From: Gert Doering Date: Tue, 13 Oct 2020 20:47:58 +0000 (+0200) Subject: Avoid passing NULL to argv_printf_cat() in temp_file error case. X-Git-Tag: v2.6_beta1~665 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bbcada8abb410d077f7bc13b8157198b4bf6a3d1;p=thirdparty%2Fopenvpn.git Avoid passing NULL to argv_printf_cat() in temp_file error case. To pass username + password to verify_user_pass_script(), OpenVPN can either put both into environment, or create a temp file, and pass that file name to the "user-pass-verify" script. The file name is initialized as "", so if no file is desired, it's well defined - but if the file can not be created, the pointer is NULL afterwards. Change the sequence of events, setting up the argv before the "if (file)" conditional, and add the file name only inside that clause, if creating the temp file succeeded. commit a4eeef17b2 did not create the problem, but modified the code enough so that the static analyzer in gcc 9.2.0 *now* noticed and issued a warning. ssl_verify.c:1132:5: warning: '%s' directive argument is null 1132 | argv_printf_cat(&argv, "%s", tmp_file); Signed-off-by: Gert Doering Acked-by: David Sommerseth Message-Id: <20201013204758.2472-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21204.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c index a619c5547..2d7abdde4 100644 --- a/src/openvpn/ssl_verify.c +++ b/src/openvpn/ssl_verify.c @@ -1098,6 +1098,9 @@ verify_user_pass_script(struct tls_session *session, struct tls_multi *multi, /* Set environmental variables prior to calling script */ setenv_str(session->opt->es, "script_type", "user-pass-verify"); + /* format command line */ + argv_parse_cmd(&argv, session->opt->auth_user_pass_verify_script); + if (session->opt->auth_user_pass_verify_script_via_file) { struct status_output *so; @@ -1115,6 +1118,8 @@ verify_user_pass_script(struct tls_session *session, struct tls_multi *multi, tmp_file); goto done; } + /* pass temp file name to script */ + argv_printf_cat(&argv, "%s", tmp_file); } else { @@ -1127,10 +1132,6 @@ verify_user_pass_script(struct tls_session *session, struct tls_multi *multi, setenv_str(session->opt->es, "password", up->password); } - /* format command line */ - argv_parse_cmd(&argv, session->opt->auth_user_pass_verify_script); - argv_printf_cat(&argv, "%s", tmp_file); - /* call command */ ret = openvpn_run_script(&argv, session->opt->es, 0, "--auth-user-pass-verify");