Don't return stack memory in fr_getgrnam
This fixes the following Coverity issue:
Error: RETURN_LOCAL (CWE-562):
freeradius-server-3.0.4/src/modules/rlm_unix/rlm_unix.c:87: local_ptr_identity_local: "getgrnam_r(name, &my_group, group_buffer, group_size, &grp)" stores "&my_group" (address of local variable "my_group") into "grp".
freeradius-server-3.0.4/src/modules/rlm_unix/rlm_unix.c:99: return_local_addr_alias: Returning pointer "grp" which points to local variable "my_group".
Resolves: Bug#1120234
This commit is contained in:
Nikolai Kondrashov
parent
d3ba025501
commit
2c2e39afa9
53
freeradius-make-grp-tallo-c-too.patch
Normal file
53
freeradius-make-grp-tallo-c-too.patch
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
From d51daa8f56f5c55f2effdb308ef4a14016118753 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Alan T. DeKok" <aland@freeradius.org>
|
||||||
|
Date: Sun, 5 Oct 2014 17:22:26 -0400
|
||||||
|
Subject: [PATCH 1/1] Make grp tallo'c, too
|
||||||
|
|
||||||
|
---
|
||||||
|
src/modules/rlm_unix/rlm_unix.c | 14 +++++++++-----
|
||||||
|
1 file changed, 9 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/modules/rlm_unix/rlm_unix.c b/src/modules/rlm_unix/rlm_unix.c
|
||||||
|
index 0a01074..9e55c26 100644
|
||||||
|
--- a/src/modules/rlm_unix/rlm_unix.c
|
||||||
|
+++ b/src/modules/rlm_unix/rlm_unix.c
|
||||||
|
@@ -75,20 +75,20 @@ static const CONF_PARSER module_config[] = {
|
||||||
|
#else
|
||||||
|
static struct group *fr_getgrnam(TALLOC_CTX *ctx, char const *name)
|
||||||
|
{
|
||||||
|
- struct group *grp, my_group;
|
||||||
|
+ struct group *grp, *result;
|
||||||
|
char *group_buffer;
|
||||||
|
size_t group_size = 1024;
|
||||||
|
|
||||||
|
- grp = NULL;
|
||||||
|
- group_buffer = talloc_array(ctx, char, group_size);
|
||||||
|
+ grp = talloc(ctx, struct group);
|
||||||
|
+ group_buffer = talloc_array(grp, char, group_size);
|
||||||
|
while (group_buffer) {
|
||||||
|
int err;
|
||||||
|
|
||||||
|
- err = getgrnam_r(name, &my_group, group_buffer, group_size, &grp);
|
||||||
|
+ err = getgrnam_r(name, grp, group_buffer, group_size, &result);
|
||||||
|
if (err == ERANGE) {
|
||||||
|
group_size *= 2;
|
||||||
|
talloc_free(group_buffer);
|
||||||
|
- group_buffer = talloc_array(ctx, char, group_size);
|
||||||
|
+ group_buffer = talloc_array(grp, char, group_size);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -145,6 +145,10 @@ static int groupcmp(UNUSED void *instance, REQUEST *req, UNUSED VALUE_PAIR *requ
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef HAVE_GETGRNAM_R
|
||||||
|
+ talloc_free(grp);
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.1.1
|
||||||
|
|
||||||
@ -39,6 +39,7 @@ Patch15: freeradius-raddb-use-appropriate-module-names-in-traps.patch
|
|||||||
Patch16: freeradius-connection-fall-through-to-global-module-triggers.patch
|
Patch16: freeradius-connection-fall-through-to-global-module-triggers.patch
|
||||||
Patch17: freeradius-ignore-SIGTERM-when-firing-stop-and-signal.term.patch
|
Patch17: freeradius-ignore-SIGTERM-when-firing-stop-and-signal.term.patch
|
||||||
Patch18: freeradius-raddb-update-triggers-in-trigger.conf.patch
|
Patch18: freeradius-raddb-update-triggers-in-trigger.conf.patch
|
||||||
|
Patch19: freeradius-make-grp-tallo-c-too.patch
|
||||||
|
|
||||||
%global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
|
%global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
|
||||||
|
|
||||||
@ -213,6 +214,7 @@ This plugin provides the unixODBC support for the FreeRADIUS server project.
|
|||||||
%patch16 -p1
|
%patch16 -p1
|
||||||
%patch17 -p1
|
%patch17 -p1
|
||||||
%patch18 -p1
|
%patch18 -p1
|
||||||
|
%patch19 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# Force compile/link options, extra security for network facing daemon
|
# Force compile/link options, extra security for network facing daemon
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user