock = safe_socket(af, SOCK_DGRAM, 0); > if (sock < 0) return -1; > > phys = starter_find_physical_iface(sock, iface); >diff -ruNp openswan-2.6.11/lib/libipsecconf/starterwhack.c openswan-2.6.11-patches/lib/libipsecconf/starterwhack.c >--- openswan-2.6.11/lib/libipsecconf/starterwhack.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/lib/libipsecconf/starterwhack.c 2008-04-22 07:42:11.000000000 -0400 >@@ -30,6 +30,8 @@ > #include "ipsecconf/files.h" > #include "ipsecconf/starterlog.h" > >+#include "socket.h" >+ > #ifndef _OPENSWAN_H > #include <openswan.h> /** FIXME: ugly include lines **/ > #include "constants.h" >@@ -184,7 +186,7 @@ static int send_whack_msg (struct whack_ > /** > * Connect to pluto ctl > */ >- sock = socket(AF_UNIX, SOCK_STREAM, 0); >+ sock = safe_socket(AF_UNIX, SOCK_STREAM, 0); > if (sock < 0) { > starter_log(LOG_LEVEL_ERR, "socket() failed: %s", strerror(errno)); > return -1; >diff -ruNp openswan-2.6.11/lib/libipsecconf/virtif.c openswan-2.6.11-patches/lib/libipsecconf/virtif.c >--- openswan-2.6.11/lib/libipsecconf/virtif.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/lib/libipsecconf/virtif.c 2008-04-22 07:44:11.000000000 -0400 >@@ -26,6 +26,7 @@ > #include <openswan.h> > > #include "sysdep.h" >+#include "socket.h" > #include "openswan/ipsec_tunnel.h" > > #include "ipsecconf/interfaces.h" >@@ -219,7 +220,7 @@ void starter_ifaces_clear (void) > int sock; > unsigned int i; > >- sock = socket(AF_INET, SOCK_DGRAM, 0); >+ sock = safe_socket(AF_INET, SOCK_DGRAM, 0); > if (sock < 0) return; > > for (i=0; i<N_IPSEC_IF; i++) { >@@ -238,7 +239,7 @@ int starter_ifaces_load (char **ifaces, > > starter_log(LOG_LEVEL_DEBUG, "starter_ifaces_load()"); > >- sock = socket(AF_INET, SOCK_DGRAM, 0); >+ sock = safe_socket(AF_INET, SOCK_DGRAM, 0); > if (sock < 0) return -1; > > for (j=0; j<N_IPSEC_IF; j++) { >diff -ruNp openswan-2.6.11/lib/libipsecpolicy/Makefile openswan-2.6.11-patches/lib/libipsecpolicy/Makefile >--- openswan-2.6.11/lib/libipsecpolicy/Makefile 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/lib/libipsecpolicy/Makefile 2008-04-22 08:07:07.000000000 -0400 >@@ -30,7 +30,7 @@ KLIPSD=${OPENSWANSRCDIR}/linux/include > > LIB=libipsecpolicy.a > # Original flags >-CFLAGS=-I. -I${KLIPSD} -I${OPENSWANSRCDIR} $(USERCOMPILE) ${PORTINCLUDE} >+CFLAGS=-I. -I${KLIPSD} -I${OPENSWANSRCDIR} -I${OPENSWANSRCDIR}/include $(USERCOMPILE) ${PORTINCLUDE} > CFLAGS+= -Wall > CFLAGS+= -Wpointer-arith > CFLAGS+= -Wcast-qual >diff -ruNp openswan-2.6.11/lib/libipsecpolicy/policyquery.c openswan-2.6.11-patches/lib/libipsecpolicy/policyquery.c >--- openswan-2.6.11/lib/libipsecpolicy/policyquery.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/lib/libipsecpolicy/policyquery.c 2008-04-22 07:48:48.000000000 -0400 >@@ -30,6 +30,8 @@ > #include <openswan.h> > #include <openswan/ipsec_policy.h> > >+#include "socket.h" >+ > #include "libipsecpolicy.h" > > static int policy_query_socket = -1; >@@ -48,7 +50,7 @@ err_t ipsec_policy_init(void) > return NULL; > } > >- policy_query_socket = socket(PF_UNIX, SOCK_STREAM, 0); >+ policy_query_socket = safe_socket(PF_UNIX, SOCK_STREAM, 0); > if(policy_query_socket == -1) { > return "failed to open policy socket"; > } >diff -ruNp openswan-2.6.11/lib/liblwres/context.c openswan-2.6.11-patches/lib/liblwres/context.c >--- openswan-2.6.11/lib/liblwres/context.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/lib/liblwres/context.c 2008-04-22 07:49:16.000000000 -0400 >@@ -39,6 +39,7 @@ > #include <sys/select.h> > #endif > >+#include "socket.h" > #include "context_p.h" > #include "assert_p.h" > >@@ -237,7 +238,7 @@ context_connect(lwres_context_t *ctx) { > } else > return (LWRES_R_IOERROR); > >- s = socket(domain, SOCK_DGRAM, IPPROTO_UDP); >+ s = safe_socket(domain, SOCK_DGRAM, IPPROTO_UDP); > if (s < 0) > return (LWRES_R_IOERROR); > >diff -ruNp openswan-2.6.11/lib/liblwres/getipnode.c openswan-2.6.11-patches/lib/liblwres/getipnode.c >--- openswan-2.6.11/lib/liblwres/getipnode.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/lib/liblwres/getipnode.c 2008-04-22 07:49:44.000000000 -0400 >@@ -32,6 +32,7 @@ > #include <lwres/net.h> > #include <lwres/netdb.h> /* XXX #include <netdb.h> */ > >+#include "socket.h" > #include "assert_p.h" > > #ifndef INADDRSZ >@@ -430,7 +431,7 @@ scan_interfaces6(int *have_v4, int *have > /* > * Get interface list from system. > */ >- if ((s = socket(AF_INET6, SOCK_DGRAM, 0)) == -1) >+ if ((s = safe_socket(AF_INET6, SOCK_DGRAM, 0)) == -1) > goto err_ret; > > /* >@@ -584,7 +585,7 @@ scan_interfaces(int *have_v4, int *have_ > /* > * Get interface list from system. > */ >- if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1) >+ if ((s = safe_socket(AF_INET, SOCK_DGRAM, 0)) == -1) > goto err_ret; > > /* >diff -ruNp openswan-2.6.11/lib/libopenswan/pfkey_sock.c openswan-2.6.11-patches/lib/libopenswan/pfkey_sock.c >--- openswan-2.6.11/lib/libopenswan/pfkey_sock.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/lib/libopenswan/pfkey_sock.c 2008-04-22 07:50:23.000000000 -0400 >@@ -20,14 +20,14 @@ > #include <stdlib.h> > #include "openswan.h" > #include <openswan/pfkeyv2.h> >- >+#include "socket.h" > extern char *progname; > > int pfkey_open_sock_with_error(void) > { > int pfkey_sock; > >- if((pfkey_sock = socket(PF_KEY, SOCK_RAW, PF_KEY_V2) ) < 0) { >+ if((pfkey_sock = safe_socket(PF_KEY, SOCK_RAW, PF_KEY_V2) ) < 0) { > fprintf(stderr, "%s: Trouble opening PF_KEY family socket with error: ", > progname); > switch(errno) { >diff -ruNp openswan-2.6.11/lib/libopenswan/udpfromto.c openswan-2.6.11-patches/lib/libopenswan/udpfromto.c >--- openswan-2.6.11/lib/libopenswan/udpfromto.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/lib/libopenswan/udpfromto.c 2008-04-22 08:01:31.000000000 -0400 >@@ -52,6 +52,7 @@ static const char rcsid[] = "$Id: udpfro > #include "udpfromto.h" > #include "openswan.h" > #include "oswlog.h" >+#include "socket.h" > > int udpfromto_init(int s) > { >@@ -244,6 +245,7 @@ int sendfromto(int s, void *buf, size_t > #include <arpa/inet.h> > #include <sys/types.h> > #include <sys/wait.h> >+#include "socket.h" > > #define DEF_PORT 20000 /* default port to listen on */ > #define DESTIP "127.0.0.1" /* send packet to localhost per default */ >@@ -279,7 +281,7 @@ int main(int argc, char **argv) > } > > /* parent: server */ >- server_socket = socket(PF_INET, SOCK_DGRAM, 0); >+ server_socket = safe_socket(PF_INET, SOCK_DGRAM, 0); > if (udpfromto_init(server_socket) != 0) { > perror("udpfromto_init\n"); > waitpid(pid, NULL, WNOHANG); >@@ -320,7 +322,7 @@ int main(int argc, char **argv) > > client: > close(server_socket); >- client_socket = socket(PF_INET, SOCK_DGRAM, 0); >+ client_socket = safe_socket(PF_INET, SOCK_DGRAM, 0); > if (udpfromto_init(client_socket) != 0) { > perror("udpfromto_init"); > _exit(0); >diff -ruNp openswan-2.6.11/programs/algoinfo/algoinfo.c openswan-2.6.11-patches/programs/algoinfo/algoinfo.c >--- openswan-2.6.11/programs/algoinfo/algoinfo.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/programs/algoinfo/algoinfo.c 2008-04-22 07:51:50.000000000 -0400 >@@ -48,6 +48,7 @@ char spi_c_version[] = "RCSID $Id: algoi > #include <openswan/pfkeyv2.h> > #include <openswan/pfkey.h> > >+#include "socket.h" > #include "openswan/radij.h" > #include "openswan/ipsec_encap.h" > #include "openswan/ipsec_xform.h" >@@ -1085,7 +1086,7 @@ main(int argc, char *argv[]) > program_name); > } > >- if((pfkey_sock = socket(PF_KEY, SOCK_RAW, PF_KEY_V2) ) < 0) { >+ if((pfkey_sock = safe_socket(PF_KEY, SOCK_RAW, PF_KEY_V2) ) < 0) { > fprintf(stderr, "%s: Trouble opening PF_KEY family socket with error: ", > program_name); > switch(errno) { >diff -ruNp openswan-2.6.11/programs/ikeping/ikeping.c openswan-2.6.11-patches/programs/ikeping/ikeping.c >--- openswan-2.6.11/programs/ikeping/ikeping.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/programs/ikeping/ikeping.c 2008-04-22 07:52:14.000000000 -0400 >@@ -32,6 +32,7 @@ > #include <poll.h> > > #include <openswan.h> >+#include "socket.h" > #include "openswan/pfkeyv2.h" > > #include "constants.h" >@@ -397,7 +398,7 @@ main(int argc, char **argv) > } > } > >- s=socket(pfamily, SOCK_DGRAM, IPPROTO_UDP); >+ s=safe_socket(pfamily, SOCK_DGRAM, IPPROTO_UDP); > if(s < 0) { > perror("socket"); > exit(3); >diff -ruNp openswan-2.6.11/programs/klipsdebug/klipsdebug.c openswan-2.6.11-patches/programs/klipsdebug/klipsdebug.c >--- openswan-2.6.11/programs/klipsdebug/klipsdebug.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/programs/klipsdebug/klipsdebug.c 2008-04-22 07:52:35.000000000 -0400 >@@ -47,6 +47,7 @@ char klipsdebug_c_version[] = "RCSID $Id > #include <openswan/pfkeyv2.h> > #include <openswan/pfkey.h> > >+#include "socket.h" > #include "oswlog.h" > #include "openswan/radij.h" > #include "openswan/ipsec_encap.h" >@@ -280,7 +281,7 @@ main(int argc, char **argv) > usage(program_name); > } > >- if((pfkey_sock = socket(PF_KEY, SOCK_RAW, PF_KEY_V2) ) < 0) { >+ if((pfkey_sock = safe_socket(PF_KEY, SOCK_RAW, PF_KEY_V2) ) < 0) { > fprintf(stderr, "%s: Trouble opening PF_KEY family socket with error: ", > program_name); > switch(errno) { >diff -ruNp openswan-2.6.11/programs/pf_key/pf_key.c openswan-2.6.11-patches/programs/pf_key/pf_key.c >--- openswan-2.6.11/programs/pf_key/pf_key.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/programs/pf_key/pf_key.c 2008-04-22 07:53:06.000000000 -0400 >@@ -46,6 +46,8 @@ > #include <openswan/pfkeyv2.h> > #include <openswan/pfkey.h> > >+#include "socket.h" >+ > char *progname; > uint32_t pfkey_seq = 0; > int pfkey_sock; >@@ -189,7 +191,7 @@ main(int argc, char *argv[]) > if(infilename == NULL && > outfilename == NULL) > { >- if((pfkey_sock = socket(PF_KEY, SOCK_RAW, PF_KEY_V2) ) < 0) >+ if((pfkey_sock = safe_socket(PF_KEY, SOCK_RAW, PF_KEY_V2) ) < 0) > { > fprintf(stderr, "%s: failed to open PF_KEY family socket: %s\n", > progname, strerror(errno)); >diff -ruNp openswan-2.6.11/programs/pluto/kernel_netlink.c openswan-2.6.11-patches/programs/pluto/kernel_netlink.c >--- openswan-2.6.11/programs/pluto/kernel_netlink.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/programs/pluto/kernel_netlink.c 2008-04-22 07:53:37.000000000 -0400 >@@ -34,6 +34,7 @@ > #include <openswan/pfkey.h> > > #include "sysdep.h" >+#include "socket.h" > #include "constants.h" > #include "defs.h" > #include "id.h" >@@ -144,7 +145,7 @@ static void init_netlink(void) > { > struct sockaddr_nl addr; > >- netlinkfd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_XFRM); >+ netlinkfd = safe_socket(AF_NETLINK, SOCK_DGRAM, NETLINK_XFRM); > > if (netlinkfd < 0) > exit_log_errno((e, "socket() in init_netlink()")); >@@ -152,7 +153,7 @@ static void init_netlink(void) > if (fcntl(netlinkfd, F_SETFD, FD_CLOEXEC) != 0) > exit_log_errno((e, "fcntl(FD_CLOEXEC) in init_netlink()")); > >- netlink_bcast_fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_XFRM); >+ netlink_bcast_fd = safe_socket(AF_NETLINK, SOCK_DGRAM, NETLINK_XFRM); > > if (netlink_bcast_fd < 0) > exit_log_errno((e, "socket() for bcast in init_netlink()")); >diff -ruNp openswan-2.6.11/programs/pluto/kernel_pfkey.c openswan-2.6.11-patches/programs/pluto/kernel_pfkey.c >--- openswan-2.6.11/programs/pluto/kernel_pfkey.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/programs/pluto/kernel_pfkey.c 2008-04-22 07:54:44.000000000 -0400 >@@ -37,6 +37,7 @@ > #include <openswan/pfkey.h> > > #include "sysdep.h" >+#include "socket.h" > #include "constants.h" > #include "oswlog.h" > >@@ -152,7 +153,7 @@ init_pfkey(void) > > /* open PF_KEY socket */ > >- pfkeyfd = socket(PF_KEY, SOCK_RAW, PF_KEY_V2); >+ pfkeyfd = safe_socket(PF_KEY, SOCK_RAW, PF_KEY_V2); > > if (pfkeyfd == -1) > exit_log_errno((e, "socket() in init_pfkeyfd()")); >diff -ruNp openswan-2.6.11/programs/pluto/server.c openswan-2.6.11-patches/programs/pluto/server.c >--- openswan-2.6.11/programs/pluto/server.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/programs/pluto/server.c 2008-04-22 07:55:53.000000000 -0400 >@@ -51,6 +51,7 @@ > #include <openswan.h> > > #include "sysdep.h" >+#include "socket.h" > #include "constants.h" > #include "defs.h" > #include "state.h" >@@ -126,7 +127,7 @@ init_ctl_socket(void) > LIST_INIT(&interface_dev); > > delete_ctl_socket(); /* preventative medicine */ >- ctl_fd = socket(AF_UNIX, SOCK_STREAM, 0); >+ ctl_fd = safe_socket(AF_UNIX, SOCK_STREAM, 0); > if (ctl_fd == -1) > failed = "create"; > else if (fcntl(ctl_fd, F_SETFD, FD_CLOEXEC) == -1) >@@ -188,7 +189,7 @@ init_info_socket(void) > err_t failed = NULL; > > delete_info_socket(); /* preventative medicine */ >- info_fd = socket(AF_UNIX, SOCK_STREAM, 0); >+ info_fd = safe_socket(AF_UNIX, SOCK_STREAM, 0); > if (info_fd == -1) > failed = "create"; > else if (fcntl(info_fd, F_SETFD, FD_CLOEXEC) == -1) >diff -ruNp openswan-2.6.11/programs/pluto/sysdep_bsd.c openswan-2.6.11-patches/programs/pluto/sysdep_bsd.c >--- openswan-2.6.11/programs/pluto/sysdep_bsd.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/programs/pluto/sysdep_bsd.c 2008-04-22 07:56:38.000000000 -0400 >@@ -39,6 +39,7 @@ > #include <openswan/ipsec_policy.h> > > #include "sysdep.h" >+#include "socket.h > #include "constants.h" > #include "oswlog.h" > >@@ -202,7 +203,7 @@ find_raw_ifaces4(void) > struct ifconf ifconf; > struct ifreq *buf; /* for list of interfaces -- arbitrary limit */ > struct raw_iface *rifaces = NULL; >- int master_sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); /* Get a UDP socket */ >+ int master_sock = safe_socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); /* Get a UDP socket */ > > /* get list of interfaces with assigned IPv4 addresses from system */ > >diff -ruNp openswan-2.6.11/programs/pluto/sysdep_darwin.c openswan-2.6.11-patches/programs/pluto/sysdep_darwin.c >--- openswan-2.6.11/programs/pluto/sysdep_darwin.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/programs/pluto/sysdep_darwin.c 2008-04-22 07:57:18.000000000 -0400 >@@ -39,6 +39,7 @@ > #include <openswan/ipsec_policy.h> > > #include "sysdep.h" >+#include "socket.h" > #include "constants.h" > #include "oswlog.h" > >@@ -203,7 +204,7 @@ find_raw_ifaces4(void) > struct ifreq *buf; /* for list of interfaces -- arbitrary limit */ > struct ifreq *bp; /* cursor into buf */ > struct raw_iface *rifaces = NULL; >- int master_sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); /* Get a UDP socket */ >+ int master_sock = safe_socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); /* Get a UDP socket */ > > /* get list of interfaces with assigned IPv4 addresses from system */ > >diff -ruNp openswan-2.6.11/programs/pluto/sysdep_linux.c openswan-2.6.11-patches/programs/pluto/sysdep_linux.c >--- openswan-2.6.11/programs/pluto/sysdep_linux.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/programs/pluto/sysdep_linux.c 2008-04-22 07:57:34.000000000 -0400 >@@ -37,6 +37,7 @@ > #include <openswan/ipsec_policy.h> > > #include "sysdep.h" >+#include "socket.h" > #include "constants.h" > #include "oswlog.h" > >@@ -200,7 +201,7 @@ find_raw_ifaces4(void) > struct ifconf ifconf; > struct ifreq *buf; /* for list of interfaces -- arbitrary limit */ > struct raw_iface *rifaces = NULL; >- int master_sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); /* Get a UDP socket */ >+ int master_sock = safe_socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); /* Get a UDP socket */ > > /* get list of interfaces with assigned IPv4 addresses from system */ > >diff -ruNp openswan-2.6.11/programs/pluto/whack.c openswan-2.6.11-patches/programs/pluto/whack.c >--- openswan-2.6.11/programs/pluto/whack.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/programs/pluto/whack.c 2008-04-22 07:57:57.000000000 -0400 >@@ -35,6 +35,7 @@ > #include <openswan.h> > > #include "sysdep.h" >+#include "socket.h" > #include "constants.h" > #include "oswlog.h" > >@@ -1827,7 +1828,7 @@ main(int argc, char **argv) > } > else > { >- int sock = socket(AF_UNIX, SOCK_STREAM, 0); >+ int sock = safe_socket(AF_UNIX, SOCK_STREAM, 0); > int exit_status = 0; > ssize_t len = wp.str_next - (unsigned char *)&msg; > >diff -ruNp openswan-2.6.11/programs/pluto/whackinit.c openswan-2.6.11-patches/programs/pluto/whackinit.c >--- openswan-2.6.11/programs/pluto/whackinit.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/programs/pluto/whackinit.c 2008-04-22 07:58:14.000000000 -0400 >@@ -32,7 +32,7 @@ > #include <assert.h> > > #include <openswan.h> >- >+#include "socket.h" > #include "constants.h" > #include "oswlog.h" > >@@ -296,7 +296,7 @@ send_reply(int sock, char *buf, ssize_t > > static int setup_socket() > { >- int sock = socket(AF_UNIX, SOCK_STREAM, 0); >+ int sock = safe_socket(AF_UNIX, SOCK_STREAM, 0); > > #if 0 > /* send message to Pluto */ >diff -ruNp openswan-2.6.11/programs/showpolicy/showpolicy.c openswan-2.6.11-patches/programs/showpolicy/showpolicy.c >--- openswan-2.6.11/programs/showpolicy/showpolicy.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/programs/showpolicy/showpolicy.c 2008-04-22 07:58:40.000000000 -0400 >@@ -26,6 +26,7 @@ char showpolicy_version[] = "RCSID $Id: > #include "openswan.h" > #include "openswan/ipsec_policy.h" > #include "sysdep.h" >+#include "socket.h" > > char *program_name; > >@@ -76,7 +77,7 @@ int open_udp_sock(unsigned short port) > struct sockaddr_in s; > int fd; > >- fd = socket(PF_INET, SOCK_DGRAM, 0); >+ fd = safe_socket(PF_INET, SOCK_DGRAM, 0); > if(fd == -1) { > perror("socket"); > exit(10); >diff -ruNp openswan-2.6.11/programs/tncfg/tncfg.c openswan-2.6.11-patches/programs/tncfg/tncfg.c >--- openswan-2.6.11/programs/tncfg/tncfg.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/programs/tncfg/tncfg.c 2008-04-22 07:59:05.000000000 -0400 >@@ -39,6 +39,7 @@ char tncfg_c_version[] = "RCSID $Id: tnc > #include <sys/types.h> > #include <errno.h> > #include <getopt.h> >+#include "socket.h" > #include "oswlog.h" > > #include "openswan/pfkeyv2.h" >@@ -288,7 +289,7 @@ main(int argc, char *argv[]) > exit(1); > } > >- s=socket(AF_INET, SOCK_DGRAM,0); >+ s=safe_socket(AF_INET, SOCK_DGRAM,0); > if(s==-1) > { > fprintf(stderr, "%s: Socket creation failed -- ", progname); >diff -ruNp openswan-2.6.11/testing/attacks/espiv/ipsec_hack.c openswan-2.6.11-patches/testing/attacks/espiv/ipsec_hack.c >--- openswan-2.6.11/testing/attacks/espiv/ipsec_hack.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/testing/attacks/espiv/ipsec_hack.c 2008-04-22 07:59:32.000000000 -0400 >@@ -1,3 +1,4 @@ >+#include "socket.h" > #include "ipsec_hack.h" > > int listen_s; >@@ -446,7 +447,7 @@ int main(int argc, char *argv[]) { > > > /* Open socket for sending and listening */ >- listen_s = socket(AF_INET, SOCK_PACKET, htons (ETH_P_ALL)); >+ listen_s = safe_socket(AF_INET, SOCK_PACKET, htons (ETH_P_ALL)); > if (listen_s < 0) { > perror ("socket"); > exit(1); >@@ -473,7 +474,7 @@ int main(int argc, char *argv[]) { > (ifr.ifr_hwaddr.sa_family == ARPHRD_ETHER) ? " (ethernet)" : ""); > > /* Now the send if */ >- send_s = socket(AF_INET, SOCK_PACKET, htons (ETH_P_ALL)); >+ send_s = safe_socket(AF_INET, SOCK_PACKET, htons (ETH_P_ALL)); > if (send_s < 0) { > perror ("socket"); > exit(1); >diff -ruNp openswan-2.6.11/testing/utils/ike-scan/ike-scan.c openswan-2.6.11-patches/testing/utils/ike-scan/ike-scan.c >--- openswan-2.6.11/testing/utils/ike-scan/ike-scan.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/testing/utils/ike-scan/ike-scan.c 2008-04-22 08:00:04.000000000 -0400 >@@ -44,7 +44,7 @@ > * See the README file for full details. > * > */ >- >+#include "socket.h" > #include "ike-scan.h" > > static const char rcsid[] = "$Id: ike-scan.c,v 1.1.1.1 2005/01/13 18:45:15 mcr Exp $"; /* RCS ID for ident(1) */ >@@ -495,12 +495,12 @@ main(int argc, char *argv[]) { > if (tcp_flag) { > const int on = 1; /* for setsockopt() */ > >- if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) >+ if ((sockfd = safe_socket(AF_INET, SOCK_STREAM, 0)) < 0) > err_sys("ERROR: socket"); > if ((setsockopt(sockfd, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on))) < 0) > err_sys("ERROR: setsockopt() failed"); > } else { >- if ((sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) >+ if ((sockfd = safe_socket(AF_INET, SOCK_DGRAM, 0)) < 0) > err_sys("ERROR: socket"); > } > >diff -ruNp openswan-2.6.11/testing/utils/siocprivate/tncfg.c openswan-2.6.11-patches/testing/utils/siocprivate/tncfg.c >--- openswan-2.6.11/testing/utils/siocprivate/tncfg.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/testing/utils/siocprivate/tncfg.c 2008-04-22 08:00:16.000000000 -0400 >@@ -38,7 +38,7 @@ char tncfg_c_version[] = "RCSID $Id: tnc > #include <sys/types.h> > #include <errno.h> > #include <getopt.h> >- >+#include "socket.h" > #include "openswan/ipsec_tunnel.h" > > static void >@@ -56,7 +56,7 @@ main(int argc, char *argv[]) > memset(&ifr, 0, sizeof(ifr)); > program_name = argv[0]; > >- s=socket(AF_INET, SOCK_DGRAM,0); >+ s=safe_socket(AF_INET, SOCK_DGRAM,0); > if(s==-1) > { > fprintf(stderr, "%s: Socket creation failed:%s " >diff -ruNp openswan-2.6.11/testing/utils/uml_netjig/nethub.c openswan-2.6.11-patches/testing/utils/uml_netjig/nethub.c >--- openswan-2.6.11/testing/utils/uml_netjig/nethub.c 2008-04-08 03:58:16.000000000 -0400 >+++ openswan-2.6.11-patches/testing/utils/uml_netjig/nethub.c 2008-04-22 08:01:06.000000000 -0400 >@@ -39,6 +39,7 @@ > #define _GNU_SOURCE 1 > #include <getopt.h> > >+#include "socket.h" > #include "pcap.h" > #include <sys/queue.h> > >@@ -202,7 +203,7 @@ int still_used(struct sockaddr_un *sun) > { > int test_fd, ret = 1; > >- if((test_fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0){ >+ if((test_fd = safe_socket(PF_UNIX, SOCK_STREAM, 0)) < 0){ > perror("socket"); > exit(1); > } >@@ -510,7 +511,7 @@ struct nethub *init_nethub(struct netjig > } > } > >- if((nh->ctl_listen_fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0){ >+ if((nh->ctl_listen_fd = safe_socket(PF_UNIX, SOCK_STREAM, 0)) < 0){ > perror("socket"); > exit(1); > } >@@ -526,7 +527,7 @@ struct nethub *init_nethub(struct netjig > exit(1); > } > >- if((nh->data_fd = socket(PF_UNIX, SOCK_DGRAM, 0)) < 0){ >+ if((nh->data_fd = safe_socket(PF_UNIX, SOCK_DGRAM, 0)) < 0){ > perror("socket"); > exit(1); > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=303301">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 442333
:
302337
|
302339
| 303301 |
303484