From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Fri, 8 Oct 2021 16:13:15 +0000 (-0500)
Subject: Fix direct manipulation of boxes in tmpl_eval.c
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9da1ceb927701c1cb6a7649c584cd9d7c73248f7;p=thirdparty%2Ffreeradius-server.git

Fix direct manipulation of boxes in tmpl_eval.c
---

diff --git a/src/lib/server/tmpl_eval.c b/src/lib/server/tmpl_eval.c
index 0d5898fc7e2..1550a278409 100644
--- a/src/lib/server/tmpl_eval.c
+++ b/src/lib/server/tmpl_eval.c
@@ -605,13 +605,13 @@ ssize_t _tmpl_to_atype(TALLOC_CTX *ctx, void *out,
 	{
 		fr_value_box_t	tmp;
 		fr_type_t	src_type = FR_TYPE_STRING;
+		char		*result;
 
 		RDEBUG4("EXPAND TMPL XLAT");
 
 		/* Error in expansion, this is distinct from zero length expansion */
-		slen = xlat_aeval(tmp_ctx, (char **)&value.datum.ptr, request, vpt->name, escape, escape_ctx);
+		slen = xlat_aeval(tmp_ctx, &result, request, vpt->name, escape, escape_ctx);
 		if (slen < 0) goto error;
-		value.vb_length = slen;
 
 		/*
 		 *	Undo any of the escaping that was done by the
@@ -620,7 +620,7 @@ ssize_t _tmpl_to_atype(TALLOC_CTX *ctx, void *out,
 		 *	@fixme We need a way of signalling xlat not to escape things.
 		 */
 		ret = fr_value_box_from_str(tmp_ctx, &tmp, src_type, NULL,
-					    value.vb_strvalue, value.vb_length, '"', false);
+					    result, (size_t)slen, '"', false);
 		if (ret < 0) goto error;
 
 		fr_value_box_bstrndup_shallow(&value, NULL, tmp.vb_strvalue, tmp.vb_length, tmp.tainted);
@@ -632,17 +632,16 @@ ssize_t _tmpl_to_atype(TALLOC_CTX *ctx, void *out,
 	case TMPL_TYPE_REGEX_XLAT:
 	{
 		fr_value_box_t	tmp;
-		fr_type_t		src_type = FR_TYPE_STRING;
+		fr_type_t	src_type = FR_TYPE_STRING;
+		char		*result;
 
 		RDEBUG4("EXPAND TMPL XLAT STRUCT");
 		RDEBUG2("EXPAND %s", vpt->name); /* xlat_struct doesn't do this */
 
 		/* Error in expansion, this is distinct from zero length expansion */
-		slen = xlat_aeval_compiled(tmp_ctx, (char **)&value.datum.ptr, request, tmpl_xlat(vpt), escape, escape_ctx);
+		slen = xlat_aeval_compiled(tmp_ctx, &result, request, tmpl_xlat(vpt), escape, escape_ctx);
 		if (slen < 0) goto error;
 
-		value.vb_length = slen;
-
 		/*
 		 *	Undo any of the escaping that was done by the
 		 *	xlat expansion function.
@@ -650,7 +649,7 @@ ssize_t _tmpl_to_atype(TALLOC_CTX *ctx, void *out,
 		 *	@fixme We need a way of signalling xlat not to escape things.
 		 */
 		ret = fr_value_box_from_str(tmp_ctx, &tmp, src_type, NULL,
-					    value.vb_strvalue, value.vb_length, '"', false);
+					    result, (size_t)slen, '"', false);
 		if (ret < 0) goto error;
 
 		fr_value_box_bstrndup_shallow(&value, NULL, tmp.vb_strvalue, tmp.vb_length, tmp.tainted);
@@ -752,7 +751,7 @@ ssize_t _tmpl_to_atype(TALLOC_CTX *ctx, void *out,
 			 *	tmp_ctx is freed.
 			 */
 			if (value.datum.ptr && (talloc_parent(value.datum.ptr) == tmp_ctx)) {
-				value.datum.ptr = talloc_reparent(tmp_ctx, ctx, value.datum.ptr);
+				(void)talloc_reparent(tmp_ctx, ctx, value.datum.ptr);
 			}
 			break;