diff -urN nstx-1.1-beta6/Makefile nstx-1.1-beta6.new/Makefile --- nstx-1.1-beta6/Makefile 2004-06-27 23:46:38.000000000 +0200 +++ nstx-1.1-beta6.new/Makefile 2006-12-24 12:15:23.000000000 +0100 @@ -1,4 +1,4 @@ -CFLAGS += -ggdb -Wall -Werror +CFLAGS += -ggdb -Wall -Werror -Wsign-compare NSTXD_SRCS = nstxd.c nstx_encode.c nstx_pstack.c nstx_dns.c nstx_tuntap.c nstx_queue.c NSTXD_OBJS = ${NSTXD_SRCS:.c=.o} diff -urN nstx-1.1-beta6/nstx_dns.c nstx-1.1-beta6.new/nstx_dns.c --- nstx-1.1-beta6/nstx_dns.c 2004-06-27 23:43:34.000000000 +0200 +++ nstx-1.1-beta6.new/nstx_dns.c 2006-12-24 12:15:23.000000000 +0100 @@ -6,6 +6,7 @@ #include #include #include +#include #include "nstxfun.h" #include "nstxdns.h" @@ -58,7 +59,7 @@ * DNS-packet 'msg'. */ static char * -decompress_label(const char *msg, int msglen, const char *lbl) +decompress_label(const char *msg, unsigned int msglen, const char *lbl) { const char *ptr = lbl; char *buf; @@ -69,7 +70,7 @@ while ((chunklen = *ptr)) { if (chunklen > 63) { - if ((ptr-msg) >= (msglen-1)) { + if ((ptr-msg) >= ((signed int)msglen-1)) { DEBUG("Bad pointer at end of msg"); if (buf) free(buf); @@ -104,13 +105,15 @@ ptr += chunklen + 1; } } - buf[buflen] = 0; - buflen++; + if (buf) { + buf[buflen] = 0; + buflen++; + } return buf; } static const unsigned char * -_cstringify(const unsigned char *data, int *dlen, int clen) +_cstringify(const unsigned char *data, int *dlen, unsigned int clen) { static unsigned char *buf; @@ -143,7 +146,7 @@ { int len; - len = strlen(data); + len = strlen((char*)data); return _cstringify(data, &len, 63); } @@ -183,24 +186,24 @@ static const unsigned char * lbl2data (const unsigned char *data, size_t len) { - static unsigned char *buf; - + static signed char *buf = NULL; const unsigned char *s = data; - unsigned char *d; - unsigned int llen; + signed char *d; + signed int llen; d = buf = realloc(buf, len); + assert(d); do { llen = *s++; - if ((llen > 63) || (llen > len - (s - data))) - return NULL; + if ((llen > 63) || (llen > (signed int)(len - (s - data)))) + break; memcpy(d, s, llen); s += llen; d += llen; } while (llen); *d = '\0'; - return buf; + return (const unsigned char*)buf; } /* New DNS-Code */ @@ -318,7 +321,7 @@ const char *ptr; static char *fqdn; - ptr = data2lbl(data); + ptr = (char*)data2lbl((unsigned char*)data); fqdn = realloc(fqdn, strlen(ptr)+strlen(suffix)+1); strcpy(fqdn, ptr); strcat(fqdn, suffix); @@ -336,8 +339,9 @@ free(buf); off = strstr(fqdn, suffix); - if (off) - buf = strdup(lbl2data(fqdn, off - fqdn)); + /* only parse if the fqdn was found, and there is more than the fqdn */ + if (off && off != fqdn) + buf = strdup((char*)lbl2data((unsigned char*)fqdn, off - fqdn)); else /* Our suffix not found... */ buf = NULL; @@ -364,7 +368,7 @@ const char *ptr; char *buf; - ptr = data2txt(data, &len); + ptr = (char*)data2txt((unsigned char*)data, &len); buf = malloc(len); memcpy(buf, ptr, len); @@ -477,7 +481,7 @@ { offsets[i++] = ptr - buf; rrp = _new_listitem(&pkt->query); - rrp->data = decompress_label(buf, len, ptr); + rrp->data = decompress_label((char*)buf, len, (char*)ptr); if (!rrp->data) { syslog(LOG_ERR, "dns_extractpkt: decompress_label choked in qd\n"); @@ -517,8 +521,9 @@ if (j < i) rrp->link = j; } - ptr = _skip_lbl(ptr, &remain); - rrp->len = ptr[8]*256+ptr[9]; + // ptr = _skip_lbl(ptr, &remain); + // rrp->len = ptr[8]*256+ptr[9]; + rrp->len = ptr[10]*256+ptr[11]; ptr += 12; remain -= 12; if (remain < rrp->len) diff -urN nstx-1.1-beta6/nstx_encode.c nstx-1.1-beta6.new/nstx_encode.c --- nstx-1.1-beta6/nstx_encode.c 2004-06-27 23:43:34.000000000 +0200 +++ nstx-1.1-beta6.new/nstx_encode.c 2006-12-24 12:15:23.000000000 +0100 @@ -30,11 +30,11 @@ void init_revmap (void) { - int i; + unsigned int i; revmap = malloc(256); - for (i = 0; i < strlen(map); i++) + for (i = 0; i < strlen((char*)map); i++) revmap[map[i]] = i; } @@ -70,11 +70,11 @@ if (!revmap) init_revmap(); - len = strlen(data)-1; - + len = strlen((char*)data); + buf = realloc(buf, ((len+3)/4)*3); - while (off < len) { + while (off+3 < len) { buf[i+0] = (revmap[data[off]]<<2)|((revmap[data[off+1]]&48)>>4); buf[i+1] = ((revmap[data[off+1]]&15)<<4)|((revmap[data[off+2]]&60)>>2); buf[i+2] = ((revmap[data[off+2]]&3)<<6)|(revmap[data[off+3]]); diff -urN nstx-1.1-beta6/nstx_pstack.c nstx-1.1-beta6.new/nstx_pstack.c --- nstx-1.1-beta6/nstx_pstack.c 2004-06-27 23:43:34.000000000 +0200 +++ nstx-1.1-beta6.new/nstx_pstack.c 2006-12-24 12:15:23.000000000 +0100 @@ -49,7 +49,7 @@ char *netpacket; int netpacketlen; - if ((!ptr) || len < sizeof(struct nstxhdr)) + if ((!ptr) || (signed int) len < (signed int) sizeof(struct nstxhdr)) return; if (!nstxpkt->id) diff -urN nstx-1.1-beta6/nstx_tuntap.c nstx-1.1-beta6.new/nstx_tuntap.c --- nstx-1.1-beta6/nstx_tuntap.c 2004-06-27 23:43:34.000000000 +0200 +++ nstx-1.1-beta6.new/nstx_tuntap.c 2006-12-24 12:15:23.000000000 +0100 @@ -215,7 +215,7 @@ struct nstxmsg *nstx_select (int timeout) { - int peerlen; + unsigned peerlen; fd_set set; struct timeval tv; static struct nstxmsg *ret = NULL; diff -urN nstx-1.1-beta6/nstxcd.8 nstx-1.1-beta6.new/nstxcd.8 --- nstx-1.1-beta6/nstxcd.8 1970-01-01 01:00:00.000000000 +0100 +++ nstx-1.1-beta6.new/nstxcd.8 2006-12-24 12:15:23.000000000 +0100 @@ -0,0 +1,36 @@ +.TH NSTXCD "8" "May 2004" "nstx 1.1-beta4" "User Commands" +.SH NAME +nstxcd \- IP over DNS tunneling client + +.SH SYNOPSIS +.B "nstxcd \fIDOMAIN\fR \fIIPADDRESS\fR" + +.SH DESCRIPTION +.B nstxcd +tunnels IP packets over DNS, allowing them to be sent to a server without +any protocols other than DNS being used. + +.SH OPTIONS +.B nstxcd +takes the following options: +.IP "domain" +The domain that nstxcd will send requests to. This domain must be delegated +to a machine that is running nstxd. +.IP "IP address" +The IP address of a DNS server that can be reached from the current machine. + +.SH USAGE +.Bnstxcd +should be run against a domain that has been delegated to a machine running +nstxd. It will then take any packets that are sent to the tun0 interface and +send them over DNS to the other tunnel endpoint. Responses will appear on +the tun0 interface. + +.SH AUTHORS + +.IP +Florian Heinz +.IP +Julien Oster +.IP +http://nstx.dereference.de/nstx/ diff -urN nstx-1.1-beta6/nstxcd.c nstx-1.1-beta6.new/nstxcd.c --- nstx-1.1-beta6/nstxcd.c 2004-06-27 23:43:34.000000000 +0200 +++ nstx-1.1-beta6.new/nstxcd.c 2006-12-24 12:15:23.000000000 +0100 @@ -63,7 +63,7 @@ int main (int argc, char * argv[]) { struct nstxmsg *msg; const char *device = NULL; - char ch; + int ch; nsid = time(NULL); @@ -110,11 +110,11 @@ const char *data; int datalen; - pkt = dns_extractpkt (reply, len); + pkt = dns_extractpkt ((unsigned char*)reply, len); if (!pkt) return; while ((data = dns_getanswerdata(pkt, &datalen))) { - data = txt2data(data, &datalen); + data = (char*)txt2data((unsigned char*)data, &datalen); nstx_handlepacket (data, datalen, &sendtun); } dequeueitem(pkt->id); @@ -159,9 +159,9 @@ data += l; datalen -= l; - dns_addquery(pkt, dns_data2fqdn(nstx_encode(p, sizeof(nh)+l))); + dns_addquery(pkt, dns_data2fqdn(nstx_encode((unsigned char*)p, sizeof(nh)+l))); free(p); - p = dns_constructpacket(pkt, &l); + p = (char*)dns_constructpacket(pkt, &l); sendns(p, l, NULL); free(p); diff -urN nstx-1.1-beta6/nstxd.8 nstx-1.1-beta6.new/nstxd.8 --- nstx-1.1-beta6/nstxd.8 1970-01-01 01:00:00.000000000 +0100 +++ nstx-1.1-beta6.new/nstxd.8 2006-12-24 12:15:23.000000000 +0100 @@ -0,0 +1,47 @@ +.TH NSTXD "7" "Mar 2005" "nstx 1.1-beta6" "User Commands" +.SH NAME +nstxd \- IP over DNS tunneling daemon + +.SH SYNOPSIS +.B "nstxd \fIOPTION\fR \fIDOMAIN\fR" + +.SH DESCRIPTION +.B nstxd +listens for well formed DNS requests and translates them into IP packets. +Responses are sent in the form of DNS replies. This allows clients to +tunnel IP packets over the DNS protocol. + +.SH OPTIONS +.B nstxd +takes the following option: +.IP \-d tun-device +Use this tun device instead of tun0 +.IP \-i ipaddr +Bind to this IP address rather than every available address +.IP \-C dir +Chroot to this directory on startup +.IP \-D +Daemonize on startup +.IP \-g +Switch on debug messages +.IP \-u user +Run as the following user +.IP "domain" +The domain that nstxd will listen to requests for. This should be a domain +that is delegated to the machine running nstxd. + +.SH USAGE +A domain should be delegated to the machine that will run nstxd. nstxd should +then be run giving that domain as the only argument. nstxd will then listen +for requests and translate them into IP packets that will appear on the tun0 +interface. Packets sent to the tun0 interface will be transferred back to +the client as DNS answers. + +.SH AUTHORS + +.IP +Florian Heinz +.IP +Julien Oster +.IP +http://nstx.dereference.de/nstx/ diff -urN nstx-1.1-beta6/nstxd.c nstx-1.1-beta6.new/nstxd.c --- nstx-1.1-beta6/nstxd.c 2004-06-27 23:55:17.000000000 +0200 +++ nstx-1.1-beta6.new/nstxd.c 2006-12-24 12:15:23.000000000 +0100 @@ -67,7 +67,7 @@ } int main (int argc, char *argv[]) { - char ch; + signed char ch; const char *device = NULL, *dir = NULL; in_addr_t bindto = INADDR_ANY; uid_t uid = 0; @@ -172,7 +172,7 @@ dns_setid(pkt, q->id); dns_settype(pkt, DNS_RESPONSE); dns_addanswer(pkt, "\xb4\x00\x00\x00", 4, dns_addquery(pkt, q->name)); - buf = dns_constructpacket (pkt, &len); + buf = (char*)dns_constructpacket (pkt, &len); sendns(buf, len, &q->peer); free(buf); } @@ -188,7 +188,7 @@ if (msg) { if (msg->src == FROMNS) { - pkt = dns_extractpkt(msg->data, msg->len); + pkt = dns_extractpkt((unsigned char*)msg->data, msg->len); if (pkt) { name = dns_getquerydata(pkt); @@ -198,7 +198,7 @@ name); queueitem(pkt->id, name, &msg->peer); if ((data = dns_fqdn2data(name)) && - (buf = nstx_decode(data, &len))) + (buf = nstx_decode((unsigned char*)data, &len))) { nstx_handlepacket(buf, len, &sendtun); } @@ -220,7 +220,7 @@ len = dns_getfreespace(pkt, DNS_RESPONSE); buf = dequeue_senditem(&len); dns_addanswer(pkt, buf, len, link); - buf = dns_constructpacket(pkt, &len); + buf = (char*)dns_constructpacket(pkt, &len); sendns(buf, len, &qitem->peer); } timeoutqueue(do_timeout);