Hoist some fr_radius_ok() calls above decode() (CID #1544988, #1503910)

This should make show coverity that the packet and length are
validated before being passed to decode().

diff --git a/src/modules/rlm_radius/rlm_radius_udp.c b/src/modules/rlm_radius/rlm_radius_udp.c
index ee54c293746e9c25f640a0bcabebb06084461faf..0477be3934e03af63a7a3271c4e37c3139a88c91 100644 (file)
--- a/src/modules/rlm_radius/rlm_radius_udp.c
+++ b/src/modules/rlm_radius/rlm_radius_udp.c
@@ -38,6 +38,13 @@ RCSID("$Id$")
 #include "rlm_radius.h"
 #include "track.h"
 
+/*
+ * Macro to simplify checking packets before calling decode(), so that
+ * it gets a known valid length and no longer calls fr_radius_ok() itself.
+ */
+#define check(_handle, _len_p) fr_radius_ok((_handle)->buffer, (size_t *)(_len_p), \
+                                           (_handle)->thread->inst->parent->max_attributes, false, NULL)
+
 /** Static configuration for the module.
  *
  */
@@ -575,6 +582,8 @@ static void conn_readable_status_check(fr_event_list_t *el, UNUSED int fd, UNUSE
                return;
        }
 
+       if (!check(h, &slen)) return;
+
        if (decode(h, &reply, &code,
                   h, h->status_request, h->status_u, u->packet + RADIUS_AUTH_VECTOR_OFFSET,
                   h->buffer, slen) != DECODE_FAIL_NONE) return;
@@ -1149,17 +1158,12 @@ static decode_fail_t decode(TALLOC_CTX *ctx, fr_pair_list_t *reply, uint8_t *res
 {
        rlm_radius_udp_t const *inst = h->thread->inst;
        size_t                  packet_len;
-       decode_fail_t           reason;
        uint8_t                 code;
        uint8_t                 original[RADIUS_HEADER_LENGTH];
 
        *response_code = 0;     /* Initialise to keep the rest of the code happy */
 
        packet_len = data_len;
-       if (!fr_radius_ok(data, &packet_len, inst->parent->max_attributes, false, &reason)) {
-               RWARN("Ignoring malformed packet");
-               return reason;
-       }
 
        RHEXDUMP3(data, packet_len, "Read packet");
 
@@ -2383,6 +2387,12 @@ static void request_demux(UNUSED fr_event_list_t *el, fr_trunk_connection_t *tco
                /*
                 *      Validate and decode the incoming packet
                 */
+
+               if (!check(h, &slen)) {
+                       RWARN("Ignoring malformed packet");
+                       continue;
+               }
+
                reason = decode(request->reply_ctx, &reply, &code, h, request, u, rr->vector, h->buffer, (size_t)slen);
                if (reason != DECODE_FAIL_NONE) continue;