From 71f29ede8a9fa390182d9b67049c479b37a9016e Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Thu, 2 May 2013 12:29:01 -0400 Subject: [PATCH] Move vp_octets and vp_strvalue to pointer which shrinks the VALUE_PAIR structure, and removes all length limitations on the attributes. The code audit still needs to be finished. --- src/include/dhcp.h | 2 +- src/include/libradius.h | 4 +- src/include/radiusd.h | 3 - src/lib/filters.c | 15 +- src/lib/radius.c | 11 +- src/lib/valuepair.c | 141 +++++++++--------- src/main/process.c | 11 +- src/main/radclient.c | 40 +++-- src/main/soh.c | 7 +- src/main/valuepair.c | 14 +- src/modules/proto_dhcp/dhcp.c | 73 +++------ src/modules/proto_vmps/vqp.c | 9 +- src/modules/rlm_attr_filter/rlm_attr_filter.c | 2 +- src/modules/rlm_detail/rlm_detail.c | 4 +- src/modules/rlm_digest/rlm_digest.c | 34 +++-- src/modules/rlm_eap/eap.c | 16 +- src/modules/rlm_eap/libeap/eapcommon.c | 7 +- src/modules/rlm_eap/libeap/eapsimlib.c | 8 +- src/modules/rlm_eap/libeap/mppe_keys.c | 12 +- src/modules/rlm_eap/mem.c | 15 +- src/modules/rlm_eap/rlm_eap.c | 14 +- .../rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c | 8 +- .../rlm_eap/types/rlm_eap_leap/eap_leap.c | 32 ++-- .../types/rlm_eap_mschapv2/rlm_eap_mschapv2.c | 70 ++++----- src/modules/rlm_eap/types/rlm_eap_peap/peap.c | 52 +++---- .../rlm_eap/types/rlm_eap_pwd/eap_pwd.c | 2 +- .../rlm_eap/types/rlm_eap_pwd/eap_pwd.h | 2 +- .../rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c | 11 +- .../rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c | 18 ++- src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c | 74 +++------ src/modules/rlm_eap2/rlm_eap2.c | 6 +- src/modules/rlm_expr/paircmp.c | 2 +- src/modules/rlm_krb5/rlm_krb5.c | 5 +- src/modules/rlm_ldap/groups.c | 4 +- src/modules/rlm_logintime/rlm_logintime.c | 5 +- src/modules/rlm_logintime/timestr.c | 6 +- src/modules/rlm_mschap/mschap.c | 4 +- src/modules/rlm_mschap/mschap.h | 4 +- src/modules/rlm_mschap/rlm_mschap.c | 101 +++++++------ src/modules/rlm_otp/otp_mppe.c | 2 +- src/modules/rlm_otp/otp_pw_valid.c | 2 +- src/modules/rlm_otp/rlm_otp.c | 10 +- src/modules/rlm_pap/rlm_pap.c | 8 +- src/modules/rlm_preprocess/rlm_preprocess.c | 12 +- src/modules/rlm_radutmp/rlm_radutmp.c | 2 +- src/modules/rlm_replicate/rlm_replicate.c | 4 +- src/modules/rlm_soh/rlm_soh.c | 17 ++- src/modules/rlm_sql/rlm_sql.c | 2 +- .../rlm_sqlhpwippool/rlm_sqlhpwippool.c | 4 +- src/modules/rlm_wimax/rlm_wimax.c | 14 +- src/modules/rlm_yubikey/rlm_yubikey.c | 4 +- 51 files changed, 481 insertions(+), 448 deletions(-) diff --git a/src/include/dhcp.h b/src/include/dhcp.h index 0448b2d03b23..f360475f0b54 100644 --- a/src/include/dhcp.h +++ b/src/include/dhcp.h @@ -41,7 +41,7 @@ int fr_dhcp_add_arp_entry(int fd, char const *interface, VALUE_PAIR *hwvp, VALUE int fr_dhcp_encode(RADIUS_PACKET *packet); ssize_t fr_dhcp_decode_options(RADIUS_PACKET *packet, - uint8_t *data, size_t len, VALUE_PAIR **head); + uint8_t const *data, size_t len, VALUE_PAIR **head); int fr_dhcp_decode(RADIUS_PACKET *packet); /* diff --git a/src/include/libradius.h b/src/include/libradius.h index 0ed75fcf8847..6dfe6068acc6 100644 --- a/src/include/libradius.h +++ b/src/include/libradius.h @@ -150,8 +150,8 @@ typedef struct dict_vendor { } DICT_VENDOR; typedef union value_pair_data { - char strvalue[MAX_STRING_LEN]; - uint8_t octets[MAX_STRING_LEN]; + char const *strvalue; + uint8_t const *octets; struct in_addr ipaddr; struct in6_addr ipv6addr; uint32_t date; diff --git a/src/include/radiusd.h b/src/include/radiusd.h index 5a07ff7ed217..d08a8a6de49a 100644 --- a/src/include/radiusd.h +++ b/src/include/radiusd.h @@ -592,9 +592,6 @@ int radius_exec_program(char const *, REQUEST *, int, int shell_escape); void exec_trigger(REQUEST *request, CONF_SECTION *cs, char const *name, int quench); -/* timestr.c */ -int timestr_match(char *, time_t); - /* valuepair.c */ int paircompare_register(unsigned int attr, int otherattr, RAD_COMPARE_FUNC func, diff --git a/src/lib/filters.c b/src/lib/filters.c index 6c263dfcd9e7..ca868f39df59 100644 --- a/src/lib/filters.c +++ b/src/lib/filters.c @@ -966,6 +966,7 @@ ascend_parse_filter(VALUE_PAIR *pair) int argc; char *argv[32]; ascend_filter_t filter; + char *p; rcode = -1; @@ -982,8 +983,12 @@ ascend_parse_filter(VALUE_PAIR *pair) * Once the filter is *completelty* parsed, then we will * over-write it with the final binary filter. */ - argc = str2argv(pair->vp_strvalue, argv, 32); - if (argc < 3) return -1; + p = talloc_strdup(pair, pair->vp_strvalue); + argc = str2argv(p, argv, 32); + if (argc < 3) { + talloc_free(p); + return -1; + } /* * Decide which filter type it is: ip, ipx, or generic @@ -1003,6 +1008,7 @@ ascend_parse_filter(VALUE_PAIR *pair) default: fr_strerror_printf("Unknown Ascend filter type \"%s\"", argv[0]); + talloc_free(p); return -1; break; } @@ -1022,6 +1028,7 @@ ascend_parse_filter(VALUE_PAIR *pair) default: fr_strerror_printf("Unknown Ascend filter direction \"%s\"", argv[1]); + talloc_free(p); return -1; break; } @@ -1041,6 +1048,7 @@ ascend_parse_filter(VALUE_PAIR *pair) default: fr_strerror_printf("Unknown Ascend filter action \"%s\"", argv[2]); + talloc_free(p); return -1; break; } @@ -1069,6 +1077,7 @@ ascend_parse_filter(VALUE_PAIR *pair) memcpy(pair->vp_filter, &filter, sizeof(filter)); } + talloc_free(p); return rcode; #if 0 @@ -1098,7 +1107,7 @@ ascend_parse_filter(VALUE_PAIR *pair) } if( rc != -1 ) { - memcpy( pair->vp_strvalue, &radFil, pair->length ); + pairmemcpy(pair, &radFil, pair->length ); } return(rc); diff --git a/src/lib/radius.c b/src/lib/radius.c index 5724a3fef750..515066dc797d 100644 --- a/src/lib/radius.c +++ b/src/lib/radius.c @@ -3156,6 +3156,7 @@ static ssize_t data2vp(RADIUS_PACKET const *packet, DICT_VENDOR *dv; VALUE_PAIR *vp; const uint8_t *data = start; + char *p; uint8_t buffer[256]; if (!da || (attrlen > 253) || (attrlen > packetlen) || @@ -3467,13 +3468,15 @@ static ssize_t data2vp(RADIUS_PACKET const *packet, switch (da->type) { case PW_TYPE_STRING: - memcpy(vp->vp_strvalue, data, vp->length); - vp->vp_strvalue[vp->length] = '\0'; + p = talloc_array(vp, char, vp->length + 1); + memcpy(p, data, vp->length); + p[vp->length] = '\0'; + vp->vp_strvalue = p; break; case PW_TYPE_OCTETS: case PW_TYPE_ABINARY: - memcpy(vp->vp_octets, data, vp->length); + vp->vp_octets = talloc_memdup(vp, data, vp->length); break; case PW_TYPE_BYTE: @@ -3543,7 +3546,7 @@ static ssize_t data2vp(RADIUS_PACKET const *packet, mask = ~mask; mask = htonl(mask); addr &= mask; - memcpy(vp->vp_octets + 2, &addr, sizeof(addr)); + memcpy(vp->vp_ipv4prefix + 2, &addr, sizeof(addr)); } break; diff --git a/src/lib/valuepair.c b/src/lib/valuepair.c index fa26fefebe1e..d3b66baa19ff 100644 --- a/src/lib/valuepair.c +++ b/src/lib/valuepair.c @@ -366,10 +366,19 @@ VALUE_PAIR *paircopyvp(TALLOC_CTX *ctx, VALUE_PAIR const *vp) n->next = NULL; - if ((n->da->type == PW_TYPE_TLV) && - (n->vp_tlv != NULL)) { - n->vp_tlv = talloc_array(n, uint8_t, n->length); - memcpy(n->vp_tlv, vp->vp_tlv, n->length); + if ((n->da->type == PW_TYPE_TLV) || + (n->da->type == PW_TYPE_OCTETS)) { + if (n->vp_octets != NULL) { + n->vp_octets = talloc_memdup(n, vp->vp_octets, n->length); + } + + } else if (n->da->type == PW_TYPE_STRING) { + if (n->vp_strvalue != NULL) { + /* + * Equivalent to, and faster than strdup. + */ + n->vp_strvalue = talloc_memdup(n, vp->vp_octets, n->length + 1); + } } return n; @@ -409,12 +418,14 @@ VALUE_PAIR *paircopyvpdata(TALLOC_CTX *ctx, DICT_ATTR const *da, VALUE_PAIR cons n->value.xlat = talloc_strdup(n, n->value.xlat); } - if ((n->da->type == PW_TYPE_TLV) && - (n->vp_tlv != NULL)) { - n->vp_tlv = talloc_array(n, uint8_t, n->length); - memcpy(n->vp_tlv, vp->vp_tlv, n->length); + if ((n->da->type == PW_TYPE_TLV) || + (n->da->type == PW_TYPE_OCTETS) || + (n->da->type == PW_TYPE_STRING)) { + if (n->vp_octets != NULL) { + n->vp_octets = talloc_memdup(n, vp->vp_octets, n->length); + } } - + n->next = NULL; return n; @@ -996,26 +1007,17 @@ int pairparsevalue(VALUE_PAIR *vp, char const *value) if (!value) return false; VERIFY(vp); - /* - * Even for integers, dates and ip addresses we - * keep the original string in vp->vp_strvalue. - * - * @todo: too many things depend on this! - */ - if (vp->da->type != PW_TYPE_TLV) { - pairstrcpy(vp, value); - } - switch(vp->da->type) { case PW_TYPE_STRING: /* * Do escaping here */ - p = vp->vp_strvalue; + p = talloc_strdup(vp, value); + vp->vp_strvalue = p; cp = value; length = 0; - while (*cp && (length < (sizeof(vp->vp_strvalue) - 1))) { + while (*cp) { char c = *cp++; if (c == '\\') { @@ -1067,7 +1069,7 @@ int pairparsevalue(VALUE_PAIR *vp, char const *value) *p++ = c; length++; } - vp->vp_strvalue[length] = '\0'; + *p = '\0'; vp->length = length; break; @@ -1159,16 +1161,15 @@ int pairparsevalue(VALUE_PAIR *vp, char const *value) /* * Note that ALL integers are unsigned! */ - p = vp->vp_strvalue; - if (sscanf(p, "%" PRIu64, &y) != 1) { + if (sscanf(vp->vp_strvalue, "%" PRIu64, &y) != 1) { fr_strerror_printf("Invalid value %s for attribute %s", value, vp->da->name); return false; } vp->vp_integer64 = y; vp->length = 8; - p += strspn(p, "0123456789"); - if (check_for_whitespace(p)) break; + length = strspn(vp->vp_strvalue, "0123456789"); + if (check_for_whitespace(vp->vp_strvalue + length)) break; break; case PW_TYPE_DATE: @@ -1216,7 +1217,6 @@ int pairparsevalue(VALUE_PAIR *vp, char const *value) /* raw octets: 0x01020304... */ case PW_TYPE_VSA: if (strcmp(value, "ANY") == 0) { - vp->vp_octets[0] = 0; vp->length = 0; break; } /* else it's hex */ @@ -1230,32 +1230,26 @@ int pairparsevalue(VALUE_PAIR *vp, char const *value) do_octets: #endif cp = value + 2; - us = vp->vp_octets; - vp->length = 0; + size = strlen(cp); + vp->length = size >> 1; + us = talloc_array(vp, uint8_t, vp->length); /* * Invalid. */ - size = strlen(cp); if ((size & 0x01) != 0) { fr_strerror_printf("Hex string is not an even length string."); return false; } - vp->length = size >> 1; - if (size > 2*sizeof(vp->vp_octets)) { - us = vp->vp_tlv = talloc_array(vp, uint8_t, vp->length); - if (!us) { - fr_strerror_printf("Out of memory."); - return false; - } - } - if (fr_hex2bin(cp, us, vp->length) != vp->length) { fr_strerror_printf("Invalid hex data"); return false; } + vp->vp_octets = us; + } else { + pairstrcpy(vp, value); } break; @@ -1299,7 +1293,7 @@ int pairparsevalue(VALUE_PAIR *vp, char const *value) memcpy(buffer, value, p - value); buffer[p - value] = '\0'; - if (inet_pton(AF_INET6, buffer, vp->vp_octets + 2) <= 0) { + if (inet_pton(AF_INET6, buffer, vp->vp_ipv6prefix + 2) <= 0) { fr_strerror_printf("failed to parse IPv6 address " "string \"%s\"", value); return false; @@ -1311,9 +1305,8 @@ int pairparsevalue(VALUE_PAIR *vp, char const *value) "string \"%s\"", value); return false; } - vp->vp_octets[1] = prefix; + vp->vp_ipv6prefix[1] = prefix; } - vp->vp_octets[0] = 0; vp->length = 16 + 2; break; @@ -1330,7 +1323,7 @@ int pairparsevalue(VALUE_PAIR *vp, char const *value) memcpy(buffer, value, p - value); buffer[p - value] = '\0'; - if (inet_pton(AF_INET, buffer, vp->vp_octets + 2) <= 0) { + if (inet_pton(AF_INET, buffer, vp->vp_ipv4prefix + 2) <= 0) { fr_strerror_printf("failed to parse IPv6 address " "string \"%s\"", value); return false; @@ -1342,22 +1335,21 @@ int pairparsevalue(VALUE_PAIR *vp, char const *value) "string \"%s\"", value); return false; } - vp->vp_octets[1] = prefix; + vp->vp_ipv4prefix[1] = prefix; if (prefix < 32) { uint32_t addr, mask; - memcpy(&addr, vp->vp_octets + 2, sizeof(addr)); + memcpy(&addr, vp->vp_ipv4prefix + 2, sizeof(addr)); mask = 1; mask <<= (32 - prefix); mask--; mask = ~mask; mask = htonl(mask); addr &= mask; - memcpy(vp->vp_octets + 2, &addr, sizeof(addr)); + memcpy(vp->vp_ipv4prefix + 2, &addr, sizeof(addr)); } } - vp->vp_octets[0] = 0; vp->length = sizeof(vp->vp_ipv4prefix); break; @@ -1406,7 +1398,7 @@ int pairparsevalue(VALUE_PAIR *vp, char const *value) { const DICT_ATTR *da; - if (inet_pton(AF_INET6, value, vp->vp_strvalue) > 0) { + if (inet_pton(AF_INET6, value, &vp->vp_ipv6addr) > 0) { da = dict_attrbytype(vp->da->attr, vp->da->vendor, PW_TYPE_IPV6ADDR); if (!da) { @@ -1414,7 +1406,6 @@ int pairparsevalue(VALUE_PAIR *vp, char const *value) } vp->length = 16; /* length of IPv6 address */ - vp->vp_strvalue[vp->length] = '\0'; } else { fr_ipaddr_t ipaddr; @@ -1497,7 +1488,7 @@ static VALUE_PAIR *pairmake_any(TALLOC_CTX *ctx, VALUE_PAIR *vp; const DICT_ATTR *da; - uint8_t *data; + uint8_t *data; size_t size; da = dict_attrunknownbyname(attribute, true); @@ -1530,18 +1521,8 @@ static VALUE_PAIR *pairmake_any(TALLOC_CTX *ctx, if (!value) return vp; size = strlen(value + 2); - data = vp->vp_octets; - vp->length = size >> 1; - if (vp->length > sizeof(vp->vp_octets)) { - vp->vp_tlv = talloc_array(vp, uint8_t, vp->length); - if (!vp->vp_tlv) { - fr_strerror_printf("Out of memory"); - talloc_free(vp); - return NULL; - } - data = vp->vp_tlv; - } + data = talloc_array(vp, uint8_t, vp->length); if (fr_hex2bin(value + 2, data, size) != vp->length) { fr_strerror_printf("Invalid hex string"); @@ -1549,6 +1530,7 @@ static VALUE_PAIR *pairmake_any(TALLOC_CTX *ctx, return NULL; } + vp->vp_octets = data; return vp; } @@ -1667,7 +1649,7 @@ VALUE_PAIR *pairmake(TALLOC_CTX *ctx, VALUE_PAIR **vps, case T_OP_CMP_TRUE: case T_OP_CMP_FALSE: - vp->vp_strvalue[0] = '\0'; + vp->vp_strvalue = NULL; vp->length = 0; value = NULL; /* ignore it! */ break; @@ -1762,8 +1744,6 @@ int pairmark_xlat(VALUE_PAIR *vp, char const *value) vp->type = VT_XLAT; vp->value.xlat = raw; - - vp->vp_strvalue[0] = '\0'; vp->length = 0; return 0; @@ -2283,9 +2263,15 @@ int paircmp_op(VALUE_PAIR const *one, FR_TOKEN op, VALUE_PAIR const *two) */ void pairmemcpy(VALUE_PAIR *vp, uint8_t const *src, size_t size) { - if (size > sizeof(vp->vp_octets)) size = sizeof(vp->vp_octets); + uint8_t *p, *q; + + p = talloc_memdup(vp, src, size); + if (!p) return; + + memcpy(&q, &vp->vp_octets, sizeof(q)); + talloc_free(q); - memcpy(vp->vp_octets, src, size); + vp->vp_octets = p; vp->length = size; } @@ -2297,13 +2283,16 @@ void pairmemcpy(VALUE_PAIR *vp, uint8_t const *src, size_t size) */ void pairstrcpy(VALUE_PAIR *vp, char const *src) { - size_t size = strlen(src); + char *p, *q; - if (size >= sizeof(vp->vp_strvalue)) size = sizeof(vp->vp_strvalue) - 1; + p = talloc_strdup(vp, src); + if (!p) return; - memcpy(vp->vp_strvalue, src, size); - vp->vp_strvalue[size] = '\0'; - vp->length = size; + memcpy(&q, &vp->vp_strvalue, sizeof(q)); + talloc_free(q); + + vp->vp_strvalue = p; + vp->length = strlen(vp->vp_strvalue); } @@ -2315,11 +2304,19 @@ void pairstrcpy(VALUE_PAIR *vp, char const *src) void pairsprintf(VALUE_PAIR *vp, char const *fmt, ...) { va_list ap; + char *p, *q; va_start(ap, fmt); - vsnprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), fmt, ap); + p = talloc_vasprintf(vp, fmt, ap); va_end(ap); + if (!p) return; + + memcpy(&q, &vp->vp_strvalue, sizeof(q)); + talloc_free(q); + + vp->vp_strvalue = p; + /* * vsnprintf returns random things on different platforms */ diff --git a/src/main/process.c b/src/main/process.c index 091092785bdd..f2674cecdc64 100644 --- a/src/main/process.c +++ b/src/main/process.c @@ -2221,9 +2221,7 @@ static int request_will_proxy(REQUEST *request) vp->next = request->proxy->vps; request->proxy->vps = vp; } - memcpy(vp->vp_strvalue, strippedname->vp_strvalue, - sizeof(vp->vp_strvalue)); - vp->length = strippedname->length; + pairstrcpy(vp, strippedname->vp_strvalue); /* * Do NOT delete Stripped-User-Name. @@ -2239,11 +2237,14 @@ static int request_will_proxy(REQUEST *request) if ((request->packet->code == PW_AUTHENTICATION_REQUEST) && pairfind(request->proxy->vps, PW_CHAP_PASSWORD, 0, TAG_ANY) && pairfind(request->proxy->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY) == NULL) { + uint8_t *p; vp = radius_paircreate(request, &request->proxy->vps, PW_CHAP_CHALLENGE, 0); - memcpy(vp->vp_strvalue, request->packet->vector, - sizeof(request->packet->vector)); vp->length = sizeof(request->packet->vector); + vp->vp_octets = p = talloc_array(vp, uint8_t, vp->length); + + memcpy(p, request->packet->vector, + sizeof(request->packet->vector)); } /* diff --git a/src/main/radclient.c b/src/main/radclient.c index 65d685db9757..bc221d9cc6af 100644 --- a/src/main/radclient.c +++ b/src/main/radclient.c @@ -163,6 +163,7 @@ static int mschapv1_encode(RADIUS_PACKET *packet, VALUE_PAIR **request, char const *password) { unsigned int i; + uint8_t *p; VALUE_PAIR *challenge, *response; uint8_t nthash[16]; @@ -174,8 +175,9 @@ static int mschapv1_encode(RADIUS_PACKET *packet, VALUE_PAIR **request, pairadd(request, challenge); challenge->length = 8; + challenge->vp_octets = p = talloc_array(challenge, uint8_t, challenge->length); for (i = 0; i < challenge->length; i++) { - challenge->vp_octets[i] = fr_rand(); + p[i] = fr_rand(); } response = paircreate(packet, PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT); @@ -186,14 +188,15 @@ static int mschapv1_encode(RADIUS_PACKET *packet, VALUE_PAIR **request, pairadd(request, response); response->length = 50; - memset(response->vp_octets, 0, response->length); + response->vp_octets = p = talloc_array(response, uint8_t, response->length); + memset(p, 0, response->length); - response->vp_octets[1] = 0x01; /* NT hash */ + p[1] = 0x01; /* NT hash */ mschap_ntpwdhash(nthash, password); smbdes_mschap(nthash, challenge->vp_octets, - response->vp_octets + 26); + p + 26); return 1; } @@ -343,14 +346,16 @@ static int radclient_init(char const *filename) /* overlapping! */ { const DICT_ATTR *da; - - memmove(&vp->vp_octets[2], - &vp->vp_octets[0], - vp->length); + uint8_t *p; + + p = talloc_array(vp, uint8_t, vp->length + 2); - vp->vp_octets[0] = vp->da->attr - PW_DIGEST_REALM + 1; + memcpy(p + 2, vp->vp_octets, vp->length); + p[0] = vp->da->attr - PW_DIGEST_REALM + 1; vp->length += 2; - vp->vp_octets[1] = vp->length; + p[1] = vp->length; +// talloc_free(vp->vp_octets); + vp->vp_octets = p; da = dict_attrbyvalue(PW_DIGEST_ATTRIBUTES, 0); if (!da) { @@ -644,11 +649,20 @@ static int send_one_packet(radclient_t *radclient) * Allow the user to specify ASCII or hex CHAP-Password */ if (!already_hex) { - pairstrcpy(vp, radclient->password); - + uint8_t *p; + size_t len, len2; + + len = len2 = strlen(radclient->password); + if (len2 < 17) len2 = 17; + + p = talloc_zero_array(vp, uint8_t, len2); + + memcpy(p, radclient->password, len); + rad_chap_encode(radclient->request, - vp->vp_octets, + p, fr_rand() & 0xff, vp); + vp->vp_octets = p; vp->length = 17; } } else if (pairfind(radclient->request->vps, PW_MSCHAP_PASSWORD, 0, TAG_ANY) != NULL) { diff --git a/src/main/soh.c b/src/main/soh.c index 53356748e560..79b50ddf01f7 100644 --- a/src/main/soh.c +++ b/src/main/soh.c @@ -144,6 +144,7 @@ static int eapsoh_mstlv(REQUEST *request, uint8_t const *p, unsigned int data_le VALUE_PAIR *vp; uint8_t c; int t; + char *q; while (data_len > 0) { c = *p++; @@ -246,8 +247,10 @@ static int eapsoh_mstlv(REQUEST *request, uint8_t const *p, unsigned int data_le vp = pairmake_packet("SoH-MS-Machine-Name", NULL, T_OP_EQ); if (!vp) return 0; - memcpy(vp->vp_strvalue, p, t); - vp->vp_strvalue[t] = 0; + vp->vp_strvalue = q = talloc_array(vp, char, t); + + memcpy(q, p, t); + q[t] = 0; p += t; data_len -= 2 + t; diff --git a/src/main/valuepair.c b/src/main/valuepair.c index a0278b47aab3..8f8c2f4fd683 100644 --- a/src/main/valuepair.c +++ b/src/main/valuepair.c @@ -1118,8 +1118,9 @@ VALUE_PAIR *radius_map2vp(REQUEST *request, value_pair_map_t const *map, * actually data. */ rad_assert(found->type == VT_DATA); - memcpy(&vp->data, &found->data, found->length); - vp->length = found->length; + pairfree(&vp); /* ugh */ + vp = paircopyvpdata(request, map->dst->da, found); + vp->op = map->op; break; default: @@ -1261,8 +1262,8 @@ int radius_get_vp(REQUEST *request, char const *name, VALUE_PAIR **vp_p) DIAG_OFF(format-nonliteral) void module_failure_msg(REQUEST *request, char const *fmt, ...) { - size_t len; va_list ap; + char *p; VALUE_PAIR *vp; va_start(ap, fmt); @@ -1272,10 +1273,9 @@ void module_failure_msg(REQUEST *request, char const *fmt, ...) return; } - pairsprintf(vp, "%s: ", request->module); - len = vp->length; - - vsnprintf(vp->vp_strvalue + len, sizeof(vp->vp_strvalue) - len, fmt, ap); + p = talloc_vasprintf(vp, fmt, ap); + pairsprintf(vp, "%s: %s", request->module, p); + talloc_free(p); pairadd(&request->packet->vps, vp); } DIAG_ON(format-nonliteral) diff --git a/src/modules/proto_dhcp/dhcp.c b/src/modules/proto_dhcp/dhcp.c index 64e677aa9a78..ab7d2dbb4ead 100644 --- a/src/modules/proto_dhcp/dhcp.c +++ b/src/modules/proto_dhcp/dhcp.c @@ -522,6 +522,8 @@ static int decode_tlv(RADIUS_PACKET *packet, VALUE_PAIR *tlv, uint8_t const *dat */ static int fr_dhcp_attr2vp(RADIUS_PACKET *packet, VALUE_PAIR *vp, uint8_t const *p, size_t alen) { + char *q; + switch (vp->da->type) { case PW_TYPE_BYTE: if (alen != 1) goto raw; @@ -550,9 +552,9 @@ static int fr_dhcp_attr2vp(RADIUS_PACKET *packet, VALUE_PAIR *vp, uint8_t const break; case PW_TYPE_STRING: - if (alen > 253) return -1; - memcpy(vp->vp_strvalue, p , alen); - vp->vp_strvalue[alen] = '\0'; + vp->vp_strvalue = q = talloc_array(vp, char, alen + 1); + memcpy(q, p , alen); + q[alen] = '\0'; break; /* @@ -580,11 +582,11 @@ static int fr_dhcp_attr2vp(RADIUS_PACKET *packet, VALUE_PAIR *vp, uint8_t const } ssize_t fr_dhcp_decode_options(RADIUS_PACKET *packet, - uint8_t *data, size_t len, VALUE_PAIR **head) + uint8_t const *data, size_t len, VALUE_PAIR **head) { int i; VALUE_PAIR *vp, **tail; - uint8_t *p, *next; + uint8_t const *p, *next; next = data; *head = NULL; @@ -721,6 +723,8 @@ int fr_dhcp_decode(RADIUS_PACKET *packet) * Decode the header. */ for (i = 0; i < 14; i++) { + char *q; + vp = pairmake(packet, NULL, dhcp_header_names[i], NULL, T_OP_EQ); if (!vp) { char buffer[256]; @@ -759,8 +763,9 @@ int fr_dhcp_decode(RADIUS_PACKET *packet) break; case PW_TYPE_STRING: - memcpy(vp->vp_strvalue, p, dhcp_header_sizes[i]); - vp->vp_strvalue[dhcp_header_sizes[i]] = '\0'; + vp->vp_strvalue = q = talloc_array(vp, char, dhcp_header_sizes[i] + 1); + memcpy(q, p, dhcp_header_sizes[i]); + q[dhcp_header_sizes[i]] = '\0'; vp->length = strlen(vp->vp_strvalue); if (vp->length == 0) { pairfree(&vp); @@ -1094,53 +1099,6 @@ int fr_dhcp_encode(RADIUS_PACKET *packet) if (mms > MAX_PACKET_SIZE) mms = MAX_PACKET_SIZE; } - /* - * RFC 3118: Authentication option. - */ - vp = pairfind(packet->vps, 90, DHCP_MAGIC_VENDOR, TAG_ANY); - if (vp) { - if (vp->length < 2) { - memset(vp->vp_octets + vp->length, 0, - 2 - vp->length); - vp->length = 2; - } - - if (vp->length < 3) { - struct timeval tv; - - gettimeofday(&tv, NULL); - vp->vp_octets[2] = 0; - timeval2ntp(&tv, vp->vp_octets + 3); - vp->length = 3 + 8; - } - - /* - * Configuration token (clear-text token) - */ - if (vp->vp_octets[0] == 0) { - VALUE_PAIR *pass; - vp->vp_octets[1] = 0; - - pass = pairfind(packet->vps, PW_CLEARTEXT_PASSWORD, DHCP_MAGIC_VENDOR, TAG_ANY); - if (pass) { - length = pass->length; - if ((length + 11) > sizeof(vp->vp_octets)) { - length -= ((length + 11) - sizeof(vp->vp_octets)); - } - memcpy(vp->vp_octets + 11, pass->vp_strvalue, - length); - vp->length = length + 11; - } else { - vp->length = 11 + 8; - memset(vp->vp_octets + 11, 0, 8); - vp->length = 11 + 8; - } - } else { /* we don't support this type! */ - fr_strerror_printf("DHCP-Authentication %d unsupported", - vp->vp_octets[0]); - } - } - vp = pairfind(packet->vps, 256, DHCP_MAGIC_VENDOR, TAG_ANY); if (vp) { *p++ = vp->vp_integer & 0xff; @@ -1283,6 +1241,8 @@ int fr_dhcp_encode(RADIUS_PACKET *packet) p = packet->data; for (i = 0; i < 14; i++) { + char *q; + vp = pairmake(packet, NULL, dhcp_header_names[i], NULL, T_OP_EQ); if (!vp) { @@ -1315,8 +1275,9 @@ int fr_dhcp_encode(RADIUS_PACKET *packet) break; case PW_TYPE_STRING: - memcpy(vp->vp_strvalue, p, dhcp_header_sizes[i]); - vp->vp_strvalue[dhcp_header_sizes[i]] = '\0'; + vp->vp_strvalue = q = talloc_array(vp, char, dhcp_header_sizes[i]); + memcpy(q, p, dhcp_header_sizes[i]); + q[dhcp_header_sizes[i]] = '\0'; vp->length = strlen(vp->vp_strvalue); break; diff --git a/src/modules/proto_vmps/vqp.c b/src/modules/proto_vmps/vqp.c index e98f41d84c97..a061383e13dd 100644 --- a/src/modules/proto_vmps/vqp.c +++ b/src/modules/proto_vmps/vqp.c @@ -476,6 +476,8 @@ int vqp_decode(RADIUS_PACKET *packet) * be called before vqp_decode(). */ while (ptr < end) { + char *p; + attribute = (ptr[2] << 8) | ptr[3]; length = (ptr[4] << 8) | ptr[5]; ptr += 6; @@ -515,9 +517,10 @@ int vqp_decode(RADIUS_PACKET *packet) break; case PW_TYPE_STRING: - vp->length = (length > MAX_VMPS_LEN) ? MAX_VMPS_LEN : length; - memcpy(vp->vp_strvalue, ptr, vp->length); - vp->vp_strvalue[vp->length] = '\0'; + vp->length = length; + vp->vp_strvalue = p = talloc_array(vp, char, vp->length + 1); + memcpy(p, ptr, vp->length); + p[vp->length] = '\0'; break; } ptr += length; diff --git a/src/modules/rlm_attr_filter/rlm_attr_filter.c b/src/modules/rlm_attr_filter/rlm_attr_filter.c index 38a22ab1a9ef..d3ff55518fe3 100644 --- a/src/modules/rlm_attr_filter/rlm_attr_filter.c +++ b/src/modules/rlm_attr_filter/rlm_attr_filter.c @@ -152,7 +152,7 @@ static rlm_rcode_t attr_filter_common(void *instance, REQUEST *request, PAIR_LIST *pl; int found = 0; int pass, fail = 0; - char *keyname = NULL; + char const *keyname = NULL; VALUE_PAIR **input; char buffer[256]; diff --git a/src/modules/rlm_detail/rlm_detail.c b/src/modules/rlm_detail/rlm_detail.c index c8ed8933dccd..9bbf31ae26d9 100644 --- a/src/modules/rlm_detail/rlm_detail.c +++ b/src/modules/rlm_detail/rlm_detail.c @@ -390,11 +390,11 @@ static rlm_rcode_t do_detail(void *instance, REQUEST *request, RADIUS_PACKET *pa break; case AF_INET6: src_vp.da = dict_attrbyvalue(PW_PACKET_SRC_IPV6_ADDRESS, 0); - memcpy(src_vp.vp_strvalue, + memcpy(&src_vp.vp_ipv6addr, &packet->src_ipaddr.ipaddr.ip6addr, sizeof(packet->src_ipaddr.ipaddr.ip6addr)); dst_vp.da = dict_attrbyvalue(PW_PACKET_DST_IPV6_ADDRESS, 0); - memcpy(dst_vp.vp_strvalue, + memcpy(&dst_vp.vp_ipv6addr, &packet->dst_ipaddr.ipaddr.ip6addr, sizeof(packet->dst_ipaddr.ipaddr.ip6addr)); break; diff --git a/src/modules/rlm_digest/rlm_digest.c b/src/modules/rlm_digest/rlm_digest.c index f6c282b85528..4fc06834f328 100644 --- a/src/modules/rlm_digest/rlm_digest.c +++ b/src/modules/rlm_digest/rlm_digest.c @@ -60,7 +60,7 @@ static int digest_fix(REQUEST *request) while (vp) { int length = vp->length; int attrlen; - uint8_t *p = &vp->vp_octets[0]; + uint8_t const *p = vp->vp_octets; /* * Until this stupidly encoded attribute is exhausted. @@ -110,7 +110,8 @@ static int digest_fix(REQUEST *request) while (vp) { int length = vp->length; int attrlen; - uint8_t *p = &vp->vp_octets[0]; + uint8_t const *p = vp->vp_octets; + char *q; VALUE_PAIR *sub; /* @@ -151,12 +152,13 @@ static int digest_fix(REQUEST *request) */ sub = radius_paircreate(request, &request->packet->vps, PW_DIGEST_REALM - 1 + p[0], 0); - memcpy(&sub->vp_octets[0], &p[2], attrlen - 2); - sub->vp_octets[attrlen - 2] = '\0'; sub->length = attrlen - 2; + sub->vp_strvalue = q = talloc_array(sub, char, sub->length + 1); + memcpy(q, p + 2, attrlen - 2); + q[attrlen - 2] = '\0'; if ((debug_flag > 1) && fr_log_fp) { - vp_print(fr_log_fp, sub); + vp_print(fr_log_fp, sub); } /* @@ -282,7 +284,7 @@ static rlm_rcode_t mod_authenticate(UNUSED void *instance, REQUEST *request) REDEBUG("No Digest-User-Name: Cannot perform Digest authentication"); return RLM_MODULE_INVALID; } - memcpy(&a1[0], &vp->vp_octets[0], vp->length); + memcpy(&a1[0], vp->vp_octets, vp->length); a1_len = vp->length; a1[a1_len] = ':'; @@ -293,14 +295,14 @@ static rlm_rcode_t mod_authenticate(UNUSED void *instance, REQUEST *request) REDEBUG("No Digest-Realm: Cannot perform Digest authentication"); return RLM_MODULE_INVALID; } - memcpy(&a1[a1_len], &vp->vp_octets[0], vp->length); + memcpy(&a1[a1_len], vp->vp_octets, vp->length); a1_len += vp->length; a1[a1_len] = ':'; a1_len++; if (passwd->da->attr == PW_CLEARTEXT_PASSWORD) { - memcpy(&a1[a1_len], &passwd->vp_octets[0], passwd->length); + memcpy(&a1[a1_len], passwd->vp_octets, passwd->length); a1_len += passwd->length; a1[a1_len] = '\0'; RDEBUG2("A1 = %s", a1); @@ -352,7 +354,7 @@ static rlm_rcode_t mod_authenticate(UNUSED void *instance, REQUEST *request) REDEBUG("Received Digest-Nonce hex string with invalid length: Cannot perform Digest authentication"); return RLM_MODULE_INVALID; } - memcpy(&a1[a1_len], &nonce->vp_octets[0], nonce->length); + memcpy(&a1[a1_len], nonce->vp_octets, nonce->length); a1_len += nonce->length; a1[a1_len] = ':'; @@ -371,7 +373,7 @@ static rlm_rcode_t mod_authenticate(UNUSED void *instance, REQUEST *request) REDEBUG("Received Digest-CNonce hex string with invalid length: Cannot perform Digest authentication"); return RLM_MODULE_INVALID; } - memcpy(&a1[a1_len], &vp->vp_octets[0], vp->length); + memcpy(&a1[a1_len], vp->vp_octets, vp->length); a1_len += vp->length; } else if ((algo != NULL) && @@ -392,7 +394,7 @@ static rlm_rcode_t mod_authenticate(UNUSED void *instance, REQUEST *request) REDEBUG("No Digest-Method: Cannot perform Digest authentication"); return RLM_MODULE_INVALID; } - memcpy(&a2[0], &vp->vp_octets[0], vp->length); + memcpy(&a2[0], vp->vp_octets, vp->length); a2_len = vp->length; a2[a2_len] = ':'; @@ -403,7 +405,7 @@ static rlm_rcode_t mod_authenticate(UNUSED void *instance, REQUEST *request) REDEBUG("No Digest-URI: Cannot perform Digest authentication"); return RLM_MODULE_INVALID; } - memcpy(&a2[a2_len], &vp->vp_octets[0], vp->length); + memcpy(&a2[a2_len], vp->vp_octets, vp->length); a2_len += vp->length; /* @@ -499,7 +501,7 @@ static rlm_rcode_t mod_authenticate(UNUSED void *instance, REQUEST *request) REDEBUG("No Digest-Nonce-Count: Cannot perform Digest authentication"); return RLM_MODULE_INVALID; } - memcpy(&kd[kd_len], &vp->vp_octets[0], vp->length); + memcpy(&kd[kd_len], vp->vp_octets, vp->length); kd_len += vp->length; kd[kd_len] = ':'; @@ -510,13 +512,13 @@ static rlm_rcode_t mod_authenticate(UNUSED void *instance, REQUEST *request) REDEBUG("No Digest-CNonce: Cannot perform Digest authentication"); return RLM_MODULE_INVALID; } - memcpy(&kd[kd_len], &vp->vp_octets[0], vp->length); + memcpy(&kd[kd_len], vp->vp_octets, vp->length); kd_len += vp->length; kd[kd_len] = ':'; kd_len++; - memcpy(&kd[kd_len], &qop->vp_octets[0], qop->length); + memcpy(&kd[kd_len], qop->vp_octets, qop->length); kd_len += qop->length; } @@ -560,7 +562,7 @@ static rlm_rcode_t mod_authenticate(UNUSED void *instance, REQUEST *request) return RLM_MODULE_INVALID; } - if (fr_hex2bin(&vp->vp_strvalue[0], &hash[0], vp->length >> 1) != (vp->length >> 1)) { + if (fr_hex2bin(vp->vp_strvalue, &hash[0], vp->length >> 1) != (vp->length >> 1)) { RDEBUG2("Invalid text in Digest-Response"); return RLM_MODULE_INVALID; } diff --git a/src/modules/rlm_eap/eap.c b/src/modules/rlm_eap/eap.c index f13d1ae0f0e8..3a9ca2163d93 100644 --- a/src/modules/rlm_eap/eap.c +++ b/src/modules/rlm_eap/eap.c @@ -604,8 +604,8 @@ rlm_rcode_t eap_compose(eap_handler_t *handler) vp = pairfind(request->reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY); if (!vp) { vp = paircreate(request->reply, PW_MESSAGE_AUTHENTICATOR, 0); - memset(vp->vp_octets, 0, AUTH_VECTOR_LEN); vp->length = AUTH_VECTOR_LEN; + vp->vp_octets = talloc_zero_array(vp, uint8_t, vp->length); pairadd(&(request->reply->vps), vp); } @@ -708,6 +708,8 @@ int eap_start(rlm_eap_t *inst, REQUEST *request) * EAP-Starts. */ if ((eap_msg->length == 0) || (eap_msg->length == 2)) { + uint8_t *p; + /* * It's a valid EAP-Start, but the request * was marked as being proxied. So we don't @@ -728,12 +730,14 @@ int eap_start(rlm_eap_t *inst, REQUEST *request) /* * Manually create an EAP Identity request */ - vp->vp_octets[0] = PW_EAP_REQUEST; - vp->vp_octets[1] = 0; /* ID */ - vp->vp_octets[2] = 0; - vp->vp_octets[3] = 5; /* length */ - vp->vp_octets[4] = PW_EAP_IDENTITY; vp->length = 5; + vp->vp_octets = p = talloc_array(vp, uint8_t, vp->length); + + p[0] = PW_EAP_REQUEST; + p[1] = 0; /* ID */ + p[2] = 0; + p[3] = 5; /* length */ + p[4] = PW_EAP_IDENTITY; return EAP_FOUND; } /* end of handling EAP-Start */ diff --git a/src/modules/rlm_eap/libeap/eapcommon.c b/src/modules/rlm_eap/libeap/eapcommon.c index a24ed2d25961..327ff7b52bf2 100644 --- a/src/modules/rlm_eap/libeap/eapcommon.c +++ b/src/modules/rlm_eap/libeap/eapcommon.c @@ -213,9 +213,10 @@ int eap_basic_compose(RADIUS_PACKET *packet, eap_packet_t *reply) */ vp = pairfind(packet->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY); if (!vp) { - vp = paircreate(packet, PW_MESSAGE_AUTHENTICATOR, 0); - memset(vp->vp_strvalue, 0, AUTH_VECTOR_LEN); + vp = paircreate(packet, PW_MESSAGE_AUTHENTICATOR, 0); vp->length = AUTH_VECTOR_LEN; + vp->vp_octets = talloc_zero_array(vp, uint8_t, vp->length); + pairadd(&(packet->vps), vp); } @@ -383,7 +384,7 @@ void eap_add_reply(REQUEST *request, { VALUE_PAIR *vp; - vp = pairmake_reply(name, "", T_OP_EQ); + vp = pairmake_reply(name, NULL, T_OP_EQ); if (!vp) { REDEBUG("Did not create attribute %s: %s\n", name, fr_strerror()); diff --git a/src/modules/rlm_eap/libeap/eapsimlib.c b/src/modules/rlm_eap/libeap/eapsimlib.c index a170b0710bbd..1c6afe8bd40b 100644 --- a/src/modules/rlm_eap/libeap/eapsimlib.c +++ b/src/modules/rlm_eap/libeap/eapsimlib.c @@ -66,7 +66,8 @@ int map_eapsim_basictypes(RADIUS_PACKET *r, eap_packet_t *ep) int encoded_size; uint8_t *encodedmsg, *attr; unsigned int id, eapcode; - unsigned char *macspace, *append; + uint8_t *macspace; + uint8_t const *append; int appendlen; unsigned char subtype; @@ -309,6 +310,8 @@ int unmap_eapsim_basictypes(RADIUS_PACKET *r, /* now, loop processing each attribute that we find */ while(attrlen > 0) { + uint8_t *p; + if(attrlen < 2) { ERROR("eap: EAP-Sim attribute %d too short: %d < 2", es_attribute_count, attrlen); return 0; @@ -334,8 +337,9 @@ int unmap_eapsim_basictypes(RADIUS_PACKET *r, } newvp = paircreate(r, eapsim_attribute+ATTRIBUTE_EAP_SIM_BASE, 0); - memcpy(newvp->vp_strvalue, &attr[2], eapsim_len-2); newvp->length = eapsim_len-2; + newvp->vp_octets = p = talloc_array(newvp, uint8_t, newvp->length); + memcpy(p, &attr[2], eapsim_len-2); pairadd(&(r->vps), newvp); newvp = NULL; diff --git a/src/modules/rlm_eap/libeap/mppe_keys.c b/src/modules/rlm_eap/libeap/mppe_keys.c index 37792a15bad1..abe12ee38e4d 100644 --- a/src/modules/rlm_eap/libeap/mppe_keys.c +++ b/src/modules/rlm_eap/libeap/mppe_keys.c @@ -180,6 +180,7 @@ void eapttls_gen_challenge(SSL *s, uint8_t *buffer, size_t size) void eaptls_gen_eap_key(RADIUS_PACKET *packet, SSL *s, uint32_t header) { VALUE_PAIR *vp; + uint8_t *p; if (!s->s3) { EDEBUG("No SSLv3 information"); @@ -189,10 +190,13 @@ void eaptls_gen_eap_key(RADIUS_PACKET *packet, SSL *s, uint32_t header) vp = paircreate(packet, PW_EAP_SESSION_ID, PW_TYPE_OCTETS); if (!vp) return; - vp->vp_octets[0] = header & 0xff; - memcpy(vp->vp_octets + 1, s->s3->client_random, SSL3_RANDOM_SIZE); - memcpy(vp->vp_octets + 1 + SSL3_RANDOM_SIZE, - s->s3->server_random, SSL3_RANDOM_SIZE); vp->length = 1 + 2 * SSL3_RANDOM_SIZE; + p = talloc_array(vp, uint8_t, vp->length); + + p[0] = header & 0xff; + memcpy(p + 1, s->s3->client_random, SSL3_RANDOM_SIZE); + memcpy(p + 1 + SSL3_RANDOM_SIZE, + s->s3->server_random, SSL3_RANDOM_SIZE); + vp->vp_octets = p; pairadd(&packet->vps, vp); } diff --git a/src/modules/rlm_eap/mem.c b/src/modules/rlm_eap/mem.c index 3e74045c5e5a..c4ffb132b83c 100644 --- a/src/modules/rlm_eap/mem.c +++ b/src/modules/rlm_eap/mem.c @@ -337,7 +337,7 @@ int eaplist_add(rlm_eap_t *inst, eap_handler_t *handler) * Generate State, since we've been asked to add it to * the list. */ - state = pairmake_reply("State", "0x00", T_OP_EQ); + state = pairmake_reply("State", NULL, T_OP_EQ); if (!state) return 0; /* @@ -383,19 +383,14 @@ int eaplist_add(rlm_eap_t *inst, eap_handler_t *handler) } } - pairmemcpy(state, handler->state, sizeof(handler->state)); - /* * Add some more data to distinguish the sessions. */ - state->vp_octets[4] = handler->trips ^ handler->state[0]; - state->vp_octets[5] = handler->eap_id ^ handler->state[1]; - state->vp_octets[6] = handler->type ^ handler->state[2]; + handler->state[4] = handler->trips ^ handler->state[0]; + handler->state[5] = handler->eap_id ^ handler->state[1]; + handler->state[6] = handler->type ^ handler->state[2]; - /* - * and copy the state back again. - */ - memcpy(handler->state, state->vp_octets, sizeof(handler->state)); + pairmemcpy(state, handler->state, sizeof(handler->state)); /* * Big-time failure. diff --git a/src/modules/rlm_eap/rlm_eap.c b/src/modules/rlm_eap/rlm_eap.c index bb0c155d6a51..15f9a8ab7ed5 100644 --- a/src/modules/rlm_eap/rlm_eap.c +++ b/src/modules/rlm_eap/rlm_eap.c @@ -364,7 +364,7 @@ static rlm_rcode_t mod_authenticate(void *instance, REQUEST *request) pairmake(request->proxy, &request->proxy->vps, "Message-Authenticator", - "0x00", T_OP_EQ); + NULL, T_OP_EQ); } } @@ -450,11 +450,15 @@ static rlm_rcode_t mod_authenticate(void *instance, REQUEST *request) /* * Cisco AP1230 has a bug and needs a zero * terminated string in Access-Accept. + * + * @todo: fix this */ if ((inst->mod_accounting_username_bug) && (vp->length < (int) sizeof(vp->vp_strvalue))) { +#if 0 vp->vp_strvalue[vp->length] = '\0'; vp->length++; +#endif } } @@ -542,6 +546,7 @@ static rlm_rcode_t mod_post_proxy(void *inst, REQUEST *request) { size_t i; size_t len; + char *p; VALUE_PAIR *vp; eap_handler_t *handler; @@ -677,7 +682,8 @@ static rlm_rcode_t mod_post_proxy(void *inst, REQUEST *request) * Decrypt the session key, using the proxy data. */ i = 34; /* starts off with 34 octets */ - len = rad_tunnel_pwdecode(vp->vp_octets + 17, &i, + p = talloc_strdup(vp, vp->vp_strvalue); + len = rad_tunnel_pwdecode((uint8_t *)p + 17, &i, request->home_server->secret, request->proxy->vector); @@ -688,9 +694,11 @@ static rlm_rcode_t mod_post_proxy(void *inst, REQUEST *request) /* * Encrypt the session key again, using the request data. */ - rad_tunnel_pwencode(vp->vp_strvalue + 17, &len, + rad_tunnel_pwencode(p + 17, &len, request->client->secret, request->packet->vector); +// talloc_free(vp->vp_strvalue); + vp->vp_strvalue = p; return RLM_MODULE_UPDATED; } diff --git a/src/modules/rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c b/src/modules/rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c index 1ae224da9f6a..f1cd58c51562 100644 --- a/src/modules/rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c +++ b/src/modules/rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c @@ -198,6 +198,7 @@ static int mod_authenticate(void *instance, eap_handler_t *handler) */ } else if (eap_ds->response->type.length <= 128) { int rcode; + char *p; /* * If there was a User-Password in the request, @@ -205,13 +206,14 @@ static int mod_authenticate(void *instance, eap_handler_t *handler) */ pairdelete(&request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY); - vp = pairmake_packet("User-Password", "", T_OP_EQ); + vp = pairmake_packet("User-Password", NULL, T_OP_EQ); if (!vp) { return 0; } vp->length = eap_ds->response->type.length; - memcpy(vp->vp_strvalue, eap_ds->response->type.data, vp->length); - vp->vp_strvalue[vp->length] = 0; + vp->vp_strvalue = p = talloc_array(vp, char, vp->length + 1); + memcpy(p, eap_ds->response->type.data, vp->length); + p[vp->length] = 0; /* * Add the password to the request, and allow diff --git a/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c b/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c index c3c1695c9810..469f3533b018 100644 --- a/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c +++ b/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c @@ -186,17 +186,22 @@ static int eapleap_ntpwdhash(unsigned char *ntpwdhash, VALUE_PAIR *password) fr_md4_calc(ntpwdhash, unicode, password->length * 2); } else { /* MUST be NT-Password */ + uint8_t *p; + if (password->length == 32) { + p = talloc_array(password, uint8_t, 16); password->length = fr_hex2bin(password->vp_strvalue, - password->vp_octets, - 16); + p, + 16); } if (password->length != 16) { ERROR("rlm_eap_leap: Bad NT-Password"); return 0; } - memcpy(ntpwdhash, password->vp_strvalue, 16); +// talloc_free(password->vp_octets); + password->vp_octets = p; + memcpy(ntpwdhash, p, 16); } return 1; } @@ -245,10 +250,10 @@ leap_packet_t *eapleap_stage6(leap_packet_t *packet, REQUEST *request, leap_session_t *session) { size_t i; - unsigned char ntpwdhash[16], ntpwdhashhash[16]; - unsigned char buffer[256]; + uint8_t ntpwdhash[16], ntpwdhashhash[16]; + uint8_t *p, buffer[256]; leap_packet_t *reply; - unsigned char *p; + char *q; VALUE_PAIR *vp; /* @@ -305,7 +310,7 @@ leap_packet_t *eapleap_stage6(leap_packet_t *packet, REQUEST *request, /* * Calculate the leap:session-key attribute */ - vp = pairmake_reply("Cisco-AVPair", "leap:session-key=", T_OP_ADD); + vp = pairmake_reply("Cisco-AVPair", NULL, T_OP_ADD); if (!vp) { ERROR("rlm_eap_leap: Failed to create Cisco-AVPair attribute. LEAP cancelled."); talloc_free(reply); @@ -331,14 +336,17 @@ leap_packet_t *eapleap_stage6(leap_packet_t *packet, REQUEST *request, */ fr_md5_calc(ntpwdhash, buffer, 16 + 8 + 24 + 8 + 24); - memcpy(vp->vp_strvalue + vp->length, ntpwdhash, 16); - memset(vp->vp_strvalue + vp->length + 16, 0, - sizeof(vp->vp_strvalue) - (vp->length + 16)); + q = talloc_array(vp, char, 16 + sizeof("leap:session-key=")); + strcpy(q, "leap:session-key="); + + memcpy(q + 17, ntpwdhash, 16); i = 16; - rad_tunnel_pwencode(vp->vp_strvalue + vp->length, &i, + rad_tunnel_pwencode(q + 17, &i, request->client->secret, request->packet->vector); - vp->length += i; + vp->length = 17 + i; +// talloc_free(vp->vp_strvalue); + vp->vp_strvalue = q; return reply; } diff --git a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c index 3193bab7799a..2dd1b554525f 100644 --- a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c +++ b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c @@ -223,16 +223,18 @@ static int mschapv2_initiate(UNUSED void *instance, eap_handler_t *handler) VALUE_PAIR *challenge; mschapv2_opaque_t *data; REQUEST *request = handler->request; + uint8_t *p; challenge = pairmake(handler, NULL, - "MS-CHAP-Challenge", "0x00", T_OP_EQ); + "MS-CHAP-Challenge", NULL, T_OP_EQ); /* * Get a random challenge. */ challenge->length = MSCHAPV2_CHALLENGE_LEN; + challenge->vp_octets = p = talloc_array(challenge, uint8_t, challenge->length); for (i = 0; i < MSCHAPV2_CHALLENGE_LEN; i++) { - challenge->vp_strvalue[i] = fr_rand(); + p[i] = fr_rand(); } RDEBUG2("Issuing Challenge"); @@ -368,6 +370,7 @@ static int mschap_postproxy(eap_handler_t *handler, UNUSED void *tunnel_data) static int mschapv2_authenticate(void *arg, eap_handler_t *handler) { int rcode, ccode; + uint8_t *p; mschapv2_opaque_t *data; EAP_DS *eap_ds = handler->eap_ds; VALUE_PAIR *challenge, *response, *name; @@ -409,19 +412,20 @@ static int mschapv2_authenticate(void *arg, eap_handler_t *handler) RDEBUG2("password change packet received"); - challenge = pairmake_packet("MS-CHAP-Challenge", "0x00", T_OP_EQ); + challenge = pairmake_packet("MS-CHAP-Challenge", NULL, T_OP_EQ); if (!challenge) { return 0; } - challenge->length = MSCHAPV2_CHALLENGE_LEN; - memcpy(challenge->vp_strvalue, data->challenge, MSCHAPV2_CHALLENGE_LEN); + pairmemcpy(challenge, data->challenge, MSCHAPV2_CHALLENGE_LEN); - cpw = pairmake_packet("MS-CHAP2-CPW", "", T_OP_EQ); - cpw->vp_octets[0] = 7; - cpw->vp_octets[1] = mschap_id; - memcpy(cpw->vp_octets+2, eap_ds->response->type.data + 520, 66); + cpw = pairmake_packet("MS-CHAP2-CPW", NULL, T_OP_EQ); cpw->length = 68; + cpw->vp_octets = p = talloc_array(cpw, uint8_t, cpw->length); + p[0] = 7; + p[1] = mschap_id; + memcpy(p + 2, eap_ds->response->type.data + 520, 66); + /* * break the encoded password into VPs (3 of them) */ @@ -432,15 +436,18 @@ static int mschapv2_authenticate(void *arg, eap_handler_t *handler) if (to_copy > 243) to_copy = 243; - nt_enc = pairmake_packet("MS-CHAP-NT-Enc-PW", "", T_OP_ADD); - nt_enc->vp_octets[0] = 6; - nt_enc->vp_octets[1] = mschap_id; - nt_enc->vp_octets[2] = 0; - nt_enc->vp_octets[3] = seq++; + nt_enc = pairmake_packet("MS-CHAP-NT-Enc-PW", NULL, T_OP_ADD); + nt_enc->length = 4 + to_copy; + + nt_enc->vp_octets = p = talloc_array(nt_enc, uint8_t, nt_enc->length); - memcpy(nt_enc->vp_octets + 4, eap_ds->response->type.data + 4 + copied, to_copy); + p[0] = 6; + p[1] = mschap_id; + p[2] = 0; + p[3] = seq++; + + memcpy(p + 4, eap_ds->response->type.data + 4 + copied, to_copy); copied += to_copy; - nt_enc->length = 4 + to_copy; } RDEBUG2("built change password packet"); @@ -561,25 +568,26 @@ static int mschapv2_authenticate(void *arg, eap_handler_t *handler) * to pass to the 'mschap' module. This is a little wonky, * but it works. */ - challenge = pairmake_packet("MS-CHAP-Challenge", "0x00", T_OP_EQ); + challenge = pairmake_packet("MS-CHAP-Challenge", NULL, T_OP_EQ); if (!challenge) { return 0; } - challenge->length = MSCHAPV2_CHALLENGE_LEN; - memcpy(challenge->vp_strvalue, data->challenge, MSCHAPV2_CHALLENGE_LEN); + pairmemcpy(challenge, data->challenge, MSCHAPV2_CHALLENGE_LEN); - response = pairmake_packet("MS-CHAP2-Response", "0x00", T_OP_EQ); + response = pairmake_packet("MS-CHAP2-Response", NULL, T_OP_EQ); if (!response) { return 0; } response->length = MSCHAPV2_RESPONSE_LEN; - memcpy(response->vp_strvalue + 2, &eap_ds->response->type.data[5], + response->vp_octets = p = talloc_array(response, uint8_t, response->length); + + p[0] = eap_ds->response->type.data[1]; + p[1] = eap_ds->response->type.data[5 + MSCHAPV2_RESPONSE_LEN]; + memcpy(p + 2, &eap_ds->response->type.data[5], MSCHAPV2_RESPONSE_LEN - 2); - response->vp_strvalue[0] = eap_ds->response->type.data[1]; - response->vp_strvalue[1] = eap_ds->response->type.data[5 + MSCHAPV2_RESPONSE_LEN]; - name = pairmake_packet("NTLM-User-Name", "", T_OP_EQ); + name = pairmake_packet("NTLM-User-Name", NULL, T_OP_EQ); if (!name) { return 0; } @@ -590,14 +598,11 @@ static int mschapv2_authenticate(void *arg, eap_handler_t *handler) name->length = (((eap_ds->response->type.data[2] << 8) | eap_ds->response->type.data[3]) - eap_ds->response->type.data[4] - 5); - if (name->length >= sizeof(name->vp_strvalue)) { - name->length = sizeof(name->vp_strvalue) - 1; - } - - memcpy(name->vp_strvalue, + name->vp_octets = p = talloc_array(name, uint8_t, name->length + 1); + memcpy(p, &eap_ds->response->type.data[4 + MSCHAPV2_RESPONSE_LEN], name->length); - name->vp_strvalue[name->length] = '\0'; + p[name->length] = '\0'; packet_ready: @@ -662,10 +667,7 @@ static int mschapv2_authenticate(void *arg, eap_handler_t *handler) * FIXME: Put it into MS-CHAP-Domain? */ username++; /* skip the \\ */ - memmove(challenge->vp_strvalue, - username, - strlen(username) + 1); /* include \0 */ - challenge->length = strlen(challenge->vp_strvalue); + pairstrcpy(challenge, username); } /* diff --git a/src/modules/rlm_eap/types/rlm_eap_peap/peap.c b/src/modules/rlm_eap/types/rlm_eap_peap/peap.c index a169cbb8cbe7..5421c3992321 100644 --- a/src/modules/rlm_eap/types/rlm_eap_peap/peap.c +++ b/src/modules/rlm_eap/types/rlm_eap_peap/peap.c @@ -269,6 +269,7 @@ static VALUE_PAIR *eap2vp(REQUEST *request, RADIUS_PACKET *packet, uint8_t const *data, size_t data_len) { size_t total; + uint8_t *p; VALUE_PAIR *vp = NULL, *head, **tail; if (data_len > 65535) return NULL; /* paranoia */ @@ -285,13 +286,15 @@ static VALUE_PAIR *eap2vp(REQUEST *request, RADIUS_PACKET *packet, /* * Hand-build an EAP packet from the crap in PEAP version 0. */ - vp->vp_octets[0] = PW_EAP_RESPONSE; - vp->vp_octets[1] = eap_ds->response->id; - vp->vp_octets[2] = (data_len + EAP_HEADER_LEN) >> 8; - vp->vp_octets[3] = (data_len + EAP_HEADER_LEN) & 0xff; - - memcpy(vp->vp_octets + EAP_HEADER_LEN, data, total); vp->length = EAP_HEADER_LEN + total; + vp->vp_octets = p = talloc_array(vp, uint8_t, vp->length); + + p[0] = PW_EAP_RESPONSE; + p[1] = eap_ds->response->id; + p[2] = (data_len + EAP_HEADER_LEN) >> 8; + p[3] = (data_len + EAP_HEADER_LEN) & 0xff; + + memcpy(p + EAP_HEADER_LEN, data, total); head = vp; tail = &(vp->next); @@ -733,6 +736,7 @@ int eappeap_process(eap_handler_t *handler, tls_session_t *tls_session) int rcode = RLM_MODULE_REJECT; const uint8_t *data; unsigned int data_len; + char *p; REQUEST *request = handler->request; EAP_DS *eap_ds = handler->eap_ds; @@ -788,20 +792,16 @@ int eappeap_process(eap_handler_t *handler, tls_session_t *tls_session) return RLM_MODULE_REJECT; } - if (data_len >= sizeof(t->username->vp_strvalue)) { - RDEBUG("EAP-Identity is too long"); - return RLM_MODULE_REJECT; - } - /* * Save it for later. */ - t->username = pairmake(t, NULL, "User-Name", "", T_OP_EQ); + t->username = pairmake(t, NULL, "User-Name", NULL, T_OP_EQ); rad_assert(t->username != NULL); - memcpy(t->username->vp_strvalue, data + 1, data_len - 1); + t->username->vp_strvalue = p = talloc_array(t->username, char, data_len); + memcpy(p, data + 1, data_len - 1); t->username->length = data_len - 1; - t->username->vp_strvalue[t->username->length] = 0; + p[t->username->length] = 0; RDEBUG("Got inner identity '%s'", t->username->vp_strvalue); if (t->soh) { t->status = PEAP_STATUS_WAIT_FOR_SOH_RESPONSE; @@ -923,21 +923,22 @@ int eappeap_process(eap_handler_t *handler, tls_session_t *tls_session) case PEAP_STATUS_PHASE2_INIT: { size_t len = t->username->length + EAP_HEADER_LEN + 1; + uint8_t *q; t->status = PEAP_STATUS_PHASE2; vp = paircreate(fake->packet, PW_EAP_MESSAGE, 0); + vp->length = len; + vp->vp_octets = q = talloc_array(vp, uint8_t, vp->length); - vp->vp_octets[0] = PW_EAP_RESPONSE; - vp->vp_octets[1] = eap_ds->response->id; - vp->vp_octets[2] = (len >> 8) & 0xff; - vp->vp_octets[3] = len & 0xff; - vp->vp_octets[4] = PW_EAP_IDENTITY; + p[0] = PW_EAP_RESPONSE; + p[1] = eap_ds->response->id; + p[2] = (len >> 8) & 0xff; + p[3] = len & 0xff; + p[4] = PW_EAP_IDENTITY; - if (len > sizeof(vp->vp_octets)) len = sizeof(vp->vp_octets); - memcpy(vp->vp_octets + EAP_HEADER_LEN + 1, + memcpy(p + EAP_HEADER_LEN + 1, t->username->vp_strvalue, len - EAP_HEADER_LEN - 1); - vp->length = len; pairadd(&fake->packet->vps, vp); @@ -982,12 +983,13 @@ int eappeap_process(eap_handler_t *handler, tls_session_t *tls_session) * EAP-Identity packet. */ if ((data[0] == PW_EAP_IDENTITY) && (data_len > 1)) { - t->username = pairmake(t, NULL, "User-Name", "", T_OP_EQ); + t->username = pairmake(t, NULL, "User-Name", NULL, T_OP_EQ); rad_assert(t->username != NULL); - memcpy(t->username->vp_strvalue, data + 1, data_len - 1); + t->username->vp_strvalue = p = talloc_array(t->username, char, data_len); + memcpy(p, data + 1, data_len - 1); t->username->length = data_len - 1; - t->username->vp_strvalue[t->username->length] = 0; + p[t->username->length] = 0; DEBUG2(" PEAP: Got tunneled identity of %s", t->username->vp_strvalue); /* diff --git a/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c b/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c index aca6eea421b5..2b9e85b4db0f 100644 --- a/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c +++ b/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c @@ -107,7 +107,7 @@ eap_pwd_kdf(uint8_t *key, int keylen, char const *label, int labellen, int compute_password_element (pwd_session_t *sess, uint16_t grp_num, - char *password, int password_len, + char const *password, int password_len, char *id_server, int id_server_len, char *id_peer, int id_peer_len, uint32_t *token) diff --git a/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.h b/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.h index 92bf5fff12dc..9c9cfe8c0a3d 100644 --- a/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.h +++ b/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.h @@ -104,7 +104,7 @@ typedef struct _pwd_session_t { } pwd_session_t; int compute_password_element(pwd_session_t *sess, uint16_t grp_num, - char *password, int password_len, + char const *password, int password_len, char *id_server, int id_server_len, char *id_peer, int id_peer_len, uint32_t *token); diff --git a/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c b/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c index e1c3f25e173f..1930c9f728f0 100644 --- a/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c +++ b/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c @@ -287,6 +287,7 @@ mod_authenticate (void *arg, eap_handler_t *handler) uint8_t exch, *buf, *ptr, msk[MSK_EMSK_LEN], emsk[MSK_EMSK_LEN]; uint8_t peer_confirm[SHA256_DIGEST_LENGTH]; BIGNUM *x = NULL, *y = NULL; + char *p; if ((!handler) || ((eap_ds = handler->eap_ds) == NULL) || @@ -417,16 +418,18 @@ mod_authenticate (void *arg, eap_handler_t *handler) RDEBUG("pwd unable to create fake request!"); return 0; } - fake->username = pairmake_packet("User-Name", "", T_OP_EQ); + fake->username = pairmake_packet("User-Name", NULL, T_OP_EQ); if (!fake->username) { RDEBUG("pwd unanable to create value pair for username!"); request_free(&fake); return 0; } - memcpy(fake->username->vp_strvalue, pwd_session->peer_id, - pwd_session->peer_id_len); fake->username->length = pwd_session->peer_id_len; - fake->username->vp_strvalue[fake->username->length] = 0; + fake->username->vp_strvalue = p = talloc_array(fake->username, char, fake->username->length + 1); + + memcpy(p, pwd_session->peer_id, + pwd_session->peer_id_len); + p[fake->username->length] = 0; if ((vp = pairfind(request->config_items, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) { fake->server = vp->vp_strvalue; diff --git a/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c b/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c index d6afbc961c59..021c86083386 100644 --- a/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c +++ b/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c @@ -60,6 +60,7 @@ static int eap_sim_sendstart(eap_handler_t *handler) uint16_t words[3]; struct eap_sim_server_state *ess; RADIUS_PACKET *packet; + uint8_t *p; rad_assert(handler->request != NULL); rad_assert(handler->request->reply); @@ -98,8 +99,10 @@ static int eap_sim_sendstart(eap_handler_t *handler) /* the ANY_ID attribute. We do not support re-auth or pseudonym */ newvp = paircreate(packet, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_FULLAUTH_ID_REQ, 0); newvp->length = 2; - newvp->vp_strvalue[0]=0; - newvp->vp_strvalue[0]=1; + newvp->vp_octets = p = talloc_array(newvp, uint8_t, 2); + + p[0] = 0; + p[0] = 1; pairadd(vps, newvp); /* the SUBTYPE, set to start. */ @@ -182,6 +185,7 @@ static int eap_sim_sendchallenge(eap_handler_t *handler) struct eap_sim_server_state *ess; VALUE_PAIR **invps, **outvps, *newvp; RADIUS_PACKET *packet; + uint8_t *p; ess = (struct eap_sim_server_state *)handler->opaque; rad_assert(handler->request != NULL); @@ -204,11 +208,13 @@ static int eap_sim_sendchallenge(eap_handler_t *handler) /* okay, we got the challenges! Put them into an attribute */ newvp = paircreate(packet, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_RAND, 0); - memset(newvp->vp_strvalue, 0, 2); /* clear reserved bytes */ - memcpy(newvp->vp_strvalue+2+EAPSIM_RAND_SIZE*0, ess->keys.rand[0], EAPSIM_RAND_SIZE); - memcpy(newvp->vp_strvalue+2+EAPSIM_RAND_SIZE*1, ess->keys.rand[1], EAPSIM_RAND_SIZE); - memcpy(newvp->vp_strvalue+2+EAPSIM_RAND_SIZE*2, ess->keys.rand[2], EAPSIM_RAND_SIZE); newvp->length = 2+EAPSIM_RAND_SIZE*3; + newvp->vp_octets = p = talloc_array(newvp, uint8_t, newvp->length); + + memset(p, 0, 2); /* clear reserved bytes */ + memcpy(p+2+EAPSIM_RAND_SIZE*0, ess->keys.rand[0], EAPSIM_RAND_SIZE); + memcpy(p+2+EAPSIM_RAND_SIZE*1, ess->keys.rand[1], EAPSIM_RAND_SIZE); + memcpy(p+2+EAPSIM_RAND_SIZE*2, ess->keys.rand[2], EAPSIM_RAND_SIZE); pairadd(outvps, newvp); /* set the EAP_ID - new value */ diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c index 6ac1be283ba3..41337709e30d 100644 --- a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c +++ b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c @@ -143,6 +143,7 @@ static VALUE_PAIR *diameter2vp(REQUEST *request, REQUEST *fake, SSL *ssl, size_t offset; size_t size; size_t data_left = data_len; + char *p; VALUE_PAIR *first = NULL; VALUE_PAIR **last = &first; VALUE_PAIR *vp; @@ -263,6 +264,8 @@ static VALUE_PAIR *diameter2vp(REQUEST *request, REQUEST *fake, SSL *ssl, /* * If it's a type from our dictionary, then * we need to put the data in a relevant place. + * + * @todo: Export the lib/radius.c decoder, and use it here! */ switch (vp->da->type) { case PW_TYPE_INTEGER: @@ -342,58 +345,22 @@ static VALUE_PAIR *diameter2vp(REQUEST *request, REQUEST *fake, SSL *ssl, break; /* - * String, octet, etc. Copy the data from the - * value field over verbatim. + * Ensure it's NUL terminated. */ - case PW_TYPE_OCTETS: - if (attr == PW_EAP_MESSAGE) { - const uint8_t *eap_message = data; - - /* - * vp exists the first time around. - */ - while (1) { - pairmemcpy(vp, eap_message, size); - size -= vp->length; - eap_message += vp->length; - - *last = vp; - last = &(vp->next); - - if (size == 0) break; - - vp = paircreate(packet, attr, vendor); - if (!vp) { - RDEBUG2("Failure in creating VP"); - pairfree(&first); - return NULL; - } - } - - goto next_attr; - } /* else it's another kind of attribute */ - /* FALL-THROUGH */ - - default: - pairmemcpy(vp, data, size); + case PW_TYPE_STRING: + vp->vp_strvalue = p = talloc_array(vp, char, size + 1); + memcpy(p, data, size); + p[size] = '\0'; + vp->length = strlen(p); break; - } - /* - * User-Password is NUL padded to a multiple - * of 16 bytes. Let's chop it to something - * more reasonable. - * - * NOTE: This means that the User-Password - * attribute CANNOT EVER have embedded zeros in it! - */ - if ((vp->da->vendor == 0) && (vp->da->attr == PW_USER_PASSWORD)) { /* - * If the password is exactly 16 octets, - * it won't be zero-terminated. + * Copy it over verbatim. */ - vp->vp_strvalue[vp->length] = '\0'; - vp->length = strlen(vp->vp_strvalue); + case PW_TYPE_OCTETS: + default: + pairmemcpy(vp, data, size); + break; } /* @@ -1065,16 +1032,19 @@ int eapttls_process(eap_handler_t *handler, tls_session_t *tls_session) (vp->vp_strvalue[0] == PW_EAP_RESPONSE) && (vp->vp_strvalue[EAP_HEADER_LEN] == PW_EAP_IDENTITY) && (vp->vp_strvalue[EAP_HEADER_LEN + 1] != 0)) { + char *p; + /* * Create & remember a User-Name */ - t->username = pairmake(t, NULL, "User-Name", "", T_OP_EQ); + t->username = pairmake(t, NULL, "User-Name", NULL, T_OP_EQ); rad_assert(t->username != NULL); - - memcpy(t->username->vp_strvalue, vp->vp_strvalue + 5, - vp->length - 5); t->username->length = vp->length - 5; - t->username->vp_strvalue[t->username->length] = 0; + + t->username->vp_strvalue = p = talloc_array(t->username, char, + t->username->length + 1); + memcpy(p, vp->vp_octets + 5, t->username->length); + p[t->username->length] = 0; RDEBUG("Got tunneled identity of %s", t->username->vp_strvalue); diff --git a/src/modules/rlm_eap2/rlm_eap2.c b/src/modules/rlm_eap2/rlm_eap2.c index 8805405e88b1..1cafa0b04de3 100644 --- a/src/modules/rlm_eap2/rlm_eap2.c +++ b/src/modules/rlm_eap2/rlm_eap2.c @@ -148,7 +148,7 @@ static int eaplist_add(rlm_eap_t *inst, EAP_HANDLER *handler) * Generate State, since we've been asked to add it to * the list. */ - state = pairmake_reply("State", "0x00", T_OP_EQ); + state = pairmake_reply("State", NULL, T_OP_EQ); if (!state) return 0; state->length = EAP_STATE_LEN; @@ -695,14 +695,14 @@ static int eap_example_server_step(EAP_HANDLER *handler) */ } - vp = pairmake_reply("MS-MPPE-Recv-Key", "", T_OP_EQ); + vp = pairmake_reply("MS-MPPE-Recv-Key", NULL, T_OP_EQ); if (vp) { pairmemcpy(vp, handler->server_ctx.eap_if->eapKeyData, length); } - vp = pairmake_reply("MS-MPPE-Send-Key", "", T_OP_EQ); + vp = pairmake_reply("MS-MPPE-Send-Key", NULL, T_OP_EQ); if (vp) { pairmemcpy(vp, handler->server_ctx.eap_if->eapKeyData + length, diff --git a/src/modules/rlm_expr/paircmp.c b/src/modules/rlm_expr/paircmp.c index 2bc1d53643d1..80f90f31b720 100644 --- a/src/modules/rlm_expr/paircmp.c +++ b/src/modules/rlm_expr/paircmp.c @@ -105,7 +105,7 @@ static int presufcmp(UNUSED void *instance, UNUSED VALUE_PAIR **reply_pairs) { VALUE_PAIR *vp; - char *name; + char const *name; char rest[MAX_STRING_LEN]; int len, namelen; int ret = -1; diff --git a/src/modules/rlm_krb5/rlm_krb5.c b/src/modules/rlm_krb5/rlm_krb5.c index 057b2263b045..de7536cb496f 100644 --- a/src/modules/rlm_krb5/rlm_krb5.c +++ b/src/modules/rlm_krb5/rlm_krb5.c @@ -415,6 +415,7 @@ static rlm_rcode_t krb5_auth(void *instance, REQUEST *request) krb5_creds init_creds; krb5_keytab keytab; /* ktid */ krb5_context context; + char *password; /* compiler warnings */ rad_assert(inst->context); @@ -469,8 +470,10 @@ static rlm_rcode_t krb5_auth(void *instance, REQUEST *request) /* * Retrieve the TGT from the TGS/KDC and check we can decrypt it. */ - ret = krb5_get_init_creds_password(context, &init_creds, client, request->password->vp_strvalue, + memcpy(&password, request->password->vp_strvalue, sizeof(password)); + ret = krb5_get_init_creds_password(context, &init_creds, client, password, NULL, NULL, 0, NULL, inst->gic_options); + password = NULL; if (ret) { error: switch (ret) { diff --git a/src/modules/rlm_ldap/groups.c b/src/modules/rlm_ldap/groups.c index da6557f501c5..505305a27c7d 100644 --- a/src/modules/rlm_ldap/groups.c +++ b/src/modules/rlm_ldap/groups.c @@ -449,7 +449,7 @@ rlm_rcode_t rlm_ldap_check_groupobj_dynamic(ldap_instance_t const *inst, REQUEST char filter[LDAP_MAX_FILTER_STR_LEN + 1]; char const *dn = base_dn; - char *name = check->vp_strvalue; + char const *name = check->vp_strvalue; RDEBUG2("Checking for user in group objects"); @@ -529,7 +529,7 @@ rlm_rcode_t rlm_ldap_check_userobj_dynamic(ldap_instance_t const *inst, REQUEST LDAPMessage *entry = NULL; char **vals = NULL; - char *name = check->vp_strvalue; + char const *name = check->vp_strvalue; char const *attrs[] = { inst->userobj_membership_attr, NULL }; int i, count, ldap_errno; diff --git a/src/modules/rlm_logintime/rlm_logintime.c b/src/modules/rlm_logintime/rlm_logintime.c index db7bc8a4fd8b..4a1b0b24cc14 100644 --- a/src/modules/rlm_logintime/rlm_logintime.c +++ b/src/modules/rlm_logintime/rlm_logintime.c @@ -28,6 +28,9 @@ RCSID("$Id$") #include +/* timestr.c */ +int timestr_match(char const *, time_t); + /* * Define a structure for our module configuration. * @@ -80,7 +83,7 @@ static int time_of_day(UNUSED void *instance, REQUEST *req, UNUSED VALUE_PAIR *r { int scan; int hhmmss, when; - char *p; + char const *p; struct tm *tm, s_tm; /* diff --git a/src/modules/rlm_logintime/timestr.c b/src/modules/rlm_logintime/timestr.c index 8a29aa7902f5..8f935ea33004 100644 --- a/src/modules/rlm_logintime/timestr.c +++ b/src/modules/rlm_logintime/timestr.c @@ -27,6 +27,8 @@ RCSID("$Id$") #include +int timestr_match(char const *, time_t); + static char const *days[] = { "su", "mo", "tu", "we", "th", "fr", "sa", "wk", "any", "al" }; @@ -172,7 +174,7 @@ static int day_fill(char *bitmap, char const *tm) /* * Fill the week bitmap with allowed times. */ -static int week_fill(char *bitmap, char *tm) +static int week_fill(char *bitmap, char const *tm) { char *s; char tmp[128]; @@ -195,7 +197,7 @@ static int week_fill(char *bitmap, char *tm) * Match a timestring and return seconds left. * -1 for no match, 0 for unlimited. */ -int timestr_match(char *tmstr, time_t t) +int timestr_match(char const *tmstr, time_t t) { struct tm *tm, s_tm; char bitmap[WEEKMIN / 8]; diff --git a/src/modules/rlm_mschap/mschap.c b/src/modules/rlm_mschap/mschap.c index 366cc2cd1196..073c046d3541 100644 --- a/src/modules/rlm_mschap/mschap.c +++ b/src/modules/rlm_mschap/mschap.c @@ -94,8 +94,8 @@ void mschap_challenge_hash(uint8_t const *peer_challenge, */ void mschap_auth_response(char const *username, uint8_t const *nt_hash_hash, - uint8_t *ntresponse, - uint8_t *peer_challenge, uint8_t *auth_challenge, + uint8_t const *ntresponse, + uint8_t const *peer_challenge, uint8_t const *auth_challenge, char *response) { fr_SHA1_CTX Context; diff --git a/src/modules/rlm_mschap/mschap.h b/src/modules/rlm_mschap/mschap.h index 721c83279f03..b5d6ab777c4d 100644 --- a/src/modules/rlm_mschap/mschap.h +++ b/src/modules/rlm_mschap/mschap.h @@ -12,8 +12,8 @@ void mschap_challenge_hash(uint8_t const *peer_challenge, void mschap_auth_response(char const *username, uint8_t const *nt_hash_hash, - uint8_t *ntresponse, - uint8_t *peer_challenge, uint8_t *auth_challenge, + uint8_t const *ntresponse, + uint8_t const *peer_challenge, uint8_t const *auth_challenge, char *response); void mschap_add_reply(REQUEST *request, unsigned char ident, char const *name, char const *value, int len); diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c index 5c94bb2e2e24..81868ab8b820 100644 --- a/src/modules/rlm_mschap/rlm_mschap.c +++ b/src/modules/rlm_mschap/rlm_mschap.c @@ -167,7 +167,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, char const *fmt, char *out, size_t outlen) { size_t i, data_len; - uint8_t *data = NULL; + uint8_t const *data = NULL; uint8_t buffer[32]; VALUE_PAIR *user_name; VALUE_PAIR *chap_challenge, *response; @@ -202,7 +202,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, */ } else if (chap_challenge->length == 16) { VALUE_PAIR *name_attr, *response_name; - char *username_string; + char const *username_string; response = pairfind(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY); if (!response) { @@ -395,7 +395,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, * Pull the User-Name out of the User-Name... */ } else if (strncasecmp(fmt, "User-Name", 9) == 0) { - char *p; + char const *p; user_name = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY); if (!user_name) { @@ -419,13 +419,17 @@ static size_t mschap_xlat(void *instance, REQUEST *request, * a $ to the end. */ p = strchr(user_name->vp_strvalue, '.'); + /* * use the same hack as above * only if a period was found */ - if (p) *p = '\0'; - snprintf(out, outlen, "%s$", user_name->vp_strvalue + 5); - if (p) *p = '.'; + if (p) { + snprintf(out, outlen, "%.*s$", + (int) (p - user_name->vp_strvalue), user_name->vp_strvalue + 5); + } else { + snprintf(out, outlen, "%s$", user_name->vp_strvalue + 5); + } } else { p = strchr(user_name->vp_strvalue, '\\'); if (p) { @@ -597,16 +601,18 @@ void mschap_add_reply(REQUEST *request, unsigned char ident, char const* name, char const* value, int len) { VALUE_PAIR *vp; + uint8_t *p; - vp = pairmake_reply(name, "", T_OP_EQ); + vp = pairmake_reply(name, NULL, T_OP_EQ); if (!vp) { RDEBUG("Failed to create attribute %s: %s\n", name, fr_strerror()); return; } - - vp->vp_octets[0] = ident; - memcpy(vp->vp_octets + 1, value, len); vp->length = len + 1; + vp->vp_octets = p = talloc_array(vp, uint8_t, vp->length); + + p[0] = ident; + memcpy(p + 1, value, len); } /* @@ -617,7 +623,7 @@ static void mppe_add_reply(REQUEST *request, { VALUE_PAIR *vp; - vp = pairmake_reply(name, "", T_OP_EQ); + vp = pairmake_reply(name, NULL, T_OP_EQ); if (!vp) { RDEBUG("rlm_mschap: mppe_add_reply failed to create attribute %s: %s\n", name, fr_strerror()); return; @@ -834,7 +840,8 @@ static int do_mschap_cpw(rlm_mschap_t *inst, */ VALUE_PAIR *new_pass, *new_hash; - uint8_t *p; + uint8_t *p, *q; + char *x; size_t i; size_t passlen; ssize_t result_len; @@ -885,17 +892,18 @@ static int do_mschap_cpw(rlm_mschap_t *inst, * the new NT hash - this should be preferred over the * cleartext password as it avoids unicode hassles */ - new_hash = pairmake_packet("MS-CHAP-New-NT-Password", "", + new_hash = pairmake_packet("MS-CHAP-New-NT-Password", NULL, T_OP_EQ); - fr_md4_calc(new_hash->vp_octets, p, passlen); new_hash->length = 16; + new_hash->vp_octets = q = talloc_array(new_hash, uint8_t, new_hash->length); + fr_md4_calc(q, p, passlen); /* * check that nt_password encrypted with new_hash * matches the old_hash value from the client */ - smbhash(old_nt_hash_expected, nt_password->vp_octets, new_hash->vp_octets); - smbhash(old_nt_hash_expected+8, nt_password->vp_octets+8, new_hash->vp_octets+7); + smbhash(old_nt_hash_expected, nt_password->vp_octets, q); + smbhash(old_nt_hash_expected+8, nt_password->vp_octets+8, q + 7); if (memcmp(old_nt_hash_expected, old_nt_hash, 16)!=0) { RDEBUG2("old NT hash value from client does not match our value"); return -1; @@ -906,9 +914,10 @@ static int do_mschap_cpw(rlm_mschap_t *inst, * do some unpleasant vileness to turn it into * utf8 without pulling in libraries like iconv */ - new_pass = pairmake_packet("MS-CHAP-New-Cleartext-Password", "", + new_pass = pairmake_packet("MS-CHAP-New-Cleartext-Password", NULL, T_OP_EQ); new_pass->length = 0; + new_pass->vp_strvalue = x = talloc_array(new_pass, char, 254); i = 0; while (ivp_strvalue[new_pass->length++] = c; + x[new_pass->length++] = c; } else if (c < 0x7ff) { /* 2-byte */ if (new_pass->length >= 252) { RDEBUG("Ran out of room turning new password into utf8 at %d - cleartext will be truncated!", i); break; } - new_pass->vp_strvalue[new_pass->length++] = 0xc0 + (c >> 6); - new_pass->vp_strvalue[new_pass->length++] = 0x80 + (c & 0x3f); + x[new_pass->length++] = 0xc0 + (c >> 6); + x[new_pass->length++] = 0x80 + (c & 0x3f); } else { /* 3-byte */ if (new_pass->length >= 251) { RDEBUG("Ran out of room turning new password into utf8 at %d - cleartext will be truncated!", i); break; } - new_pass->vp_strvalue[new_pass->length++] = 0xe0 + (c >> 12); - new_pass->vp_strvalue[new_pass->length++] = 0x80 + ((c>>6) & 0x3f); - new_pass->vp_strvalue[new_pass->length++] = 0x80 + (c & 0x3f); + x[new_pass->length++] = 0xe0 + (c >> 12); + x[new_pass->length++] = 0x80 + ((c>>6) & 0x3f); + x[new_pass->length++] = 0x80 + (c & 0x3f); } } - - - /* * perform the xlat */ @@ -1003,7 +1009,7 @@ static int do_mschap_cpw(rlm_mschap_t *inst, */ static int do_mschap(rlm_mschap_t *inst, REQUEST *request, VALUE_PAIR *password, - uint8_t *challenge, uint8_t *response, + uint8_t const *challenge, uint8_t const *response, uint8_t *nthashhash, int do_ntlm_auth) { uint8_t calculated[24]; @@ -1149,7 +1155,7 @@ static const uint8_t magic3[84] = 0x6b, 0x65, 0x79, 0x2e }; -static void mppe_GetMasterKey(uint8_t *nt_hashhash,uint8_t *nt_response, +static void mppe_GetMasterKey(uint8_t const *nt_hashhash,uint8_t const *nt_response, uint8_t *masterkey) { uint8_t digest[20]; @@ -1191,7 +1197,7 @@ static void mppe_GetAsymmetricStartKey(uint8_t *masterkey,uint8_t *sesskey, } -static void mppe_chap2_get_keys128(uint8_t *nt_hashhash,uint8_t *nt_response, +static void mppe_chap2_get_keys128(uint8_t const *nt_hashhash,uint8_t const *nt_response, uint8_t *sendkey,uint8_t *recvkey) { uint8_t masterkey[16]; @@ -1205,7 +1211,7 @@ static void mppe_chap2_get_keys128(uint8_t *nt_hashhash,uint8_t *nt_response, /* * Generate MPPE keys. */ -static void mppe_chap2_gen_keys128(uint8_t *nt_hashhash,uint8_t *response, +static void mppe_chap2_gen_keys128(uint8_t const *nt_hashhash,uint8_t const *response, uint8_t *sendkey,uint8_t *recvkey) { uint8_t enckey1[16]; @@ -1293,7 +1299,8 @@ static rlm_rcode_t mod_authenticate(void * instance, REQUEST *request) VALUE_PAIR *username; uint8_t nthashhash[16]; char msch2resp[42]; - char *username_string; + uint8_t *p; + char const *username_string; int chap = 0; int do_ntlm_auth; @@ -1352,15 +1359,18 @@ static rlm_rcode_t mod_authenticate(void * instance, REQUEST *request) */ lm_password = pairfind(request->config_items, PW_LM_PASSWORD, 0, TAG_ANY); if (lm_password) { + p = talloc_array(lm_password, uint8_t, 16); + /* * Allow raw octets. */ if ((lm_password->length == 16) || ((lm_password->length == 32) && (fr_hex2bin(lm_password->vp_strvalue, - lm_password->vp_octets, 16) == 16))) { + p, 16) == 16))) { RDEBUG2("Found LM-Password"); lm_password->length = 16; + lm_password->vp_octets = p; } else { RERROR("Invalid LM-Password"); @@ -1371,13 +1381,14 @@ static rlm_rcode_t mod_authenticate(void * instance, REQUEST *request) if (!do_ntlm_auth) RDEBUG2("No Cleartext-Password configured. Cannot create LM-Password."); } else { /* there is a configured Cleartext-Password */ - lm_password = pairmake_config("LM-Password", "", T_OP_EQ); + lm_password = pairmake_config("LM-Password", NULL, T_OP_EQ); if (!lm_password) { RERROR("No memory"); } else { - smbdes_lmpwdhash(password->vp_strvalue, - lm_password->vp_octets); lm_password->length = 16; + lm_password->vp_octets = p = talloc_array(lm_password, uint8_t, lm_password->length); + smbdes_lmpwdhash(password->vp_strvalue, + p); } } @@ -1386,12 +1397,15 @@ static rlm_rcode_t mod_authenticate(void * instance, REQUEST *request) */ nt_password = pairfind(request->config_items, PW_NT_PASSWORD, 0, TAG_ANY); if (nt_password) { + p = talloc_array(nt_password, uint8_t, 16); + if ((nt_password->length == 16) || ((nt_password->length == 32) && (fr_hex2bin(nt_password->vp_strvalue, - nt_password->vp_octets, 16) == 16))) { + p, 16) == 16))) { RDEBUG2("Found NT-Password"); nt_password->length = 16; + nt_password->vp_octets = p; } else { RERROR("Invalid NT-Password"); @@ -1401,14 +1415,15 @@ static rlm_rcode_t mod_authenticate(void * instance, REQUEST *request) if (!do_ntlm_auth) RDEBUG2("No Cleartext-Password configured. Cannot create NT-Password."); } else { /* there is a configured Cleartext-Password */ - nt_password = pairmake_config("NT-Password", "", T_OP_EQ); + nt_password = pairmake_config("NT-Password", NULL, T_OP_EQ); if (!nt_password) { RERROR("No memory"); return RLM_MODULE_FAIL; } else { - mschap_ntpwdhash(nt_password->vp_octets, - password->vp_strvalue); nt_password->length = 16; + nt_password->vp_octets = p = talloc_array(nt_password, uint8_t, nt_password->length); + mschap_ntpwdhash(p, + password->vp_strvalue); } } @@ -1531,11 +1546,13 @@ static rlm_rcode_t mod_authenticate(void * instance, REQUEST *request) PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT); response->length = 50; + response->vp_octets = p = talloc_array(response, uint8_t, response->length); + /* ident & flags */ - response->vp_octets[0] = cpw->vp_octets[1]; - response->vp_octets[1] = 0; + p[0] = cpw->vp_octets[1]; + p[1] = 0; /* peer challenge and client NT response */ - memcpy(response->vp_octets+2, cpw->vp_octets + 18, 48); + memcpy(p + 2, cpw->vp_octets + 18, 48); } challenge = pairfind(request->packet->vps, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT, TAG_ANY); diff --git a/src/modules/rlm_otp/otp_mppe.c b/src/modules/rlm_otp/otp_mppe.c index d661b43fb15d..ed3a2ff4599b 100644 --- a/src/modules/rlm_otp/otp_mppe.c +++ b/src/modules/rlm_otp/otp_mppe.c @@ -151,7 +151,7 @@ otp_mppe(REQUEST *request, otp_pwe_t pwe, rlm_otp_t const *opt, char const *pass /* 0x (ID) ( ASCII("S="ASCII(auth_md))) */ char auth_octet_string[2 + 2 + (2 * sizeof(auth_md_string))]; - char *username = request->username->vp_strvalue; + char const *username = request->username->vp_strvalue; int username_len = request->username->length; /* "Magic server to client signing constant" */ diff --git a/src/modules/rlm_otp/otp_pw_valid.c b/src/modules/rlm_otp/otp_pw_valid.c index 76f97a7e3e23..5c15377728b9 100644 --- a/src/modules/rlm_otp/otp_pw_valid.c +++ b/src/modules/rlm_otp/otp_pw_valid.c @@ -75,7 +75,7 @@ int otp_pw_valid(REQUEST *request, int pwe, char const *challenge, otp_request_t otp_request; otp_reply_t otp_reply; VALUE_PAIR *cvp, *rvp; - char *username = request->username->vp_strvalue; + char const *username = request->username->vp_strvalue; int rc; if (request->username->length > OTP_MAX_USERNAME_LEN) { diff --git a/src/modules/rlm_otp/rlm_otp.c b/src/modules/rlm_otp/rlm_otp.c index c50cfc72fd0b..24da6fb1127a 100644 --- a/src/modules/rlm_otp/rlm_otp.c +++ b/src/modules/rlm_otp/rlm_otp.c @@ -254,8 +254,7 @@ static rlm_rcode_t mod_authorize(void *instance, REQUEST *request) return RLM_MODULE_FAIL; } - memcpy(vp->vp_strvalue, challenge, inst->challenge_len); - vp->length = inst->challenge_len; + pairstrcpy(vp, challenge); vp->op = T_OP_SET; pairadd(&request->reply->vps, vp); @@ -276,10 +275,9 @@ static rlm_rcode_t mod_authorize(void *instance, REQUEST *request) return RLM_MODULE_FAIL; } - memcpy(vp->vp_strvalue, expanded, len); - talloc_free(expanded); - - vp->length = inst->challenge_len; + (void) talloc_steal(vp, expanded); + vp->vp_strvalue = expanded; + vp->length = len; vp->op = T_OP_SET; pairadd(&request->reply->vps, vp); diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c index 5f2ebf1ae4f8..2e76cc4717c1 100644 --- a/src/modules/rlm_pap/rlm_pap.c +++ b/src/modules/rlm_pap/rlm_pap.c @@ -177,8 +177,9 @@ static rlm_rcode_t mod_authorize(void *instance, REQUEST *request) case PW_PASSWORD_WITH_HEADER: /* preferred */ { int attr; - char *p, *q; - uint8_t binbuf[128]; + char *p; + char const *q; + uint8_t *b, binbuf[128]; char charbuf[128]; VALUE_PAIR *new_vp; @@ -239,7 +240,8 @@ static rlm_rcode_t mod_authorize(void *instance, REQUEST *request) */ new_vp->length = vp->length; new_vp->length -= (p - q + 1); - memcpy(new_vp->vp_strvalue, p + 1, new_vp->length); + new_vp->vp_octets = b = talloc_array(new_vp, uint8_t, new_vp->length); + memcpy(b, p + 1, new_vp->length); } break; diff --git a/src/modules/rlm_preprocess/rlm_preprocess.c b/src/modules/rlm_preprocess/rlm_preprocess.c index 805c4b7eeb5e..6a37ac77ede5 100644 --- a/src/modules/rlm_preprocess/rlm_preprocess.c +++ b/src/modules/rlm_preprocess/rlm_preprocess.c @@ -162,9 +162,7 @@ static void cisco_vsa_hack(REQUEST *request) * value field, we use only the value on * the right side of the '=' character. */ - strlcpy(newattr, ptr + 1, sizeof(newattr)); - strlcpy(vp->vp_strvalue, newattr, sizeof(vp->vp_strvalue)); - vp->length = strlen((char *)vp->vp_strvalue); + pairstrcpy(vp, ptr + 1); } } } @@ -381,7 +379,7 @@ static int hunt_paircmp(REQUEST *req, VALUE_PAIR *request, VALUE_PAIR *check) */ static int hints_setup(PAIR_LIST *hints, REQUEST *request) { - char *name; + char const *name; VALUE_PAIR *add; VALUE_PAIR *tmp; PAIR_LIST *i; @@ -509,7 +507,7 @@ static int add_nas_attr(REQUEST *request) nas = pairfind(request->packet->vps, PW_NAS_IPV6_ADDRESS, 0, TAG_ANY); if (!nas) { nas = radius_paircreate(request, &request->packet->vps, PW_NAS_IPV6_ADDRESS, 0); - memcpy(nas->vp_strvalue, &request->packet->src_ipaddr.ipaddr, + memcpy(&nas->vp_ipv6addr, &request->packet->src_ipaddr.ipaddr, sizeof(request->packet->src_ipaddr.ipaddr)); } break; @@ -626,11 +624,13 @@ static rlm_rcode_t mod_authorize(void *instance, REQUEST *request) if (pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY) && pairfind(request->packet->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY) == NULL) { VALUE_PAIR *vp; + uint8_t *p; vp = radius_paircreate(request, &request->packet->vps, PW_CHAP_CHALLENGE, 0); vp->length = AUTH_VECTOR_LEN; + vp->vp_octets = p = talloc_array(vp, uint8_t, vp->length); - memcpy(vp->vp_strvalue, request->packet->vector, AUTH_VECTOR_LEN); + memcpy(p, request->packet->vector, AUTH_VECTOR_LEN); } if ((r = huntgroup_access(request, inst->huntgroups)) != RLM_MODULE_OK) { diff --git a/src/modules/rlm_radutmp/rlm_radutmp.c b/src/modules/rlm_radutmp/rlm_radutmp.c index f192df9b5a72..a39eae8b6eeb 100644 --- a/src/modules/rlm_radutmp/rlm_radutmp.c +++ b/src/modules/rlm_radutmp/rlm_radutmp.c @@ -543,7 +543,7 @@ static rlm_rcode_t mod_checksimul(void *instance, REQUEST *request) int fd = -1; VALUE_PAIR *vp; uint32_t ipno = 0; - char *call_num = NULL; + char const *call_num = NULL; rlm_radutmp_t *inst = instance; char *expanded = NULL; diff --git a/src/modules/rlm_replicate/rlm_replicate.c b/src/modules/rlm_replicate/rlm_replicate.c index 65e262198525..e3806871b1a5 100644 --- a/src/modules/rlm_replicate/rlm_replicate.c +++ b/src/modules/rlm_replicate/rlm_replicate.c @@ -167,10 +167,12 @@ static int replicate_packet(UNUSED void *instance, REQUEST *request, if ((code == PW_AUTHENTICATION_REQUEST) && (pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY) != NULL) && (pairfind(request->packet->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY) == NULL)) { + uint8_t *p; vp = radius_paircreate(request, &packet->vps, PW_CHAP_CHALLENGE, 0); vp->length = AUTH_VECTOR_LEN; - memcpy(vp->vp_strvalue, request->packet->vector, + vp->vp_octets = p = talloc_array(vp, uint8_t, vp->length); + memcpy(p, request->packet->vector, AUTH_VECTOR_LEN); } } else { diff --git a/src/modules/rlm_soh/rlm_soh.c b/src/modules/rlm_soh/rlm_soh.c index 0567ba3178e0..2be1e373ca0c 100644 --- a/src/modules/rlm_soh/rlm_soh.c +++ b/src/modules/rlm_soh/rlm_soh.c @@ -134,7 +134,8 @@ static rlm_rcode_t mod_post_auth(UNUSED void * instance, REQUEST *request) * * vendor opt 222/0xde - SoH correlation ID as utf-16 string, yuck... */ - uint8_t vopt, vlen, *data; + uint8_t vopt, vlen; + uint8_t const *data; data = vp->vp_octets; while (data < vp->vp_octets + vp->length) { @@ -143,15 +144,19 @@ static rlm_rcode_t mod_post_auth(UNUSED void * instance, REQUEST *request) switch (vopt) { case 220: if (vlen <= 1) { + uint8_t *p; + RDEBUG("SoH adding NAP marker to DHCP reply"); /* client probe; send "NAP" in the reply */ vp = paircreate(request->reply, 43, DHCP_MAGIC_VENDOR); - vp->vp_octets[0] = 220; - vp->vp_octets[1] = 3; - vp->vp_octets[4] = 'N'; - vp->vp_octets[3] = 'A'; - vp->vp_octets[2] = 'P'; vp->length = 5; + vp->vp_octets = p = talloc_array(vp, uint8_t, vp->length); + + p[0] = 220; + p[1] = 3; + p[4] = 'N'; + p[3] = 'A'; + p[2] = 'P'; pairadd(&request->reply->vps, vp); diff --git a/src/modules/rlm_sql/rlm_sql.c b/src/modules/rlm_sql/rlm_sql.c index de66e9a685b9..73ba111c137b 100644 --- a/src/modules/rlm_sql/rlm_sql.c +++ b/src/modules/rlm_sql/rlm_sql.c @@ -1289,7 +1289,7 @@ static rlm_rcode_t mod_checksimul(void *instance, REQUEST * request) { rlm_sql_row_t row; int check = 0; uint32_t ipno = 0; - char *call_num = NULL; + char const *call_num = NULL; VALUE_PAIR *vp; int ret; uint32_t nas_addr = 0; diff --git a/src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c b/src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c index 5f13d23467a7..91326f336911 100644 --- a/src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c +++ b/src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c @@ -324,7 +324,7 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance) static rlm_rcode_t mod_post_auth(void *instance, REQUEST *request) { VALUE_PAIR *vp; - char *pname; /* name of requested IP pool */ + char const *pname; /* name of requested IP pool */ uint32_t nasip; /* NAS IP in host byte order */ struct in_addr ip = {0}; /* reserved IP for client (net. byte order) */ rlm_sql_handle_t *sqlsock; @@ -645,7 +645,7 @@ static rlm_rcode_t mod_accounting(void *instance, REQUEST *request) VALUE_PAIR *vp; rlm_sql_handle_t *sqlsock; struct in_addr nasip; /* NAS IP */ - char *sessid; /* unique session id */ + char const *sessid; /* unique session id */ char nasipstr[16]; /* NAS IP in string format */ uint32_t framedip = 0; /* client's IP, host byte order */ uint32_t acct_type; diff --git a/src/modules/rlm_wimax/rlm_wimax.c b/src/modules/rlm_wimax/rlm_wimax.c index 46955ec8b017..dfbcfcfecbc7 100644 --- a/src/modules/rlm_wimax/rlm_wimax.c +++ b/src/modules/rlm_wimax/rlm_wimax.c @@ -66,9 +66,12 @@ static rlm_rcode_t mod_authorize(UNUSED void *instance, UNUSED REQUEST *request) vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY); if (vp && (vp->length == 6)) { int i; + char *p; uint8_t buffer[6]; - memcpy(buffer, vp->vp_octets, 6); + memcpy(buffer, vp->vp_strvalue, 6); + vp->length = (5*3)+2; + vp->vp_strvalue = p = talloc_array(vp, char, vp->length + 1); /* * RFC 3580 Section 3.20 says this is the preferred @@ -76,12 +79,11 @@ static rlm_rcode_t mod_authorize(UNUSED void *instance, UNUSED REQUEST *request) * so we fix it here. */ for (i = 0; i < 6; i++) { - fr_bin2hex(&buffer[i], &vp->vp_strvalue[i * 3], 1); - vp->vp_strvalue[(i * 3) + 2] = '-'; + fr_bin2hex(&buffer[i], &p[i * 3], 1); + p[(i * 3) + 2] = '-'; } - vp->vp_strvalue[(5*3)+2] = '\0'; - vp->length = (5*3)+2; + p[(5*3)+2] = '\0'; DEBUG2("rlm_wimax: Fixing WiMAX binary Calling-Station-Id to %s", vp->vp_strvalue); @@ -137,7 +139,7 @@ static rlm_rcode_t mod_post_auth(void *instance, REQUEST *request) pairdelete(&request->reply->vps, 16, VENDORPEC_MICROSOFT, TAG_ANY); pairdelete(&request->reply->vps, 17, VENDORPEC_MICROSOFT, TAG_ANY); - vp = pairmake_reply("WiMAX-MSK", "0x00", T_OP_EQ); + vp = pairmake_reply("WiMAX-MSK", NULL, T_OP_EQ); if (vp) { pairmemcpy(vp, msk->vp_octets, msk->length); } diff --git a/src/modules/rlm_yubikey/rlm_yubikey.c b/src/modules/rlm_yubikey/rlm_yubikey.c index a6b29f34b633..ed7a235f9788 100644 --- a/src/modules/rlm_yubikey/rlm_yubikey.c +++ b/src/modules/rlm_yubikey/rlm_yubikey.c @@ -198,7 +198,7 @@ static rlm_rcode_t mod_authorize(void *instance, REQUEST *request) rlm_yubikey_t *inst = instance; DICT_VALUE *dval; - char *passcode; + char const *passcode; size_t i, len; VALUE_PAIR *vp; @@ -279,7 +279,7 @@ static rlm_rcode_t mod_authenticate(void *instance, REQUEST *request) rlm_rcode_t rcode = RLM_MODULE_NOOP; #endif rlm_yubikey_t *inst = instance; - char *passcode; + char const *passcode; size_t i, len; /*