ipsec-tools: slightly improve the security.

If racoon is running as a service, do not trust
the script passed from the control socket.

Change-Id: I8e0115848cd4fa865d68452c9ecab20f6eac0921

2 files changed, 7 insertions, 4 deletions

diff --git a/main.c b/main.c
index da52e0f..7387756 100644
--- a/main.c
+++ b/main.c
@@ -92,12 +92,12 @@ static int android_get_control_and_arguments(int *argc, char ***argv)
     return control;
 }
 
-void android_setenv(char **envp)
+const char *android_hook(char **envp)
 {
     struct ifreq ifr = {.ifr_flags = IFF_TUN};
     int tun = open("/dev/tun", 0);
 
-    /* Android does not support INTERNAL_WINS4_LIST, so we just replace it. */
+    /* Android does not support INTERNAL_WINS4_LIST, so we just use it. */
     while (*envp && strncmp(*envp, "INTERNAL_WINS4_LIST=", 20)) {
         ++envp;
     }
@@ -110,6 +110,7 @@ void android_setenv(char **envp)
         exit(1);
     }
     sprintf(*envp, "INTERFACE=%s", ifr.ifr_name);
+    return "/etc/ppp/ip-up-vpn";
 }
 
 #endif
diff --git a/setup.c b/setup.c
index 17cbbcb..d37d44d 100644
--- a/setup.c
+++ b/setup.c
@@ -554,7 +554,7 @@ static char *get_env(char * const *envp, char *key)
 }
 
 static int skip_script = 0;
-extern void android_setenv(char **envp);
+extern const char *android_hook(char **envp);
 
 int privsep_script_exec(char *script, int name, char * const *envp)
 {
@@ -572,7 +572,9 @@ int privsep_script_exec(char *script, int name, char * const *envp)
 
         if (addr4 && local && remote) {
 #ifdef ANDROID_CHANGES
-            android_setenv((char **)envp);
+            if (pname) {
+                script = (char *)android_hook((char **)envp);
+            }
 #endif
             spdadd(addr4, NULL, IPPROTO_IP, local, remote);
         } else {