From c308a74e04894faca11f4b58f9974ebc73600dee Mon Sep 17 00:00:00 2001
From: claudio <claudio@openbsd.org>
Date: Mon, 12 Jun 2023 09:02:31 +0000
Subject: [PATCH] Use stdio open_memstream(3) to build up log strings instead
 of trying to abuse ibufs for that. Using stdio for this has the benefit of
 using any stdio function to build up strings including fprintf(). With and OK
 tb@

---
 sbin/iked/iked.h      |   7 +--
 sbin/iked/ikev2.c     | 121 +++++++++++++++++++++++-------------------
 sbin/iked/imsg_util.c |  28 +---------
 3 files changed, 71 insertions(+), 85 deletions(-)

diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h
index 2a26b93a5b9..31734b54ce3 100644
--- a/sbin/iked/iked.h
+++ b/sbin/iked/iked.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: iked.h,v 1.214 2023/05/30 08:41:15 claudio Exp $	*/
+/*	$OpenBSD: iked.h,v 1.215 2023/06/12 09:02:31 claudio Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -1270,8 +1270,7 @@ struct ibuf *
 int	 ibuf_cat(struct ibuf *, struct ibuf *);
 size_t	 ibuf_length(struct ibuf *);
 int	 ibuf_setsize(struct ibuf *, size_t);
-uint8_t *
-	 ibuf_data(struct ibuf *);
+void	*ibuf_data(struct ibuf *);
 void	*ibuf_getdata(struct ibuf *, size_t);
 struct ibuf *
 	 ibuf_get(struct ibuf *, size_t);
@@ -1279,8 +1278,6 @@ struct ibuf *
 	 ibuf_dup(struct ibuf *);
 struct ibuf *
 	 ibuf_random(size_t);
-int	 ibuf_strcat(struct ibuf **, const char *);
-int	 ibuf_strlen(struct ibuf *);
 
 /* log.c */
 void	log_init(int, int);
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index 9a63edff58d..8c6106509fe 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2.c,v 1.367 2023/05/23 13:57:14 claudio Exp $	*/
+/*	$OpenBSD: ikev2.c,v 1.368 2023/06/12 09:02:31 claudio Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -3019,18 +3019,24 @@ ikev2_handle_delete(struct iked *env, struct iked_message *msg,
 	struct iked_childsa	**peersas = NULL;
 	struct iked_sa		*sa = msg->msg_sa;
 	struct ikev2_delete	*localdel;
-	struct ibuf		*spibuf = NULL;
+	FILE			*spif;
+	char			*spibuf = NULL;
 	uint64_t		*localspi = NULL;
 	uint64_t		 spi64, spi = 0;
 	uint32_t		 spi32;
 	uint8_t			*buf;
 	size_t			 found = 0;
 	int			 ret = -1;
-	size_t			 i, sz, cnt, len;
+	size_t			 i, sz, cnt, len, dummy;
 
 	if (!msg->msg_del_protoid)
 		return (0);
 
+	if ((spif = open_memstream(&spibuf, &dummy)) == NULL) {
+		log_warn("%s", __func__);
+		return (0);
+	}
+
 	sz = msg->msg_del_spisize;
 
 	switch (sz) {
@@ -3093,11 +3099,10 @@ ikev2_handle_delete(struct iked *env, struct iked_message *msg,
 		if (ikev2_childsa_delete(env, sa, msg->msg_del_protoid, spi,
 		    &localspi[i], 0) != -1) {
 			found++;
-
 			/* append SPI to log buffer */
-			if (ibuf_strlen(spibuf))
-				ibuf_strcat(&spibuf, ", ");
-			ibuf_strcat(&spibuf, print_spi(spi, sz));
+			if (ftello(spif) > 0)
+				fputs(", ", spif);
+			fputs(print_spi(spi, sz), spif);
 		}
 
 		/*
@@ -3143,11 +3148,12 @@ ikev2_handle_delete(struct iked *env, struct iked_message *msg,
 				break;
 			}
 		}
-		log_info("%sdeleted %zu SPI%s: %.*s",
-		    SPI_SA(sa, NULL), found,
-		    found == 1 ? "" : "s",
-		    spibuf ? ibuf_strlen(spibuf) : 0,
-		    spibuf ? (char *)ibuf_data(spibuf) : "");
+		fflush(spif);
+		if (!ferror(spif)) {
+			log_info("%sdeleted %zu SPI%s: %s",
+			    SPI_SA(sa, NULL), found, found == 1 ? "" : "s",
+			    spibuf);
+		}
 	} else {
 		/* XXX should we send an INVALID_SPI notification? */
 		ret = 0;
@@ -3156,7 +3162,8 @@ ikev2_handle_delete(struct iked *env, struct iked_message *msg,
  done:
 	free(localspi);
 	free(peersas);
-	ibuf_free(spibuf);
+	fclose(spif);
+	free(spibuf);
 
 	return (ret);
 }
@@ -6414,15 +6421,21 @@ ikev2_childsa_enable(struct iked *env, struct iked_sa *sa)
 	struct iked_childsa	*csa, *ocsa, *ipcomp;
 	struct iked_flow	*flow, *oflow;
 	int			 peer_changed, reload;
-	struct ibuf		*spibuf = NULL;
-	struct ibuf		*flowbuf = NULL;
-	char			*buf;
+	FILE			*spif, *flowf;
+	char			*spibuf = NULL, *flowbuf = NULL;
 	char			 prenat_mask[10];
 	uint16_t		 encrid = 0, integrid = 0, groupid = 0;
-	size_t			 encrlen = 0, integrlen = 0;
+	size_t			 encrlen = 0, integrlen = 0, spisz, flowsz;
 	int			 esn = 0;
 	int			 ret = -1;
 
+	spif = open_memstream(&spibuf, &spisz);
+	flowf = open_memstream(&flowbuf, &flowsz);
+	if (spif == NULL || flowf == NULL) {
+		log_warn("%s", __func__);
+		return (ret);
+	}
+
 	TAILQ_FOREACH(csa, &sa->sa_childsas, csa_entry) {
 		if (csa->csa_rekey || csa->csa_loaded)
 			continue;
@@ -6466,16 +6479,12 @@ ikev2_childsa_enable(struct iked *env, struct iked_sa *sa)
 		    print_spi(csa->csa_spi.spi, csa->csa_spi.spi_size));
 
 		/* append SPI to log buffer */
-		if (ibuf_strlen(spibuf))
-			ibuf_strcat(&spibuf, ", ");
-		ibuf_strcat(&spibuf, print_spi(csa->csa_spi.spi,
-		    csa->csa_spi.spi_size));
-		if (ipcomp) {
-			ibuf_strcat(&spibuf, "(");
-			ibuf_strcat(&spibuf, print_spi(ipcomp->csa_spi.spi,
+		if (ftello(spif) > 0)
+			fputs(", ", spif);
+		fputs(print_spi(csa->csa_spi.spi, csa->csa_spi.spi_size), spif);
+		if (ipcomp)
+			fprintf(spif, "(%s)", print_spi(ipcomp->csa_spi.spi,
 			    ipcomp->csa_spi.spi_size));
-			ibuf_strcat(&spibuf, ")");
-		}
 		if (!encrid) {
 			encrid = csa->csa_encrid;
 			encrlen = ibuf_length(csa->csa_encrkey);
@@ -6538,25 +6547,26 @@ ikev2_childsa_enable(struct iked *env, struct iked_sa *sa)
 			    flow->flow_prenat.addr_mask);
 		else
 			prenat_mask[0] = '\0';
-		if (flow->flow_dir == IPSP_DIRECTION_OUT &&
-		    asprintf(&buf, "%s-%s/%d%s%s%s%s%s=%s/%d(%u)%s",
-		    print_map(flow->flow_saproto, ikev2_saproto_map),
-		    print_host((struct sockaddr *)&flow->flow_src.addr, NULL, 0),
-		    flow->flow_src.addr_mask,
-		    flow->flow_prenat.addr_af != 0 ? "[": "",
-		    flow->flow_prenat.addr_af != 0 ? print_host((struct sockaddr *)
-		    &flow->flow_prenat.addr, NULL, 0) : "",
-		    flow->flow_prenat.addr_af != 0 ? "/" : "",
-		    flow->flow_prenat.addr_af != 0 ? prenat_mask : "",
-		    flow->flow_prenat.addr_af != 0 ? "]": "",
-		    print_host((struct sockaddr *)&flow->flow_dst.addr, NULL, 0),
-		    flow->flow_dst.addr_mask,
-		    flow->flow_ipproto,
-		    reload ? "-R" : "") != -1) {
-			if (ibuf_strlen(flowbuf))
-				ibuf_strcat(&flowbuf, ", ");
-			ibuf_strcat(&flowbuf, buf);
-			free(buf);
+		if (flow->flow_dir == IPSP_DIRECTION_OUT) {
+			if (ftello(flowf) > 0)
+				fputs(", ", flowf);
+			fprintf(flowf, "%s-%s/%d%s%s%s%s%s=%s/%d(%u)%s",
+			    print_map(flow->flow_saproto, ikev2_saproto_map),
+			    print_host((struct sockaddr *)&flow->flow_src.addr,
+			    NULL, 0),
+			    flow->flow_src.addr_mask,
+			    flow->flow_prenat.addr_af != 0 ? "[": "",
+			    flow->flow_prenat.addr_af != 0 ?
+			    print_host((struct sockaddr *)
+			    &flow->flow_prenat.addr, NULL, 0) : "",
+			    flow->flow_prenat.addr_af != 0 ? "/" : "",
+			    flow->flow_prenat.addr_af != 0 ? prenat_mask : "",
+			    flow->flow_prenat.addr_af != 0 ? "]": "",
+			    print_host((struct sockaddr *)&flow->flow_dst.addr,
+			    NULL, 0),
+			    flow->flow_dst.addr_mask,
+			    flow->flow_ipproto,
+			    reload ? "-R" : "");
 		}
 	}
 
@@ -6569,10 +6579,10 @@ ikev2_childsa_enable(struct iked *env, struct iked_sa *sa)
 		    NULL, 0));
 	}
 
-	if (ibuf_strlen(spibuf)) {
-		log_info("%s: loaded SPIs: %.*s (enc %s%s%s%s%s%s)",
-		    SPI_SA(sa, __func__),
-		    ibuf_strlen(spibuf), ibuf_data(spibuf),
+	fflush(spif);
+	if (ftello(spif) > 0 && !ferror(spif)) {
+		log_info("%s: loaded SPIs: %s (enc %s%s%s%s%s%s)",
+		    SPI_SA(sa, __func__), spibuf,
 		    print_xf(encrid, encrlen, ipsecencxfs),
 		    integrid ? " auth " : "",
 		    integrid ? print_xf(integrid, integrlen, authxfs) : "",
@@ -6580,14 +6590,17 @@ ikev2_childsa_enable(struct iked *env, struct iked_sa *sa)
 		    groupid ? print_xf(groupid, 0, groupxfs) : "",
 		    esn ? " esn" : "");
 	}
-	if (ibuf_strlen(flowbuf))
-		log_info("%s: loaded flows: %.*s", SPI_SA(sa, __func__),
-		    ibuf_strlen(flowbuf), ibuf_data(flowbuf));
+	fflush(flowf);
+	if (ftello(flowf) > 0 && !ferror(flowf)) {
+		log_info("%s: loaded flows: %s", SPI_SA(sa, __func__), flowbuf);
+	}
 
 	ret = 0;
  done:
-	ibuf_free(spibuf);
-	ibuf_free(flowbuf);
+	fclose(spif);
+	fclose(flowf);
+	free(spibuf);
+	free(flowbuf);
 	return (ret);
 }
 
diff --git a/sbin/iked/imsg_util.c b/sbin/iked/imsg_util.c
index 67ba8a27680..cf83b5c9848 100644
--- a/sbin/iked/imsg_util.c
+++ b/sbin/iked/imsg_util.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: imsg_util.c,v 1.17 2023/05/30 08:41:15 claudio Exp $	*/
+/*	$OpenBSD: imsg_util.c,v 1.18 2023/06/12 09:02:32 claudio Exp $	*/
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -83,7 +83,7 @@ ibuf_length(struct ibuf *buf)
 	return (ibuf_size(buf));
 }
 
-uint8_t *
+void *
 ibuf_data(struct ibuf *buf)
 {
 	return (ibuf_seek(buf, 0, 0));
@@ -144,27 +144,3 @@ ibuf_setsize(struct ibuf *buf, size_t len)
 	buf->wpos = len;
 	return (0);
 }
-
-int
-ibuf_strcat(struct ibuf **buf, const char *s)
-{
-	size_t slen;
-
-	if (buf == NULL)
-		return (-1);
-	slen = strlen(s);
-	if (*buf == NULL) {
-		if ((*buf = ibuf_new(s, slen)) == NULL)
-			return (-1);
-		return (0);
-	}
-	return (ibuf_add(*buf, s, slen));
-}
-
-int
-ibuf_strlen(struct ibuf *buf)
-{
-	if (ibuf_length(buf) > INT_MAX)
-		return (INT_MAX);
-	return ((int)ibuf_length(buf));
-}
-- 
2.20.1