aboutsummaryrefslogtreecommitdiff
path: root/misc.h
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-09-06 09:42:17 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-09-06 09:42:17 +0000
commitb8fb090c167ff500a8d702f612a42914d4f0bb03 (patch)
tree982fe657f91c834bc17d1e81f04672323a2dda1a /misc.h
parentAdded --allow-pull-fqdn option which allows client to pull DNS names (diff)
downloadopenvpn-b8fb090c167ff500a8d702f612a42914d4f0bb03.tar.xz
2.1_rc8 and earlier did implicit shell expansion on script
arguments since all scripts were called by system(). The security hardening changes made to 2.1_rc9 no longer use system(), but rather use the safer execve or CreateProcess system calls. The security hardening also introduced a backward incompatibility with 2.1_rc8 and earlier in that script parameters were no longer shell-expanded, so for example: client-connect "docc CLIENT-CONNECT" would fail to work because execve would try to execute a script called "docc CLIENT-CONNECT" instead of "docc" with "CLIENT-CONNECT" as the first argument. This patch fixes the issue, bringing the script argument semantics back to pre 2.1_rc9 behavior in order to preserve backward compatibility while still using execve or CreateProcess to execute the script/executable. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3311 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'misc.h')
-rw-r--r--misc.h36
1 files changed, 33 insertions, 3 deletions
diff --git a/misc.h b/misc.h
index 87cdb31..dd81d82 100644
--- a/misc.h
+++ b/misc.h
@@ -221,9 +221,6 @@ bool delete_file (const char *filename);
/* return true if pathname is absolute */
bool absolute_pathname (const char *pathname);
-/* return the next largest power of 2 */
-unsigned int adjust_power_of_2 (unsigned int u);
-
/*
* Get and store a username/password
*/
@@ -300,4 +297,37 @@ extern const char *iproute_path;
#define SSEC_PW_ENV 3 /* allow calling of built-in programs and user-defined scripts that may receive a password as an environmental variable */
extern int script_security; /* GLOBAL */
+/* return the next largest power of 2 */
+size_t adjust_power_of_2 (size_t u);
+
+/*
+ * A printf-like function (that only recognizes a subset of standard printf
+ * format operators) that prints arguments to an argv list instead
+ * of a standard string. This is used to build up argv arrays for passing
+ * to execve.
+ */
+void argv_init (struct argv *a);
+struct argv argv_new (void);
+void argv_reset (struct argv *a);
+char *argv_term (const char **f);
+const char *argv_str (const struct argv *a, struct gc_arena *gc, const unsigned int flags);
+struct argv argv_insert_head (const struct argv *a, const char *head);
+void argv_msg (const int msglev, const struct argv *a);
+void argv_msg_prefix (const int msglev, const struct argv *a, const char *prefix);
+
+#define APA_CAT (1<<0) /* concatentate onto existing struct argv list */
+void argv_printf_arglist (struct argv *a, const char *format, const unsigned int flags, va_list arglist);
+
+void argv_printf (struct argv *a, const char *format, ...)
+#ifdef __GNUC__
+ __attribute__ ((format (printf, 2, 3)))
+#endif
+ ;
+
+void argv_printf_cat (struct argv *a, const char *format, ...)
+#ifdef __GNUC__
+ __attribute__ ((format (printf, 2, 3)))
+#endif
+ ;
+
#endif