Don't return stack memory in fr_getgrnam

This fixes the following Coverity issue: Error: RETURN_LOCAL (CWE-562): freeradius-server-3.0.4/src/modules/rlm_unix/rlm_unix.c:87: local_ptr_identity_local: "getgrnam_r(name, &my_group, group_buffer, group_size, &grp)" stores "&my_group" (address of local variable "my_group") into "grp". freeradius-server-3.0.4/src/modules/rlm_unix/rlm_unix.c:99: return_local_addr_alias: Returning pointer "grp" which points to local variable "my_group". Resolves: Bug#1120234
2014-10-30 15:52:57 +02:00 · 2014-10-30 15:52:57 +02:00 · 2c2e39afa9
commit 2c2e39afa9
parent d3ba025501
2 changed files with 55 additions and 0 deletions
--- a/freeradius-make-grp-tallo-c-too.patch
+++ b/freeradius-make-grp-tallo-c-too.patch
@ -0,0 +1,53 @@
+From d51daa8f56f5c55f2effdb308ef4a14016118753 Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland@freeradius.org>
+Date: Sun, 5 Oct 2014 17:22:26 -0400
+Subject: [PATCH 1/1] Make grp tallo'c, too
+
+---
+ src/modules/rlm_unix/rlm_unix.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/src/modules/rlm_unix/rlm_unix.c b/src/modules/rlm_unix/rlm_unix.c
+index 0a01074..9e55c26 100644
+--- a/src/modules/rlm_unix/rlm_unix.c
+++ b/src/modules/rlm_unix/rlm_unix.c
+@@ -75,20 +75,20 @@ static const CONF_PARSER module_config[] = {
+ #else
+ static struct group *fr_getgrnam(TALLOC_CTX *ctx, char const *name)
+ {
+-	struct group	*grp, my_group;
+	struct group	*grp, *result;
+ 	char		*group_buffer;
+ 	size_t		group_size = 1024;
+ 
+-	grp = NULL;
+-	group_buffer = talloc_array(ctx, char, group_size);
+	grp = talloc(ctx, struct group);
+	group_buffer = talloc_array(grp, char, group_size);
+ 	while (group_buffer) {
+ 		int err;
+ 
+-		err = getgrnam_r(name, &my_group, group_buffer, group_size, &grp);
+		err = getgrnam_r(name, grp, group_buffer, group_size, &result);
+ 		if (err == ERANGE) {
+ 			group_size *= 2;
+ 			talloc_free(group_buffer);
+-			group_buffer = talloc_array(ctx, char, group_size);
+			group_buffer = talloc_array(grp, char, group_size);
+ 			continue;
+ 		}
+ 
+@@ -145,6 +145,10 @@ static int groupcmp(UNUSED void *instance, REQUEST *req, UNUSED VALUE_PAIR *requ
+ 		}
+ 	}
+ 
+#ifdef HAVE_GETGRNAM_R
+	talloc_free(grp);
+#endif
+
+ 	return retval;
+ }
+ 
+-- 
+2.1.1
+
--- a/freeradius.spec
+++ b/freeradius.spec
@ -39,6 +39,7 @@ Patch15: freeradius-raddb-use-appropriate-module-names-in-traps.patch
 Patch16: freeradius-connection-fall-through-to-global-module-triggers.patch
 Patch17: freeradius-ignore-SIGTERM-when-firing-stop-and-signal.term.patch
 Patch18: freeradius-raddb-update-triggers-in-trigger.conf.patch
+Patch19: freeradius-make-grp-tallo-c-too.patch

 %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}

@ -213,6 +214,7 @@ This plugin provides the unixODBC support for the FreeRADIUS server project.
 %patch16 -p1
 %patch17 -p1
 %patch18 -p1
+%patch19 -p1

 %build
 # Force compile/link options, extra security for network facing daemon