system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-21 02:06:37 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Fix multiple bugs with ctld's UCL parsing

Browse source 
* Don't segfault when parsing a misformatted auth-group section
* If the config file specifies a chap section within a target but no
  auth-group, create a new anonymous auth-group.  That matches the
  behavior with non-UCL config files.
* Protect some potential segfaults with assertions

PR:		274380
MFC after:	1 week
Sponsored by:	Axcient
Reviewed by:	jhb
Differential Revision: https://reviews.freebsd.org/D43198
This commit is contained in:
Alan Somers 2023-10-09 12:26:25 -06:00
parent c4368d03e5
commit 2391e536c0
2 changed files with 25 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
usr.sbin/ctld/ctld.c
View file

@ -532,6 +532,7 @@ auth_group_find(const struct conf *conf, const char *name)
{
struct auth_group *ag;
assert(name != NULL);
TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
if (ag->ag_name != NULL && strcmp(ag->ag_name, name) == 0)
return (ag);

26
usr.sbin/ctld/uclparse.c
View file

@ -60,6 +60,7 @@ uclparse_chap(struct auth_group *auth_group, const ucl_object_t *obj)
const struct auth *ca;
const ucl_object_t *user, *secret;
assert(auth_group != NULL);
user = ucl_object_find_key(obj, "user");
if (!user || user->type != UCL_STRING) {
log_warnx("chap section in auth-group \"%s\" is missing "
@ -90,6 +91,7 @@ uclparse_chap_mutual(struct auth_group *auth_group, const ucl_object_t *obj)
const ucl_object_t *user, *secret, *mutual_user;
const ucl_object_t *mutual_secret;
assert(auth_group != NULL);
user = ucl_object_find_key(obj, "user");
if (!user || user->type != UCL_STRING) {
log_warnx("chap-mutual section in auth-group \"%s\" is missing "
@ -714,6 +716,8 @@ uclparse_target(const char *name, const ucl_object_t *top)
}
if (!strcmp(key, "auth-group")) {
const char *ag;
if (target->t_auth_group != NULL) {
if (target->t_auth_group->ag_name != NULL)
log_warnx("auth-group for target \"%s\" "
@ -725,8 +729,12 @@ uclparse_target(const char *name, const ucl_object_t *top)
"target \"%s\"", target->t_name);
return (1);
}
target->t_auth_group = auth_group_find(conf,
ucl_object_tostring(obj));
ag = ucl_object_tostring(obj);
if (!ag) {
log_warnx("auth-group must be a string");
return (1);
}
target->t_auth_group = auth_group_find(conf, ag);
if (target->t_auth_group == NULL) {
log_warnx("unknown auth-group \"%s\" for target "
"\"%s\"", ucl_object_tostring(obj),
@ -759,6 +767,20 @@ uclparse_target(const char *name, const ucl_object_t *top)
}
if (!strcmp(key, "chap")) {
if (target->t_auth_group != NULL) {
if (target->t_auth_group->ag_name != NULL) {
log_warnx("cannot use both auth-group "
"and chap for target \"%s\"",
target->t_name);
return (1);
}
} else {
target->t_auth_group = auth_group_new(conf, NULL);
if (target->t_auth_group == NULL) {
return (1);
}
target->t_auth_group->ag_target = target;
}
if (uclparse_chap(target->t_auth_group, obj) != 0)
return (1);
}