From: Alan T. DeKok Date: Thu, 25 Dec 2025 18:04:38 +0000 (-0500) Subject: add more PAIR_ALLOCED() macros X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0ae6c4da99f9436eb280e062c4a3a87f37a97d64;p=thirdparty%2Ffreeradius-server.git add more PAIR_ALLOCED() macros so that when something goes bad in pair_verify(), we know which part of the code broke things --- diff --git a/src/lib/util/struct.c b/src/lib/util/struct.c index 771ee0b75dc..5fc9e533630 100644 --- a/src/lib/util/struct.c +++ b/src/lib/util/struct.c @@ -62,6 +62,7 @@ ssize_t fr_struct_from_network(TALLOC_CTX *ctx, fr_pair_list_t *out, if (!struct_vp) { return PAIR_DECODE_OOM; } + PAIR_ALLOCED(struct_vp); fr_pair_list_init(&child_list_head); /* still used elsewhere */ child_list = &struct_vp->vp_group; @@ -176,6 +177,7 @@ ssize_t fr_struct_from_network(TALLOC_CTX *ctx, fr_pair_list_t *out, talloc_free(struct_vp); return PAIR_DECODE_OOM; } + PAIR_ALLOCED(vp); switch (child->type) { case FR_TYPE_BOOL: @@ -289,6 +291,7 @@ ssize_t fr_struct_from_network(TALLOC_CTX *ctx, fr_pair_list_t *out, */ vp = fr_pair_afrom_da(child_ctx, child); if (!vp) goto oom; + PAIR_ALLOCED(vp); fr_pair_append(child_list, vp); substruct_da = child; diff --git a/src/protocols/der/decode.c b/src/protocols/der/decode.c index 8e11a3f2973..f83a9d18c0e 100644 --- a/src/protocols/der/decode.c +++ b/src/protocols/der/decode.c @@ -2036,6 +2036,7 @@ static ssize_t fr_der_decode_choice(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dic fr_strerror_const_push("Out of memory"); return -1; } + PAIR_ALLOCED(vp); if (unlikely(fr_der_decode_pair_dbuff(vp, &vp->vp_group, child, &our_in, decode_ctx) < 0)) { fr_strerror_printf_push("Failed decoding %s", vp->da->name); @@ -2130,6 +2131,7 @@ static ssize_t fr_der_decode_x509_extensions(TALLOC_CTX *ctx, fr_pair_list_t *ou fr_strerror_const_push("Out of memory"); return -1; } + PAIR_ALLOCED(vp); /* * Critical extensions are decoded into the Critical parent. @@ -2144,6 +2146,7 @@ static ssize_t fr_der_decode_x509_extensions(TALLOC_CTX *ctx, fr_pair_list_t *ou talloc_free(vp); goto oom; } + PAIR_ALLOCED(vp2); max = fr_der_flag_max(parent); /* Maximum number of extensions which can be used here */ @@ -2357,6 +2360,7 @@ static ssize_t fr_der_decode_string(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dic fr_strerror_const_push("Out of memory"); return -1; } + PAIR_ALLOCED(vp); if (unlikely(fr_pair_value_bstr_alloc(vp, &str, len, false) < 0)) { talloc_free(vp); @@ -2467,6 +2471,7 @@ ssize_t fr_der_decode_pair_dbuff(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_a fr_strerror_const_push("Out of memory"); return -1; } + PAIR_ALLOCED(vp); if (unlikely(fr_value_box_copy(vp, &vp->data, flags->default_value) < 0)) { talloc_free(vp); diff --git a/src/protocols/dhcpv4/decode.c b/src/protocols/dhcpv4/decode.c index cb057357a93..51bff07e4e7 100644 --- a/src/protocols/dhcpv4/decode.c +++ b/src/protocols/dhcpv4/decode.c @@ -120,6 +120,7 @@ static ssize_t decode_value(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t vp = fr_pair_afrom_da(ctx, da); if (!vp) return PAIR_DECODE_OOM; + PAIR_ALLOCED(vp); /* * string / octets / bool can be empty. Other data types are @@ -432,6 +433,7 @@ next: if (!vp) { vp = fr_pair_afrom_da(ctx, vendor); if (!vp) return PAIR_DECODE_FATAL_ERROR; + PAIR_ALLOCED(vp); fr_pair_append(out, vp); } @@ -518,6 +520,7 @@ static ssize_t decode_option(TALLOC_CTX *ctx, fr_pair_list_t *out, if (!vp) { vp = fr_pair_afrom_da(ctx, da); if (!vp) return PAIR_DECODE_FATAL_ERROR; + PAIR_ALLOCED(vp); append = true; } diff --git a/src/protocols/dhcpv6/decode.c b/src/protocols/dhcpv6/decode.c index 73d7a40ef63..4f2d97dcadf 100644 --- a/src/protocols/dhcpv6/decode.c +++ b/src/protocols/dhcpv6/decode.c @@ -92,6 +92,7 @@ static ssize_t decode_value(TALLOC_CTX *ctx, fr_pair_list_t *out, vp = fr_pair_afrom_da(ctx, parent); if (!vp) return PAIR_DECODE_OOM; + PAIR_ALLOCED(vp); slen = fr_value_box_from_network(vp, &vp->data, vp->vp_type, parent->parent, &FR_DBUFF_TMP(data, 2), 2, true); @@ -124,6 +125,7 @@ static ssize_t decode_value(TALLOC_CTX *ctx, fr_pair_list_t *out, vp = fr_pair_afrom_da(ctx, parent); if (!vp) return PAIR_DECODE_OOM; + PAIR_ALLOCED(vp); vp->vp_ip.af = AF_INET6; vp->vp_ip.scope_id = 0; @@ -141,6 +143,7 @@ static ssize_t decode_value(TALLOC_CTX *ctx, fr_pair_list_t *out, vp = fr_pair_afrom_da(ctx, parent); if (!vp) return PAIR_DECODE_OOM; + PAIR_ALLOCED(vp); vp->vp_ip.af = AF_INET6; slen = 1; @@ -160,6 +163,7 @@ static ssize_t decode_value(TALLOC_CTX *ctx, fr_pair_list_t *out, vp = fr_pair_afrom_da(ctx, parent); if (!vp) return PAIR_DECODE_OOM; + PAIR_ALLOCED(vp); vp->vp_ip.af = AF_INET6; vp->vp_ip.prefix = prefix_len; @@ -177,6 +181,8 @@ static ssize_t decode_value(TALLOC_CTX *ctx, fr_pair_list_t *out, if (data_len != 0) goto raw; vp = fr_pair_afrom_da(ctx, parent); if (!vp) return PAIR_DECODE_OOM; + PAIR_ALLOCED(vp); + vp->vp_bool = true; slen = 0; break; @@ -191,6 +197,7 @@ static ssize_t decode_value(TALLOC_CTX *ctx, fr_pair_list_t *out, case FR_TYPE_DATE: vp = fr_pair_afrom_da(ctx, parent); if (!vp) return PAIR_DECODE_OOM; + PAIR_ALLOCED(vp); slen = fr_value_box_from_network(vp, &vp->data, vp->vp_type, vp->da, &FR_DBUFF_TMP(data, data_len), data_len, true); @@ -212,6 +219,7 @@ static ssize_t decode_value(TALLOC_CTX *ctx, fr_pair_list_t *out, case FR_TYPE_GROUP: vp = fr_pair_afrom_da(ctx, parent); if (!vp) return PAIR_DECODE_OOM; + PAIR_ALLOCED(vp); ref = fr_dict_attr_ref(parent); if (ref && (ref->dict != dict_dhcpv6)) { @@ -248,6 +256,7 @@ static ssize_t decode_value(TALLOC_CTX *ctx, fr_pair_list_t *out, case FR_TYPE_IPV6_ADDR: vp = fr_pair_afrom_da(ctx, parent); if (!vp) return PAIR_DECODE_OOM; + PAIR_ALLOCED(vp); /* * Limit the IPv6 address to 16 octets, with no scope. @@ -262,6 +271,7 @@ static ssize_t decode_value(TALLOC_CTX *ctx, fr_pair_list_t *out, default: vp = fr_pair_afrom_da(ctx, parent); if (!vp) return PAIR_DECODE_OOM; + PAIR_ALLOCED(vp); slen = fr_value_box_from_network(vp, &vp->data, vp->vp_type, vp->da, &FR_DBUFF_TMP(data, data_len), data_len, true); @@ -385,6 +395,7 @@ static ssize_t decode_option(TALLOC_CTX *ctx, fr_pair_list_t *out, vp = fr_pair_afrom_da(ctx, attr_relay_message); if (!vp) return PAIR_DECODE_FATAL_ERROR; + PAIR_ALLOCED(vp); slen = fr_dhcpv6_decode(vp, &vp->vp_group, data + 4, len); if (slen < 0) { @@ -412,6 +423,7 @@ static ssize_t decode_option(TALLOC_CTX *ctx, fr_pair_list_t *out, if (!vp) { vp = fr_pair_afrom_da(ctx, da); if (!vp) return PAIR_DECODE_FATAL_ERROR; + PAIR_ALLOCED(vp); append = true; } diff --git a/src/protocols/dns/decode.c b/src/protocols/dns/decode.c index 3ad88d6f595..0b241008224 100644 --- a/src/protocols/dns/decode.c +++ b/src/protocols/dns/decode.c @@ -92,6 +92,7 @@ static ssize_t decode_value(TALLOC_CTX *ctx, fr_pair_list_t *out, vp = fr_pair_afrom_da(ctx, parent); if (!vp) return PAIR_DECODE_OOM; + PAIR_ALLOCED(vp); vp->vp_ip.af = AF_INET6; vp->vp_ip.prefix = data[0]; @@ -107,6 +108,7 @@ static ssize_t decode_value(TALLOC_CTX *ctx, fr_pair_list_t *out, vp = fr_pair_afrom_da(ctx, parent); if (!vp) return PAIR_DECODE_OOM; + PAIR_ALLOCED(vp); vp->vp_ip.af = AF_INET6; break; @@ -122,6 +124,7 @@ static ssize_t decode_value(TALLOC_CTX *ctx, fr_pair_list_t *out, vp = fr_pair_afrom_da(ctx, parent); if (!vp) return PAIR_DECODE_OOM; + PAIR_ALLOCED(vp); vp->vp_ip.af = AF_INET6; vp->vp_ip.prefix = prefix_len; @@ -137,6 +140,8 @@ static ssize_t decode_value(TALLOC_CTX *ctx, fr_pair_list_t *out, if (data_len != 0) goto raw; vp = fr_pair_afrom_da(ctx, parent); if (!vp) return PAIR_DECODE_OOM; + PAIR_ALLOCED(vp); + vp->vp_bool = true; break; @@ -152,6 +157,7 @@ static ssize_t decode_value(TALLOC_CTX *ctx, fr_pair_list_t *out, default: vp = fr_pair_afrom_da(ctx, parent); if (!vp) return PAIR_DECODE_OOM; + PAIR_ALLOCED(vp); if (fr_value_box_from_network(vp, &vp->data, vp->vp_type, vp->da, &FR_DBUFF_TMP(data, data_len), data_len, true) < 0) { diff --git a/src/protocols/internal/decode.c b/src/protocols/internal/decode.c index 8d760f5ff16..c76edc7c63c 100644 --- a/src/protocols/internal/decode.c +++ b/src/protocols/internal/decode.c @@ -48,6 +48,7 @@ static ssize_t internal_decode_pair_value(TALLOC_CTX *ctx, fr_pair_list_t *head, vp = fr_pair_afrom_da(ctx, parent_da); if (!vp) return PAIR_DECODE_OOM; + PAIR_ALLOCED(vp); /* * Zero length is fine here @@ -77,6 +78,7 @@ static ssize_t internal_decode_structural(TALLOC_CTX *ctx, fr_pair_list_t *head, vp = fr_pair_afrom_da(ctx, parent_da); if (!vp) return PAIR_DECODE_OOM; + PAIR_ALLOCED(vp); /* * Decode all the children of this group diff --git a/src/protocols/radius/decode.c b/src/protocols/radius/decode.c index 4f21c99e0b3..f6822a57533 100644 --- a/src/protocols/radius/decode.c +++ b/src/protocols/radius/decode.c @@ -388,6 +388,7 @@ static ssize_t decode_concat(TALLOC_CTX *ctx, fr_pair_list_t *list, vp = fr_pair_afrom_da(ctx, parent); if (!vp) return -1; + PAIR_ALLOCED(vp); if (fr_pair_value_mem_alloc(vp, &p, total, true) != 0) { talloc_free(vp); @@ -570,6 +571,7 @@ static ssize_t decode_nas_filter_rule(TALLOC_CTX *ctx, fr_pair_list_t *out, talloc_free(buffer); return -1; } + PAIR_ALLOCED(vp); if (fr_pair_value_bstrndup(vp, (char const *) decode, len, true) != 0) { talloc_free(buffer); @@ -607,6 +609,7 @@ static ssize_t decode_digest_attributes(TALLOC_CTX *ctx, fr_pair_list_t *out, vp = fr_pair_afrom_da(ctx, parent); if (!vp) return PAIR_DECODE_OOM; + PAIR_ALLOCED(vp); redo: FR_PROTO_HEX_DUMP(p, end - p, "decode_digest_attributes"); @@ -667,6 +670,7 @@ ssize_t fr_radius_decode_tlv(TALLOC_CTX *ctx, fr_pair_list_t *out, vp = fr_pair_afrom_da(ctx, parent); if (!vp) return PAIR_DECODE_OOM; + PAIR_ALLOCED(vp); /* * Record where we were in the list when this function was called @@ -1590,6 +1594,7 @@ ssize_t fr_radius_decode_pair_value(TALLOC_CTX *ctx, fr_pair_list_t *out, group = fr_pair_afrom_da(packet_ctx->tag_root_ctx, group_da); if (unlikely(!group)) goto tag_alloc_error; + PAIR_ALLOCED(group); packet_ctx->tags[tag]->parent = group; @@ -1813,6 +1818,7 @@ ssize_t fr_radius_decode_pair_value(TALLOC_CTX *ctx, fr_pair_list_t *out, vp = fr_pair_afrom_da(ctx, parent); if (!vp) return -1; + PAIR_ALLOCED(vp); ret = proto->decode(vp, &vp->vp_group, p, attr_len); if (ret < 0) goto raw; @@ -1842,6 +1848,7 @@ ssize_t fr_radius_decode_pair_value(TALLOC_CTX *ctx, fr_pair_list_t *out, vp = fr_pair_afrom_da_nested(packet_ctx->tags[tag]->parent, &packet_ctx->tags[tag]->parent->vp_group, parent); } if (!vp) return -1; + PAIR_ALLOCED(vp); switch (parent->type) { /* @@ -2032,6 +2039,7 @@ ssize_t fr_radius_decode_pair(TALLOC_CTX *ctx, fr_pair_list_t *out, */ vp = fr_pair_afrom_da(ctx, da); if (!vp) return -1; + PAIR_ALLOCED(vp); /* * Ensure that it has a value. @@ -2041,7 +2049,6 @@ ssize_t fr_radius_decode_pair(TALLOC_CTX *ctx, fr_pair_list_t *out, return -1; } - PAIR_ALLOCED(vp); fr_pair_append(out, vp); return 2; @@ -2216,6 +2223,8 @@ static ssize_t fr_radius_decode_proto(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_strerror_const("Failed creating Packet-Type"); return -1; } + PAIR_ALLOCED(vp); + vp->vp_uint32 = data[0]; fr_pair_append(out, vp); @@ -2224,6 +2233,8 @@ static ssize_t fr_radius_decode_proto(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_strerror_const("Failed creating Packet-Authentication-Vector"); return -1; } + PAIR_ALLOCED(vp); + (void) fr_pair_value_memdup(vp, data + 4, 16, true); fr_pair_append(out, vp); diff --git a/src/protocols/tacacs/decode.c b/src/protocols/tacacs/decode.c index 21af4216b2e..62edca095be 100644 --- a/src/protocols/tacacs/decode.c +++ b/src/protocols/tacacs/decode.c @@ -159,6 +159,7 @@ int fr_tacacs_packet_to_code(fr_tacacs_packet_t const *pkt) #define DECODE_FIELD_UINT8(_da, _field) do { \ vp = fr_pair_afrom_da(ctx, _da); \ if (!vp) goto fail; \ + PAIR_ALLOCED(vp); \ vp->vp_uint8 = _field; \ fr_pair_append(out, vp); \ } while (0) @@ -203,6 +204,7 @@ static int tacacs_decode_args(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr if (!vendor) { vendor = fr_pair_afrom_da(ctx, parent); if (!vendor) return -1; + PAIR_ALLOCED(vendor); append = true; } @@ -255,6 +257,7 @@ static int tacacs_decode_args(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr if (da) { vp = fr_pair_afrom_da(ctx, da); if (!vp) goto oom; + PAIR_ALLOCED(vp); dst = out; goto decode; @@ -270,6 +273,7 @@ static int tacacs_decode_args(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr vp = fr_pair_afrom_da(vendor, da); if (!vp) goto oom; + PAIR_ALLOCED(vp); dst = &vendor->vp_group; @@ -338,6 +342,7 @@ static int tacacs_decode_args(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr } return -1; } + PAIR_ALLOCED(vp); value = p; arg_end = p + argv[i]; @@ -385,6 +390,7 @@ static int tacacs_decode_field(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_att fr_strerror_const("Out of Memory"); return -1; } + PAIR_ALLOCED(vp); if (field_len) { if (da->type == FR_TYPE_STRING) { @@ -723,6 +729,7 @@ ssize_t fr_tacacs_decode(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t co vp = fr_pair_afrom_da(ctx, da); if (!vp) goto fail; + PAIR_ALLOCED(vp); fr_pair_append(out, vp); @@ -736,6 +743,7 @@ ssize_t fr_tacacs_decode(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t co */ vp = fr_pair_afrom_da(ctx, challenge); if (!vp) goto fail; + PAIR_ALLOCED(vp); fr_pair_append(out, vp);