rpms / freeradius

Clone
Source Code
GIT

Blame SOURCES/freeradius-Fix-some-issues-found-with-static-analyzers.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-3.0 c8-stream-3.0 c8s-stream-3.0 c9 c9-beta
  1.   63f9cc2f74d6c966c45c62e4d39b085d7133c08e
  2.   SOURCES
  3.   freeradius-Fix-some-issues-found-with-static-analyzers.patch
Blob History Raw
44d58a 
From 7024d6ce061d57af65fe3a068803212581552f96 Mon Sep 17 00:00:00 2001
44d58a 
From: "Alan T. DeKok" <aland@freeradius.org>
44d58a 
Date: Fri, 10 Mar 2017 09:11:03 -0500
44d58a 
Subject: [PATCH] Fix some issues found with static analyzers
44d58a
44d58a 
Fix some issues found with static analyzers. Includes the following.
44d58a
44d58a 
Coverity.  Closes #1937
44d58a
44d58a 
(cherry picked from commit 521e2a9bd3b1b49555bcd9fb90b03c456f616070)
44d58a
44d58a 
Allo session resumption for RadSec connectins.  Closes #1936
44d58a
44d58a 
(cherry picked from commit 43efa4321d7cd9fca1184f999e1cadeff3afda02)
44d58a
44d58a 
request->packet cannot be NULL. Helps with #1935
44d58a
44d58a 
(cherry picked from commit 7f22c30476be495438d5bc4dbec2f618f09c0b15)
44d58a
44d58a 
remove unused variable
44d58a
44d58a 
(cherry picked from commit d9bfc70efbf575258425d2ca86160490e0c36a45)
44d58a
44d58a 
close open FDs on error, and use error path in more situations
44d58a
44d58a 
(cherry picked from commit e51af914bc5fdf879f821e6a1ecfe700bff937ca)
44d58a
44d58a 
return RLM_MODULE_FAIL for default switch statement
44d58a
44d58a 
(cherry picked from commit cdfa6e15065a4a616c96af516936117124a1c293)
44d58a
44d58a 
Remove always-false condition in rlm_eap_fast
44d58a
44d58a 
(cherry picked from commit 96d7a5e2bb393b4fd1b6cb6e0a6858e6c18eb96a)
44d58a
44d58a 
Remove always-false condition from cf_item_parse
44d58a
44d58a 
(cherry picked from commit 92624adf8170fb133b330fe02d8940a8bac86189)
44d58a
44d58a 
Ensure that error is always initialized
44d58a
44d58a 
(cherry picked from commit c483d8456e44747621334b318483c3a33752aaac)
44d58a 
---
44d58a 
 src/main/command.c                                | 15 ++++++++-------
44d58a 
 src/main/conffile.c                               |  2 --
44d58a 
 src/main/process.c                                |  5 +++--
44d58a 
 src/main/tls.c                                    | 12 ++++++------
44d58a 
 src/main/xlat.c                                   |  6 +++++-
44d58a 
 src/modules/rlm_cache/rlm_cache.c                 |  3 ++-
44d58a 
 src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c |  3 ---
44d58a 
 src/modules/rlm_mschap/rlm_mschap.c               |  2 +-
44d58a 
 8 files changed, 25 insertions(+), 23 deletions(-)
44d58a
44d58a 
diff --git a/src/main/command.c b/src/main/command.c
44d58a 
index d3b729f9a..34c5268d7 100644
44d58a 
--- a/src/main/command.c
44d58a 
+++ b/src/main/command.c
44d58a 
@@ -345,7 +345,7 @@ static int fr_server_domain_socket_perm(UNUSED char const *path, UNUSED uid_t ui
44d58a 
  */
44d58a 
 static int fr_server_domain_socket_perm(char const *path, uid_t uid, gid_t gid)
44d58a 
 {
44d58a 
-	int			dir_fd = -1, path_fd = -1, sock_fd = -1, parent_fd = -1;
44d58a 
+	int			dir_fd = -1, sock_fd = -1, parent_fd = -1;
44d58a 
 	char const		*name;
44d58a 
 	char			*buff = NULL, *dir = NULL, *p;
44d58a
44d58a 
@@ -392,8 +392,9 @@ static int fr_server_domain_socket_perm(char const *path, uid_t uid, gid_t gid)
44d58a 
 		fr_strerror_printf("Failed determining parent directory");
44d58a 
 	error:
44d58a 
 		talloc_free(dir);
44d58a 
-		close(dir_fd);
44d58a 
-		close(path_fd);
44d58a 
+		if (sock_fd >= 0) close(sock_fd);
44d58a 
+		if (dir_fd >= 0) close(dir_fd);
44d58a 
+		if (parent_fd >= 0) close(parent_fd);
44d58a 
 		return -1;
44d58a 
 	}
44d58a
44d58a 
@@ -459,7 +460,7 @@ static int fr_server_domain_socket_perm(char const *path, uid_t uid, gid_t gid)
44d58a 
 		if (ret < 0) {
44d58a 
 			fr_strerror_printf("Failed changing ownership of control socket directory: %s",
44d58a 
 					   fr_syserror(errno));
44d58a 
-			return -1;
44d58a 
+			goto error;
44d58a 
 		}
44d58a 
 	/*
44d58a 
 	 *	Control socket dir already exists, but we still need to
44d58a 
@@ -527,7 +528,7 @@ static int fr_server_domain_socket_perm(char const *path, uid_t uid, gid_t gid)
44d58a 
 		if (client_fd >= 0) {
44d58a 
 			fr_strerror_printf("Control socket '%s' is already in use", path);
44d58a 
 			close(client_fd);
44d58a 
-			return -1;
44d58a 
+			goto error;
44d58a 
 		}
44d58a 
 	}
44d58a
44d58a 
@@ -676,8 +677,8 @@ static int fr_server_domain_socket_perm(char const *path, uid_t uid, gid_t gid)
44d58a 
 	if (uid != (uid_t)-1) rad_seuid(euid);
44d58a 
 	if (gid != (gid_t)-1) rad_segid(egid);
44d58a
44d58a 
-	close(dir_fd);
44d58a 
-	close(path_fd);
44d58a 
+	if (dir_fd >= 0) close(dir_fd);
44d58a 
+	if (parent_fd >= 0) close(parent_fd);
44d58a
44d58a 
 	return sock_fd;
44d58a 
 }
44d58a 
diff --git a/src/main/conffile.c b/src/main/conffile.c
44d58a 
index df78184bd..10c029a0e 100644
44d58a 
--- a/src/main/conffile.c
44d58a 
+++ b/src/main/conffile.c
44d58a 
@@ -1474,7 +1474,6 @@ int cf_item_parse(CONF_SECTION *cs, char const *name, unsigned int type, void *d
44d58a
44d58a 
 	if (!value) {
44d58a 
 		if (required) {
44d58a 
-		is_required:
44d58a 
 			cf_log_err(c_item, "Configuration item \"%s\" must have a value", name);
44d58a
44d58a 
 			return -1;
44d58a 
@@ -1620,7 +1619,6 @@ int cf_item_parse(CONF_SECTION *cs, char const *name, unsigned int type, void *d
44d58a 
 			}
44d58a 
 		}
44d58a
44d58a 
-		if (required && !value) goto is_required;
44d58a 
 		if (cant_be_empty && (value[0] == '\0')) goto cant_be_empty;
44d58a
44d58a 
 		if (attribute) {
44d58a 
diff --git a/src/main/process.c b/src/main/process.c
44d58a 
index c5a690672..c3856c7a1 100644
44d58a 
--- a/src/main/process.c
44d58a 
+++ b/src/main/process.c
44d58a 
@@ -2122,8 +2122,9 @@ static void remove_from_proxy_hash_nl(REQUEST *request, bool yank)
44d58a 
 	}
44d58a
44d58a 
 #ifdef WITH_TCP
44d58a 
-	rad_assert(request->proxy_listener != NULL);
44d58a 
-	request->proxy_listener->count--;
44d58a 
+	if (request->proxy_listener) {
44d58a 
+		request->proxy_listener->count--;
44d58a 
+	}
44d58a 
 #endif
44d58a 
 	request->proxy_listener = NULL;
44d58a
44d58a 
diff --git a/src/main/tls.c b/src/main/tls.c
44d58a 
index caa7e62ed..a72be2b63 100644
44d58a 
--- a/src/main/tls.c
44d58a 
+++ b/src/main/tls.c
44d58a 
@@ -1360,7 +1360,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess)
44d58a 
 		blob_len = i2d_SSL_SESSION(sess, NULL);
44d58a 
 		if (blob_len < 1) {
44d58a 
 			/* something went wrong */
44d58a 
-			RWDEBUG("Session serialisation failed, couldn't determine required buffer length");
44d58a 
+			if (request) RWDEBUG("Session serialisation failed, couldn't determine required buffer length");
44d58a 
 			return 0;
44d58a 
 		}
44d58a
44d58a 
@@ -1375,7 +1375,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess)
44d58a 
 		p = sess_blob;
44d58a 
 		rv = i2d_SSL_SESSION(sess, &p);
44d58a 
 		if (rv != blob_len) {
44d58a 
-			RWDEBUG("Session serialisation failed");
44d58a 
+			if (request) RWDEBUG("Session serialisation failed");
44d58a 
 			goto error;
44d58a 
 		}
44d58a
44d58a 
@@ -1384,8 +1384,8 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess)
44d58a 
 			 conf->session_cache_path, FR_DIR_SEP, buffer);
44d58a 
 		fd = open(filename, O_RDWR|O_CREAT|O_EXCL, 0600);
44d58a 
 		if (fd < 0) {
44d58a 
-			RERROR("Session serialisation failed, failed opening session file %s: %s",
44d58a 
-			      filename, fr_syserror(errno));
44d58a 
+			if (request) RERROR("Session serialisation failed, failed opening session file %s: %s",
44d58a 
+					    filename, fr_syserror(errno));
44d58a 
 			goto error;
44d58a 
 		}
44d58a
44d58a 
@@ -1409,7 +1409,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess)
44d58a 
 		while (todo > 0) {
44d58a 
 			rv = write(fd, p, todo);
44d58a 
 			if (rv < 1) {
44d58a 
-				RWDEBUG("Failed writing session: %s", fr_syserror(errno));
44d58a 
+				if (request) RWDEBUG("Failed writing session: %s", fr_syserror(errno));
44d58a 
 				close(fd);
44d58a 
 				goto error;
44d58a 
 			}
44d58a 
@@ -1417,7 +1417,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess)
44d58a 
 			todo -= rv;
44d58a 
 		}
44d58a 
 		close(fd);
44d58a 
-		RWDEBUG("Wrote session %s to %s (%d bytes)", buffer, filename, blob_len);
44d58a 
+		if (request) RWDEBUG("Wrote session %s to %s (%d bytes)", buffer, filename, blob_len);
44d58a 
 	}
44d58a
44d58a 
 error:
44d58a 
diff --git a/src/main/xlat.c b/src/main/xlat.c
44d58a 
index 31987289c..aeac3a4c3 100644
44d58a 
--- a/src/main/xlat.c
44d58a 
+++ b/src/main/xlat.c
44d58a 
@@ -1787,7 +1787,10 @@ static ssize_t xlat_tokenize_request(REQUEST *request, char const *fmt, xlat_exp
44d58a 
 	 *	much faster.
44d58a 
 	 */
44d58a 
 	tokens = talloc_typed_strdup(request, fmt);
44d58a 
-	if (!tokens) return -1;
44d58a 
+	if (!tokens) {
44d58a 
+		error = "Out of memory";
44d58a 
+		return -1;
44d58a 
+	}
44d58a
44d58a 
 	slen = xlat_tokenize_literal(request, tokens, head, false, &error);
44d58a
44d58a 
@@ -1806,6 +1809,7 @@ static ssize_t xlat_tokenize_request(REQUEST *request, char const *fmt, xlat_exp
44d58a 
 	 */
44d58a 
 	if (slen < 0) {
44d58a 
 		talloc_free(tokens);
44d58a 
+
44d58a 
 		rad_assert(error != NULL);
44d58a
44d58a 
 		REMARKER(fmt, -slen, error);
44d58a 
diff --git a/src/modules/rlm_cache/rlm_cache.c b/src/modules/rlm_cache/rlm_cache.c
44d58a 
index 248de8bf9..54449747f 100644
44d58a 
--- a/src/modules/rlm_cache/rlm_cache.c
44d58a 
+++ b/src/modules/rlm_cache/rlm_cache.c
44d58a 
@@ -126,7 +126,8 @@ static void CC_HINT(nonnull) cache_merge(rlm_cache_t *inst, REQUEST *request, rl
44d58a
44d58a 
 	RDEBUG2("Merging cache entry into request");
44d58a
44d58a 
-	if (c->packet && request->packet) {
44d58a 
+	if (c->packet) {
44d58a 
+		rad_assert(request->packet != NULL);
44d58a 
 		rdebug_pair_list(L_DBG_LVL_2, request, c->packet, "&request:");
44d58a 
 		radius_pairmove(request, &request->packet->vps, fr_pair_list_copy(request->packet, c->packet), false);
44d58a 
 	}
44d58a 
diff --git a/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c b/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
44d58a 
index dba2c1462..95e521718 100644
44d58a 
--- a/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
44d58a 
+++ b/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
44d58a 
@@ -1235,9 +1235,6 @@ PW_CODE eap_fast_process(eap_handler_t *eap_session, tls_session_t *tls_session)
44d58a
44d58a 
 		eap_fast_append_result(tls_session, code);
44d58a
44d58a 
-		if (code == PW_CODE_ACCESS_REJECT)
44d58a 
-			break;
44d58a 
-
44d58a 
 		if (t->pac.send) {
44d58a 
 			RDEBUG("Peer requires new PAC");
44d58a 
 			eap_fast_send_pac_tunnel(request, tls_session);
44d58a 
diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c
44d58a 
index aba15f826..c702f1b45 100644
44d58a 
--- a/src/modules/rlm_mschap/rlm_mschap.c
44d58a 
+++ b/src/modules/rlm_mschap/rlm_mschap.c
44d58a 
@@ -1471,7 +1471,7 @@ static rlm_rcode_t mschap_error(rlm_mschap_t *inst, REQUEST *request, unsigned c
44d58a 
 		break;
44d58a
44d58a 
 	default:
44d58a 
-		rad_assert(0);
44d58a 
+		return RLM_MODULE_FAIL;
44d58a 
 	}
44d58a 
 	mschap_add_reply(request, ident, "MS-CHAP-Error", buffer, strlen(buffer));
44d58a
44d58a 
--
44d58a 
2.11.0
44d58a

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation