ipsec-tools: slightly improve the security.
If racoon is running as a service, do not trust
the script passed from the control socket.
Change-Id: I8e0115848cd4fa865d68452c9ecab20f6eac0921
diff --git a/main.c b/main.c
index da52e0f..7387756 100644
--- a/main.c
+++ b/main.c
@@ -92,12 +92,12 @@
return control;
}
-void android_setenv(char **envp)
+const char *android_hook(char **envp)
{
struct ifreq ifr = {.ifr_flags = IFF_TUN};
int tun = open("/dev/tun", 0);
- /* Android does not support INTERNAL_WINS4_LIST, so we just replace it. */
+ /* Android does not support INTERNAL_WINS4_LIST, so we just use it. */
while (*envp && strncmp(*envp, "INTERNAL_WINS4_LIST=", 20)) {
++envp;
}
@@ -110,6 +110,7 @@
exit(1);
}
sprintf(*envp, "INTERFACE=%s", ifr.ifr_name);
+ return "/etc/ppp/ip-up-vpn";
}
#endif
diff --git a/setup.c b/setup.c
index 17cbbcb..d37d44d 100644
--- a/setup.c
+++ b/setup.c
@@ -554,7 +554,7 @@
}
static int skip_script = 0;
-extern void android_setenv(char **envp);
+extern const char *android_hook(char **envp);
int privsep_script_exec(char *script, int name, char * const *envp)
{
@@ -572,7 +572,9 @@
if (addr4 && local && remote) {
#ifdef ANDROID_CHANGES
- android_setenv((char **)envp);
+ if (pname) {
+ script = (char *)android_hook((char **)envp);
+ }
#endif
spdadd(addr4, NULL, IPPROTO_IP, local, remote);
} else {
