From: Arran Cudbard-Bell Date: Thu, 31 Jul 2025 06:47:40 +0000 (-0700) Subject: Always check the return value from fr_value_box_copy X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1c37046392ac6ab5e17fd58b583ffefa9184ca63;p=thirdparty%2Ffreeradius-server.git Always check the return value from fr_value_box_copy --- diff --git a/src/lib/json/json.c b/src/lib/json/json.c index 434a667a08..878a409b59 100644 --- a/src/lib/json/json.c +++ b/src/lib/json/json.c @@ -115,7 +115,7 @@ int fr_json_object_to_value_box(TALLOC_CTX *ctx, fr_value_box_t *out, json_objec */ found = fr_dict_enum_by_name(enumv, value, len); if (found) { - if (fr_value_box_copy(ctx, out, found->value) < 0) return -1; + if (unlikely(fr_value_box_copy(ctx, out, found->value)) < 0) return -1; return 0; } diff --git a/src/lib/server/map.c b/src/lib/server/map.c index ff85decee2..99de043e40 100644 --- a/src/lib/server/map.c +++ b/src/lib/server/map.c @@ -1500,7 +1500,10 @@ int map_afrom_vp(TALLOC_CTX *ctx, map_t **out, fr_pair_t *vp, tmpl_rules_t const break; } - fr_value_box_copy(map->rhs, tmpl_value(map->rhs), &vp->data); + if (unlikely(fr_value_box_copy(map->rhs, tmpl_value(map->rhs), &vp->data) < 0)) { + talloc_free(map); + return -1; + } *out = map; @@ -1797,8 +1800,9 @@ int map_to_vp(TALLOC_CTX *ctx, fr_pair_list_t *out, request_t *request, map_t co MEM(n = fr_pair_afrom_da(ctx, tmpl_attr_tail_da(map->lhs))); if (tmpl_attr_tail_da(map->lhs)->type == tmpl_value_type(map->rhs)) { - if (fr_value_box_copy(n, &n->data, tmpl_value(map->rhs)) < 0) { + if (unlikely(fr_value_box_copy(n, &n->data, tmpl_value(map->rhs)) < 0)) { rcode = -1; + talloc_free(n); goto error; } diff --git a/src/lib/server/map_async.c b/src/lib/server/map_async.c index 88ef5c5262..c0fdbbf6c6 100644 --- a/src/lib/server/map_async.c +++ b/src/lib/server/map_async.c @@ -420,7 +420,7 @@ int map_to_list_mod(TALLOC_CTX *ctx, vp_list_mod_t **out, * getting the buffer value from may be freed * before this map is applied. */ - if (fr_value_box_copy(n_mod->rhs, tmpl_value(n_mod->rhs), &vp->data) < 0) goto error; + if (unlikely(fr_value_box_copy(n_mod->rhs, tmpl_value(n_mod->rhs), &vp->data) < 0)) goto error; map_list_insert_tail(&n->mod, n_mod); MAP_VERIFY(n_mod); @@ -591,12 +591,13 @@ int map_to_list_mod(TALLOC_CTX *ctx, vp_list_mod_t **out, if (fr_value_box_cast(n_vb, n_vb, mutated->cast ? mutated->cast : tmpl_attr_tail_da(mutated->lhs)->type, tmpl_attr_tail_da(mutated->lhs), &vp->data) < 0) { + assign_error: RPEDEBUG("Assigning value to \"%s\" failed", tmpl_attr_tail_da(mutated->lhs)->name); goto attr_error; } } else { - fr_value_box_copy(n_vb, n_vb, &vp->data); + if (unlikely(fr_value_box_copy(n_vb, n_vb, &vp->data) < 0)) goto assign_error; } fr_dcursor_append(&values, n_vb); } while ((vp = fr_dcursor_next(&from))); @@ -645,7 +646,7 @@ int map_to_list_mod(TALLOC_CTX *ctx, vp_list_mod_t **out, * on the static/global buffers and possibly * lead to threading issues. */ - if (fr_value_box_copy(n_vb, n_vb, vb) < 0) goto data_error; + if (unlikely(fr_value_box_copy(n_vb, n_vb, vb) < 0)) goto data_error; } fr_dcursor_append(&values, n_vb); } @@ -766,7 +767,11 @@ int map_to_list_mod(TALLOC_CTX *ctx, vp_list_mod_t **out, * If tmpl_value were a pointer we could * assign values directly. */ - fr_value_box_copy(map_list_head(&n->mod)->rhs, tmpl_value(map_list_head(&n->mod)->rhs), fr_value_box_list_head(&head)); + if (unlikely(fr_value_box_copy(map_list_head(&n->mod)->rhs, tmpl_value(map_list_head(&n->mod)->rhs), + fr_value_box_list_head(&head)) < 0)) { + goto error; + } + /* * value boxes in tmpls cannot now be the head of a list * @@ -800,7 +805,7 @@ static inline fr_pair_t *map_list_mod_to_vp(TALLOC_CTX *ctx, tmpl_t const *attr, fr_pair_t *vp; MEM(vp = fr_pair_afrom_da(ctx, tmpl_attr_tail_da(attr))); - if (fr_value_box_copy(vp, &vp->data, value) < 0) { + if (unlikely(fr_value_box_copy(vp, &vp->data, value) < 0)) { talloc_free(vp); return NULL; } diff --git a/src/lib/server/module_rlm.c b/src/lib/server/module_rlm.c index d753d92668..5d0da277e2 100644 --- a/src/lib/server/module_rlm.c +++ b/src/lib/server/module_rlm.c @@ -416,7 +416,10 @@ bool module_rlm_section_type_set(request_t *request, fr_dict_attr_t const *type_ switch (pair_update_control(&vp, type_da)) { case 0: - fr_value_box_copy(vp, &vp->data, enumv->value); + if (unlikely(fr_value_box_copy(vp, &vp->data, enumv->value) < 0)) { + fr_strerror_printf("Failed to set control.%pP to %s", vp, enumv->name); + return false; + } vp->data.enumv = vp->da; /* So we get the correct string alias */ RDEBUG2("Setting control.%pP", vp); return true; diff --git a/src/lib/server/tmpl_eval.c b/src/lib/server/tmpl_eval.c index cdaab117cb..ea437fb01b 100644 --- a/src/lib/server/tmpl_eval.c +++ b/src/lib/server/tmpl_eval.c @@ -577,7 +577,10 @@ ssize_t _tmpl_to_atype(TALLOC_CTX *ctx, void *out, if (cast_type == FR_TYPE_NULL) { if (needs_dup) { - fr_value_box_copy(vb_out, vb_out, vb_in); + if (unlikely(fr_value_box_copy(vb_out, vb_out, vb_in) < 0)) { + talloc_free(vb_out); + goto failed_cast; + } } else { fr_value_box_steal(vb_out, vb_out, vb_in); } @@ -636,9 +639,7 @@ ssize_t _tmpl_to_atype(TALLOC_CTX *ctx, void *out, if (needs_dup) { fr_assert(vb_in != &value); - ret = fr_value_box_copy(ctx, &value, vb_in); - if (ret < 0) goto failed_cast; - + if (unlikely(fr_value_box_copy(ctx, &value, vb_in) < 0)) goto failed_cast; vb_in = &value; } else { fr_assert(dst_type == FR_TYPE_STRING); @@ -1045,7 +1046,10 @@ int tmpl_eval_pair(TALLOC_CTX *ctx, fr_value_box_list_t *out, request_t *request } else { value = fr_value_box_alloc(ctx, vp->data.type, vp->da); if (!value) goto oom; - fr_value_box_copy(value, value, &vp->data); + if(unlikely(fr_value_box_copy(value, value, &vp->data) < 0)) { + talloc_free(value); + goto fail; + } } fr_value_box_list_insert_tail(&list, value); @@ -1062,7 +1066,7 @@ int tmpl_eval_pair(TALLOC_CTX *ctx, fr_value_box_list_t *out, request_t *request value = fr_value_box_alloc(ctx, vp->data.type, vp->da); if (!value) goto oom; - fr_value_box_copy(value, value, &vp->data); /* Also dups taint */ + if (unlikely(fr_value_box_copy(value, value, &vp->data) < 0)) goto fail; fr_value_box_list_insert_tail(&list, value); break; } @@ -1128,7 +1132,10 @@ int tmpl_eval(TALLOC_CTX *ctx, fr_value_box_list_t *out, request_t *request, tmp if (tmpl_is_data(vpt)) { MEM(value = fr_value_box_alloc(ctx, tmpl_value_type(vpt), NULL)); - fr_value_box_copy(value, value, tmpl_value(vpt)); /* Also dups taint */ + if (unlikely(fr_value_box_copy(value, value, tmpl_value(vpt)) < 0)) { + talloc_free(value); + return -1; /* Also dups taint */ + } goto done; } diff --git a/src/lib/server/tmpl_tokenize.c b/src/lib/server/tmpl_tokenize.c index fb89acfeac..d02682cb3b 100644 --- a/src/lib/server/tmpl_tokenize.c +++ b/src/lib/server/tmpl_tokenize.c @@ -1015,7 +1015,7 @@ int tmpl_afrom_value_box(TALLOC_CTX *ctx, tmpl_t **out, fr_value_box_t *data, bo if (steal) { if (fr_value_box_steal(vpt, tmpl_value(vpt), data) < 0) goto error; } else { - if (fr_value_box_copy(vpt, tmpl_value(vpt), data) < 0) goto error; + if (unlikely(fr_value_box_copy(vpt, tmpl_value(vpt), data) < 0)) goto error; } *out = vpt; @@ -3110,7 +3110,10 @@ static ssize_t tmpl_afrom_enum(TALLOC_CTX *ctx, tmpl_t **out, fr_sbuff_t *in, if (dv) { tmpl_init(vpt, TMPL_TYPE_DATA, T_BARE_WORD, fr_sbuff_start(&our_in), fr_sbuff_used(&our_in), t_rules); - (void) fr_value_box_copy(vpt, &vpt->data.literal, dv->value); + if (unlikely(fr_value_box_copy(vpt, &vpt->data.literal, dv->value) < 0)) { + talloc_free(vpt); + return -1; + } vpt->data.literal.enumv = t_rules->enumv; *out = vpt; diff --git a/src/lib/unlang/edit.c b/src/lib/unlang/edit.c index 38fd839326..1f2b0eaccc 100644 --- a/src/lib/unlang/edit.c +++ b/src/lib/unlang/edit.c @@ -1181,7 +1181,7 @@ static int check_lhs_value(request_t *request, unlang_frame_state_edit_t *state, data: MEM(box = fr_value_box_alloc_null(state)); - if (fr_value_box_copy(box, box, tmpl_value(vpt)) < 0) return -1; + if (unlikely(fr_value_box_copy(box, box, tmpl_value(vpt)) < 0)) return -1; fr_value_box_list_insert_tail(¤t->parent->rhs.list, box); @@ -1205,7 +1205,7 @@ static int check_lhs_value(request_t *request, unlang_frame_state_edit_t *state, vp = tmpl_dcursor_init(NULL, request, &cc, &cursor, request, vpt); while (vp) { MEM(box = fr_value_box_alloc_null(state)); - if (fr_value_box_copy(box, box, &vp->data) < 0) return -1; + if (unlikely(fr_value_box_copy(box, box, &vp->data) < 0)) return -1; fr_value_box_list_insert_tail(¤t->parent->rhs.list, box); diff --git a/src/lib/unlang/foreach.c b/src/lib/unlang/foreach.c index 3dbd687a6a..9deb297450 100644 --- a/src/lib/unlang/foreach.c +++ b/src/lib/unlang/foreach.c @@ -115,7 +115,7 @@ static int unlang_foreach_pair_copy(fr_pair_t *to, fr_pair_t *from, fr_dict_attr fr_pair_append(&to->vp_group, child); if (fr_type_is_leaf(child->vp_type)) { - if (fr_value_box_copy(child, &child->data, &vp->data) < 0) return -1; + if (unlikely(fr_value_box_copy(child, &child->data, &vp->data) < 0)) return -1; continue; } @@ -302,7 +302,10 @@ static unlang_action_t unlang_foreach_attr_next(unlang_result_t *p_result, reque if (fr_type_is_leaf(vp->vp_type)) { if (vp->vp_type == state->value->vp_type) { fr_value_box_clear_value(&vp->data); - (void) fr_value_box_copy(vp, &vp->data, &state->value->data); + if (unlikely(fr_value_box_copy(vp, &vp->data, &state->value->data) < 0)) { + RPEDEBUG("Failed copying value from %s to %s", state->value->da->name, vp->da->name); + return UNLANG_ACTION_FAIL; + } } else { /* * @todo - this shouldn't happen? @@ -863,7 +866,7 @@ void unlang_foreach_init(void) .unlang_size = sizeof(unlang_group_t), .unlang_name = "unlang_group_t", - }); + }); unlang_register(&(unlang_op_t){ .name = "continue", diff --git a/src/lib/unlang/xlat_eval.c b/src/lib/unlang/xlat_eval.c index 5a2d93bff8..92185c153e 100644 --- a/src/lib/unlang/xlat_eval.c +++ b/src/lib/unlang/xlat_eval.c @@ -1386,7 +1386,7 @@ xlat_action_t xlat_frame_eval(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_exp_head_ * because references aren't threadsafe. */ MEM(value = fr_value_box_alloc_null(ctx)); - if (fr_value_box_copy(value, value, &node->data) < 0) goto fail; + if (unlikely(fr_value_box_copy(value, value, &node->data) < 0)) goto fail; fr_dcursor_append(out, value); continue; @@ -1417,7 +1417,10 @@ xlat_action_t xlat_frame_eval(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_exp_head_ MEM(value = fr_value_box_alloc(ctx, tmpl_value_type(node->vpt), NULL)); - fr_value_box_copy(value, value, tmpl_value(node->vpt)); /* Also dups taint */ + if (unlikely(fr_value_box_copy(value, value, tmpl_value(node->vpt)) < 0)) { + talloc_free(value); + goto fail; + }; /* Also dups taint */ fr_value_box_list_insert_tail(&result, value); /* diff --git a/src/lib/unlang/xlat_expr.c b/src/lib/unlang/xlat_expr.c index 09165db77c..f7559dadf1 100644 --- a/src/lib/unlang/xlat_expr.c +++ b/src/lib/unlang/xlat_expr.c @@ -965,7 +965,7 @@ check: xlat_instance_unregister_func(parent); xlat_exp_set_type(parent, XLAT_BOX); - fr_value_box_copy(parent, &parent->data, box); + if (!fr_cond_assert(fr_value_box_copy(parent, &parent->data, box) == 0)) return false; return true; } @@ -1197,7 +1197,7 @@ static bool xlat_logical_or(xlat_logical_rctx_t *rctx, fr_value_box_list_t const } else { fr_value_box_clear(rctx->box); } - if (last) fr_value_box_copy(rctx->box, rctx->box, last); + if (last && !fr_cond_assert(fr_value_box_copy(rctx->box, rctx->box, last) == 0)) return false; return ret; } @@ -1301,7 +1301,7 @@ static bool xlat_logical_and(xlat_logical_rctx_t *rctx, fr_value_box_list_t cons } else { fr_value_box_clear(rctx->box); } - fr_value_box_copy(rctx->box, rctx->box, found); + if (!fr_cond_assert(fr_value_box_copy(rctx->box, rctx->box, found) == 0)) return false; return true; } diff --git a/src/lib/unlang/xlat_purify.c b/src/lib/unlang/xlat_purify.c index b3db159276..f2ce3d6bbb 100644 --- a/src/lib/unlang/xlat_purify.c +++ b/src/lib/unlang/xlat_purify.c @@ -31,14 +31,17 @@ RCSID("$Id$") #include #include -static void xlat_value_list_to_xlat(xlat_exp_head_t *head, fr_value_box_list_t *list) +static int xlat_value_list_to_xlat(xlat_exp_head_t *head, fr_value_box_list_t *list) { fr_value_box_t *box; xlat_exp_t *node; while ((box = fr_value_box_list_pop_head(list)) != NULL) { MEM(node = xlat_exp_alloc(head, XLAT_BOX, NULL, 0)); - fr_value_box_copy(node, &node->data, box); + if (unlikely(fr_value_box_copy(node, &node->data, box) < 0)) { + talloc_free(node); + return -1; + } if (node->data.type == FR_TYPE_STRING) { node->quote = T_DOUBLE_QUOTED_STRING; @@ -54,6 +57,8 @@ static void xlat_value_list_to_xlat(xlat_exp_head_t *head, fr_value_box_list_t * xlat_exp_insert_tail(head, node); } + + return 0; } static int xlat_purify_list_internal(xlat_exp_head_t *head, request_t *request, fr_token_t quote); @@ -273,7 +278,7 @@ static int xlat_purify_list_internal(xlat_exp_head_t *head, request_t *request, xlat_instance_unregister_func(node); xlat_exp_set_type(node, XLAT_GROUP); /* Frees the argument list */ - xlat_value_list_to_xlat(node->group, &list); + if (xlat_value_list_to_xlat(node->group, &list) < 0) return -1; node->flags = node->group->flags; break; } @@ -527,7 +532,10 @@ static int binary_peephole_optimize(TALLOC_CTX *ctx, xlat_exp_t **out, xlat_exp_ MEM(fr_value_box_aprint(node, &name, &box, NULL) >= 0); xlat_exp_set_name_shallow(node, name); - fr_value_box_copy(node, &node->data, &box); + if (unlikely(fr_value_box_copy(node, &node->data, &box) < 0)) { + talloc_free(node); + return -1; + } *out = node; diff --git a/src/lib/util/calc.c b/src/lib/util/calc.c index 968a9943dc..145b1597af 100644 --- a/src/lib/util/calc.c +++ b/src/lib/util/calc.c @@ -1188,7 +1188,7 @@ static int cast_ipv4_addr(fr_value_box_t *out, fr_value_box_t const *in) case FR_TYPE_IPV4_PREFIX: case FR_TYPE_IPV4_ADDR: - fr_value_box_copy(NULL, out, in); + if (unlikely(fr_value_box_copy(NULL, out, in) < 0)) return -1; break; case FR_TYPE_IPV6_ADDR: @@ -1390,7 +1390,7 @@ static int cast_ipv6_addr(fr_value_box_t *out, fr_value_box_t const *in) case FR_TYPE_IPV6_PREFIX: case FR_TYPE_IPV6_ADDR: - fr_value_box_copy(NULL, out, in); + if (unlikely(fr_value_box_copy(NULL, out, in) < 0)) return -1; break; case FR_TYPE_IPV4_ADDR: diff --git a/src/lib/util/dict_util.c b/src/lib/util/dict_util.c index e79f0004fd..f3d3ca9aa5 100644 --- a/src/lib/util/dict_util.c +++ b/src/lib/util/dict_util.c @@ -1856,7 +1856,7 @@ int dict_attr_enum_add_name(fr_dict_attr_t *da, char const *name, return -1; } } else { - if (fr_value_box_copy(enum_value, enum_value, value) < 0) { + if (unlikely(fr_value_box_copy(enum_value, enum_value, value) < 0)) { fr_strerror_printf_push("%s: Failed copying value into enum", __FUNCTION__); return -1; } diff --git a/src/lib/util/edit.c b/src/lib/util/edit.c index 359b91ec47..ee7d84ce90 100644 --- a/src/lib/util/edit.c +++ b/src/lib/util/edit.c @@ -146,7 +146,7 @@ static int edit_undo(fr_edit_t *e) case FR_EDIT_VALUE: fr_assert(fr_type_is_leaf(vp->vp_type)); if (!fr_type_is_fixed_size(vp->vp_type)) fr_value_box_clear(&vp->data); - fr_value_box_copy(vp, &vp->data, &e->data); + if (unlikely(fr_value_box_copy(vp, &vp->data, &e->data) < 0)) return -1; break; case FR_EDIT_CLEAR: @@ -507,7 +507,7 @@ static int edit_record(fr_edit_list_t *el, fr_edit_op_t op, fr_pair_t *vp, fr_pa fr_assert(ref == NULL); fr_assert(fr_type_is_leaf(vp->vp_type)); - fr_value_box_copy(e, &e->data, &vp->data); + if (unlikely(fr_value_box_copy(e, &e->data, &vp->data) < 0)) goto fail; break; case FR_EDIT_CLEAR: diff --git a/src/lib/util/pair.c b/src/lib/util/pair.c index c1d646ebc1..af392fb493 100644 --- a/src/lib/util/pair.c +++ b/src/lib/util/pair.c @@ -506,12 +506,13 @@ fr_pair_t *fr_pair_copy(TALLOC_CTX *ctx, fr_pair_t const *vp) */ if (fr_type_is_structural(n->vp_type)) { if (fr_pair_list_copy(n, &n->vp_group, &vp->vp_group) < 0) { + error: talloc_free(n); return NULL; } } else { - fr_value_box_copy(n, &n->data, &vp->data); + if (unlikely(fr_value_box_copy(n, &n->data, &vp->data) < 0)) goto error; } return n; @@ -2377,7 +2378,10 @@ int fr_pair_list_copy_to_box(fr_value_box_t *dst, fr_pair_list_t *from) fr_value_box_list_talloc_free_to_tail(&dst->vb_group, first_added); return -1; } - fr_value_box_copy(value, value, &vp->data); + if (unlikely(fr_value_box_copy(value, value, &vp->data) < 0)) { + talloc_free(value); + goto fail; + } } if (!first_added) first_added = value; @@ -2564,7 +2568,7 @@ int fr_pair_value_copy(fr_pair_t *dst, fr_pair_t *src) if (!fr_cond_assert(src->data.type != FR_TYPE_NULL)) return -1; fr_value_box_clear_value(&dst->data); - fr_value_box_copy(dst, &dst->data, &src->data); + if (unlikely(fr_value_box_copy(dst, &dst->data, &src->data) < 0)) return -1; /* * If either source or destination is secret, then this value is secret. diff --git a/src/lib/util/value.c b/src/lib/util/value.c index 8b90be1fb3..d9fbac2957 100644 --- a/src/lib/util/value.c +++ b/src/lib/util/value.c @@ -1298,7 +1298,7 @@ int fr_value_box_hton(fr_value_box_t *dst, fr_value_box_t const *src) case FR_TYPE_IFID: case FR_TYPE_ETHERNET: case FR_TYPE_SIZE: - fr_value_box_copy(NULL, dst, src); + if (unlikely(fr_value_box_copy(NULL, dst, src) < 0)) return -1; return 0; case FR_TYPE_NULL: @@ -4202,7 +4202,7 @@ void fr_value_box_copy_shallow(TALLOC_CTX *ctx, fr_value_box_t *dst, fr_value_bo { switch (src->type) { default: - fr_value_box_copy(NULL, dst, src); + if (unlikely(fr_value_box_copy(NULL, dst, src) < 0)) return; break; case FR_TYPE_STRING: diff --git a/src/lib/util/value.h b/src/lib/util/value.h index 7f25f2d352..be22948ca8 100644 --- a/src/lib/util/value.h +++ b/src/lib/util/value.h @@ -719,7 +719,7 @@ void fr_value_box_clear(fr_value_box_t *data) CC_HINT(nonnull(1)); int fr_value_box_copy(TALLOC_CTX *ctx, fr_value_box_t *dst, const fr_value_box_t *src) - CC_HINT(nonnull(2,3)); + CC_HINT(nonnull(2,3)) CC_HINT(warn_unused_result); void fr_value_box_copy_shallow(TALLOC_CTX *ctx, fr_value_box_t *dst, const fr_value_box_t *src) diff --git a/src/modules/rlm_cache/rlm_cache.c b/src/modules/rlm_cache/rlm_cache.c index ed3a46e421..2fd63a3359 100644 --- a/src/modules/rlm_cache/rlm_cache.c +++ b/src/modules/rlm_cache/rlm_cache.c @@ -939,7 +939,11 @@ xlat_action_t cache_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, (tmpl_list(map->lhs) != tmpl_list(target))) continue; MEM(vb = fr_value_box_alloc_null(ctx)); - fr_value_box_copy(vb, vb, tmpl_value(map->rhs)); + if (unlikely(fr_value_box_copy(vb, vb, tmpl_value(map->rhs)) < 0)) { + RPEDEBUG("Failed copying value from cache entry"); + talloc_free(vb); + return XLAT_ACTION_FAIL; + } fr_dcursor_append(out, vb); break; } diff --git a/src/modules/rlm_csv/rlm_csv.c b/src/modules/rlm_csv/rlm_csv.c index 1bc5ed86ba..9af403632d 100644 --- a/src/modules/rlm_csv/rlm_csv.c +++ b/src/modules/rlm_csv/rlm_csv.c @@ -1014,7 +1014,7 @@ static unlang_action_t CC_HINT(nonnull) mod_process(unlang_result_t *p_result, m */ slen = tmpl_aexpand_type(request, &key, FR_TYPE_VALUE_BOX, request, inst->key); if (slen < 0) { - DEBUG("Failed expanding key '%s'", inst->key->name); + REDEBUG("Failed expanding key '%s'", inst->key->name); RETURN_UNLANG_FAIL; } @@ -1025,14 +1025,19 @@ static unlang_action_t CC_HINT(nonnull) mod_process(unlang_result_t *p_result, m if (key->type != inst->key_data_type) { fr_value_box_t tmp; - fr_value_box_copy(request, &tmp, key); + if (unlikely(fr_value_box_copy(request, &tmp, key) < 0)) { + talloc_free(key); + REDEBUG("Failed copying %pV to data type '%s'", + &key, fr_type_to_str(inst->key_data_type)); + RETURN_UNLANG_FAIL; + } slen = fr_value_box_cast(request, key, inst->key_data_type, NULL, &tmp); fr_value_box_clear(&tmp); if (slen < 0) { talloc_free(key); - DEBUG("Failed casting %pV to data type '%s'", - &key, fr_type_to_str(inst->key_data_type)); + REDEBUG("Failed casting %pV to data type '%s'", + &key, fr_type_to_str(inst->key_data_type)); RETURN_UNLANG_FAIL; } } diff --git a/src/modules/rlm_files/rlm_files.c b/src/modules/rlm_files/rlm_files.c index 51459cee11..2cd9d14340 100644 --- a/src/modules/rlm_files/rlm_files.c +++ b/src/modules/rlm_files/rlm_files.c @@ -366,14 +366,17 @@ static int getrecv_filename(TALLOC_CTX *ctx, char const *filename, fr_htrie_t ** user_list->name = entry->name; user_list->box = fr_value_box_alloc(user_list, data_type, NULL); - (void) fr_value_box_copy(user_list, user_list->box, box); + if (unlikely(fr_value_box_copy(user_list, user_list->box, box) < 0)) { + PERROR("%s[%d] Failed copying key %s", + entry->filename, entry->lineno, entry->name); + } /* * Insert the new list header. */ if (!fr_htrie_insert(tree, user_list)) { - ERROR("%s[%d] Failed inserting key %s - %s", - entry->filename, entry->lineno, entry->name, fr_strerror()); + PERROR("%s[%d] Failed inserting key %s", + entry->filename, entry->lineno, entry->name); goto error; error: diff --git a/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c b/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c index d66026bb34..33384a3793 100644 --- a/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c +++ b/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c @@ -1654,15 +1654,17 @@ done: static int add_option_by_da(rlm_isc_dhcp_info_t *info, fr_dict_attr_t const *da) { - int ret; fr_pair_t *vp; if (!info->parent) return -1; /* internal error */ MEM(vp = fr_pair_afrom_da(info->parent, da)); - ret = fr_value_box_copy(vp, &(vp->data), info->argv[0]); - if (ret < 0) return ret; + /* TLS error buffer is checked */ + if (unlikely(fr_value_box_copy(vp, &(vp->data), info->argv[0]) < 0)) { + talloc_free(vp); + return -1; + } fr_pair_append(&info->parent->options, vp); @@ -1742,7 +1744,6 @@ static int parse_next_server(UNUSED rlm_isc_dhcp_tokenizer_t *state, rlm_isc_dhc */ static int apply_fixed_ip(rlm_isc_dhcp_t const *inst, request_t *request) { - int ret; rlm_isc_dhcp_info_t *host, *info; fr_pair_t *vp; fr_pair_t *yiaddr; @@ -1771,9 +1772,10 @@ static int apply_fixed_ip(rlm_isc_dhcp_t const *inst, request_t *request) MEM(vp = fr_pair_afrom_da(request->reply_ctx, attr_your_ip_address)); - ret = fr_value_box_copy(vp, &(vp->data), info->argv[0]); - if (ret < 0) return ret; - + if (unlikely(fr_value_box_copy(vp, &(vp->data), info->argv[0]) < 0)) { + RPEDEBUG("Failed assigning Your-IP-Address"); + return -1; + } fr_pair_append(&request->reply_pairs, vp); /* diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c index 55c849b060..2b64b9f23d 100644 --- a/src/modules/rlm_ldap/rlm_ldap.c +++ b/src/modules/rlm_ldap/rlm_ldap.c @@ -434,7 +434,11 @@ static xlat_action_t ldap_uri_escape_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, * If it's already safe, just copy it over. */ if (fr_value_box_is_safe_for_only(in_vb, LDAP_URI_SAFE_FOR)) { - fr_value_box_copy(vb, vb, in_vb); + if (unlikely(fr_value_box_copy(vb, vb, in_vb) < 0)) { + RPEDEBUG("Failed copying input argument to output"); + talloc_free(vb); + return XLAT_ACTION_FAIL; + } fr_dcursor_append(out, vb); return XLAT_ACTION_DONE; diff --git a/src/modules/rlm_redis_ippool/rlm_redis_ippool.c b/src/modules/rlm_redis_ippool/rlm_redis_ippool.c index 1d5c6f959f..4c7ffb465d 100644 --- a/src/modules/rlm_redis_ippool/rlm_redis_ippool.c +++ b/src/modules/rlm_redis_ippool/rlm_redis_ippool.c @@ -1159,7 +1159,10 @@ static unlang_action_t CC_HINT(nonnull) mod_update(unlang_result_t *p_result, mo .rhs = &ip_rhs }; - fr_value_box_copy(NULL, &ip_rhs.data.literal, &env->requested_address); + if (unlikely(fr_value_box_copy(NULL, &ip_rhs.data.literal, &env->requested_address) < 0)) { + RPEDEBUG("Failed copying IP address to reply attribute"); + RETURN_UNLANG_FAIL; + } if (map_to_request(request, &ip_map, map_to_vp, NULL) < 0) RETURN_UNLANG_FAIL; } diff --git a/src/modules/rlm_test/rlm_test.c b/src/modules/rlm_test/rlm_test.c index 825b0628cd..39784b3b05 100644 --- a/src/modules/rlm_test/rlm_test.c +++ b/src/modules/rlm_test/rlm_test.c @@ -386,7 +386,7 @@ static xlat_action_t test_xlat_passthrough(TALLOC_CTX *ctx, fr_dcursor_t *out, fr_value_box_list_foreach(in, vb_p) { MEM(vb = fr_value_box_alloc(ctx, FR_TYPE_STRING, NULL)); - if (fr_value_box_copy(vb, vb, vb_p) < 0) { + if (unlikely(fr_value_box_copy(vb, vb, vb_p) < 0)) { talloc_free(vb); return XLAT_ACTION_FAIL; } diff --git a/src/process/dhcpv6/base.c b/src/process/dhcpv6/base.c index c4147e7065..1e2f5c10fb 100644 --- a/src/process/dhcpv6/base.c +++ b/src/process/dhcpv6/base.c @@ -519,7 +519,13 @@ void status_code_add(process_dhcpv6_t const *inst, request_t *request, fr_value_ * Don't override the user status * code. */ - if (pair_update_reply(&vp, attr_status_code_value) == 0) fr_value_box_copy(vp, &vp->data, vb); + if (pair_update_reply(&vp, attr_status_code_value) == 0) { + if (unlikely(fr_value_box_copy(vp, &vp->data, vb) < 0)) { + RPERROR("Failed copying status code value"); + pair_delete_reply(vp); + return; + } + } /* * Move the module failure messages upwards diff --git a/src/process/dns/base.c b/src/process/dns/base.c index e8127ca619..6245bc8c65 100644 --- a/src/process/dns/base.c +++ b/src/process/dns/base.c @@ -349,7 +349,10 @@ void dns_rcode_add(fr_pair_t **rcode, request_t *request, fr_value_box_t const * */ MEM((ret = fr_pair_update_by_da_parent(request->reply_ctx, rcode, attr_rcode)) >= 0); if (ret == 0) { - fr_value_box_copy(*rcode, &(*rcode)->data, vb); + if (unlikely(fr_value_box_copy(*rcode, &(*rcode)->data, vb) < 0)) { + RPEDEBUG("Failed copying rcode value"); + return; + } (*rcode)->data.enumv = (*rcode)->da; /* Hack, boxes should have their enumv field populated */ } } diff --git a/src/process/radius/base.c b/src/process/radius/base.c index 3861424eaa..83287b98cc 100644 --- a/src/process/radius/base.c +++ b/src/process/radius/base.c @@ -289,7 +289,11 @@ void radius_request_pairs_to_reply(request_t *request, process_radius_rctx_t *rc fr_pair_t *vp; MEM(vp = fr_pair_afrom_da(request->reply_ctx, attr_proxy_state)); - fr_value_box_copy(vp, &vp->data, proxy_state_value); + if (unlikely(fr_value_box_copy(vp, &vp->data, proxy_state_value) < 0)) { + RDEBUG2("Failed to copy Proxy-State value %pV", proxy_state_value); + talloc_free(vp); + break; + } fr_pair_append(&request->reply_pairs, vp); RDEBUG3("reply.%pP", vp); } diff --git a/src/process/tacacs/base.c b/src/process/tacacs/base.c index b7c4f25576..df0cfddfa9 100644 --- a/src/process/tacacs/base.c +++ b/src/process/tacacs/base.c @@ -468,7 +468,11 @@ RESUME(auth_start) */ add_auth_flags: MEM(pair_append_reply(&vp, attr_tacacs_authentication_flags) >= 0); - (void) fr_value_box_copy(vp, &vp->data, enum_auth_flags_noecho); + if (unlikely(fr_value_box_copy(vp, &vp->data, enum_auth_flags_noecho) < 0)) { + RPEDEBUG("Failed creating Authentication-Flags attribute with No-Echo flag"); + pair_delete_reply(vp); + goto reject; + } vp->data.enumv = attr_tacacs_authentication_flags; goto send_reply; } diff --git a/src/protocols/der/decode.c b/src/protocols/der/decode.c index 71dda55e7b..b78657d69b 100644 --- a/src/protocols/der/decode.c +++ b/src/protocols/der/decode.c @@ -2441,7 +2441,7 @@ ssize_t fr_der_decode_pair_dbuff(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_a return -1; } - if (fr_value_box_copy(vp, &vp->data, flags->default_value) < 0) { + if (unlikely(fr_value_box_copy(vp, &vp->data, flags->default_value) < 0)) { talloc_free(vp); return -1; }