|
|
653d32 |
From 7024d6ce061d57af65fe3a068803212581552f96 Mon Sep 17 00:00:00 2001
|
|
|
653d32 |
From: "Alan T. DeKok" <aland@freeradius.org>
|
|
|
653d32 |
Date: Fri, 10 Mar 2017 09:11:03 -0500
|
|
|
653d32 |
Subject: [PATCH] Fix some issues found with static analyzers
|
|
|
653d32 |
|
|
|
653d32 |
Fix some issues found with static analyzers. Includes the following.
|
|
|
653d32 |
|
|
|
653d32 |
Coverity. Closes #1937
|
|
|
653d32 |
|
|
|
653d32 |
(cherry picked from commit 521e2a9bd3b1b49555bcd9fb90b03c456f616070)
|
|
|
653d32 |
|
|
|
653d32 |
Allo session resumption for RadSec connectins. Closes #1936
|
|
|
653d32 |
|
|
|
653d32 |
(cherry picked from commit 43efa4321d7cd9fca1184f999e1cadeff3afda02)
|
|
|
653d32 |
|
|
|
653d32 |
request->packet cannot be NULL. Helps with #1935
|
|
|
653d32 |
|
|
|
653d32 |
(cherry picked from commit 7f22c30476be495438d5bc4dbec2f618f09c0b15)
|
|
|
653d32 |
|
|
|
653d32 |
remove unused variable
|
|
|
653d32 |
|
|
|
653d32 |
(cherry picked from commit d9bfc70efbf575258425d2ca86160490e0c36a45)
|
|
|
653d32 |
|
|
|
653d32 |
close open FDs on error, and use error path in more situations
|
|
|
653d32 |
|
|
|
653d32 |
(cherry picked from commit e51af914bc5fdf879f821e6a1ecfe700bff937ca)
|
|
|
653d32 |
|
|
|
653d32 |
return RLM_MODULE_FAIL for default switch statement
|
|
|
653d32 |
|
|
|
653d32 |
(cherry picked from commit cdfa6e15065a4a616c96af516936117124a1c293)
|
|
|
653d32 |
|
|
|
653d32 |
Remove always-false condition in rlm_eap_fast
|
|
|
653d32 |
|
|
|
653d32 |
(cherry picked from commit 96d7a5e2bb393b4fd1b6cb6e0a6858e6c18eb96a)
|
|
|
653d32 |
|
|
|
653d32 |
Remove always-false condition from cf_item_parse
|
|
|
653d32 |
|
|
|
653d32 |
(cherry picked from commit 92624adf8170fb133b330fe02d8940a8bac86189)
|
|
|
653d32 |
|
|
|
653d32 |
Ensure that error is always initialized
|
|
|
653d32 |
|
|
|
653d32 |
(cherry picked from commit c483d8456e44747621334b318483c3a33752aaac)
|
|
|
653d32 |
---
|
|
|
653d32 |
src/main/command.c | 15 ++++++++-------
|
|
|
653d32 |
src/main/conffile.c | 2 --
|
|
|
653d32 |
src/main/process.c | 5 +++--
|
|
|
653d32 |
src/main/tls.c | 12 ++++++------
|
|
|
653d32 |
src/main/xlat.c | 6 +++++-
|
|
|
653d32 |
src/modules/rlm_cache/rlm_cache.c | 3 ++-
|
|
|
653d32 |
src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c | 3 ---
|
|
|
653d32 |
src/modules/rlm_mschap/rlm_mschap.c | 2 +-
|
|
|
653d32 |
8 files changed, 25 insertions(+), 23 deletions(-)
|
|
|
653d32 |
|
|
|
653d32 |
diff --git a/src/main/command.c b/src/main/command.c
|
|
|
653d32 |
index d3b729f9a..34c5268d7 100644
|
|
|
653d32 |
--- a/src/main/command.c
|
|
|
653d32 |
+++ b/src/main/command.c
|
|
|
653d32 |
@@ -345,7 +345,7 @@ static int fr_server_domain_socket_perm(UNUSED char const *path, UNUSED uid_t ui
|
|
|
653d32 |
*/
|
|
|
653d32 |
static int fr_server_domain_socket_perm(char const *path, uid_t uid, gid_t gid)
|
|
|
653d32 |
{
|
|
|
653d32 |
- int dir_fd = -1, path_fd = -1, sock_fd = -1, parent_fd = -1;
|
|
|
653d32 |
+ int dir_fd = -1, sock_fd = -1, parent_fd = -1;
|
|
|
653d32 |
char const *name;
|
|
|
653d32 |
char *buff = NULL, *dir = NULL, *p;
|
|
|
653d32 |
|
|
|
653d32 |
@@ -392,8 +392,9 @@ static int fr_server_domain_socket_perm(char const *path, uid_t uid, gid_t gid)
|
|
|
653d32 |
fr_strerror_printf("Failed determining parent directory");
|
|
|
653d32 |
error:
|
|
|
653d32 |
talloc_free(dir);
|
|
|
653d32 |
- close(dir_fd);
|
|
|
653d32 |
- close(path_fd);
|
|
|
653d32 |
+ if (sock_fd >= 0) close(sock_fd);
|
|
|
653d32 |
+ if (dir_fd >= 0) close(dir_fd);
|
|
|
653d32 |
+ if (parent_fd >= 0) close(parent_fd);
|
|
|
653d32 |
return -1;
|
|
|
653d32 |
}
|
|
|
653d32 |
|
|
|
653d32 |
@@ -459,7 +460,7 @@ static int fr_server_domain_socket_perm(char const *path, uid_t uid, gid_t gid)
|
|
|
653d32 |
if (ret < 0) {
|
|
|
653d32 |
fr_strerror_printf("Failed changing ownership of control socket directory: %s",
|
|
|
653d32 |
fr_syserror(errno));
|
|
|
653d32 |
- return -1;
|
|
|
653d32 |
+ goto error;
|
|
|
653d32 |
}
|
|
|
653d32 |
/*
|
|
|
653d32 |
* Control socket dir already exists, but we still need to
|
|
|
653d32 |
@@ -527,7 +528,7 @@ static int fr_server_domain_socket_perm(char const *path, uid_t uid, gid_t gid)
|
|
|
653d32 |
if (client_fd >= 0) {
|
|
|
653d32 |
fr_strerror_printf("Control socket '%s' is already in use", path);
|
|
|
653d32 |
close(client_fd);
|
|
|
653d32 |
- return -1;
|
|
|
653d32 |
+ goto error;
|
|
|
653d32 |
}
|
|
|
653d32 |
}
|
|
|
653d32 |
|
|
|
653d32 |
@@ -676,8 +677,8 @@ static int fr_server_domain_socket_perm(char const *path, uid_t uid, gid_t gid)
|
|
|
653d32 |
if (uid != (uid_t)-1) rad_seuid(euid);
|
|
|
653d32 |
if (gid != (gid_t)-1) rad_segid(egid);
|
|
|
653d32 |
|
|
|
653d32 |
- close(dir_fd);
|
|
|
653d32 |
- close(path_fd);
|
|
|
653d32 |
+ if (dir_fd >= 0) close(dir_fd);
|
|
|
653d32 |
+ if (parent_fd >= 0) close(parent_fd);
|
|
|
653d32 |
|
|
|
653d32 |
return sock_fd;
|
|
|
653d32 |
}
|
|
|
653d32 |
diff --git a/src/main/conffile.c b/src/main/conffile.c
|
|
|
653d32 |
index df78184bd..10c029a0e 100644
|
|
|
653d32 |
--- a/src/main/conffile.c
|
|
|
653d32 |
+++ b/src/main/conffile.c
|
|
|
653d32 |
@@ -1474,7 +1474,6 @@ int cf_item_parse(CONF_SECTION *cs, char const *name, unsigned int type, void *d
|
|
|
653d32 |
|
|
|
653d32 |
if (!value) {
|
|
|
653d32 |
if (required) {
|
|
|
653d32 |
- is_required:
|
|
|
653d32 |
cf_log_err(c_item, "Configuration item \"%s\" must have a value", name);
|
|
|
653d32 |
|
|
|
653d32 |
return -1;
|
|
|
653d32 |
@@ -1620,7 +1619,6 @@ int cf_item_parse(CONF_SECTION *cs, char const *name, unsigned int type, void *d
|
|
|
653d32 |
}
|
|
|
653d32 |
}
|
|
|
653d32 |
|
|
|
653d32 |
- if (required && !value) goto is_required;
|
|
|
653d32 |
if (cant_be_empty && (value[0] == '\0')) goto cant_be_empty;
|
|
|
653d32 |
|
|
|
653d32 |
if (attribute) {
|
|
|
653d32 |
diff --git a/src/main/process.c b/src/main/process.c
|
|
|
653d32 |
index c5a690672..c3856c7a1 100644
|
|
|
653d32 |
--- a/src/main/process.c
|
|
|
653d32 |
+++ b/src/main/process.c
|
|
|
653d32 |
@@ -2122,8 +2122,9 @@ static void remove_from_proxy_hash_nl(REQUEST *request, bool yank)
|
|
|
653d32 |
}
|
|
|
653d32 |
|
|
|
653d32 |
#ifdef WITH_TCP
|
|
|
653d32 |
- rad_assert(request->proxy_listener != NULL);
|
|
|
653d32 |
- request->proxy_listener->count--;
|
|
|
653d32 |
+ if (request->proxy_listener) {
|
|
|
653d32 |
+ request->proxy_listener->count--;
|
|
|
653d32 |
+ }
|
|
|
653d32 |
#endif
|
|
|
653d32 |
request->proxy_listener = NULL;
|
|
|
653d32 |
|
|
|
653d32 |
diff --git a/src/main/tls.c b/src/main/tls.c
|
|
|
653d32 |
index caa7e62ed..a72be2b63 100644
|
|
|
653d32 |
--- a/src/main/tls.c
|
|
|
653d32 |
+++ b/src/main/tls.c
|
|
|
653d32 |
@@ -1360,7 +1360,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess)
|
|
|
653d32 |
blob_len = i2d_SSL_SESSION(sess, NULL);
|
|
|
653d32 |
if (blob_len < 1) {
|
|
|
653d32 |
/* something went wrong */
|
|
|
653d32 |
- RWDEBUG("Session serialisation failed, couldn't determine required buffer length");
|
|
|
653d32 |
+ if (request) RWDEBUG("Session serialisation failed, couldn't determine required buffer length");
|
|
|
653d32 |
return 0;
|
|
|
653d32 |
}
|
|
|
653d32 |
|
|
|
653d32 |
@@ -1375,7 +1375,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess)
|
|
|
653d32 |
p = sess_blob;
|
|
|
653d32 |
rv = i2d_SSL_SESSION(sess, &p);
|
|
|
653d32 |
if (rv != blob_len) {
|
|
|
653d32 |
- RWDEBUG("Session serialisation failed");
|
|
|
653d32 |
+ if (request) RWDEBUG("Session serialisation failed");
|
|
|
653d32 |
goto error;
|
|
|
653d32 |
}
|
|
|
653d32 |
|
|
|
653d32 |
@@ -1384,8 +1384,8 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess)
|
|
|
653d32 |
conf->session_cache_path, FR_DIR_SEP, buffer);
|
|
|
653d32 |
fd = open(filename, O_RDWR|O_CREAT|O_EXCL, 0600);
|
|
|
653d32 |
if (fd < 0) {
|
|
|
653d32 |
- RERROR("Session serialisation failed, failed opening session file %s: %s",
|
|
|
653d32 |
- filename, fr_syserror(errno));
|
|
|
653d32 |
+ if (request) RERROR("Session serialisation failed, failed opening session file %s: %s",
|
|
|
653d32 |
+ filename, fr_syserror(errno));
|
|
|
653d32 |
goto error;
|
|
|
653d32 |
}
|
|
|
653d32 |
|
|
|
653d32 |
@@ -1409,7 +1409,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess)
|
|
|
653d32 |
while (todo > 0) {
|
|
|
653d32 |
rv = write(fd, p, todo);
|
|
|
653d32 |
if (rv < 1) {
|
|
|
653d32 |
- RWDEBUG("Failed writing session: %s", fr_syserror(errno));
|
|
|
653d32 |
+ if (request) RWDEBUG("Failed writing session: %s", fr_syserror(errno));
|
|
|
653d32 |
close(fd);
|
|
|
653d32 |
goto error;
|
|
|
653d32 |
}
|
|
|
653d32 |
@@ -1417,7 +1417,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess)
|
|
|
653d32 |
todo -= rv;
|
|
|
653d32 |
}
|
|
|
653d32 |
close(fd);
|
|
|
653d32 |
- RWDEBUG("Wrote session %s to %s (%d bytes)", buffer, filename, blob_len);
|
|
|
653d32 |
+ if (request) RWDEBUG("Wrote session %s to %s (%d bytes)", buffer, filename, blob_len);
|
|
|
653d32 |
}
|
|
|
653d32 |
|
|
|
653d32 |
error:
|
|
|
653d32 |
diff --git a/src/main/xlat.c b/src/main/xlat.c
|
|
|
653d32 |
index 31987289c..aeac3a4c3 100644
|
|
|
653d32 |
--- a/src/main/xlat.c
|
|
|
653d32 |
+++ b/src/main/xlat.c
|
|
|
653d32 |
@@ -1787,7 +1787,10 @@ static ssize_t xlat_tokenize_request(REQUEST *request, char const *fmt, xlat_exp
|
|
|
653d32 |
* much faster.
|
|
|
653d32 |
*/
|
|
|
653d32 |
tokens = talloc_typed_strdup(request, fmt);
|
|
|
653d32 |
- if (!tokens) return -1;
|
|
|
653d32 |
+ if (!tokens) {
|
|
|
653d32 |
+ error = "Out of memory";
|
|
|
653d32 |
+ return -1;
|
|
|
653d32 |
+ }
|
|
|
653d32 |
|
|
|
653d32 |
slen = xlat_tokenize_literal(request, tokens, head, false, &error);
|
|
|
653d32 |
|
|
|
653d32 |
@@ -1806,6 +1809,7 @@ static ssize_t xlat_tokenize_request(REQUEST *request, char const *fmt, xlat_exp
|
|
|
653d32 |
*/
|
|
|
653d32 |
if (slen < 0) {
|
|
|
653d32 |
talloc_free(tokens);
|
|
|
653d32 |
+
|
|
|
653d32 |
rad_assert(error != NULL);
|
|
|
653d32 |
|
|
|
653d32 |
REMARKER(fmt, -slen, error);
|
|
|
653d32 |
diff --git a/src/modules/rlm_cache/rlm_cache.c b/src/modules/rlm_cache/rlm_cache.c
|
|
|
653d32 |
index 248de8bf9..54449747f 100644
|
|
|
653d32 |
--- a/src/modules/rlm_cache/rlm_cache.c
|
|
|
653d32 |
+++ b/src/modules/rlm_cache/rlm_cache.c
|
|
|
653d32 |
@@ -126,7 +126,8 @@ static void CC_HINT(nonnull) cache_merge(rlm_cache_t *inst, REQUEST *request, rl
|
|
|
653d32 |
|
|
|
653d32 |
RDEBUG2("Merging cache entry into request");
|
|
|
653d32 |
|
|
|
653d32 |
- if (c->packet && request->packet) {
|
|
|
653d32 |
+ if (c->packet) {
|
|
|
653d32 |
+ rad_assert(request->packet != NULL);
|
|
|
653d32 |
rdebug_pair_list(L_DBG_LVL_2, request, c->packet, "&request:");
|
|
|
653d32 |
radius_pairmove(request, &request->packet->vps, fr_pair_list_copy(request->packet, c->packet), false);
|
|
|
653d32 |
}
|
|
|
653d32 |
diff --git a/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c b/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
|
|
|
653d32 |
index dba2c1462..95e521718 100644
|
|
|
653d32 |
--- a/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
|
|
|
653d32 |
+++ b/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
|
|
|
653d32 |
@@ -1235,9 +1235,6 @@ PW_CODE eap_fast_process(eap_handler_t *eap_session, tls_session_t *tls_session)
|
|
|
653d32 |
|
|
|
653d32 |
eap_fast_append_result(tls_session, code);
|
|
|
653d32 |
|
|
|
653d32 |
- if (code == PW_CODE_ACCESS_REJECT)
|
|
|
653d32 |
- break;
|
|
|
653d32 |
-
|
|
|
653d32 |
if (t->pac.send) {
|
|
|
653d32 |
RDEBUG("Peer requires new PAC");
|
|
|
653d32 |
eap_fast_send_pac_tunnel(request, tls_session);
|
|
|
653d32 |
diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c
|
|
|
653d32 |
index aba15f826..c702f1b45 100644
|
|
|
653d32 |
--- a/src/modules/rlm_mschap/rlm_mschap.c
|
|
|
653d32 |
+++ b/src/modules/rlm_mschap/rlm_mschap.c
|
|
|
653d32 |
@@ -1471,7 +1471,7 @@ static rlm_rcode_t mschap_error(rlm_mschap_t *inst, REQUEST *request, unsigned c
|
|
|
653d32 |
break;
|
|
|
653d32 |
|
|
|
653d32 |
default:
|
|
|
653d32 |
- rad_assert(0);
|
|
|
653d32 |
+ return RLM_MODULE_FAIL;
|
|
|
653d32 |
}
|
|
|
653d32 |
mschap_add_reply(request, ident, "MS-CHAP-Error", buffer, strlen(buffer));
|
|
|
653d32 |
|
|
|
653d32 |
--
|
|
|
653d32 |
2.11.0
|
|
|
653d32 |
|