From 8455d69433d97b878b3aa4d14e589f06f32e26ea Mon Sep 17 00:00:00 2001
From: Erik Ekman <yarrick@kryo.se>
Date: Wed, 8 Nov 2006 21:45:28 +0000
Subject: [PATCH] New release 0.3.4

---
 CHANGELOG  |  5 ++++-
 dns.c      |  6 +++---
 encoding.c |  7 ++++---
 test.c     | 40 ++++++++++++++++++++++++++++++++++------
 tun.c      |  2 +-
 5 files changed, 46 insertions(+), 14 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 13f996f..70dd54b 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -7,7 +7,10 @@ iodine - IP over DNS is now easy
 
 CHANGES:
 
-2006-xx-xx: 0.3.4
+2006-11-08: 0.3.4
+	- Fixed handshake() buffer overflow
+	  (Found by poplix, Secunia: SA22674 / FrSIRT/ADV-2006-4333)
+	- Added more tests
 	- More name parsing enhancements
 	- Now runs on Linux/AMD64
 	- Added setting to change server port
diff --git a/dns.c b/dns.c
index 11dabfc..ade40de 100644
--- a/dns.c
+++ b/dns.c
@@ -67,7 +67,7 @@ open_dns(const char *domain, int localport, in_addr_t listen_ip)
 	int flag;
 	struct sockaddr_in addr;
 
-	bzero(&addr, sizeof(addr));
+	memset(&addr, 0, sizeof(addr));
 	addr.sin_family = AF_INET;
 	addr.sin_port = htons(localport);
 	/* listen_ip already in network byte order from inet_addr, or 0 */
@@ -111,7 +111,7 @@ dns_settarget(const char *host)
 		return -1;
 	}
 
-	bzero(&peer, sizeof(peer));
+	memset(&peer, 0, sizeof(peer));
 	peer.sin_family = AF_INET;
 	peer.sin_port = htons(53);
 	peer.sin_addr = *((struct in_addr *) h->h_addr);
@@ -236,7 +236,7 @@ dns_write(int fd, int id, char *buf, int len, char flag)
 	char *d;
 
 	avail = 0xFF - strlen(topdomain) - 2;
-	bzero(data, sizeof(data));
+	memset(data, 0, sizeof(data));
 	d = data;
 	written = encode_data(buf, len, avail, d, flag);
 	encoded = strlen(data);
diff --git a/encoding.c b/encoding.c
index ef007fb..17092b0 100644
--- a/encoding.c
+++ b/encoding.c
@@ -127,6 +127,7 @@ encode_data(char *buf, int len, int space, char *dest, char flag)
 	chunks = write / RAW_CHUNK;
 	leftovers = write % RAW_CHUNK;
 
+	// flag is special character to be placed first in the encoded data
 	if (flag != 0) {
 		*dest = flag;
 	} else {
@@ -135,7 +136,7 @@ encode_data(char *buf, int len, int space, char *dest, char flag)
 	}
 	dest++;
 
-	bzero(encoded, sizeof(encoded));
+	memset(encoded, 0, sizeof(encoded));
 	ep = encoded;
 	dp = buf;
 	for (i = 0; i < chunks; i++) {
@@ -144,7 +145,7 @@ encode_data(char *buf, int len, int space, char *dest, char flag)
 		dp += RAW_CHUNK;
 	}
 	realwrite = ENC_CHUNK * chunks;
-	bzero(padding, sizeof(padding));
+	memset(padding, 0, sizeof(padding));
 	pp = padding;
 	if (leftovers) {
 		pp += RAW_CHUNK - leftovers;
@@ -187,7 +188,7 @@ decode_data(char *dest, int size, const char *src, char *srcend)
 	dest++;
 	src++;
 
-	bzero(encoded, sizeof(encoded));
+	memset(encoded, 0, sizeof(encoded));
 	ep = encoded;
 	while(len < size && src < srcend) {
 		if(*src == '.') {
diff --git a/test.c b/test.c
index 06c8771..a2098cf 100644
--- a/test.c
+++ b/test.c
@@ -29,6 +29,7 @@
 #include <assert.h>
 
 #include "structs.h"
+#include "encoding.h"
 #include "dns.h"
 #include "read.h"
 	
@@ -144,31 +145,31 @@ test_readname()
 	printf(" * Testing readname... ");
 	fflush(stdout);
 
-	bzero(buf, sizeof(buf));
+	memset(buf, 0, sizeof(buf));
 	data = emptyloop + sizeof(HEADER);
 	buf[1023] = 'A';
 	rv = readname(emptyloop, sizeof(emptyloop), &data, buf, 1023);
 	assert(buf[1023] == 'A');
 	
-	bzero(buf, sizeof(buf));
+	memset(buf, 0, sizeof(buf));
 	data = infloop + sizeof(HEADER);
 	buf[4] = '\a';
 	rv = readname(infloop, sizeof(infloop), &data, buf, 4);
 	assert(buf[4] == '\a');
 	
-	bzero(buf, sizeof(buf));
+	memset(buf, 0, sizeof(buf));
 	data = longname + sizeof(HEADER);
 	buf[256] = '\a';
 	rv = readname(longname, sizeof(longname), &data, buf, 256);
 	assert(buf[256] == '\a');
 
-	bzero(buf, sizeof(buf));
+	memset(buf, 0, sizeof(buf));
 	data = onejump + sizeof(HEADER);
 	rv = readname(onejump, sizeof(onejump), &data, buf, 256);
 	assert(rv == 9);
 	
 	// These two tests use malloc to cause segfault if jump is executed
-	bzero(buf, sizeof(buf));
+	memset(buf, 0, sizeof(buf));
 	jumper = malloc(sizeof(badjump));
 	if (jumper) {
 		memcpy(jumper, badjump, sizeof(badjump));
@@ -178,13 +179,14 @@ test_readname()
 	}
 	free(jumper);
 	
-	bzero(buf, sizeof(buf));
+	memset(buf, 0, sizeof(buf));
 	jumper = malloc(sizeof(badjump2));
 	if (jumper) {
 		memcpy(jumper, badjump2, sizeof(badjump2));
 		data = jumper + sizeof(HEADER);
 		rv = readname(jumper, sizeof(badjump2), &data, buf, 256);
 		assert(rv == 4);
+		assert(strcmp("BA.", buf) == 0);
 	}
 	free(jumper);
 
@@ -219,6 +221,31 @@ test_encode_hostname() {
 	printf("OK\n");
 }
 
+static void
+test_base32() {
+	char temp[256];
+	char *start = "HELLOTEST";
+	char *out = "1HELLOTEST";
+	char *end;
+	char *tempend;
+	int codedlength;
+
+	printf(" * Testing base32 encoding... ");
+	fflush(stdout);
+
+	memset(temp, 0, sizeof(temp));
+	end = malloc(16);
+	memset(end, 0, 16);
+
+	codedlength = encode_data(start, 9, 256, temp, 0);
+	tempend = temp + strlen(temp);
+	decode_data(end, 16, temp, tempend);
+	assert(strcmp(out, end) == 0);
+	free(end);
+	
+	printf("OK\n");
+}
+
 int
 main()
 {
@@ -228,6 +255,7 @@ main()
 	test_readputlong();
 	test_readname();
 	test_encode_hostname();
+	test_base32();
 
 	printf("** All went well :)\n");
 	return 0;
diff --git a/tun.c b/tun.c
index d750362..0f5cef0 100644
--- a/tun.c
+++ b/tun.c
@@ -52,7 +52,7 @@ open_tun(const char *tun_device)
 		return -1;
 	}
 
-	bzero(&ifreq, sizeof(ifreq));
+	memset(&ifreq, 0, sizeof(ifreq));
 
 	ifreq.ifr_flags = IFF_TUN;