[Openswan dev] bug in openswan-2.1.0rc1/programs/pluto/whack.c

Niki Waibel niki.waibel at newlogic.com
Tue Mar 23 16:34:54 CET 2004

>     Niki> the problematic function is get_secret. you can find it in
>     Niki> ./programs/pluto/whack.c. it seems that this part:
>     Niki> ===
>     Niki> case RC_ENTERSECRET:
>     Niki> if(!gotxauthpass)
>     Niki> {
>     Niki> xauthpasslen = get_secret(xauthpass
>     Niki> , sizeof(xauthpass));
>     Niki> }
>     Niki> ===
>     Niki> is wrong. it is a bit stange to me that the var ``xauthpass''
>     Niki> is used. i am 
>     Niki> not using the XAUTH feature ... anyway, sizeof(xauthpass)
>     Niki> seems to be zero... 
>   Both XAUTH and %prompt need to ask for a secret.
>   However, "whack" lets you put that on the command line if you like,
> so the variables got renamed.


>     Niki> i think this should be:
>     Niki> xauthpasslen = get_secret(xauthpass, 128);
>   Well, sizeof(xauthpass) is 128.

it should be a define on top of the file...

>   You are right that get_secret was broken in a subtle way.
>   I have used it. Hmm.
>     Niki> This function is obsolete. Do not use it.
>     Niki> note ---> ``This function is obsolete. Do not use it.''
>   Can you suggest an alternative function?
>   It has to open /dev/tty, because the input to whack may not be the
> tty. 

unfort i know of no alternative ... i just wanted to mention it. maybe someone
else on the list knows a better way in doing that.


More information about the Dev mailing list