rpms / freeradius

Clone
Source Code
GIT

Blame SOURCES/freeradius-Fix-some-issues-found-with-static-analyzers.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-3.0 c8-stream-3.0 c8s-stream-3.0 c9 c9-beta
  1.   c7-beta
  2.   SOURCES
  3.   freeradius-Fix-some-issues-found-with-static-analyzers.patch
Blob History Raw
5fa452 
From 7024d6ce061d57af65fe3a068803212581552f96 Mon Sep 17 00:00:00 2001
5fa452 
From: "Alan T. DeKok" <aland@freeradius.org>
5fa452 
Date: Fri, 10 Mar 2017 09:11:03 -0500
5fa452 
Subject: [PATCH] Fix some issues found with static analyzers
5fa452
5fa452 
Fix some issues found with static analyzers. Includes the following.
5fa452
5fa452 
Coverity.  Closes #1937
5fa452
5fa452 
(cherry picked from commit 521e2a9bd3b1b49555bcd9fb90b03c456f616070)
5fa452
5fa452 
Allo session resumption for RadSec connectins.  Closes #1936
5fa452
5fa452 
(cherry picked from commit 43efa4321d7cd9fca1184f999e1cadeff3afda02)
5fa452
5fa452 
request->packet cannot be NULL. Helps with #1935
5fa452
5fa452 
(cherry picked from commit 7f22c30476be495438d5bc4dbec2f618f09c0b15)
5fa452
5fa452 
remove unused variable
5fa452
5fa452 
(cherry picked from commit d9bfc70efbf575258425d2ca86160490e0c36a45)
5fa452
5fa452 
close open FDs on error, and use error path in more situations
5fa452
5fa452 
(cherry picked from commit e51af914bc5fdf879f821e6a1ecfe700bff937ca)
5fa452
5fa452 
return RLM_MODULE_FAIL for default switch statement
5fa452
5fa452 
(cherry picked from commit cdfa6e15065a4a616c96af516936117124a1c293)
5fa452
5fa452 
Remove always-false condition in rlm_eap_fast
5fa452
5fa452 
(cherry picked from commit 96d7a5e2bb393b4fd1b6cb6e0a6858e6c18eb96a)
5fa452
5fa452 
Remove always-false condition from cf_item_parse
5fa452
5fa452 
(cherry picked from commit 92624adf8170fb133b330fe02d8940a8bac86189)
5fa452
5fa452 
Ensure that error is always initialized
5fa452
5fa452 
(cherry picked from commit c483d8456e44747621334b318483c3a33752aaac)
5fa452 
---
5fa452 
 src/main/command.c                                | 15 ++++++++-------
5fa452 
 src/main/conffile.c                               |  2 --
5fa452 
 src/main/process.c                                |  5 +++--
5fa452 
 src/main/tls.c                                    | 12 ++++++------
5fa452 
 src/main/xlat.c                                   |  6 +++++-
5fa452 
 src/modules/rlm_cache/rlm_cache.c                 |  3 ++-
5fa452 
 src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c |  3 ---
5fa452 
 src/modules/rlm_mschap/rlm_mschap.c               |  2 +-
5fa452 
 8 files changed, 25 insertions(+), 23 deletions(-)
5fa452
5fa452 
diff --git a/src/main/command.c b/src/main/command.c
5fa452 
index d3b729f9a..34c5268d7 100644
5fa452 
--- a/src/main/command.c
5fa452 
+++ b/src/main/command.c
5fa452 
@@ -345,7 +345,7 @@ static int fr_server_domain_socket_perm(UNUSED char const *path, UNUSED uid_t ui
5fa452 
  */
5fa452 
 static int fr_server_domain_socket_perm(char const *path, uid_t uid, gid_t gid)
5fa452 
 {
5fa452 
-	int			dir_fd = -1, path_fd = -1, sock_fd = -1, parent_fd = -1;
5fa452 
+	int			dir_fd = -1, sock_fd = -1, parent_fd = -1;
5fa452 
 	char const		*name;
5fa452 
 	char			*buff = NULL, *dir = NULL, *p;
5fa452
5fa452 
@@ -392,8 +392,9 @@ static int fr_server_domain_socket_perm(char const *path, uid_t uid, gid_t gid)
5fa452 
 		fr_strerror_printf("Failed determining parent directory");
5fa452 
 	error:
5fa452 
 		talloc_free(dir);
5fa452 
-		close(dir_fd);
5fa452 
-		close(path_fd);
5fa452 
+		if (sock_fd >= 0) close(sock_fd);
5fa452 
+		if (dir_fd >= 0) close(dir_fd);
5fa452 
+		if (parent_fd >= 0) close(parent_fd);
5fa452 
 		return -1;
5fa452 
 	}
5fa452
5fa452 
@@ -459,7 +460,7 @@ static int fr_server_domain_socket_perm(char const *path, uid_t uid, gid_t gid)
5fa452 
 		if (ret < 0) {
5fa452 
 			fr_strerror_printf("Failed changing ownership of control socket directory: %s",
5fa452 
 					   fr_syserror(errno));
5fa452 
-			return -1;
5fa452 
+			goto error;
5fa452 
 		}
5fa452 
 	/*
5fa452 
 	 *	Control socket dir already exists, but we still need to
5fa452 
@@ -527,7 +528,7 @@ static int fr_server_domain_socket_perm(char const *path, uid_t uid, gid_t gid)
5fa452 
 		if (client_fd >= 0) {
5fa452 
 			fr_strerror_printf("Control socket '%s' is already in use", path);
5fa452 
 			close(client_fd);
5fa452 
-			return -1;
5fa452 
+			goto error;
5fa452 
 		}
5fa452 
 	}
5fa452
5fa452 
@@ -676,8 +677,8 @@ static int fr_server_domain_socket_perm(char const *path, uid_t uid, gid_t gid)
5fa452 
 	if (uid != (uid_t)-1) rad_seuid(euid);
5fa452 
 	if (gid != (gid_t)-1) rad_segid(egid);
5fa452
5fa452 
-	close(dir_fd);
5fa452 
-	close(path_fd);
5fa452 
+	if (dir_fd >= 0) close(dir_fd);
5fa452 
+	if (parent_fd >= 0) close(parent_fd);
5fa452
5fa452 
 	return sock_fd;
5fa452 
 }
5fa452 
diff --git a/src/main/conffile.c b/src/main/conffile.c
5fa452 
index df78184bd..10c029a0e 100644
5fa452 
--- a/src/main/conffile.c
5fa452 
+++ b/src/main/conffile.c
5fa452 
@@ -1474,7 +1474,6 @@ int cf_item_parse(CONF_SECTION *cs, char const *name, unsigned int type, void *d
5fa452
5fa452 
 	if (!value) {
5fa452 
 		if (required) {
5fa452 
-		is_required:
5fa452 
 			cf_log_err(c_item, "Configuration item \"%s\" must have a value", name);
5fa452
5fa452 
 			return -1;
5fa452 
@@ -1620,7 +1619,6 @@ int cf_item_parse(CONF_SECTION *cs, char const *name, unsigned int type, void *d
5fa452 
 			}
5fa452 
 		}
5fa452
5fa452 
-		if (required && !value) goto is_required;
5fa452 
 		if (cant_be_empty && (value[0] == '\0')) goto cant_be_empty;
5fa452
5fa452 
 		if (attribute) {
5fa452 
diff --git a/src/main/process.c b/src/main/process.c
5fa452 
index c5a690672..c3856c7a1 100644
5fa452 
--- a/src/main/process.c
5fa452 
+++ b/src/main/process.c
5fa452 
@@ -2122,8 +2122,9 @@ static void remove_from_proxy_hash_nl(REQUEST *request, bool yank)
5fa452 
 	}
5fa452
5fa452 
 #ifdef WITH_TCP
5fa452 
-	rad_assert(request->proxy_listener != NULL);
5fa452 
-	request->proxy_listener->count--;
5fa452 
+	if (request->proxy_listener) {
5fa452 
+		request->proxy_listener->count--;
5fa452 
+	}
5fa452 
 #endif
5fa452 
 	request->proxy_listener = NULL;
5fa452
5fa452 
diff --git a/src/main/tls.c b/src/main/tls.c
5fa452 
index caa7e62ed..a72be2b63 100644
5fa452 
--- a/src/main/tls.c
5fa452 
+++ b/src/main/tls.c
5fa452 
@@ -1360,7 +1360,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess)
5fa452 
 		blob_len = i2d_SSL_SESSION(sess, NULL);
5fa452 
 		if (blob_len < 1) {
5fa452 
 			/* something went wrong */
5fa452 
-			RWDEBUG("Session serialisation failed, couldn't determine required buffer length");
5fa452 
+			if (request) RWDEBUG("Session serialisation failed, couldn't determine required buffer length");
5fa452 
 			return 0;
5fa452 
 		}
5fa452
5fa452 
@@ -1375,7 +1375,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess)
5fa452 
 		p = sess_blob;
5fa452 
 		rv = i2d_SSL_SESSION(sess, &p);
5fa452 
 		if (rv != blob_len) {
5fa452 
-			RWDEBUG("Session serialisation failed");
5fa452 
+			if (request) RWDEBUG("Session serialisation failed");
5fa452 
 			goto error;
5fa452 
 		}
5fa452
5fa452 
@@ -1384,8 +1384,8 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess)
5fa452 
 			 conf->session_cache_path, FR_DIR_SEP, buffer);
5fa452 
 		fd = open(filename, O_RDWR|O_CREAT|O_EXCL, 0600);
5fa452 
 		if (fd < 0) {
5fa452 
-			RERROR("Session serialisation failed, failed opening session file %s: %s",
5fa452 
-			      filename, fr_syserror(errno));
5fa452 
+			if (request) RERROR("Session serialisation failed, failed opening session file %s: %s",
5fa452 
+					    filename, fr_syserror(errno));
5fa452 
 			goto error;
5fa452 
 		}
5fa452
5fa452 
@@ -1409,7 +1409,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess)
5fa452 
 		while (todo > 0) {
5fa452 
 			rv = write(fd, p, todo);
5fa452 
 			if (rv < 1) {
5fa452 
-				RWDEBUG("Failed writing session: %s", fr_syserror(errno));
5fa452 
+				if (request) RWDEBUG("Failed writing session: %s", fr_syserror(errno));
5fa452 
 				close(fd);
5fa452 
 				goto error;
5fa452 
 			}
5fa452 
@@ -1417,7 +1417,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess)
5fa452 
 			todo -= rv;
5fa452 
 		}
5fa452 
 		close(fd);
5fa452 
-		RWDEBUG("Wrote session %s to %s (%d bytes)", buffer, filename, blob_len);
5fa452 
+		if (request) RWDEBUG("Wrote session %s to %s (%d bytes)", buffer, filename, blob_len);
5fa452 
 	}
5fa452
5fa452 
 error:
5fa452 
diff --git a/src/main/xlat.c b/src/main/xlat.c
5fa452 
index 31987289c..aeac3a4c3 100644
5fa452 
--- a/src/main/xlat.c
5fa452 
+++ b/src/main/xlat.c
5fa452 
@@ -1787,7 +1787,10 @@ static ssize_t xlat_tokenize_request(REQUEST *request, char const *fmt, xlat_exp
5fa452 
 	 *	much faster.
5fa452 
 	 */
5fa452 
 	tokens = talloc_typed_strdup(request, fmt);
5fa452 
-	if (!tokens) return -1;
5fa452 
+	if (!tokens) {
5fa452 
+		error = "Out of memory";
5fa452 
+		return -1;
5fa452 
+	}
5fa452
5fa452 
 	slen = xlat_tokenize_literal(request, tokens, head, false, &error);
5fa452
5fa452 
@@ -1806,6 +1809,7 @@ static ssize_t xlat_tokenize_request(REQUEST *request, char const *fmt, xlat_exp
5fa452 
 	 */
5fa452 
 	if (slen < 0) {
5fa452 
 		talloc_free(tokens);
5fa452 
+
5fa452 
 		rad_assert(error != NULL);
5fa452
5fa452 
 		REMARKER(fmt, -slen, error);
5fa452 
diff --git a/src/modules/rlm_cache/rlm_cache.c b/src/modules/rlm_cache/rlm_cache.c
5fa452 
index 248de8bf9..54449747f 100644
5fa452 
--- a/src/modules/rlm_cache/rlm_cache.c
5fa452 
+++ b/src/modules/rlm_cache/rlm_cache.c
5fa452 
@@ -126,7 +126,8 @@ static void CC_HINT(nonnull) cache_merge(rlm_cache_t *inst, REQUEST *request, rl
5fa452
5fa452 
 	RDEBUG2("Merging cache entry into request");
5fa452
5fa452 
-	if (c->packet && request->packet) {
5fa452 
+	if (c->packet) {
5fa452 
+		rad_assert(request->packet != NULL);
5fa452 
 		rdebug_pair_list(L_DBG_LVL_2, request, c->packet, "&request:");
5fa452 
 		radius_pairmove(request, &request->packet->vps, fr_pair_list_copy(request->packet, c->packet), false);
5fa452 
 	}
5fa452 
diff --git a/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c b/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
5fa452 
index dba2c1462..95e521718 100644
5fa452 
--- a/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
5fa452 
+++ b/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
5fa452 
@@ -1235,9 +1235,6 @@ PW_CODE eap_fast_process(eap_handler_t *eap_session, tls_session_t *tls_session)
5fa452
5fa452 
 		eap_fast_append_result(tls_session, code);
5fa452
5fa452 
-		if (code == PW_CODE_ACCESS_REJECT)
5fa452 
-			break;
5fa452 
-
5fa452 
 		if (t->pac.send) {
5fa452 
 			RDEBUG("Peer requires new PAC");
5fa452 
 			eap_fast_send_pac_tunnel(request, tls_session);
5fa452 
diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c
5fa452 
index aba15f826..c702f1b45 100644
5fa452 
--- a/src/modules/rlm_mschap/rlm_mschap.c
5fa452 
+++ b/src/modules/rlm_mschap/rlm_mschap.c
5fa452 
@@ -1471,7 +1471,7 @@ static rlm_rcode_t mschap_error(rlm_mschap_t *inst, REQUEST *request, unsigned c
5fa452 
 		break;
5fa452
5fa452 
 	default:
5fa452 
-		rad_assert(0);
5fa452 
+		return RLM_MODULE_FAIL;
5fa452 
 	}
5fa452 
 	mschap_add_reply(request, ident, "MS-CHAP-Error", buffer, strlen(buffer));
5fa452
5fa452 
--
5fa452 
2.11.0
5fa452

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation