From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 2 Apr 2025 10:25:50 +0000 (-0400)
Subject: use strdup_shallow_replace here, too
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c6c91defee915cb4eab42ffab530c88486ae0097;p=thirdparty%2Ffreeradius-server.git

use strdup_shallow_replace here, too

and update json to say that literals in the config files are
safe for any.
---

diff --git a/src/lib/unlang/xlat_eval.c b/src/lib/unlang/xlat_eval.c
index efada4f30dc..d528994a9a9 100644
--- a/src/lib/unlang/xlat_eval.c
+++ b/src/lib/unlang/xlat_eval.c
@@ -289,6 +289,16 @@ static xlat_action_t xlat_process_arg_list(TALLOC_CTX *ctx, fr_value_box_list_t
 {
 	fr_value_box_t *vb;
 
+	/*
+	 *	The funtion may be URI or SQL, which have different sub-types.  So we call the function if it
+	 *	is NOT marked as "globally safe for SQL", but the called function may check the more specific
+	 *	flag "safe for MySQL".  And then things which aren't safe for MySQL are escaped, and then
+	 *	marked as "safe for MySQL".
+	 *
+	 *	Unfortunately, this doesn't work right now.  The output value-boxes are always mashed to the
+	 *	global SAFE_FOR value.  Fixing this involves changing the escape function to return 1, which
+	 *	would then mean "I set the safe_for value, so you don't need to".
+	 */
 #define ESCAPE(_arg, _vb, _arg_num) \
 do { \
 	if ((_arg)->func && (!fr_value_box_is_safe_for((_vb), (_arg)->safe_for) || (_arg)->always_escape)) { \
@@ -1360,27 +1370,22 @@ static ssize_t xlat_eval_sync(TALLOC_CTX *ctx, char **out, request_t *request, x
 			 *	For tainted boxes perform the requested escaping
 			 */
 			while ((vb = fr_value_box_list_next(&result, vb))) {
-				fr_value_box_entry_t entry;
 				size_t len, real_len;
 				char *escaped;
 
-				if (!vb->tainted) continue;
+				if (fr_value_box_is_safe_for(vb, FR_VALUE_BOX_SAFE_FOR_ANY)) continue;
 
-				if (fr_value_box_cast_in_place(pool, vb, FR_TYPE_STRING, NULL) < 0) {
+				if (fr_value_box_cast_in_place(vb, vb, FR_TYPE_STRING, NULL) < 0) {
 					RPEDEBUG("Failed casting result to string");
 					goto fail;
 				}
 
 				len = vb->vb_length * 3;
-				MEM(escaped = talloc_array(pool, char, len));
+				MEM(escaped = talloc_array(vb, char, len));
 				real_len = escape(request, escaped, len, vb->vb_strvalue, UNCONST(void *, escape_ctx));
 
-				entry = vb->entry;
-				fr_value_box_clear_value(vb);
-				fr_value_box_bstrndup(vb, vb, NULL, escaped, real_len, false);
-				vb->entry = entry;
-
-				talloc_free(escaped);
+				fr_value_box_strdup_shallow_replace(vb, escaped, real_len);
+				fr_value_box_mark_safe_for(vb, escape);
 			}
 		}
 
diff --git a/src/modules/rlm_json/rlm_json.c b/src/modules/rlm_json/rlm_json.c
index ee88610cb94..e99873e68d9 100644
--- a/src/modules/rlm_json/rlm_json.c
+++ b/src/modules/rlm_json/rlm_json.c
@@ -580,7 +580,7 @@ static int mod_bootstrap(module_inst_ctx_t const *mctx)
 	xlat_func_args_set(xlat, json_encode_xlat_arg);
 
 	if (map_proc_register(mctx->mi->boot, inst, "json", mod_map_proc,
-			      mod_map_proc_instantiate, sizeof(rlm_json_jpath_cache_t), 0) < 0) return -1;
+			      mod_map_proc_instantiate, sizeof(rlm_json_jpath_cache_t), FR_VALUE_BOX_SAFE_FOR_ANY) < 0) return -1;
 	return 0;
 }