From: James Jones <jejones3141@gmail.com>
Date: Thu, 27 Jul 2023 15:58:36 +0000 (-0500)
Subject: Check sbuff returns in header_source() (CIDs #150424, #150280) (#5116)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b56d9b9eabbe16d3a977ae12803c3b02e3fd5976;p=thirdparty%2Ffreeradius-server.git

Check sbuff returns in header_source() (CIDs #150424, #150280) (#5116)

It's seriously unlikely, since conf_buffer can use all the
memory there is, but in theory the generation of the SMTP header
*could* fail, and that's enough to make coverity kvetch.
---

diff --git a/src/modules/rlm_smtp/rlm_smtp.c b/src/modules/rlm_smtp/rlm_smtp.c
index 93b45fda99d..5fdb26db2e8 100644
--- a/src/modules/rlm_smtp/rlm_smtp.c
+++ b/src/modules/rlm_smtp/rlm_smtp.c
@@ -598,10 +598,12 @@ static int header_source(fr_mail_ctx_t *uctx, rlm_smtp_t const *inst)
 		fr_sbuff_init_talloc(uctx, &conf_buffer, &conf_ctx, 256, SIZE_MAX);
 
 		/* Format the conf item to be a valid SMTP header */
-		/* coverity[check_return] */
-		fr_sbuff_in_bstrncpy(&conf_buffer, header->name, strlen(header->name));
-		fr_sbuff_in_strcpy(&conf_buffer, ": ");
-		fr_sbuff_in_bstrncpy(&conf_buffer, expanded_rhs, strlen(expanded_rhs));
+		if (unlikely((fr_sbuff_in_bstrncpy(&conf_buffer, header->name, strlen(header->name)) < 0) ||
+			     (fr_sbuff_in_strcpy(&conf_buffer, ": ") < 0) ||
+			     (fr_sbuff_in_bstrncpy(&conf_buffer, expanded_rhs, strlen(expanded_rhs)) < 0))) {
+			RDEBUG2("Skipping: could not generate SMTP header");
+			continue;
+		}
 
 		/* Add the header to the curl slist */
 		uctx->header = curl_slist_append(uctx->header, fr_sbuff_buff(&conf_buffer));