#include "subnet.h"
#include "keys.h"
#include "random.h"
+#include "sandbox.h"
#include "pidfile.h"
#include "console.h"
};
static void version(void) {
- static const char *message =
+ fprintf(stdout,
"%s version %s (built %s %s, protocol %d.%d)\n"
"Features:"
#ifdef HAVE_READLINE
#endif
#ifndef DISABLE_LEGACY
" legacy_protocol"
+#endif
+#ifdef HAVE_SANDBOX
+ " sandbox"
#endif
"\n\n"
"Copyright (C) 1998-2018 Ivo Timmermans, Guus Sliepen and others.\n"
"\n"
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
"and you are welcome to redistribute it under certain conditions;\n"
- "see the file COPYING for details.\n";
-
- printf(message, PACKAGE, BUILD_VERSION, BUILD_DATE, BUILD_TIME, PROT_MAJOR, PROT_MINOR);
+ "see the file COPYING for details.\n",
+ PACKAGE, BUILD_VERSION, BUILD_DATE, BUILD_TIME, PROT_MAJOR, PROT_MINOR);
}
static void usage(bool status) {
if(status) {
fprintf(stderr, "Try `%s --help\' for more information.\n", program_name);
} else {
- static const char *message =
+ fprintf(stdout,
"Usage: %s [options] command\n"
"\n"
"Valid options are:\n"
" sign [FILE] Generate a signed version of a file.\n"
" verify NODE [FILE] Verify that a file was signed by the given NODE.\n"
"\n"
- "Report bugs to tinc@tinc-vpn.org.\n";
-
- printf(message, program_name);
+ "Report bugs to tinc@tinc-vpn.org.\n",
+ program_name);
}
}
static void sigint_handler(int sig) {
(void)sig;
- fprintf(stderr, "\n");
+ if(write(2, "\n", 1) < 0) {
+ // nothing we can do
+ }
+
shutdown(fd, SHUT_RDWR);
}
#endif
return NULL;
}
-ecdsa_t *get_pubkey(FILE *f) {
+static ecdsa_t *get_pubkey(FILE *f) ATTR_MALLOC ATTR_DEALLOCATOR(ecdsa_free);
+static ecdsa_t *get_pubkey(FILE *f) {
char buf[4096];
char *value;
{"ProcessPriority", VAR_SERVER},
{"Proxy", VAR_SERVER},
{"ReplayWindow", VAR_SERVER | VAR_SAFE},
+ {"Sandbox", VAR_SERVER},
{"ScriptsExtension", VAR_SERVER},
{"ScriptsInterpreter", VAR_SERVER},
{"StrictSubnets", VAR_SERVER | VAR_SAFE},
char filename[PATH_MAX];
if(node) {
- if((size_t)snprintf(filename, sizeof(filename), "%s" SLASH "%s", hosts_dir, node) >= sizeof(filename)) {
- fprintf(stderr, "Filename too long: %s" SLASH "%s\n", hosts_dir, node);
- free(node);
- return 1;
- }
+ size_t wrote = (size_t)snprintf(filename, sizeof(filename), "%s" SLASH "%s", hosts_dir, node);
if(node != line) {
free(node);
node = NULL;
}
+
+ if(wrote >= sizeof(filename)) {
+ fprintf(stderr, "Filename too long: %s" SLASH "%s\n", hosts_dir, node);
+ return 1;
+ }
+
} else {
snprintf(filename, sizeof(filename), "%s", tinc_conf);
}
crypto_init();
prng_init();
+ sandbox_set_level(SANDBOX_NORMAL);
+ sandbox_enter();
+
int result = run_command(argc, argv);
random_exit();