From: Alan T. DeKok <aland@freeradius.org>
Date: Mon, 30 Oct 2023 12:56:08 +0000 (-0400)
Subject: add tainted flag
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=70f2a010a6b62d868ba77597dc57de439e75c6be;p=thirdparty%2Ffreeradius-server.git

add tainted flag

so that we don't have to walk down the list of VPs after creating
them.
---

diff --git a/src/lib/unlang/edit.c b/src/lib/unlang/edit.c
index 2f68e668e28..d9f92fb22f9 100644
--- a/src/lib/unlang/edit.c
+++ b/src/lib/unlang/edit.c
@@ -331,6 +331,7 @@ static int apply_edits_to_list(request_t *request, unlang_frame_state_edit_t *st
 			.da = da,
 			.list = children,
 			.allow_compare = true,
+			.tainted = box->tainted,
 		};
 		relative = (fr_pair_parse_t) { };
 
diff --git a/src/lib/util/pair.c b/src/lib/util/pair.c
index 9f293600787..f56ea059c93 100644
--- a/src/lib/util/pair.c
+++ b/src/lib/util/pair.c
@@ -3561,17 +3561,13 @@ void fr_pair_list_afrom_box(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_t cons
 		.da = fr_dict_root(dict),
 		.list = out,
 		.allow_crlf = true,
+		.tainted = box->tainted,
 	};
 	relative = (fr_pair_parse_t) { };
 
 	if (fr_pair_list_afrom_substr(&root, &relative, &FR_SBUFF_IN(box->vb_strvalue, box->vb_length)) < 0) {
 		return;
 	}
-
-	/*
-	 *	Mark the attributes as tainted.
-	 */
-	if (box->tainted) fr_pair_list_tainted(out);
 }
 
 static const char spaces[] = "                                                                                                                                ";
diff --git a/src/lib/util/pair_legacy.c b/src/lib/util/pair_legacy.c
index c2583cebdc2..73f83571196 100644
--- a/src/lib/util/pair_legacy.c
+++ b/src/lib/util/pair_legacy.c
@@ -92,7 +92,7 @@ static fr_sbuff_parse_rules_t const bareword_unquoted = {
 };
 
 
-static ssize_t fr_pair_value_from_substr(fr_pair_t *vp, fr_sbuff_t *in)
+static ssize_t fr_pair_value_from_substr(fr_pair_t *vp, fr_sbuff_t *in, bool tainted)
 {
 	char quote;
 	ssize_t slen;
@@ -106,21 +106,19 @@ static ssize_t fr_pair_value_from_substr(fr_pair_t *vp, fr_sbuff_t *in)
 		rules = &value_parse_rules_single_quoted;
 		quote = '\'';
 
-#if 0
 		/*
 		 *	We don't support backticks here.
 		 */
-	} else if (fr_sbuff_next_if_char(in, '\'')) {
-		rules = &value_parse_rules_backtick_quoted;
-		quote = '`';
+	} else if (fr_sbuff_is_char(in, '\'')) {
+		fr_strerror_const("Backticks are not supported here");
+		return 0;
 
-#endif
 	} else {
 		rules = &bareword_unquoted;
 		quote = '\0';
 	}
 
-	slen = fr_value_box_from_substr(vp, &vp->data, vp->da->type, vp->da, in, rules, false);
+	slen = fr_value_box_from_substr(vp, &vp->data, vp->da->type, vp->da, in, rules, tainted);
 	if (slen < 0) return slen - (quote != 0);
 
 	if (quote && !fr_sbuff_next_if_char(in, quote)) {
@@ -131,6 +129,17 @@ static ssize_t fr_pair_value_from_substr(fr_pair_t *vp, fr_sbuff_t *in)
 	return slen + ((quote != 0) << 1);
 }
 
+/**  Parse a #fr_pair_list_t from a substring
+ *
+ * @param[in] root	where we start parsing from
+ * @param[in,out] relative where we left off, or where we should continue from
+ * @param[in] in	input sbuff
+ * @return
+ *	- <0 on error
+ *	- 0 on no input
+ *	- >0 on how many bytes of input we read
+ *
+ */
 fr_slen_t fr_pair_list_afrom_substr(fr_pair_parse_t const *root, fr_pair_parse_t *relative,
 				    fr_sbuff_t *in)
 {
@@ -156,6 +165,7 @@ fr_slen_t fr_pair_list_afrom_substr(fr_pair_parse_t const *root, fr_pair_parse_t
 redo:
 	append = true;
 	raw = raw_octets = false;
+	relative->last_char = 0;
 
 	fr_sbuff_adv_past_whitespace(&our_in, SIZE_MAX, NULL);
 
@@ -500,19 +510,26 @@ redo:
 		return fr_sbuff_error(&our_in);
 	}
 
-	slen = fr_pair_value_from_substr(vp, &our_in);
+	slen = fr_pair_value_from_substr(vp, &our_in, relative->tainted);
 	if (slen <= 0) return fr_sbuff_error(&our_in) + slen;
 
 done:
 	PAIR_VERIFY(vp);
 
-	keep_going = fr_sbuff_next_if_char(&our_in, ',');
+	keep_going = false;
+	if (fr_sbuff_next_if_char(&our_in, ',')) {
+		keep_going = true;
+		relative->last_char = ',';
+	}
 
 	if (relative->allow_crlf) {
 		size_t len;
 
 		len = fr_sbuff_adv_past_allowed(&our_in, SIZE_MAX, sbuff_char_line_endings, NULL);
-		keep_going |= (len > 0);
+		if (len) {
+			keep_going |= true;
+			if (!relative->last_char) relative->last_char = '\n';
+		}
 	}
 
 	keep_going &= ((fr_sbuff_remaining(&our_in) > 0) || (fr_sbuff_extend(&our_in) > 0));
diff --git a/src/lib/util/pair_legacy.h b/src/lib/util/pair_legacy.h
index b2837a2fa84..5f3ef16685a 100644
--- a/src/lib/util/pair_legacy.h
+++ b/src/lib/util/pair_legacy.h
@@ -41,10 +41,12 @@ void		fr_pair_list_move_op(fr_pair_list_t *to, fr_pair_list_t *from, fr_token_t
 
 typedef struct fr_pair_parse_s {
 	TALLOC_CTX		*ctx;
-	fr_dict_attr_t const	*da;
-	fr_pair_list_t		*list;
-	bool			allow_compare;
-	bool			allow_crlf;
+	fr_dict_attr_t const	*da;		//!< root da to start parsing from
+	fr_pair_list_t		*list;		//!< list where output is placed
+	bool			allow_compare;	//!< allow comparison operators
+	bool			allow_crlf;	//!< allow CRLF, and treat like comma
+	bool			tainted;	//!< source is tainted
+	char			last_char;	//!< last character we read - ',', '\n', or 0 for EOF
 } fr_pair_parse_t;
 
 fr_slen_t fr_pair_list_afrom_substr(fr_pair_parse_t const *root, fr_pair_parse_t *relative,