fixed memleaks and etc.

FreeRADIUS · Apr 18, 2014 · d527424 · d527424
1 parent 78f8fe4
commit d527424
Show file tree

Hide file tree

Showing 9 changed files with 37 additions and 23 deletions.
diff --git a/lib/avpair.c b/lib/avpair.c
@@ -228,7 +228,7 @@ rc_avpair_gen(rc_handle const *rh, VALUE_PAIR *pair, unsigned char *ptr,
 		buffer[0] = '\0';	/* Initial length. */
 		x_ptr = ptr;
 		for (x_len = attrlen; x_len > 0; x_len--, x_ptr++) {
-			sprintf(hex, "%2.2X", x_ptr[0]);
+			snprintf(hex, sizeof(hex), "%2.2X", x_ptr[0]);
 			strcat(buffer, hex);
 		}
 		if (vendorpec == 0) {
@@ -680,7 +680,7 @@ int rc_avpair_tostr (rc_handle const *rh, VALUE_PAIR *pair, char *name, int ln,
 		{
 			if (!(isprint (*ptr)))
 			{
-				sprintf (buffer, "\\%03o", *ptr);
+				snprintf (buffer, sizeof(buffer), "\\%03o", *ptr);
 				strncat(value, buffer, (size_t) lv);
 				lv -= 4;
 				if (lv < 0) break;
@@ -703,7 +703,7 @@ int rc_avpair_tostr (rc_handle const *rh, VALUE_PAIR *pair, char *name, int ln,
 		}
 		else
 		{
-			sprintf (buffer, "%ld", (long int)pair->lvalue);
+			snprintf(buffer, sizeof(buffer), "%ld", (long int)pair->lvalue);
 			strncpy(value, buffer, (size_t) lv);
 		}
 		break;

diff --git a/lib/config.c b/lib/config.c
@@ -197,6 +197,7 @@ static int set_option_auo(char const *filename, int line, OPTION *option, char c
 
 	if ((iptr = malloc(sizeof(iptr))) == NULL) {
 			rc_log(LOG_CRIT, "read_config: out of memory");
+			free(p_dupe);
 			return -1;
 	}
 
@@ -211,6 +212,7 @@ static int set_option_auo(char const *filename, int line, OPTION *option, char c
 			*iptr = AUTH_RADIUS_FST;
 	else {
 		rc_log(LOG_ERR,"%s: auth_order: unknown keyword: %s", filename, p);
+		free(iptr);
 		free(p_dupe);
 		return -1;
 	}
@@ -224,6 +226,7 @@ static int set_option_auo(char const *filename, int line, OPTION *option, char c
 			*iptr = (*iptr) | AUTH_RADIUS_SND;
 		else {
 			rc_log(LOG_ERR,"%s: auth_order: unknown or unexpected keyword: %s", filename, p);
+			free(iptr);
 			free(p_dupe);
 			return -1;
 		}
@@ -323,6 +326,8 @@ rc_config_init(rc_handle *rh)
 	{
                 rc_log(LOG_CRIT, "rc_config_init: error initializing server structs");
 		rc_destroy(rh);
+		if(authservers) free(authservers);
+		if(acctservers) free(acctservers);
                 return NULL;
 	}
 
@@ -419,7 +424,7 @@ rc_read_config(char const *filename)
 		while (isspace(*p))
 			p++;
 		pos = strlen(p) - 1;
-		while(pos >= 0 && isspace(p[pos]))
+		while(pos != 0 && isspace(p[pos]))
 			pos--;
 		p[pos + 1] = '\0';
 
@@ -869,7 +874,7 @@ int rc_find_server (rc_handle *rh, char *server_name, uint32_t *ip_addr, char *s
 	if (result == 0)
 	{
 		memset (buffer, '\0', sizeof (buffer));
-		memset (secret, '\0', sizeof (secret));
+		memset (secret, '\0', MAX_SECRET_LENGTH);
 		rc_log(LOG_ERR, "rc_find_server: couldn't find RADIUS server %s in %s",
 			 server_name, rc_conf_str(rh, "servers"));
 		return -1;

diff --git a/lib/dict.c b/lib/dict.c
@@ -75,7 +75,7 @@ int rc_read_dictionary (rc_handle *rh, char const *filename)
 		{
 			optstr[0] = '\0';
 			/* Read the ATTRIBUTE line */
-			if (sscanf (buffer, "%s%s%s%s%s", dummystr, namestr,
+			if (sscanf (buffer, "%63s%63s%63s%63s%63s", dummystr, namestr,
 				    valstr, typestr, optstr) < 4)
 			{
 				rc_log(LOG_ERR, "rc_read_dictionary: invalid attribute on line %d of dictionary %s",
@@ -173,7 +173,7 @@ int rc_read_dictionary (rc_handle *rh, char const *filename)
 		else if (strncmp (buffer, "VALUE", 5) == 0)
 		{
 			/* Read the VALUE line */
-			if (sscanf (buffer, "%s%s%s%s", dummystr, attrstr,
+			if (sscanf (buffer, "%63s%63s%63s%63s", dummystr, attrstr,
 				    namestr, valstr) != 4)
 			{
 				rc_log(LOG_ERR,
@@ -232,7 +232,7 @@ int rc_read_dictionary (rc_handle *rh, char const *filename)
                 else if (strncmp (buffer, "$INCLUDE", 8) == 0)
                 {
 			/* Read the $INCLUDE line */
-			if (sscanf (buffer, "%s%s", dummystr, namestr) != 2)
+			if (sscanf (buffer, "%63s%63s", dummystr, namestr) != 2)
 			{
 				rc_log(LOG_ERR,
 				 "rc_read_dictionary: invalid include entry on line %d of dictionary %s",
@@ -247,7 +247,7 @@ int rc_read_dictionary (rc_handle *rh, char const *filename)
 				if (cp != NULL) {
 					ifilename = alloca(AUTH_ID_LEN);
 					*cp = '\0';
-					sprintf(ifilename, "%s/%s", filename, namestr);
+					snprintf(ifilename, AUTH_ID_LEN, "%s/%s", filename, namestr);
 					*cp = '/';
 				}
 			}
@@ -260,7 +260,7 @@ int rc_read_dictionary (rc_handle *rh, char const *filename)
 		else if (strncmp (buffer, "VENDOR", 6) == 0)
 		{
 			/* Read the VALUE line */
-			if (sscanf (buffer, "%s%s%s", dummystr, attrstr, valstr) != 3)
+			if (sscanf (buffer, "%63s%63s%63s", dummystr, attrstr, valstr) != 3)
 			{
 				rc_log(LOG_ERR,
 				 "rc_read_dictionary: invalid Vendor-Id on line %d of dictionary %s",

diff --git a/lib/env.c b/lib/env.c
@@ -68,6 +68,7 @@ void rc_free_env(ENV *env)
 int rc_add_env(ENV *env, char *name, char *value)
 {
 	int i;
+	size_t len;
 	char *new_env;
 
 	for (i = 0; env->env[i] != NULL; i++)
@@ -78,24 +79,26 @@ int rc_add_env(ENV *env, char *name, char *value)
 
 	if (env->env[i])
 	{
-		if ((new_env = realloc(env->env[i], strlen(name)+strlen(value)+2)) == NULL)
+		len = strlen(name)+strlen(value)+2;
+		if ((new_env = realloc(env->env[i], len)) == NULL)
 			return -1;
 
 		env->env[i] = new_env;
 
-		sprintf(env->env[i],"%s=%s", name, value);
+		snprintf(env->env[i], len, "%s=%s", name, value);
 	} else {
 		if (env->size == (env->maxsize-1)) {
 			rc_log(LOG_CRIT, "rc_add_env: not enough space for environment (increase ENV_SIZE)");
 			return -1;
 		}
 
-		if ((env->env[env->size] = malloc(strlen(name)+strlen(value)+2)) == NULL) {
+		len = strlen(name)+strlen(value)+2;
+		if ((env->env[env->size] = malloc(len)) == NULL) {
 			rc_log(LOG_CRIT, "rc_add_env: out of memory");
 			return -1;
 		}
 
-		sprintf(env->env[env->size],"%s=%s", name, value);
+		snprintf(env->env[env->size], len, "%s=%s", name, value);
 
 		env->size++;
 

diff --git a/lib/util.c b/lib/util.c
@@ -159,7 +159,7 @@ char *rc_getstr (rc_handle *rh, char *prompt, int do_echo)
 		}
 	}
 
-	write(out, prompt, strlen(prompt));
+	(void)write(out, prompt, strlen(prompt));
 
 	/* well, this looks ugly, but it handles the following end of line
 	   markers: \r \r\0 \r\n \n \n\r, at least at a second pass */
@@ -183,14 +183,14 @@ char *rc_getstr (rc_handle *rh, char *prompt, int do_echo)
 		if (p < rh->buf + GETSTR_LENGTH)
 		{
 			if (do_echo && !is_term)
-				write(out, &c, 1);
+				(void)write(out, &c, 1);
 			*p++ = c;
 		}
 	}
 
 	*p = '\0';
 
-	if (!do_echo || !is_term) write(out, "\r\n", 2);
+	if (!do_echo || !is_term) (void)write(out, "\r\n", 2);
 
 	if (is_term)
 		tcsetattr (in, TCSAFLUSH, &term_old);
@@ -235,7 +235,7 @@ void rc_mdelay(int msecs)
 char *
 rc_mksid (rc_handle *rh)
 {
-  sprintf (rh->buf1, "%08lX%04X", (unsigned long int) time (NULL), (unsigned int) getpid ());
+  snprintf (rh->buf1, sizeof(rh->buf1), "%08lX%04X", (unsigned long int) time (NULL), (unsigned int) getpid ());
   return rh->buf1;
 }
 

diff --git a/src/radius.c b/src/radius.c
@@ -156,7 +156,7 @@ LFUNC auth_radius(rc_handle *rh, uint32_t client_port, char *username, char *pas
 				int count;
 				if ((count = acount[attr]++) > 0) {
 					char buf[10];
-					sprintf(buf, "_%d", count);
+					snprintf(buf, sizeof(buf), "_%d", count);
 					strcat(name,buf);
 				}
 			}

diff --git a/src/radiusclient.c b/src/radiusclient.c
@@ -154,7 +154,7 @@ main(int argc, char **argv)
         fflush(stdout);
         if (send != NULL)
             rc_avpair_free(send);
-        if (cp == NULL || len <= 0)
+		if (cp == NULL || len == 0)
             break;
     }
     exit(0);

diff --git a/src/radlogin.c b/src/radlogin.c
@@ -42,7 +42,7 @@ login_allowed(char *tty)
 	strcpy(fname, rc_conf_str(rh, "nologin"));
 	if (access(fname, F_OK) < 0) {
 		if (tty) {
-			sprintf(fname, "%s.%s", rc_conf_str(rh, "nologin"), tty);
+			snprintf(fname, sizeof(fname), "%s.%s", rc_conf_str(rh, "nologin"), tty);
 			if (access(fname, F_OK) < 0)
 				return 1;
 		} else {

diff --git a/src/radstatus.c b/src/radstatus.c
@@ -109,14 +109,20 @@ int main (int argc, char **argv)
 		for(i=0; i<srv->max ; i++)
 		{
 			result = rc_check(rh, srv->name[i], srv->secret[i], srv->port[i], msg);
-			fputs(msg, stdout);
+			if (result == OK_RC)
+				fputs(msg, stdout);
+			else
+				printf(SC_STATUS_FAILED);
 		}
 
 		srv = rc_conf_srv(rh, "acctserver");
 		for(i=0; i<srv->max ; i++)
 		{
 			result = rc_check(rh, srv->name[i], srv->secret[i], srv->port[i], msg);
-			fputs(msg, stdout);
+			if (result == OK_RC)
+				fputs(msg, stdout);
+			else
+				printf(SC_STATUS_FAILED);
 		}
 	}