[freeradius/f21] Don't return stack memory in fr_getgrnam
Nikolai Kondrashov
nkondras at fedoraproject.org
Mon Jan 19 19:32:19 UTC 2015
commit 9ebc911b04e35d464556bad27d534ab8b1e5e503
Author: Nikolai Kondrashov <Nikolai.Kondrashov at redhat.com>
Date: Thu Oct 30 15:52:57 2014 +0200
Don't return stack memory in fr_getgrnam
This fixes the following Coverity issue:
Error: RETURN_LOCAL (CWE-562):
freeradius-server-3.0.4/src/modules/rlm_unix/rlm_unix.c:87: local_ptr_identity_local: "getgrnam_r(name, &my_group, group_buffer, group_size, &grp)" stores "&my_group" (address of local variable "my_group") into "grp".
freeradius-server-3.0.4/src/modules/rlm_unix/rlm_unix.c:99: return_local_addr_alias: Returning pointer "grp" which points to local variable "my_group".
Resolves: Bug#1120234
freeradius-make-grp-tallo-c-too.patch | 53 +++++++++++++++++++++++++++++++++
freeradius.spec | 2 +
2 files changed, 55 insertions(+), 0 deletions(-)
---
diff --git a/freeradius-make-grp-tallo-c-too.patch b/freeradius-make-grp-tallo-c-too.patch
new file mode 100644
index 0000000..ad7d192
--- /dev/null
+++ b/freeradius-make-grp-tallo-c-too.patch
@@ -0,0 +1,53 @@
+From d51daa8f56f5c55f2effdb308ef4a14016118753 Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland at freeradius.org>
+Date: Sun, 5 Oct 2014 17:22:26 -0400
+Subject: [PATCH 1/1] Make grp tallo'c, too
+
+---
+ src/modules/rlm_unix/rlm_unix.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/src/modules/rlm_unix/rlm_unix.c b/src/modules/rlm_unix/rlm_unix.c
+index 0a01074..9e55c26 100644
+--- a/src/modules/rlm_unix/rlm_unix.c
++++ b/src/modules/rlm_unix/rlm_unix.c
+@@ -75,20 +75,20 @@ static const CONF_PARSER module_config[] = {
+ #else
+ static struct group *fr_getgrnam(TALLOC_CTX *ctx, char const *name)
+ {
+- struct group *grp, my_group;
++ struct group *grp, *result;
+ char *group_buffer;
+ size_t group_size = 1024;
+
+- grp = NULL;
+- group_buffer = talloc_array(ctx, char, group_size);
++ grp = talloc(ctx, struct group);
++ group_buffer = talloc_array(grp, char, group_size);
+ while (group_buffer) {
+ int err;
+
+- err = getgrnam_r(name, &my_group, group_buffer, group_size, &grp);
++ err = getgrnam_r(name, grp, group_buffer, group_size, &result);
+ if (err == ERANGE) {
+ group_size *= 2;
+ talloc_free(group_buffer);
+- group_buffer = talloc_array(ctx, char, group_size);
++ group_buffer = talloc_array(grp, char, group_size);
+ continue;
+ }
+
+@@ -145,6 +145,10 @@ static int groupcmp(UNUSED void *instance, REQUEST *req, UNUSED VALUE_PAIR *requ
+ }
+ }
+
++#ifdef HAVE_GETGRNAM_R
++ talloc_free(grp);
++#endif
++
+ return retval;
+ }
+
+--
+2.1.1
+
diff --git a/freeradius.spec b/freeradius.spec
index c064c85..7b8e6c0 100644
--- a/freeradius.spec
+++ b/freeradius.spec
@@ -39,6 +39,7 @@ Patch15: freeradius-raddb-use-appropriate-module-names-in-traps.patch
Patch16: freeradius-connection-fall-through-to-global-module-triggers.patch
Patch17: freeradius-ignore-SIGTERM-when-firing-stop-and-signal.term.patch
Patch18: freeradius-raddb-update-triggers-in-trigger.conf.patch
+Patch19: freeradius-make-grp-tallo-c-too.patch
%global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
@@ -213,6 +214,7 @@ This plugin provides the unixODBC support for the FreeRADIUS server project.
%patch16 -p1
%patch17 -p1
%patch18 -p1
+%patch19 -p1
%build
# Force compile/link options, extra security for network facing daemon
More information about the scm-commits
mailing list