[Openswan dev] bug in openswan-2.1.0rc1/programs/pluto/whack.c
Niki Waibel
niki.waibel at newlogic.com
Tue Mar 23 16:34:54 CET 2004
> Niki> the problematic function is get_secret. you can find it in
> Niki> ./programs/pluto/whack.c. it seems that this part:
> Niki> ===
> Niki> case RC_ENTERSECRET:
> Niki> if(!gotxauthpass)
> Niki> {
> Niki> xauthpasslen = get_secret(xauthpass
> Niki> , sizeof(xauthpass));
> Niki> }
> Niki> ===
> Niki> is wrong. it is a bit stange to me that the var ``xauthpass''
> Niki> is used. i am
> Niki> not using the XAUTH feature ... anyway, sizeof(xauthpass)
> Niki> seems to be zero...
>
> Both XAUTH and %prompt need to ask for a secret.
> However, "whack" lets you put that on the command line if you like,
> so the variables got renamed.
ok.
> Niki> i think this should be:
> Niki> xauthpasslen = get_secret(xauthpass, 128);
>
> Well, sizeof(xauthpass) is 128.
it should be a define on top of the file...
> You are right that get_secret was broken in a subtle way.
> I have used it. Hmm.
>
> Niki> This function is obsolete. Do not use it.
> Niki> note ---> ``This function is obsolete. Do not use it.''
>
> Can you suggest an alternative function?
> It has to open /dev/tty, because the input to whack may not be the
> tty.
unfort i know of no alternative ... i just wanted to mention it. maybe someone
else on the list knows a better way in doing that.
niki
More information about the Dev
mailing list