mirror of
https://github.com/freebsd/freebsd-src
synced 2024-07-21 02:06:37 +00:00
Fix multiple bugs with ctld's UCL parsing
* Don't segfault when parsing a misformatted auth-group section * If the config file specifies a chap section within a target but no auth-group, create a new anonymous auth-group. That matches the behavior with non-UCL config files. * Protect some potential segfaults with assertions PR: 274380 MFC after: 1 week Sponsored by: Axcient Reviewed by: jhb Differential Revision: https://reviews.freebsd.org/D43198
This commit is contained in:
parent
c4368d03e5
commit
2391e536c0
|
@ -532,6 +532,7 @@ auth_group_find(const struct conf *conf, const char *name)
|
|||
{
|
||||
struct auth_group *ag;
|
||||
|
||||
assert(name != NULL);
|
||||
TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
|
||||
if (ag->ag_name != NULL && strcmp(ag->ag_name, name) == 0)
|
||||
return (ag);
|
||||
|
|
|
@ -60,6 +60,7 @@ uclparse_chap(struct auth_group *auth_group, const ucl_object_t *obj)
|
|||
const struct auth *ca;
|
||||
const ucl_object_t *user, *secret;
|
||||
|
||||
assert(auth_group != NULL);
|
||||
user = ucl_object_find_key(obj, "user");
|
||||
if (!user || user->type != UCL_STRING) {
|
||||
log_warnx("chap section in auth-group \"%s\" is missing "
|
||||
|
@ -90,6 +91,7 @@ uclparse_chap_mutual(struct auth_group *auth_group, const ucl_object_t *obj)
|
|||
const ucl_object_t *user, *secret, *mutual_user;
|
||||
const ucl_object_t *mutual_secret;
|
||||
|
||||
assert(auth_group != NULL);
|
||||
user = ucl_object_find_key(obj, "user");
|
||||
if (!user || user->type != UCL_STRING) {
|
||||
log_warnx("chap-mutual section in auth-group \"%s\" is missing "
|
||||
|
@ -714,6 +716,8 @@ uclparse_target(const char *name, const ucl_object_t *top)
|
|||
}
|
||||
|
||||
if (!strcmp(key, "auth-group")) {
|
||||
const char *ag;
|
||||
|
||||
if (target->t_auth_group != NULL) {
|
||||
if (target->t_auth_group->ag_name != NULL)
|
||||
log_warnx("auth-group for target \"%s\" "
|
||||
|
@ -725,8 +729,12 @@ uclparse_target(const char *name, const ucl_object_t *top)
|
|||
"target \"%s\"", target->t_name);
|
||||
return (1);
|
||||
}
|
||||
target->t_auth_group = auth_group_find(conf,
|
||||
ucl_object_tostring(obj));
|
||||
ag = ucl_object_tostring(obj);
|
||||
if (!ag) {
|
||||
log_warnx("auth-group must be a string");
|
||||
return (1);
|
||||
}
|
||||
target->t_auth_group = auth_group_find(conf, ag);
|
||||
if (target->t_auth_group == NULL) {
|
||||
log_warnx("unknown auth-group \"%s\" for target "
|
||||
"\"%s\"", ucl_object_tostring(obj),
|
||||
|
@ -759,6 +767,20 @@ uclparse_target(const char *name, const ucl_object_t *top)
|
|||
}
|
||||
|
||||
if (!strcmp(key, "chap")) {
|
||||
if (target->t_auth_group != NULL) {
|
||||
if (target->t_auth_group->ag_name != NULL) {
|
||||
log_warnx("cannot use both auth-group "
|
||||
"and chap for target \"%s\"",
|
||||
target->t_name);
|
||||
return (1);
|
||||
}
|
||||
} else {
|
||||
target->t_auth_group = auth_group_new(conf, NULL);
|
||||
if (target->t_auth_group == NULL) {
|
||||
return (1);
|
||||
}
|
||||
target->t_auth_group->ag_target = target;
|
||||
}
|
||||
if (uclparse_chap(target->t_auth_group, obj) != 0)
|
||||
return (1);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue