From: Nikolai Kondrashov Date: Fri, 30 Jan 2015 14:13:57 +0000 (+0200) Subject: Don't dereference NULL cs in cf_item_parse X-Git-Tag: release_2_2_7~24^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F895%2Fhead;p=thirdparty%2Ffreeradius-server.git Don't dereference NULL cs in cf_item_parse Avoid dereferencing NULL cs in cf_item_parse and cf_reference_item it invokes. This fixes the following Coverity errors: Error: FORWARD_NULL (CWE-476): freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null. freeradius-server-2.2.6/src/main/conffile.c:932: var_deref_op: Dereferencing null pointer "cs". Error: FORWARD_NULL (CWE-476): freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null. freeradius-server-2.2.6/src/main/conffile.c:938: var_deref_op: Dereferencing null pointer "cs". Error: FORWARD_NULL (CWE-476): freeradius-server-2.2.6/src/main/conffile.c:958: var_compare_op: Comparing "cs" to null implies that "cs" might be null. freeradius-server-2.2.6/src/main/conffile.c:963: var_deref_model: Passing null pointer "cs" to "cf_expand_variables", which dereferences it. freeradius-server-2.2.6/src/main/conffile.c:782:4: deref_parm_in_call: Function "cf_reference_item" dereferences "outercs". freeradius-server-2.2.6/src/main/conffile.c:597:25: var_assign_parm: Assigning: "cs" = "outercs". freeradius-server-2.2.6/src/main/conffile.c:615:4: deref_var: Dereferencing "cs" (which is a copy of "outercs"). Error: FORWARD_NULL (CWE-476): freeradius-server-2.2.6/src/main/conffile.c:958: var_compare_op: Comparing "cs" to null implies that "cs" might be null. freeradius-server-2.2.6/src/main/conffile.c:973: var_deref_op: Dereferencing null pointer "cs". Error: FORWARD_NULL (CWE-476): freeradius-server-2.2.6/src/main/conffile.c:994: var_compare_op: Comparing "cs" to null implies that "cs" might be null. freeradius-server-2.2.6/src/main/conffile.c:1009: var_deref_op: Dereferencing null pointer "cs". Error: FORWARD_NULL (CWE-476): freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null. freeradius-server-2.2.6/src/main/conffile.c:1041: var_deref_op: Dereferencing null pointer "cs". Error: FORWARD_NULL (CWE-476): freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null. freeradius-server-2.2.6/src/main/conffile.c:1051: var_deref_op: Dereferencing null pointer "cs". Error: FORWARD_NULL (CWE-476): freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null. freeradius-server-2.2.6/src/main/conffile.c:1054: var_deref_op: Dereferencing null pointer "cs". Error: FORWARD_NULL (CWE-476): freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null. freeradius-server-2.2.6/src/main/conffile.c:1066: var_deref_op: Dereferencing null pointer "cs". --- diff --git a/src/main/conffile.c b/src/main/conffile.c index bd993e3701..974e092cf5 100644 --- a/src/main/conffile.c +++ b/src/main/conffile.c @@ -598,6 +598,9 @@ CONF_ITEM *cf_reference_item(const CONF_SECTION *parentcs, char name[8192]; char *p; + if (cs == NULL) + goto no_such_item; + strlcpy(name, ptr, sizeof(name)); p = name; @@ -895,9 +898,16 @@ int cf_item_parse(CONF_SECTION *cs, const char *name, const char *value; fr_ipaddr_t ipaddr; const CONF_PAIR *cp = NULL; + int depth; char ipbuf[128]; - if (cs) cp = cf_pair_find(cs, name); + if (cs) { + depth = cs->depth; + cp = cf_pair_find(cs, name); + } else { + depth = 0; + } + if (cp) { value = cp->value; @@ -930,13 +940,13 @@ int cf_item_parse(CONF_SECTION *cs, const char *name, return -1; } cf_log_info(cs, "%.*s\t%s = %s", - cs->depth, parse_spaces, name, value); + depth, parse_spaces, name, value); break; case PW_TYPE_INTEGER: *(int *)data = strtol(value, 0, 0); cf_log_info(cs, "%.*s\t%s = %d", - cs->depth, parse_spaces, name, *(int *)data); + depth, parse_spaces, name, *(int *)data); break; case PW_TYPE_STRING_PTR: @@ -971,7 +981,7 @@ int cf_item_parse(CONF_SECTION *cs, const char *name, } cf_log_info(cs, "%.*s\t%s = \"%s\"", - cs->depth, parse_spaces, name, value ? value : "(null)"); + depth, parse_spaces, name, value ? value : "(null)"); *q = value ? strdup(value) : NULL; break; @@ -1007,7 +1017,7 @@ int cf_item_parse(CONF_SECTION *cs, const char *name, } cf_log_info(cs, "%.*s\t%s = \"%s\"", - cs->depth, parse_spaces, name, value ? value : "(null)"); + depth, parse_spaces, name, value ? value : "(null)"); *q = value ? strdup(value) : NULL; /* @@ -1039,7 +1049,7 @@ int cf_item_parse(CONF_SECTION *cs, const char *name, if (strcmp(value, "*") == 0) { *(uint32_t *) data = htonl(INADDR_ANY); cf_log_info(cs, "%.*s\t%s = *", - cs->depth, parse_spaces, name); + depth, parse_spaces, name); break; } if (ip_hton(value, AF_INET, &ipaddr) < 0) { @@ -1049,10 +1059,10 @@ int cf_item_parse(CONF_SECTION *cs, const char *name, if (strspn(value, "0123456789.") == strlen(value)) { cf_log_info(cs, "%.*s\t%s = %s", - cs->depth, parse_spaces, name, value); + depth, parse_spaces, name, value); } else { cf_log_info(cs, "%.*s\t%s = %s IP address [%s]", - cs->depth, parse_spaces, name, value, + depth, parse_spaces, name, value, ip_ntoh(&ipaddr, ipbuf, sizeof(ipbuf))); } *(uint32_t *) data = ipaddr.ipaddr.ip4addr.s_addr; @@ -1064,7 +1074,7 @@ int cf_item_parse(CONF_SECTION *cs, const char *name, return -1; } cf_log_info(cs, "%.*s\t%s = %s IPv6 address [%s]", - cs->depth, parse_spaces, name, value, + depth, parse_spaces, name, value, ip_ntoh(&ipaddr, ipbuf, sizeof(ipbuf))); memcpy(data, &ipaddr.ipaddr.ip6addr, sizeof(ipaddr.ipaddr.ip6addr));