]>
git.ipfire.org Git - thirdparty/freeradius-server.git/log
Alan T. DeKok [Thu, 15 Sep 2022 18:40:55 +0000 (14:40 -0400)]
final step of edit fixups and tests
Alan T. DeKok [Wed, 14 Sep 2022 20:59:05 +0000 (16:59 -0400)]
typos, and work around merge issue with hex <=
Alan T. DeKok [Wed, 14 Sep 2022 19:59:48 +0000 (15:59 -0400)]
update test until we find time to track down other issues
Alan T. DeKok [Wed, 14 Sep 2022 19:57:47 +0000 (15:57 -0400)]
warnings, so they don't eat the real error
Alan T. DeKok [Wed, 14 Sep 2022 01:50:56 +0000 (21:50 -0400)]
more "rewrite to state functions"
Alan T. DeKok [Fri, 2 Sep 2022 12:33:25 +0000 (08:33 -0400)]
rename for clarity
Alan T. DeKok [Thu, 1 Sep 2022 23:49:37 +0000 (19:49 -0400)]
avoid using lhs.vp where possible
in preparation for making LHS into a cursor
Alan T. DeKok [Thu, 1 Sep 2022 23:14:02 +0000 (19:14 -0400)]
more cleanups to unify and simplify code
Alan T. DeKok [Thu, 1 Sep 2022 22:06:31 +0000 (18:06 -0400)]
allow multiple selectors for leaf attributes
Alan T. DeKok [Thu, 1 Sep 2022 16:09:30 +0000 (12:09 -0400)]
notes so that we don't forget
Alan T. DeKok [Thu, 1 Sep 2022 15:39:16 +0000 (11:39 -0400)]
remove unnecessary code
Alan T. DeKok [Thu, 1 Sep 2022 14:54:16 +0000 (10:54 -0400)]
more cleanups
move expand RHS list to its own function.
Remove in_parent_list as redundant
Alan T. DeKok [Thu, 1 Sep 2022 13:50:15 +0000 (09:50 -0400)]
more cleanups to use only one cursor for the LHS
Alan T. DeKok [Thu, 1 Sep 2022 13:10:02 +0000 (09:10 -0400)]
split up functions some more
Alan T. DeKok [Wed, 31 Aug 2022 21:00:01 +0000 (17:00 -0400)]
more cleanups to edit state functions
Alan T. DeKok [Wed, 31 Aug 2022 20:53:53 +0000 (16:53 -0400)]
more rearrange to state functions
Alan T. DeKok [Wed, 31 Aug 2022 20:26:47 +0000 (16:26 -0400)]
move to function-based approach
in preparation for further breaking down the code into smaller
functions, with less if / then / else logic. And then to move to
using dcursors
Alan T. DeKok [Wed, 14 Sep 2022 02:37:07 +0000 (22:37 -0400)]
%{...} can be T_BARE_WORD
Nick Porter [Wed, 14 Sep 2022 09:04:36 +0000 (10:04 +0100)]
No need to copy back files from FreeBSD VM
Nick Porter [Wed, 14 Sep 2022 08:03:05 +0000 (09:03 +0100)]
Check return of fr_pair_list_copy() (CID #
1514672 and
1514673 )
Alan T. DeKok [Wed, 14 Sep 2022 01:47:13 +0000 (21:47 -0400)]
minor rearrangement
we should check for bad LHS before parsing the RHS
Alan T. DeKok [Fri, 9 Sep 2022 14:22:38 +0000 (10:22 -0400)]
we should use test_fail, not fail for most situations
Alan T. DeKok [Thu, 8 Sep 2022 20:47:15 +0000 (16:47 -0400)]
try to get tmpl_dcursor insert / remove working
commented out because it doesn't work, and there's not yet time
to track it down
Alan T. DeKok [Fri, 9 Sep 2022 12:40:30 +0000 (08:40 -0400)]
print program to run after printing logs
Alan T. DeKok [Thu, 8 Sep 2022 20:47:01 +0000 (16:47 -0400)]
typo
Alan T. DeKok [Wed, 7 Sep 2022 20:26:57 +0000 (16:26 -0400)]
notes on how to quickly find failing tests
Alan T. DeKok [Fri, 2 Sep 2022 20:31:07 +0000 (16:31 -0400)]
fix fr_pair_iter_next_dcursor_value() and friends
Alan T. DeKok [Thu, 1 Sep 2022 22:13:39 +0000 (18:13 -0400)]
more cleanups
perl -p -i -e 's/&request\./&/' src/tests/keywords/*
except for "comments", because &Reply-Message is likely parsed
as &Reply - &Message. We'll have to track that down again
Alan T. DeKok [Thu, 1 Sep 2022 22:10:15 +0000 (18:10 -0400)]
simplification
perl -p -i -e 's/&request.Tmp/&Tmp/' src/tests/keywords/*
Alan T. DeKok [Wed, 31 Aug 2022 13:18:30 +0000 (09:18 -0400)]
update doxygen
Nick Porter [Tue, 13 Sep 2022 13:11:24 +0000 (14:11 +0100)]
Bump FreeBSD vm version
Nick Porter [Tue, 13 Sep 2022 10:54:42 +0000 (11:54 +0100)]
Don't use uninitialized variable
James Jones [Mon, 12 Sep 2022 23:41:47 +0000 (18:41 -0500)]
Annotate false positive uninit_use (CID #
1503898 ) (#4719)
find is uninitialized and only has a small portion of find.addr.inet
set in fr_redis_cluster_pool_by_node_addr(), but then all of find.addr
is assigned to spare->pending_addr, hence coverity complains. It turna
out, though, that cluster_node_connect() only uses the part that did
get set.
James Jones [Mon, 12 Sep 2022 23:41:36 +0000 (18:41 -0500)]
Typo (#4714)
copy/paste strikes again
James Jones [Mon, 12 Sep 2022 23:41:25 +0000 (18:41 -0500)]
Deal with complaints about len parameter of fr_udp_checksum (CIDs below) (#4712)
1504068 ,
1503957 , 150468: use the value l4_len directly so it's not
fed through two byte swaps and hence tainted.
James Jones [Mon, 12 Sep 2022 23:41:09 +0000 (18:41 -0500)]
Annotate xlat uses of known good values from dlsts (CIDs follow) (#4708)
By the time these functions are called, the dlists are known
to have the needed list items.
CIDs:
1506634 ,
1506635 ,
1506636 ,
1506637 ,
1506638 ,
1506639 ,
1506640 ,
1506641 ,
1506642 ,
1506643
James Jones [Mon, 12 Sep 2022 23:40:27 +0000 (18:40 -0500)]
Cast remaining non-checked fr_pair_list_copy() calls to void (CIDs below) (#4682)
CIDs: #
1504051 , #
1507255
James Jones [Mon, 12 Sep 2022 23:39:06 +0000 (18:39 -0500)]
Consistently use bracket, not brace, for annotations (CID #
1448182 ) (#4704)
Typo
James Jones [Mon, 12 Sep 2022 23:35:29 +0000 (18:35 -0500)]
one more sbuff_tests.c annotation (CID #
1504019 ) (#4699)
Missed onefr_sbuff_out_bstrncpy_until() that coverity doesn't
realize will always put *something* in the sbuff
James Jones [Mon, 12 Sep 2022 23:34:47 +0000 (18:34 -0500)]
Annotate false positive tainted_data (CID #
1503893 ) (#4713)
In fr_dhcv4_raw_packet_recv() (is there a reason for that
spelling?), coverity claims the downcast of packet->data
in the fr_dhcpv4_packet_get_option() call taints the contents
of packet->data, but it's cast to, and the called function
takes, a const-qualified pointer, so in what sense can it be
tainted?
James Jones [Mon, 12 Sep 2022 23:34:17 +0000 (18:34 -0500)]
Deal with coverity tainted data defect in mod_track_create() (CID #14… (#4718)
* Deal with coverity tainted data defect in mod_track_create() (CID #
1469134 )
Added a test to make sure option + option_len doesn't extend off
the end of the packet. Since in other cases, coverity doesn't
recognize the range check that it asks for, we annotate it, too.
* Brackets
Co-authored-by: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
James Jones [Mon, 12 Sep 2022 23:31:56 +0000 (18:31 -0500)]
move first use after NULL check (CID #
1503920 ) (#4715)
James Jones [Mon, 12 Sep 2022 23:30:52 +0000 (18:30 -0500)]
Check for NULL return from xlat_register() (CID #
1507059 ) (#4721)
Barring issues with args, xlat_func_args() will dereference the
xlat_t * handed it, and xlat_register()'s callers do check for
error return, so it makes sense to check what xlat_register()
returns and return error in that case.
James Jones [Wed, 7 Sep 2022 20:28:44 +0000 (15:28 -0500)]
Annotate false positive uninit (CID #
1503938 , #
1504037 ) (#4716)
Both instances appear in the same printf() call.
1503938 : flags is large enough that fr_dict_attr_flags_print()
will not run out of space, the only way it can return
an error.
1504037 : NULL is passed as the ancestor, and coverity doesn't
complain about evaluating da->type, so it must not
think da is NULL. Given that, the fr_dict_attr_oid_print()
call here also can only fail by running out of room.
oid_str is 512 bytes, but here the length depends on
da->depth. It appears that 512 bytes suffices in practice,
but we'll check the return value and exit after logging
an error if it proves not to.
James Jones [Wed, 7 Sep 2022 20:28:09 +0000 (15:28 -0500)]
Annotate false positive tainted_data (CID #
1243443 ) (#4717)
Coverity doesn't realize that eap_validation(), which is called
before eap_identity(), range checks the length.
Arran Cudbard-Bell [Mon, 5 Sep 2022 20:38:20 +0000 (16:38 -0400)]
Wordsmithing
Arran Cudbard-Bell [Mon, 5 Sep 2022 20:24:18 +0000 (16:24 -0400)]
sbuff-ng
Nick Porter [Mon, 5 Sep 2022 07:26:52 +0000 (08:26 +0100)]
Ensure out is set on all return paths
Arran Cudbard-Bell [Sun, 4 Sep 2022 20:56:24 +0000 (16:56 -0400)]
Use the FR_SBUFF_SET_RETURN macro
Arran Cudbard-Bell [Sun, 4 Sep 2022 20:53:04 +0000 (16:53 -0400)]
Use the FR_SBUFF_RETURN_ERROR macro
Arran Cudbard-Bell [Sun, 4 Sep 2022 20:51:21 +0000 (16:51 -0400)]
Switch the majority of xlat functions and condition functions to returning fr_sbuff_error
Arran Cudbard-Bell [Sun, 4 Sep 2022 04:38:38 +0000 (00:38 -0400)]
Have base* functions return fr_slen_t
Arran Cudbard-Bell [Sun, 4 Sep 2022 04:34:02 +0000 (00:34 -0400)]
Move regex_flag_parse to fr_slen_t
Arran Cudbard-Bell [Sun, 4 Sep 2022 04:19:43 +0000 (00:19 -0400)]
Use fr_sbuff_error in more places
Arran Cudbard-Bell [Sun, 4 Sep 2022 03:28:16 +0000 (23:28 -0400)]
Fix unsafe dereferences of fr_sbuff_current
Add significantly simpler error handling logic
Arran Cudbard-Bell [Sat, 3 Sep 2022 16:17:03 +0000 (12:17 -0400)]
Rework filter parsing
Now prouces fr_slen_t offsets which are increased by one...
Rework is to prep for more complex filters in future...
Arran Cudbard-Bell [Sat, 3 Sep 2022 16:04:58 +0000 (12:04 -0400)]
Fix output format so jump to line works with vscode
Arran Cudbard-Bell [Sat, 3 Sep 2022 15:44:26 +0000 (11:44 -0400)]
Add safe macros for switching over sbuffs
Arran Cudbard-Bell [Sat, 3 Sep 2022 15:10:10 +0000 (11:10 -0400)]
Use accessors for more tmpl fields
Arran Cudbard-Bell [Tue, 30 Aug 2022 22:29:50 +0000 (17:29 -0500)]
Update example site with correct location of session-id for eap_aka_sim
github-actions[bot] [Sat, 3 Sep 2022 09:58:29 +0000 (09:58 +0000)]
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv4.tar
github-actions[bot] [Sat, 3 Sep 2022 09:58:24 +0000 (09:58 +0000)]
Scheduled fuzzing: Update src/tests/fuzzer-corpus/radius.tar
github-actions[bot] [Sat, 3 Sep 2022 09:58:22 +0000 (09:58 +0000)]
Scheduled fuzzing: Update src/tests/fuzzer-corpus/util.tar
github-actions[bot] [Sat, 3 Sep 2022 09:58:18 +0000 (09:58 +0000)]
Scheduled fuzzing: Update src/tests/fuzzer-corpus/tftp.tar
github-actions[bot] [Sat, 3 Sep 2022 09:58:16 +0000 (09:58 +0000)]
Scheduled fuzzing: Update src/tests/fuzzer-corpus/vmps.tar
github-actions[bot] [Sat, 3 Sep 2022 09:58:13 +0000 (09:58 +0000)]
Scheduled fuzzing: Update src/tests/fuzzer-corpus/tacacs.tar
github-actions[bot] [Sat, 3 Sep 2022 09:58:10 +0000 (09:58 +0000)]
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dns.tar
github-actions[bot] [Sat, 3 Sep 2022 09:58:06 +0000 (09:58 +0000)]
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv6.tar
James Jones [Thu, 1 Sep 2022 20:24:56 +0000 (15:24 -0500)]
Annotate false positive tainted_data (CID #
1451665 ) (#4709)
This one is interesting. fr_radius_packet_log_hex(), called
if NDEBUG is defined and the debug level is high enough, in
turn calls fr_nbo_to_uint16() and fr_box_octets(). The results
are used in log messages, Typically when bytes are swapped, the
entity to which the result is stored is considered tainted, but
here coverity thinks the data being read is tainted. That
propagates back to place where the defect is claimed.
Jorge Pereira [Thu, 1 Sep 2022 20:21:46 +0000 (17:21 -0300)]
More convert from 'update {....}' to 'edit' against src/tests/keywords (#4710)
James Jones [Thu, 1 Sep 2022 16:29:43 +0000 (11:29 -0500)]
Annotate false positive tainted_data (CID #
1503921 ) (#4711)
By construction, 0 <= offset <= 0x3fff, so it is in range as
a subscript for fr_dns_marker.
Alan T. DeKok [Wed, 31 Aug 2022 13:06:30 +0000 (09:06 -0400)]
typo
Nick Porter [Tue, 30 Aug 2022 15:48:32 +0000 (16:48 +0100)]
Better way to check test server is defined
Alan T. DeKok [Tue, 30 Aug 2022 20:44:18 +0000 (16:44 -0400)]
only create VPs for := and =
Alan T. DeKok [Tue, 30 Aug 2022 20:37:02 +0000 (16:37 -0400)]
reference the correct tmpl
Alan T. DeKok [Tue, 30 Aug 2022 19:59:17 +0000 (15:59 -0400)]
more "convert to update"
Alan T. DeKok [Tue, 30 Aug 2022 19:42:47 +0000 (15:42 -0400)]
list may be empty
Alan T. DeKok [Tue, 30 Aug 2022 19:26:53 +0000 (15:26 -0400)]
convert whitespace to tabs
Alan T. DeKok [Tue, 30 Aug 2022 19:24:12 +0000 (15:24 -0400)]
add help target
Alan T. DeKok [Tue, 30 Aug 2022 19:20:11 +0000 (15:20 -0400)]
more "convert to update"
Alan T. DeKok [Tue, 30 Aug 2022 19:03:22 +0000 (15:03 -0400)]
test index assignments
Alan T. DeKok [Tue, 30 Aug 2022 17:54:57 +0000 (13:54 -0400)]
[1] is not the same as NUM_UNSPEC
Alan T. DeKok [Tue, 30 Aug 2022 16:47:19 +0000 (12:47 -0400)]
forbid [*] and [#] on the LHS of edit assignments
and update the scripts in all.mk to handle [*] in output
Alan T. DeKok [Tue, 30 Aug 2022 14:04:51 +0000 (10:04 -0400)]
add CONF_ITEM* to unlang_t
so that we can track where each instruction was created from.
and instructions generated from CONF_PAIRs can also get queried
for their filename and line number.
Alan T. DeKok [Tue, 30 Aug 2022 13:44:27 +0000 (09:44 -0400)]
ensure that the group always has a CONF_SECTION pointer
James Jones [Tue, 30 Aug 2022 14:08:08 +0000 (09:08 -0500)]
Initialize rather than memcpy() (CID #
1508486 ) (#4707)
Nick Porter [Fri, 19 Aug 2022 16:07:20 +0000 (17:07 +0100)]
Add Active Direcotory test server variable
Nick Porter [Fri, 19 Aug 2022 16:02:44 +0000 (17:02 +0100)]
Define tests for Active Directory LDAP server
Nick Porter [Fri, 19 Aug 2022 16:01:46 +0000 (17:01 +0100)]
Run tests on Active Directory LDAP server
Nick Porter [Fri, 19 Aug 2022 15:54:47 +0000 (16:54 +0100)]
Add config for testing Active Directory LDAP server
Nick Porter [Fri, 19 Aug 2022 15:41:37 +0000 (16:41 +0100)]
Add samba to test build
James Jones [Mon, 29 Aug 2022 19:39:07 +0000 (14:39 -0500)]
Deal with (possibly false positive) untrusted values. (CIDs below) (#4701)
1445221 : length is checked for consistency with packet length;
annotated.
1448175 : pulled the checksum validation into the block declaring
udp_len, to make it clear that it *is* range checked.
Annotated anyway, because coverity hasn't noticed other
such clear range checks.
1448175 : len is range checked just before the call to memcpy(),
which is what coverity says should be done. Annotated.
1503937 : the check of p effectively sanity checks count; annotated.
1503954 : before the fr_pair_tlvs_from_network() call, option_len
is indeed checked; annotated.
1503968 : length is checked; perhaps coverity doesn't recognize
that (option + 4 + length) > end is equivalent to
length > end - (option + 4). Annotated.
Co-authored-by: Alan DeKok <aland@freeradius.org>
James Jones [Mon, 29 Aug 2022 17:37:27 +0000 (12:37 -0500)]
Correct print_hex_data() parameters in fr_vmps_print_hex() (#4700)
For the loop printing the trailing portions of the packet to be
correct, length must include the four-byte id and two-byte length
as well as the following data. id and length are explicitly printed,
so print_hex_data() would presumably show what follows, but that
would start at attr + 6 and only be length - 6 bytes.
Nick Porter [Mon, 13 Jun 2022 09:02:38 +0000 (10:02 +0100)]
Add test server variable for persistent search tests
Nick Porter [Thu, 21 Apr 2022 15:29:26 +0000 (16:29 +0100)]
Define tests for persistent search LDAP server
Nick Porter [Thu, 21 Apr 2022 15:28:50 +0000 (16:28 +0100)]
Run tests for persistent search LDAP server
Nick Porter [Thu, 21 Apr 2022 15:27:47 +0000 (16:27 +0100)]
Add config for testing persistent search LDAP server
Nick Porter [Thu, 21 Apr 2022 15:15:04 +0000 (16:15 +0100)]
Add 389 Directory Server to test build
Nick Porter [Wed, 20 Apr 2022 18:36:21 +0000 (19:36 +0100)]
Add ldap_sync tests to test target
Nick Porter [Wed, 20 Apr 2022 18:27:20 +0000 (19:27 +0100)]
Add test server variables for RFC4533 ldap sync tests