Skip to content

Commit

Permalink
Don't dereference NULL cs in cf_item_parse
Browse files Browse the repository at this point in the history 
Avoid dereferencing NULL cs in cf_item_parse and cf_reference_item it
invokes.

This fixes the following Coverity errors:

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:932: var_deref_op: Dereferencing null pointer "cs".

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:938: var_deref_op: Dereferencing null pointer "cs".

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:958: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:963: var_deref_model: Passing null pointer "cs" to "cf_expand_variables", which dereferences it.
freeradius-server-2.2.6/src/main/conffile.c:782:4: deref_parm_in_call: Function "cf_reference_item" dereferences "outercs".
freeradius-server-2.2.6/src/main/conffile.c:597:25: var_assign_parm: Assigning: "cs" = "outercs".
freeradius-server-2.2.6/src/main/conffile.c:615:4: deref_var: Dereferencing "cs" (which is a copy of "outercs").

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:958: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:973: var_deref_op: Dereferencing null pointer "cs".

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:994: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1009: var_deref_op: Dereferencing null pointer "cs".

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1041: var_deref_op: Dereferencing null pointer "cs".

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1051: var_deref_op: Dereferencing null pointer "cs".

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1054: var_deref_op: Dereferencing null pointer "cs".

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1066: var_deref_op: Dereferencing null pointer "cs".
  • Loading branch information
@spbnick
spbnick committed Jan 30, 2015
1 parent 5a2848b commit 84a9019
Showing 1 changed file with 19 additions and 9 deletions.
28 changes: 19 additions & 9 deletions src/main/conffile.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -598,6 +598,9 @@ CONF_ITEM *cf_reference_item(const CONF_SECTION *parentcs,
char name[8192];
char *p;

if (cs == NULL)
goto no_such_item;

strlcpy(name, ptr, sizeof(name));
p = name;

Expand Down Expand Up @@ -895,9 +898,16 @@ int cf_item_parse(CONF_SECTION *cs, const char *name,
const char *value;
fr_ipaddr_t ipaddr;
const CONF_PAIR *cp = NULL;
int depth;
char ipbuf[128];

if (cs) cp = cf_pair_find(cs, name);
if (cs) {
depth = cs->depth;
cp = cf_pair_find(cs, name);
} else {
depth = 0;
}

if (cp) {
value = cp->value;

Expand Down Expand Up @@ -930,13 +940,13 @@ int cf_item_parse(CONF_SECTION *cs, const char *name,
return -1;
}
cf_log_info(cs, "%.*s\t%s = %s",
cs->depth, parse_spaces, name, value);
depth, parse_spaces, name, value);
break;

case PW_TYPE_INTEGER:
*(int *)data = strtol(value, 0, 0);
cf_log_info(cs, "%.*s\t%s = %d",
cs->depth, parse_spaces, name, *(int *)data);
depth, parse_spaces, name, *(int *)data);
break;

case PW_TYPE_STRING_PTR:
Expand Down Expand Up @@ -971,7 +981,7 @@ int cf_item_parse(CONF_SECTION *cs, const char *name,
}

cf_log_info(cs, "%.*s\t%s = \"%s\"",
cs->depth, parse_spaces, name, value ? value : "(null)");
depth, parse_spaces, name, value ? value : "(null)");
*q = value ? strdup(value) : NULL;
break;

Expand Down Expand Up @@ -1007,7 +1017,7 @@ int cf_item_parse(CONF_SECTION *cs, const char *name,
}

cf_log_info(cs, "%.*s\t%s = \"%s\"",
cs->depth, parse_spaces, name, value ? value : "(null)");
depth, parse_spaces, name, value ? value : "(null)");
*q = value ? strdup(value) : NULL;

/*
Expand Down Expand Up @@ -1039,7 +1049,7 @@ int cf_item_parse(CONF_SECTION *cs, const char *name,
if (strcmp(value, "*") == 0) {
*(uint32_t *) data = htonl(INADDR_ANY);
cf_log_info(cs, "%.*s\t%s = *",
cs->depth, parse_spaces, name);
depth, parse_spaces, name);
break;
}
if (ip_hton(value, AF_INET, &ipaddr) < 0) {
Expand All @@ -1049,10 +1059,10 @@ int cf_item_parse(CONF_SECTION *cs, const char *name,

if (strspn(value, "0123456789.") == strlen(value)) {
cf_log_info(cs, "%.*s\t%s = %s",
cs->depth, parse_spaces, name, value);
depth, parse_spaces, name, value);
} else {
cf_log_info(cs, "%.*s\t%s = %s IP address [%s]",
cs->depth, parse_spaces, name, value,
depth, parse_spaces, name, value,
ip_ntoh(&ipaddr, ipbuf, sizeof(ipbuf)));
}
*(uint32_t *) data = ipaddr.ipaddr.ip4addr.s_addr;
Expand All @@ -1064,7 +1074,7 @@ int cf_item_parse(CONF_SECTION *cs, const char *name,
return -1;
}
cf_log_info(cs, "%.*s\t%s = %s IPv6 address [%s]",
cs->depth, parse_spaces, name, value,
depth, parse_spaces, name, value,
ip_ntoh(&ipaddr, ipbuf, sizeof(ipbuf)));
memcpy(data, &ipaddr.ipaddr.ip6addr,
sizeof(ipaddr.ipaddr.ip6addr));
Expand Down

0 comments on commit 84a9019

Please sign in to comment.