projects / freeradius.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5a2848b)
Don't dereference NULL cs in cf_item_parse
authorNikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
Fri, 30 Jan 2015 14:13:57 +0000 (16:13 +0200)
committerNikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
Fri, 30 Jan 2015 16:16:32 +0000 (18:16 +0200)
Avoid dereferencing NULL cs in cf_item_parse and cf_reference_item it
invokes.

This fixes the following Coverity errors:

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:932: var_deref_op: Dereferencing null pointer "cs".

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:938: var_deref_op: Dereferencing null pointer "cs".

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:958: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:963: var_deref_model: Passing null pointer "cs" to "cf_expand_variables", which dereferences it.
freeradius-server-2.2.6/src/main/conffile.c:782:4: deref_parm_in_call: Function "cf_reference_item" dereferences "outercs".
freeradius-server-2.2.6/src/main/conffile.c:597:25: var_assign_parm: Assigning: "cs" = "outercs".
freeradius-server-2.2.6/src/main/conffile.c:615:4: deref_var: Dereferencing "cs" (which is a copy of "outercs").

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:958: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:973: var_deref_op: Dereferencing null pointer "cs".

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:994: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1009: var_deref_op: Dereferencing null pointer "cs".

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1041: var_deref_op: Dereferencing null pointer "cs".

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1051: var_deref_op: Dereferencing null pointer "cs".

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1054: var_deref_op: Dereferencing null pointer "cs".

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1066: var_deref_op: Dereferencing null pointer "cs".

src/main/conffile.c patch | blob | history

diff --git a/src/main/conffile.c b/src/main/conffile.c
index bd993e3..974e092 100644 (file)
--- a/src/main/conffile.c
+++ b/src/main/conffile.c
@@ -598,6 +598,9 @@ CONF_ITEM *cf_reference_item(const CONF_SECTION *parentcs,
        char name[8192];
        char *p;
 
+       if (cs == NULL)
+               goto no_such_item;
+
        strlcpy(name, ptr, sizeof(name));
        p = name;
 
@@ -895,9 +898,16 @@ int cf_item_parse(CONF_SECTION *cs, const char *name,
        const char *value;
        fr_ipaddr_t ipaddr;
        const CONF_PAIR *cp = NULL;
+       int depth;
        char ipbuf[128];
 
-       if (cs) cp = cf_pair_find(cs, name);
+       if (cs) {
+               depth = cs->depth;
+               cp = cf_pair_find(cs, name);
+       } else {
+               depth = 0;
+       }
+
        if (cp) {
                value = cp->value;
 
@@ -930,13 +940,13 @@ int cf_item_parse(CONF_SECTION *cs, const char *name,
                        return -1;
                }
                cf_log_info(cs, "%.*s\t%s = %s",
-                           cs->depth, parse_spaces, name, value);
+                           depth, parse_spaces, name, value);
                break;
 
        case PW_TYPE_INTEGER:
                *(int *)data = strtol(value, 0, 0);
                cf_log_info(cs, "%.*s\t%s = %d",
-                           cs->depth, parse_spaces, name, *(int *)data);
+                           depth, parse_spaces, name, *(int *)data);
                break;
 
        case PW_TYPE_STRING_PTR:
@@ -971,7 +981,7 @@ int cf_item_parse(CONF_SECTION *cs, const char *name,
                }
 
                cf_log_info(cs, "%.*s\t%s = \"%s\"",
-                           cs->depth, parse_spaces, name, value ? value : "(null)");
+                           depth, parse_spaces, name, value ? value : "(null)");
                *q = value ? strdup(value) : NULL;
                break;
 
@@ -1007,7 +1017,7 @@ int cf_item_parse(CONF_SECTION *cs, const char *name,
                }
 
                cf_log_info(cs, "%.*s\t%s = \"%s\"",
-                           cs->depth, parse_spaces, name, value ? value : "(null)");
+                           depth, parse_spaces, name, value ? value : "(null)");
                *q = value ? strdup(value) : NULL;
 
                /*
@@ -1039,7 +1049,7 @@ int cf_item_parse(CONF_SECTION *cs, const char *name,
                if (strcmp(value, "*") == 0) {
                        *(uint32_t *) data = htonl(INADDR_ANY);
                        cf_log_info(cs, "%.*s\t%s = *",
-                                   cs->depth, parse_spaces, name);
+                                   depth, parse_spaces, name);
                        break;
                }
                if (ip_hton(value, AF_INET, &ipaddr) < 0) {
@@ -1049,10 +1059,10 @@ int cf_item_parse(CONF_SECTION *cs, const char *name,
                
                if (strspn(value, "0123456789.") == strlen(value)) {
                        cf_log_info(cs, "%.*s\t%s = %s",
-                                   cs->depth, parse_spaces, name, value);
+                                   depth, parse_spaces, name, value);
                } else {
                        cf_log_info(cs, "%.*s\t%s = %s IP address [%s]",
-                                   cs->depth, parse_spaces, name, value,
+                                   depth, parse_spaces, name, value,
                               ip_ntoh(&ipaddr, ipbuf, sizeof(ipbuf)));
                }
                *(uint32_t *) data = ipaddr.ipaddr.ip4addr.s_addr;
@@ -1064,7 +1074,7 @@ int cf_item_parse(CONF_SECTION *cs, const char *name,
                        return -1;
                }
                cf_log_info(cs, "%.*s\t%s = %s IPv6 address [%s]",
-                           cs->depth, parse_spaces, name, value,
+                           depth, parse_spaces, name, value,
                            ip_ntoh(&ipaddr, ipbuf, sizeof(ipbuf)));
                memcpy(data, &ipaddr.ipaddr.ip6addr,
                       sizeof(ipaddr.ipaddr.ip6addr));
Unnamed repository; edit this file 'description' to name the repository.