These are mostly dead stores, etc.
endif
# http://clang.llvm.org/StaticAnalysis.html
+#
+# $ make scan | sed "s/.*Run '//;s/'.*//" > scan.sh
+# $ ./scan.sh
+#
SCAN_BUILD = /path/to/checker-0.167/scan-build
+ifeq ($(SCAN),yes)
+CC := $(SCAN_BUILD) gcc -DFR_SCAN_BUILD
+endif
.PHONY: scan
scan:
- @[ "$(SCAN_BUILD)" == "" ] || $(SCAN_BUILD) gcc -DFR_SCAN_BUILD $(CFLAGS) -c $(SRCS)
+ @[ "$(SCAN_BUILD)" == "" ] || ($(MAKE) SCAN=yes LIBTOOL= 2>&1) | grep 'scan-view' || true
* double-check the parsed value, to be sure it's legal for that
* type (length, etc.)
*/
+static uint32_t getint(const char *value, char **end)
+{
+ if ((value[0] == '0') && (value[1] == 'x')) {
+ return strtoul(value, end, 16);
+ }
+
+ return strtoul(value, end, 10);
+}
+
VALUE_PAIR *pairparsevalue(VALUE_PAIR *vp, const char *value)
{
char *p, *s=0;
/*
* Note that ALL integers are unsigned!
*/
- vp->vp_integer = (uint32_t) strtoul(value, &p, 10);
+ vp->vp_integer = getint(value, &p);
if (!*p) {
if (vp->vp_integer > 255) {
fr_strerror_printf("Byte value \"%s\" is larger than 255", value);
/*
* Note that ALL integers are unsigned!
*/
- vp->vp_integer = (uint32_t) strtoul(value, &p, 10);
+ vp->vp_integer = getint(value, &p);
if (!*p) {
if (vp->vp_integer > 65535) {
fr_strerror_printf("Byte value \"%s\" is larger than 65535", value);
/*
* Note that ALL integers are unsigned!
*/
- vp->vp_integer = (uint32_t) strtoul(value, &p, 10);
+ vp->vp_integer = getint(value, &p);
if (!*p) {
vp->length = 4;
break;
return NULL;
}
- attr = vendor = 0;
+ vendor = 0;
/*
* Pull off vendor prefix first.
* e.g. "foo" != "bar"
*
* Returns true (comparison is true), or false (comparison is not true);
+ *
+ * FIXME: Ignores tags!
*/
int paircmp(VALUE_PAIR *one, VALUE_PAIR *two)
{
.PHONY: scan
scan:
- @[ "$(SCAN_BUILD)" == "" ] || $(SCAN_BUILD) gcc -DFR_SCAN_BUILD $(CFLAGS) -c $(SERVER_SRCS)
+ @[ "$(SCAN_BUILD)" == "" ] || ($(MAKE) SCAN=yes LIBTOOL= 2>&1) | grep 'scan-view' || true
last = &(*last)->next;
}
+ rad_assert(request != NULL);
+ rad_assert(request->packet != NULL);
+
/*
* Fix dumb cache issues
*/
#define safe_unlock(foo)
#endif
-static int call_modsingle(int component, modsingle *sp, REQUEST *request,
- int default_result)
+static int call_modsingle(int component, modsingle *sp, REQUEST *request)
{
- int myresult = default_result;
+ int myresult;
rad_assert(request != NULL);
g->vps, child->name);
if (rcode != RLM_MODULE_UPDATED) {
myresult = rcode;
+ } else {
+ /*
+ * FIXME: Set priority based on
+ * previous priority, so that we
+ * don't stop on reject when the
+ * default priority was to
+ * continue...
+ *
+ */
}
goto handle_result;
}
*/
sp = mod_callabletosingle(child);
- myresult = call_modsingle(child->method, sp, request,
- default_component_results[component]);
+ myresult = call_modsingle(child->method, sp, request);
handle_result:
RDEBUG2("%.*s[%s] returns %s",
stack.pointer + 1, modcall_spaces,
if (!do_link) return NULL;
name1 = cf_section_name1(cs);
- name2 = cf_section_name2(cs);
/*
* Found the configuration entry.
{
char *p;
ssize_t size, len;
- int flag = 1;
if (echo) {
fprintf(outputfp, "%s\n", command);
memset(buffer, 0, bufsize);
- while (flag == 1) {
+ while (1) {
int rcode;
fd_set readfds;
*p = '\0';
if (p[-1] == '\n') p[-1] = '\0';
-
- flag = 0;
break;
}
}
home_server *found = NULL;
VALUE_PAIR *vp;
- start = 0;
-
/*
* Determine how to pick choose the home server.
*/
$(MAKE) $(MFLAGS) -C $$mod $(WHAT_TO_MAKE) || exit $$?; \
fi; \
done
+
+.PHONY: scan
+scan:
+ @[ "$(SCAN_BUILD)" == "" ] || ($(MAKE) SCAN=yes LIBTOOL= WHAT_TO_MAKE=scan common 2>&1) | grep 'scan-build' || true
}
*ptr = '\0';
-
- keyptr = ptr = key;
+ ptr = key;
while(ptr) {
switch(*ptr) {
case ',':
/* initialize variables */
p = buffer;
left = BUFFERLEN;
- length = 0;
cur = inst->head;
/*
char *ptr, *ptr2;
char search_STR[MAX_STRING_LEN];
char replace_STR[MAX_STRING_LEN];
- int replace_len = 0;
if ((attr_vp = pairfind(request->config_items, PW_REWRITE_RULE)) != NULL){
if (data->name == NULL || strcmp(data->name,attr_vp->vp_strvalue))
DEBUG2("%s: xlat on replace string failed.", data->name);
return ret;
}
- replace_len = strlen(replace_STR);
attr_vp = pairmake(data->attribute,replace_STR,0);
if (attr_vp == NULL){
DEBUG2("%s: Could not add new attribute %s with value '%s'", data->name,
DEBUG2("%s: Added attribute %s with value '%s'", data->name,data->attribute,replace_STR);
ret = RLM_MODULE_OK;
} else {
+ int replace_len = 0;
+
/* new_attribute = no */
switch (data->searchin) {
case RLM_REGEX_INPACKET:
struct detail_instance *inst = instance;
+ rad_assert(request != NULL);
+
/*
* Nothing to log: don't do anything.
*/
*/
vp = radius_paircreate(req, &request,
PW_STRIPPED_USER_NAME, PW_TYPE_STRING);
- if (vp) req->username = vp;
+ if (!vp) return ret;
+ req->username = vp;
}
strlcpy((char *)vp->vp_strvalue, rest, sizeof(vp->vp_strvalue));
snprintf(name, sizeof(name), "%%{%s}", check->name);
- rcode = radius_xlat(value, sizeof(value), name, req, NULL);
+ radius_xlat(value, sizeof(value), name, req, NULL);
vp = pairmake(check->name, value, check->operator);
/*
break;
case TOKEN_DIVIDE:
+ if (x == 0) {
+ result = 0; /* we don't have NaN for integers */
+ break;
+ }
result /= x;
break;
case TOKEN_REMAINDER:
+ if (x == 0) {
+ result = 0; /* we don't have NaN for integers */
+ break;
+ }
result %= x;
break;
char phost[BUFSIZ];
krb5_principal princ;
krb5_keyblock *keyblock = 0;
- krb5_data packet;
+ krb5_data packet, *server;
krb5_auth_context auth_context = NULL;
krb5_keytab keytab;
/* arbitrary 64-byte limit on service names; I've never seen a
return RLM_MODULE_REJECT;
}
- strlcpy(phost, krb5_princ_component(c, princ, 1)->data, BUFSIZ);
+ server = krb5_princ_component(c, princ, 1);
+ if (!server) {
+ radlog(L_DBB, "rlm_krb5: [%s] krb5_princ_component failed.",
+ user);
+ return RLM_MODULE_REJECT;
+ }
+ strlcpy(phost, server->data, BUFSIZ);
phost[BUFSIZ - 1] = '\0';
/*
VALUE_PAIR *chap_challenge, *response;
rlm_mschap_t *inst = instance;
- chap_challenge = response = NULL;
+ response = NULL;
func = func; /* -Wunused */
dst[2] = (unsigned char)(x & 255); x >>= 8;
dst[1] = (unsigned char)(x & 255); x >>= 8;
- dst[0] = (unsigned char)(x & 255); x >>= 8;
+ dst[0] = (unsigned char)(x & 255);
return 1;
}
char *buffer, size_t buflen)
{
rad_assert(input != NULL);
-
- if (buffer) *buffer = '\0';
+ rad_assert(buffer != NULL);
switch (*input) {
case '\0':
POLICY_RESERVED_UNKNOWN) == POLICY_RESERVED_ELSE)) {
debug_tokens("[ELSE] ");
token = policy_lex_file(lexer, 0, mystring, sizeof(mystring));
+ rad_assert(token == POLICY_LEX_BARE_WORD);
token = policy_lex_file(lexer, POLICY_LEX_FLAG_PEEK,
mystring, sizeof(mystring));
POLICY_RESERVED_UNKNOWN) == POLICY_RESERVED_IF)) {
token = policy_lex_file(lexer, 0,
mystring, sizeof(mystring));
+ rad_assert(token == POLICY_LEX_BARE_WORD);
rcode = parse_if(lexer, &(this->if_false));
} else {
rcode = parse_block(lexer, &(this->if_false));
return 0;
}
- rcode = 0;
while ((rcode = parse_statement(lexer, tail)) != 0) {
if (rcode == 2) {
token = policy_lex_file(lexer, 0, NULL, 0);
return RLM_MODULE_FAIL;
}
- r = hints_setup(data->hints, request);
+ hints_setup(data->hints, request);
if ((r = huntgroup_access(request,
data->huntgroups)) != RLM_MODULE_OK) {
struct radutmp ut, u;
VALUE_PAIR *vp;
int status = -1;
- uint32_t framed_address = 0;
int protocol = -1;
time_t t;
int fd;
- int just_an_update = 0;
int port_seen = 0;
- int nas_port_type = 0;
int off;
rlm_radutmp_t *inst = instance;
char buffer[256];
switch (vp->attribute) {
case PW_LOGIN_IP_HOST:
case PW_FRAMED_IP_ADDRESS:
- framed_address = vp->vp_ipaddr;
ut.framed_address = vp->vp_ipaddr;
break;
case PW_FRAMED_PROTOCOL:
case PW_NAS_PORT_TYPE:
if (vp->vp_integer <= 4)
ut.porttype = porttypes[vp->vp_integer];
- nas_port_type = vp->vp_integer;
break;
case PW_CALLING_STATION_ID:
if(inst->callerid_ok)
* Keep the original login time.
*/
ut.time = u.time;
- if (u.login[0] != 0)
- just_an_update = 1;
}
if (lseek(fd, -(off_t)sizeof(u), SEEK_CUR) < 0) {
} else if (r == 0) {
radlog(L_ERR, "rlm_radutmp: Logout for NAS %s port %u, but no Login record",
nas, ut.nas_port);
- r = -1;
}
}
close(fd); /* and implicitely release the locks */
* it already ( via another rlm_realm instance ) and should return.
*/
- if ( (vp = pairfind(request->packet->vps, PW_REALM)) != NULL ) {
+ if (pairfind(request->packet->vps, PW_REALM) != NULL ) {
RDEBUG2("Request already proxied. Ignoring.");
return RLM_MODULE_OK;
}
*group_list = rad_malloc(sizeof(SQL_GROUPLIST));
group_list_tmp = *group_list;
} else {
+ rad_assert(group_list_tmp != NULL);
group_list_tmp->next = rad_malloc(sizeof(SQL_GROUPLIST));
group_list_tmp = group_list_tmp->next;
}
tmpuser[0] = '\0';
sqlusername[0] = '\0';
+ rad_assert(request != NULL);
+ rad_assert(request->packet != NULL);
+
/* Remove any user attr we added previously */
pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
DICT_VALUE *dval;
CONF_PAIR *cp;
+ rad_assert(request != NULL);
+ rad_assert(request->packet != NULL);
+
RDEBUG("Processing sql_log_accounting");
/* Find the Acct Status Type. */
char querystr[MAX_QUERY_LEN];
rlm_sql_log_t *inst = (rlm_sql_log_t *)instance;
+ rad_assert(request != NULL);
+
RDEBUG("Processing sql_log_postauth");
/* Xlat the query */
int status = -1;
int nas_address = 0;
int framed_address = 0;
+#ifdef USER_PROCESS
int protocol = -1;
+#endif
int nas_port = 0;
int port_seen = 0;
- int nas_port_type = 0;
struct unix_instance *inst = (struct unix_instance *) instance;
/*
* We're only interested in accounting messages
* with a username in it.
*/
- if ((vp = pairfind(request->packet->vps, PW_USER_NAME)) == NULL)
+ if (pairfind(request->packet->vps, PW_USER_NAME) == NULL)
return RLM_MODULE_NOOP;
t = request->timestamp;
case PW_FRAMED_IP_ADDRESS:
framed_address = vp->vp_ipaddr;
break;
+#ifdef USER_PROCESS
case PW_FRAMED_PROTOCOL:
protocol = vp->vp_integer;
break;
+#endif
case PW_NAS_IP_ADDRESS:
nas_address = vp->vp_ipaddr;
break;
case PW_ACCT_DELAY_TIME:
delay = vp->vp_ipaddr;
break;
- case PW_NAS_PORT_TYPE:
- nas_port_type = vp->vp_ipaddr;
- break;
}
}
if (strncmp(ut.ut_name, "!root", sizeof(ut.ut_name)) == 0 || !port_seen)
return RLM_MODULE_NOOP;
- s = "";
-
/*
* If we didn't find out the NAS address, use the
* originator's IP address.
.PHONY: scan
scan:
- @[ "$(SCAN_BUILD)" == "" ] || $(SCAN_BUILD) gcc $(CFLAGS) $(RLM_CFLAGS) -c $(SRCS)
+ @[ "$(SCAN_BUILD)" == "" ] || ($(MAKE) SCAN=yes LIBTOOL= 2>&1) | grep 'scan-view' || true