From d58c17666c14fd82a797053aa19a55e6ec2f6f66 Mon Sep 17 00:00:00 2001
From: claudio <claudio@openbsd.org>
Date: Wed, 14 Jun 2023 14:09:29 +0000
Subject: [PATCH] Replace the last few print_host() calls with print_addr()
 ones.

In most cases print_host(addr, buf, buflen) can be replaced with
strlcpy(buf, print_addr(addr), buflen).
Some code was never fully adjusted to the full power of print_host() and
there are remnants of times well before print_host() supported multiple
internal buffers.
With and OK tb@
---
 sbin/iked/ikev2.c     | 60 +++++++++++++++--------------------
 sbin/iked/ikev2_pld.c | 73 ++++++++++++++++++++++---------------------
 sbin/iked/parse.y     |  5 ++-
 3 files changed, 66 insertions(+), 72 deletions(-)

diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index ab3f7474eac..dd3ac450dd8 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2.c,v 1.370 2023/06/13 12:34:12 tb Exp $	*/
+/*	$OpenBSD: ikev2.c,v 1.371 2023/06/14 14:09:29 claudio Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -2285,7 +2285,7 @@ ikev2_nat_detection(struct iked *env, struct iked_message *msg,
 	struct sockaddr_in	*in4;
 	struct sockaddr_in6	*in6;
 	ssize_t			 ret = -1;
-	struct sockaddr		*src, *dst, *ss;
+	struct sockaddr_storage	*src, *dst, *ss;
 	uint64_t		 rspi, ispi;
 	struct ibuf		*buf;
 	uint32_t		 rnd;
@@ -2299,13 +2299,13 @@ ikev2_nat_detection(struct iked *env, struct iked_message *msg,
 			return (-1);
 		ispi = hdr->ike_ispi;
 		rspi = hdr->ike_rspi;
-		src = (struct sockaddr *)&msg->msg_peer;
-		dst = (struct sockaddr *)&msg->msg_local;
+		src = &msg->msg_peer;
+		dst = &msg->msg_local;
 	} else {
 		ispi = htobe64(sa->sa_hdr.sh_ispi);
 		rspi = htobe64(sa->sa_hdr.sh_rspi);
-		src = (struct sockaddr *)&msg->msg_local;
-		dst = (struct sockaddr *)&msg->msg_peer;
+		src = &msg->msg_local;
+		dst = &msg->msg_peer;
 	}
 
 	ctx = EVP_MD_CTX_new();
@@ -2337,7 +2337,7 @@ ikev2_nat_detection(struct iked *env, struct iked_message *msg,
 	EVP_DigestUpdate(ctx, &ispi, sizeof(ispi));
 	EVP_DigestUpdate(ctx, &rspi, sizeof(rspi));
 
-	switch (ss->sa_family) {
+	switch (ss->ss_family) {
 	case AF_INET:
 		in4 = (struct sockaddr_in *)ss;
 		EVP_DigestUpdate(ctx, &in4->sin_addr.s_addr,
@@ -6902,15 +6902,14 @@ ikev2_print_static_id(struct iked_static_id *id, char *idstr, size_t idstrlen)
 int
 ikev2_print_id(struct iked_id *id, char *idstr, size_t idstrlen)
 {
-	uint8_t				 buf[BUFSIZ], *ptr;
-	struct sockaddr_in		*s4;
-	struct sockaddr_in6		*s6;
+	uint8_t				*ptr;
+	struct sockaddr_in		 s4 = { 0 };
+	struct sockaddr_in6		 s6 = { 0 };
 	char				*str;
 	ssize_t				 len;
 	int				 i;
 	const char			*type;
 
-	bzero(buf, sizeof(buf));
 	bzero(idstr, idstrlen);
 
 	if (id->id_buf == NULL)
@@ -6931,48 +6930,38 @@ ikev2_print_id(struct iked_id *id, char *idstr, size_t idstrlen)
 	    strlcat(idstr, "/", idstrlen) >= idstrlen)
 		return (-1);
 
-	idstrlen -= strlen(idstr);
-	idstr += strlen(idstr);
-
 	switch (id->id_type) {
 	case IKEV2_ID_IPV4:
-		s4 = (struct sockaddr_in *)buf;
-		s4->sin_family = AF_INET;
-		s4->sin_len = sizeof(*s4);
-		memcpy(&s4->sin_addr.s_addr, ptr, len);
+		s4.sin_family = AF_INET;
+		s4.sin_len = sizeof(s4);
+		memcpy(&s4.sin_addr.s_addr, ptr, len);
 
-		if (print_host((struct sockaddr *)s4,
-		    idstr, idstrlen) == NULL)
+		if (strlcat(idstr, print_addr(&s4), idstrlen) >= idstrlen)
 			return (-1);
 		break;
 	case IKEV2_ID_FQDN:
 	case IKEV2_ID_UFQDN:
-		if (len >= (ssize_t)sizeof(buf))
-			return (-1);
-
 		if ((str = get_string(ptr, len)) == NULL)
 			return (-1);
 
-		if (strlcpy(idstr, str, idstrlen) >= idstrlen) {
+		if (strlcat(idstr, str, idstrlen) >= idstrlen) {
 			free(str);
 			return (-1);
 		}
 		free(str);
 		break;
 	case IKEV2_ID_IPV6:
-		s6 = (struct sockaddr_in6 *)buf;
-		s6->sin6_family = AF_INET6;
-		s6->sin6_len = sizeof(*s6);
-		memcpy(&s6->sin6_addr, ptr, len);
+		s6.sin6_family = AF_INET6;
+		s6.sin6_len = sizeof(s6);
+		memcpy(&s6.sin6_addr, ptr, len);
 
-		if (print_host((struct sockaddr *)s6,
-		    idstr, idstrlen) == NULL)
+		if (strlcat(idstr, print_addr(&s6), idstrlen) >= idstrlen)
 			return (-1);
 		break;
 	case IKEV2_ID_ASN1_DN:
 		if ((str = ca_asn1_name(ptr, len)) == NULL)
 			return (-1);
-		if (strlcpy(idstr, str, idstrlen) >= idstrlen) {
+		if (strlcat(idstr, str, idstrlen) >= idstrlen) {
 			OPENSSL_free(str);
 			return (-1);
 		}
@@ -6980,9 +6969,12 @@ ikev2_print_id(struct iked_id *id, char *idstr, size_t idstrlen)
 		break;
 	default:
 		/* XXX test */
-		for (i = 0; i < ((ssize_t)idstrlen - 1) && i < len; i++)
-			snprintf(idstr + i, idstrlen - i,
-			    "%02x", ptr[i]);
+		for (i = 0; i < len; i++) {
+			char buf[3];
+			snprintf(buf, sizeof(buf), "%02x", ptr[i]);
+			if (strlcat(idstr, buf, idstrlen) >= idstrlen)
+				break;
+		}
 		break;
 	}
 
diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c
index cef586817a1..b176bf54951 100644
--- a/sbin/iked/ikev2_pld.c
+++ b/sbin/iked/ikev2_pld.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2_pld.c,v 1.129 2023/06/06 16:09:35 claudio Exp $	*/
+/*	$OpenBSD: ikev2_pld.c,v 1.130 2023/06/14 14:09:29 claudio Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -1522,9 +1522,8 @@ int
 ikev2_pld_ts(struct iked *env, struct ikev2_payload *pld,
     struct iked_message *msg, size_t offset, size_t left, unsigned int type)
 {
-	struct sockaddr_in		 s4;
-	struct sockaddr_in6		 s6;
-	uint8_t				 buf[2][128];
+	struct sockaddr_in		 start4, end4;
+	struct sockaddr_in6		 start6, end6;
 	uint8_t				*msgbuf = ibuf_data(msg->msg_data);
 	uint8_t				*ptr;
 
@@ -1539,22 +1538,21 @@ ikev2_pld_ts(struct iked *env, struct ikev2_payload *pld,
 			return (-1);
 		}
 
-		bzero(&s4, sizeof(s4));
-		s4.sin_family = AF_INET;
-		s4.sin_len = sizeof(s4);
-		memcpy(&s4.sin_addr.s_addr, ptr, 4);
+		bzero(&start4, sizeof(start4));
+		start4.sin_family = AF_INET;
+		start4.sin_len = sizeof(start4);
+		memcpy(&start4.sin_addr.s_addr, ptr, 4);
 		ptr += 4;
 		left -= 4;
-		print_host((struct sockaddr *)&s4,
-		    (char *)buf[0], sizeof(buf[0]));
 
-		memcpy(&s4.sin_addr.s_addr, ptr, 4);
+		bzero(&end4, sizeof(end4));
+		end4.sin_family = AF_INET;
+		end4.sin_len = sizeof(end4);
+		memcpy(&end4.sin_addr.s_addr, ptr, 4);
 		left -= 4;
-		print_host((struct sockaddr *)&s4,
-		    (char *)buf[1], sizeof(buf[1]));
 
 		log_debug("%s: start %s end %s", __func__,
-		    buf[0], buf[1]);
+		    print_addr(&start4), print_addr(&end4));
 		break;
 	case IKEV2_TS_IPV6_ADDR_RANGE:
 		if (left < 2 * 16) {
@@ -1563,21 +1561,21 @@ ikev2_pld_ts(struct iked *env, struct ikev2_payload *pld,
 			    __func__, left, 2 * 16);
 			return (-1);
 		}
-		bzero(&s6, sizeof(s6));
-		s6.sin6_family = AF_INET6;
-		s6.sin6_len = sizeof(s6);
-		memcpy(&s6.sin6_addr, ptr, 16);
+		bzero(&start6, sizeof(start6));
+		start6.sin6_family = AF_INET6;
+		start6.sin6_len = sizeof(start6);
+		memcpy(&start6.sin6_addr, ptr, 16);
 		ptr += 16;
 		left -= 16;
-		print_host((struct sockaddr *)&s6,
-		    (char *)buf[0], sizeof(buf[0]));
 
-		memcpy(&s6.sin6_addr, ptr, 16);
+		bzero(&end6, sizeof(end6));
+		end6.sin6_family = AF_INET6;
+		end6.sin6_len = sizeof(end6);
+		memcpy(&end6.sin6_addr, ptr, 16);
 		left -= 16;
-		print_host((struct sockaddr *)&s6,
-		    (char *)buf[1], sizeof(buf[1]));
+
 		log_debug("%s: start %s end %s", __func__,
-		    buf[0], buf[1]);
+		    print_addr(&start6), print_addr(&end6));
 		break;
 	default:
 		log_debug("%s: ignoring unknown TS type %u", __func__, type);
@@ -1871,7 +1869,6 @@ ikev2_pld_cp(struct iked *env, struct ikev2_payload *pld,
 	uint8_t			*msgbuf = ibuf_data(msg->msg_data);
 	uint8_t			*ptr;
 	size_t			 len;
-	uint8_t			 buf[128];
 	int			 cfg_type;
 
 	if (ikev2_validate_cp(msg, offset, left, &cp))
@@ -1949,17 +1946,20 @@ ikev2_pld_cp(struct iked *env, struct ikev2_payload *pld,
 			in4->sin_family = AF_INET;
 			in4->sin_len = sizeof(*in4);
 			memcpy(&in4->sin_addr.s_addr, ptr, 4);
-			print_host((struct sockaddr *)in4, (char *)buf,
-			    sizeof(buf));
-			log_debug("%s: cfg %s", __func__, buf);
 			switch(cfg_type) {
 			case IKEV2_CFG_INTERNAL_IP4_ADDRESS:
 				msg->msg_parent->msg_cp_addr = addr;
-				log_debug("%s: IP4_ADDRESS %s", __func__, buf);
+				log_debug("%s: IP4_ADDRESS %s", __func__,
+				    print_addr(&addr->addr));
 				break;
 			case IKEV2_CFG_INTERNAL_IP4_DNS:
 				msg->msg_parent->msg_cp_dns = addr;
-				log_debug("%s: IP4_DNS %s", __func__, buf);
+				log_debug("%s: IP4_DNS %s", __func__,
+				    print_addr(&addr->addr));
+				break;
+			default:
+				log_debug("%s: cfg %s", __func__,
+				    print_addr(&addr->addr));
 				break;
 			}
 			break;
@@ -1999,17 +1999,20 @@ ikev2_pld_cp(struct iked *env, struct ikev2_payload *pld,
 			in6->sin6_family = AF_INET6;
 			in6->sin6_len = sizeof(*in6);
 			memcpy(&in6->sin6_addr, ptr, 16);
-			print_host((struct sockaddr *)in6, (char *)buf,
-			    sizeof(buf));
-			log_debug("%s: cfg %s/%d", __func__, buf, ptr[16]);
 			switch(cfg_type) {
 			case IKEV2_CFG_INTERNAL_IP6_ADDRESS:
 				msg->msg_parent->msg_cp_addr6 = addr;
-				log_debug("%s: IP6_ADDRESS %s", __func__, buf);
+				log_debug("%s: IP6_ADDRESS %s", __func__,
+				    print_addr(&addr->addr));
 				break;
 			case IKEV2_CFG_INTERNAL_IP6_DNS:
 				msg->msg_parent->msg_cp_dns = addr;
-				log_debug("%s: IP6_DNS %s", __func__, buf);
+				log_debug("%s: IP6_DNS %s", __func__,
+				    print_addr(&addr->addr));
+				break;
+			default:
+				log_debug("%s: cfg %s/%d", __func__,
+				    print_addr(&addr->addr), ptr[16]);
 				break;
 			}
 			break;
diff --git a/sbin/iked/parse.y b/sbin/iked/parse.y
index 6eebe018e55..075981db320 100644
--- a/sbin/iked/parse.y
+++ b/sbin/iked/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.142 2023/04/19 13:33:37 jsg Exp $	*/
+/*	$OpenBSD: parse.y,v 1.143 2023/06/14 14:09:29 claudio Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -2880,8 +2880,7 @@ create_ike(char *name, int af, struct ipsec_addr_wrap *ipproto,
 	if (dstid)
 		strlcpy(idstr, dstid, sizeof(idstr));
 	else if (!pol.pol_peer.addr_net)
-		print_host((struct sockaddr *)&pol.pol_peer.addr, idstr,
-		    sizeof(idstr));
+		strlcpy(idstr, print_addr(&pol.pol_peer.addr), sizeof(idstr));
 
 	ikeauth = &pol.pol_auth;
 	switch (ikeauth->auth_method) {
-- 
2.20.1