fr_pair_t *vp;
if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0)) != NULL) {
- fr_pair_value_strdup(vp, request->password->vp_strvalue);
+ fr_pair_value_strdup(vp, request->password->vp_strvalue, false);
} else if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_chap_password, 0)) != NULL) {
uint8_t buffer[17];
fr_dcursor_init(&cursor, fr_pair_list_order(&args));
MEM(vp = fr_pair_afrom_da(NULL, da));
- fr_pair_value_strdup(vp, entry->filename);
+ fr_pair_value_strdup(vp, entry->filename, false);
fr_dcursor_prepend(&cursor, vp);
if (request->module && (request->module[0] != '\0')) {
fr_pair_value_aprintf(vp, "%s: %s", request->module, p);
} else {
- fr_pair_value_strdup(vp, p);
+ fr_pair_value_strdup(vp, p, false);
}
talloc_free(p);
}
MEM(vp = fr_pair_afrom_da(ctx, server_da));
- fr_pair_value_strdup(vp, server);
+ fr_pair_value_strdup(vp, server, false);
fr_pair_append(list, vp);
MEM(vp = fr_pair_afrom_da(ctx, port_da));
OBJ_obj2txt(buff, sizeof(buff), alg->algorithm, 0);
MEM(fr_pair_append_by_da(ctx, &vp, pair_list, attr_tls_certificate_signature_algorithm) == 0);
- fr_pair_value_strdup(vp, buff);
+ fr_pair_value_strdup(vp, buff, false);
}
/*
RDEBUG2("Adding TLS session information to request");
vp = fr_pair_afrom_da(request->session_state_ctx, attr_tls_session_cipher_suite);
if (vp) {
- fr_pair_value_strdup(vp, SSL_CIPHER_get_name(cipher));
+ fr_pair_value_strdup(vp, SSL_CIPHER_get_name(cipher), false);
fr_pair_append(&request->session_state_pairs, vp);
RINDENT();
RDEBUG2("&session-state.%pP", vp);
vp = fr_pair_afrom_da(request->session_state_ctx, attr_tls_session_version);
if (vp) {
- fr_pair_value_strdup(vp, version);
+ fr_pair_value_strdup(vp, version, false);
fr_pair_append(&request->session_state_pairs, vp);
RINDENT();
RDEBUG2("&session-state.TLS-Session-Version := \"%s\"", version);
*
* @note vp->da must be of type FR_TYPE_STRING.
*
- * @param[in,out] vp to update
- * @param[in] src data to copy
+ * @param[in,out] vp to update
+ * @param[in] src data to copy
+ * @param[in] tainted Whether the value came from a trusted source.
* @return
* - 0 on success.
* - -1 on failure.
*/
-int fr_pair_value_strdup(fr_pair_t *vp, char const *src)
+int fr_pair_value_strdup(fr_pair_t *vp, char const *src, bool tainted)
{
int ret;
if (!fr_cond_assert(vp->da->type == FR_TYPE_STRING)) return -1;
fr_value_box_clear(&vp->data); /* Free any existing buffers */
- ret = fr_value_box_strdup(vp, &vp->data, vp->da, src, false);
+ ret = fr_value_box_strdup(vp, &vp->data, vp->da, src, tainted);
if (ret == 0) {
vp->type = VT_DATA;
VP_VERIFY(vp);
*/
int fr_pair_value_from_str(fr_pair_t *vp, char const *value, ssize_t len, char quote, bool tainted);
-int fr_pair_value_strdup(fr_pair_t *vp, char const *src);
+int fr_pair_value_strdup(fr_pair_t *vp, char const *src, bool tainted) CC_HINT(nonnull);
int fr_pair_value_strdup_shallow(fr_pair_t *vp, char const *src, bool tainted);
VP_VERIFY(vp);
TEST_CASE("Copy content of 'test_string' to attribute value using fr_pair_value_strdup()");
- TEST_CHECK(fr_pair_value_strdup(vp, test_string) == 0);
+ TEST_CHECK(fr_pair_value_strdup(vp, test_string, false) == 0);
TEST_CASE("Validating VP_VERIFY()");
VP_VERIFY(vp);
VP_VERIFY(vp);
TEST_CASE("Copy content of 'test_string' to attribute value using fr_pair_value_strdup_shallow()");
- TEST_CHECK(fr_pair_value_strdup(vp, test_string) == 0);
+ TEST_CHECK(fr_pair_value_strdup(vp, test_string, false) == 0);
TEST_CASE("Trim the length of the string buffer using fr_pair_value_strtrim()");
TEST_CHECK(fr_pair_value_strtrim(vp) == 0);
break;
case FR_TYPE_STRING:
- fr_pair_value_strdup(vp, "");
+ fr_pair_value_strdup(vp, "", true);
break;
}
}
break;
case FR_TYPE_STRING:
- fr_pair_value_strdup(vp, "");
+ fr_pair_value_strdup(vp, "", true);
break;
}
}
fr_pair_t *vp;
MEM(pair_append_request(&vp, attr_ldap_sync_dn) == 0);
- fr_pair_value_strdup(vp, config->base_dn);
+ fr_pair_value_strdup(vp, config->base_dn, false);
if (config->filter) {
MEM(pair_update_request(&vp, attr_ldap_sync_filter) >= 0);
- fr_pair_value_strdup(vp, config->filter);
+ fr_pair_value_strdup(vp, config->filter, false);
}
if (config->attrs) {
char const *attrs_p;
for (attrs_p = *config->attrs; *attrs_p; attrs_p++) {
MEM(pair_append_request(&vp, attr_ldap_sync_attr) == 0);
- fr_pair_value_strdup(vp, attrs_p);
+ fr_pair_value_strdup(vp, attrs_p, false);
}
}
* FIXME: Put it into MS-CHAP-Domain?
*/
username++; /* skip the \\ */
- fr_pair_value_strdup(auth_challenge, username);
+ fr_pair_value_strdup(auth_challenge, username, auth_challenge->vp_tainted);
}
/*
/*
* Diameter pads strings (i.e. User-Password) with trailing zeros.
*/
- if (vp->vp_type == FR_TYPE_STRING) fr_pair_value_strdup(vp, vp->vp_strvalue);
+ if (vp->vp_type == FR_TYPE_STRING) fr_pair_value_strdup(vp, vp->vp_strvalue, vp->vp_tainted);
}
/*
for (dn_p = group_dn; *dn_p; dn_p++) {
MEM(vp = fr_pair_afrom_da(list_ctx, inst->cache_da));
- fr_pair_value_strdup(vp, *dn_p);
+ fr_pair_value_strdup(vp, *dn_p, false);
fr_pair_append(list, vp);
RDEBUG2("&control.%s += \"%pV\"", inst->cache_da->name, &vp->data);
fr_ldap_util_normalise_dn(dn, dn);
MEM(pair_append_control(&vp, inst->cache_da) == 0);
- fr_pair_value_strdup(vp, dn);
+ fr_pair_value_strdup(vp, dn, false);
RINDENT();
RDEBUG2("&control.%pP", vp);
RDEBUG2("User object found at DN \"%s\"", dn);
MEM(pair_update_control(&vp, attr_ldap_userdn) >= 0);
- fr_pair_value_strdup(vp, dn);
+ fr_pair_value_strdup(vp, dn, false);
*rcode = RLM_MODULE_OK;
ldap_memfree(dn);
fr_pair_t *vp;
MEM(pair_append_request(&vp, attr_nas_identifier) >= 0);
- fr_pair_value_strdup(vp, "status check - are you alive?");
+ fr_pair_value_strdup(vp, "status check - are you alive?", false);
}
/*
if (*buffer) {
MEM(pair_update_reply(&vp, attr_reply_message) >= 0);
- fr_pair_value_strdup(vp, buffer);
+ fr_pair_value_strdup(vp, buffer, false);
}
RETURN_MODULE_RCODE(rcode);
}
do {
next:
fr_assert(entry != NULL);
- fr_pair_value_strdup(sql_group, entry->name);
+ fr_pair_value_strdup(sql_group, entry->name, true);
if (inst->config->authorize_group_check_query) {
fr_pair_t *vp;
snprintf(msg, sizeof(msg), "Your maximum %s usage time has been reached", inst->reset);
MEM(pair_update_reply(&vp, attr_reply_message) >= 0);
- fr_pair_value_strdup(vp, msg);
+ fr_pair_value_strdup(vp, msg, false);
REDEBUG2("Maximum %s usage time reached", inst->reset);
REDEBUG2("Rejecting user, %s value (%" PRIu64 ") is less than counter value (%" PRIu64 ")",
RETURN_MODULE_NOOP;
MEM(pair_update_control(&vp, attr_crypt_password) >= 0);
- fr_pair_value_strdup(vp, encrypted_pass);
+ fr_pair_value_strdup(vp, encrypted_pass, false);
RETURN_MODULE_UPDATED;
}
* portion.
*/
MEM(pair_update_request(&vp, attr_yubikey_otp) >= 0);
- fr_pair_value_strdup(vp, otp);
+ fr_pair_value_strdup(vp, otp, password->vp_tainted);
/*
* Replace the existing string buffer for the password
*/
if (!fr_pair_find_by_da(&request->reply_pairs, attr_tacacs_server_message, 0)) {
MEM(pair_update_reply(&vp, attr_tacacs_server_message) >= 0);
- fr_pair_value_strdup(vp, msg);
+ fr_pair_value_strdup(vp, msg, false);
}
/*
/*
* Copy the finished string to the output VP.
*/
- if (fr_pair_value_strdup(vp, string) < 0) return -1;
+ if (fr_pair_value_strdup(vp, string, true) < 0) return -1;
return 0;
}
projects / thirdparty / freeradius-server.git / commitdiff
