From: James Jones Date: Thu, 10 Aug 2023 22:06:27 +0000 (-0500) Subject: Attempt at a simpler uninit local buffer workaround (CIDs below) X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=099e1d1fdf4b9da5aa8fe7b6a01e403ebc0eaa15;p=thirdparty%2Ffreeradius-server.git Attempt at a simpler uninit local buffer workaround (CIDs below) CIDs: 1506690, 1506689, 1504436, 1504041, 1504020, 1503918 This doesn't name the uninitialized local array, but instead goes via the sbuff/dbuff API to get to the data. --- diff --git a/src/bin/radsniff.c b/src/bin/radsniff.c index ec83e4c6f9e..10ebca80616 100644 --- a/src/bin/radsniff.c +++ b/src/bin/radsniff.c @@ -464,13 +464,14 @@ static void rs_packet_print_fancy(uint64_t count, rs_status_t status, fr_pcap_t if (conf->print_packet && (fr_debug_lvl >= L_DBG_LVL_2)) { char vector[(RADIUS_AUTH_VECTOR_LENGTH * 2) + 1]; + fr_sbuff_t vector_sbuff = FR_SBUFF_OUT(vector, sizeof(vector)); fr_pair_list_sort(list, fr_pair_cmp_by_da); fr_pair_list_log(&default_log, 4, list); - fr_base16_encode(&FR_SBUFF_OUT(vector, sizeof(vector)), + fr_base16_encode(&vector_sbuff, &FR_DBUFF_TMP(packet->vector, RADIUS_AUTH_VECTOR_LENGTH)); - INFO("\tAuthenticator-Field = 0x%s", vector); + INFO("\tAuthenticator-Field = 0x%s", fr_sbuff_start(&vector_sbuff)); } } } @@ -481,6 +482,7 @@ static void rs_packet_save_in_output_dir(uint64_t count, UNUSED rs_status_t stat { fr_log_t output_file; char vector[(RADIUS_AUTH_VECTOR_LENGTH * 2) + 1]; + fr_sbuff_t vector_sbuff = FR_SBUFF_OUT(vector, sizeof(vector)); char const *packet_type = response ? "reply" : "request"; char filename[2048]; @@ -508,10 +510,10 @@ static void rs_packet_save_in_output_dir(uint64_t count, UNUSED rs_status_t stat fr_pair_list_log(&output_file, 0, list); /* then append the Authenticator-Field */ - fr_base16_encode(&FR_SBUFF_OUT(vector, sizeof(vector)), + fr_base16_encode(&vector_sbuff, &FR_DBUFF_TMP(packet->vector, RADIUS_AUTH_VECTOR_LENGTH)); - fprintf(output_file.handle, "Authenticator-Field = 0x%s\n", vector); + fprintf(output_file.handle, "Authenticator-Field = 0x%s\n", fr_sbuff_start(&vector_sbuff)); if (fr_log_close(&output_file) < 0) { ERROR("Failed closing %s output file.", filename); diff --git a/src/coverity-model/merged_model.c b/src/coverity-model/merged_model.c index 41e7aea7d39..ca36efbbde0 100644 --- a/src/coverity-model/merged_model.c +++ b/src/coverity-model/merged_model.c @@ -209,52 +209,6 @@ static void fr_value_box_init(fr_value_box_t *vb, fr_type_t type, fr_dict_attr_t __coverity_writeall__(vb); } -ssize_t fr_sbuff_out_bstrncpy_exact(fr_sbuff_t *out, fr_sbuff_t *in, size_t len) -{ - ssize_t result; - - if (result >= 0) __coverity_write_buffer_bytes__(out->p, result); - - return result; -} - -size_t fr_sbuff_out_bstrncpy_allowed(fr_sbuff_t *out, fr_sbuff_t *in, size_t len, - bool const allowed[static UINT8_MAX + 1]) -{ - size_t result; - - __coverity_write_buffer_bytes__(out->p, result + 1); - - return result; -} - -typedef struct { -} fr_sbuff_term_t; -typedef struct { -} fr_sbuff_unescape_rules_t; - -size_t fr_sbuff_out_bstrncpy_until(fr_sbuff_t *out, fr_sbuff_t *in, size_t len, - fr_sbuff_term_t const *tt, - fr_sbuff_unescape_rules_t const *u_rules) -{ - size_t result; - - __coverity_write_buffer_bytes__(out->p, result + 1); - - return result; -} - -size_t fr_sbuff_out_unescape_until(fr_sbuff_t *out, fr_sbuff_t *in, size_t len, - fr_sbuff_term_t const *tt, - fr_sbuff_unescape_rules_t const *u_rules) -{ - size_t result; - - __coverity_write_buffer_bytes__(out->p, result + 1); - - return result; -} - ssize_t fr_dict_attr_oid_print(fr_sbuff_t *out, fr_dict_attr_t const *ancestor, fr_dict_attr_t const *da, bool numeric) { diff --git a/src/lib/redis/redis.c b/src/lib/redis/redis.c index a562a58a510..47b6a6f7ef5 100644 --- a/src/lib/redis/redis.c +++ b/src/lib/redis/redis.c @@ -458,6 +458,7 @@ int fr_redis_tuple_from_map(TALLOC_CTX *pool, char const *out[], size_t out_len[ char *new; char key_buf[256]; + fr_sbuff_t key_buf_sbuff = FR_SBUFF_OUT(key_buf, sizeof(key_buf)); char *key; size_t key_len; ssize_t slen; @@ -465,14 +466,14 @@ int fr_redis_tuple_from_map(TALLOC_CTX *pool, char const *out[], size_t out_len[ fr_assert(tmpl_is_attr(map->lhs)); fr_assert(tmpl_is_data(map->rhs)); - slen = tmpl_print(&FR_SBUFF_OUT(key_buf, sizeof(key_buf)), map->lhs, TMPL_ATTR_REF_PREFIX_NO, NULL); + slen = tmpl_print(&key_buf_sbuff, map->lhs, TMPL_ATTR_REF_PREFIX_NO, NULL); if (slen < 0) { fr_strerror_printf("Key too long. Must be < " STRINGIFY(sizeof(key_buf)) " " "bytes, got %zu bytes", (size_t)(slen * -1)); return -1; } key_len = (size_t)slen; - key = talloc_bstrndup(pool, key_buf, key_len); + key = talloc_bstrndup(pool, fr_sbuff_start(&key_buf_sbuff), key_len); if (!key) return -1; switch (tmpl_value_type(map->rhs)) { diff --git a/src/lib/server/map.c b/src/lib/server/map.c index 356ef6d98fa..dd05cc21d96 100644 --- a/src/lib/server/map.c +++ b/src/lib/server/map.c @@ -1314,6 +1314,7 @@ int map_afrom_attr_str(TALLOC_CTX *ctx, map_t **out, char const *vp_str, int map_afrom_vp(TALLOC_CTX *ctx, map_t **out, fr_pair_t *vp, tmpl_rules_t const *rules) { char buffer[256]; + fr_sbuff_t buffer_sbuff = FR_SBUFF_OUT(buffer, sizeof(buffer)); map_t *map; @@ -1336,8 +1337,8 @@ int map_afrom_vp(TALLOC_CTX *ctx, map_t **out, fr_pair_t *vp, tmpl_rules_t const tmpl_attr_set_request_ref(map->lhs, rules->attr.request_def); tmpl_attr_set_list(map->lhs, rules->attr.list_def); - tmpl_print(&FR_SBUFF_OUT(buffer, sizeof(buffer)), map->lhs, TMPL_ATTR_REF_PREFIX_YES, NULL); - tmpl_set_name(map->lhs, T_BARE_WORD, buffer, -1); + tmpl_print(&buffer_sbuff, map->lhs, TMPL_ATTR_REF_PREFIX_YES, NULL); + tmpl_set_name(map->lhs, T_BARE_WORD, fr_sbuff_start(&buffer_sbuff), -1); /* * Allocate the RHS diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c index 379f3f1470f..b99f82ceda6 100644 --- a/src/modules/rlm_pap/rlm_pap.c +++ b/src/modules/rlm_pap/rlm_pap.c @@ -807,6 +807,7 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_ns_mta_md5(rlm_rcode_t *p_resul uint8_t digest[128]; uint8_t buff[FR_MAX_STRING_LEN]; uint8_t buff2[FR_MAX_STRING_LEN + 50]; + fr_dbuff_t digest_dbuff = FR_DBUFF_TMP(digest, sizeof(digest)); RDEBUG2("Using Password.NT-MTA-MD5"); @@ -819,7 +820,7 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_ns_mta_md5(rlm_rcode_t *p_resul /* * Sanity check the value of Password.NS-MTA-MD5 */ - if (fr_base16_decode(NULL, &FR_DBUFF_TMP(digest, sizeof(digest)), + if (fr_base16_decode(NULL, &digest_dbuff, &FR_SBUFF_IN(known_good->vp_strvalue, known_good->vp_length), false) != 16) { REDEBUG("\"known good\" Password.NS-MTA-MD5 has invalid value"); RETURN_MODULE_INVALID; @@ -853,7 +854,7 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_ns_mta_md5(rlm_rcode_t *p_resul fr_md5_calc(buff, (uint8_t *) buff2, p - buff2); } - if (fr_digest_cmp(digest, buff, 16) != 0) { + if (fr_digest_cmp(fr_dbuff_start(&digest_dbuff), buff, 16) != 0) { REDEBUG("NS-MTA-MD5 digest does not match \"known good\" digest"); RETURN_MODULE_REJECT; }