From: Francesco Chemolli Date: Thu, 2 Jun 2022 14:29:21 +0000 (+0000) Subject: Fix uninitalised var in eDirectory digest helper (#1043) X-Git-Tag: SQUID_6_0_1~176 X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=3654db9ae6ddea7402d7d111a8e6da94825053d8;p=thirdparty%2Fsquid.git Fix uninitalised var in eDirectory digest helper (#1043) In certain conditions, some string pointers in the eDirecotry digest helper might be read before they are initialized. Initialize them. Detected by Coverity, CID 1494358 (Uninitialized scalar variable). --- diff --git a/src/auth/digest/eDirectory/ldap_backend.cc b/src/auth/digest/eDirectory/ldap_backend.cc index feeb5dc516..e5bd87bcf6 100644 --- a/src/auth/digest/eDirectory/ldap_backend.cc +++ b/src/auth/digest/eDirectory/ldap_backend.cc @@ -11,13 +11,14 @@ */ #include "squid.h" +#include + #define LDAP_DEPRECATED 1 #include "auth/digest/eDirectory/ldap_backend.h" #if _SQUID_WINDOWS_ && !_SQUID_CYGWIN_ -#define snprintf _snprintf #include #include #ifndef LDAPAPI @@ -177,7 +178,7 @@ ldap_escape_value(char *escaped, int size, const char *src) if (size > 0) { *escaped = '\\'; ++escaped; - snprintf(escaped, 3, "%02x", (int) *src); + std::snprintf(escaped, 3, "%02x", (int) *src); ++src; escaped += 2; } @@ -204,7 +205,9 @@ getpassword(char *login, char *realm) char *password = NULL; int retry = 0; char filter[8192]; + *filter = '\0'; char searchbase[8192]; + *searchbase = '\0'; char *universal_password = NULL; size_t universal_password_len = 256; int nmas_res = 0; @@ -212,9 +215,9 @@ getpassword(char *login, char *realm) if (ld) { if (usersearchfilter) { char escaped_login[1024]; - snprintf(searchbase, sizeof(searchbase), "%s", userbasedn); + std::snprintf(searchbase, sizeof(searchbase), "%s", userbasedn); ldap_escape_value(escaped_login, sizeof(escaped_login), login); - snprintf(filter, sizeof(filter), usersearchfilter, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login); + std::snprintf(filter, sizeof(filter), usersearchfilter, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login); retrysrch: debug("user filter '%s', searchbase '%s'\n", filter, searchbase); @@ -249,7 +252,7 @@ retrysrch: } } } else if (userdnattr) { - snprintf(searchbase, 8192, "%s=%s, %s", userdnattr, login, userbasedn); + std::snprintf(searchbase, 8192, "%s=%s, %s", userdnattr, login, userbasedn); retrydnattr: debug("searchbase '%s'\n", searchbase); @@ -462,7 +465,7 @@ LDAPArguments(int argc, char **argv) if (ldapServer) { int len = strlen(ldapServer) + 1 + strlen(value) + 1; char *newhost = static_cast(xmalloc(len)); - snprintf(newhost, len, "%s %s", ldapServer, value); + std::snprintf(newhost, len, "%s %s", ldapServer, value); free(ldapServer); ldapServer = newhost; } else { @@ -591,7 +594,7 @@ LDAPArguments(int argc, char **argv) if (ldapServer) { int len = strlen(ldapServer) + 1 + strlen(value) + 1; char *newhost = static_cast(xmalloc(len)); - snprintf(newhost, len, "%s %s", ldapServer, value); + std::snprintf(newhost, len, "%s %s", ldapServer, value); free(ldapServer); ldapServer = newhost; } else {