To pass username + password to verify_user_pass_script(), OpenVPN
can either put both into environment, or create a temp file, and
pass that file name to the "user-pass-verify" script. The file
name is initialized as "", so if no file is desired, it's well
defined - but if the file can not be created, the pointer is NULL
afterwards.
Change the sequence of events, setting up the argv before the
"if (file)" conditional, and add the file name only inside that
clause, if creating the temp file succeeded.
commit
a4eeef17b2 did not create the problem, but modified the
code enough so that the static analyzer in gcc 9.2.0 *now* noticed
and issued a warning.
ssl_verify.c:1132:5: warning: '%s' directive argument is null
1132 | argv_printf_cat(&argv, "%s", tmp_file);
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <
20201013204758.2472-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21204.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit
bbcada8abb410d077f7bc13b8157198b4bf6a3d1)
/* Set environmental variables prior to calling script */
setenv_str(session->opt->es, "script_type", "user-pass-verify");
+ /* format command line */
+ argv_parse_cmd(&argv, session->opt->auth_user_pass_verify_script);
+
if (session->opt->auth_user_pass_verify_script_via_file)
{
struct status_output *so;
tmp_file);
goto done;
}
+ /* pass temp file name to script */
+ argv_printf_cat(&argv, "%s", tmp_file);
}
else
{
setenv_str(session->opt->es, "password", up->password);
}
- /* format command line */
- argv_parse_cmd(&argv, session->opt->auth_user_pass_verify_script);
- argv_printf_cat(&argv, "%s", tmp_file);
-
/* call command */
ret = openvpn_run_script(&argv, session->opt->es, 0,
"--auth-user-pass-verify");
projects / thirdparty / openvpn.git / commitdiff
