diff options
| author | Alan Somers <asomers@FreeBSD.org> | 2023-10-09 18:26:25 +0000 |
|---|---|---|
| committer | Alan Somers <asomers@FreeBSD.org> | 2024-01-19 20:21:40 +0000 |
| commit | c2ec8038a7f1a52c013c2d4d215363ff906c6781 (patch) | |
| tree | 3e21501a04459133e85e939039440a7c75f2efb3 | |
| parent | 08ac19609ca0ab1529c63482fbfdf7bb1605edce (diff) | |
| download | src-c2ec8038a7f1a52c013c2d4d215363ff906c6781.tar.gz src-c2ec8038a7f1a52c013c2d4d215363ff906c6781.zip | |
Fix multiple bugs with ctld's UCL parsing
* Don't segfault when parsing a misformatted auth-group section
* If the config file specifies a chap section within a target but no
auth-group, create a new anonymous auth-group. That matches the
behavior with non-UCL config files.
* Protect some potential segfaults with assertions
PR: 274380
Sponsored by: Axcient
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D43198
(cherry picked from commit 2391e536c01cb51d2a2c11a0f5820481314e9ec2)
| -rw-r--r-- | usr.sbin/ctld/ctld.c | 1 | ||||
| -rw-r--r-- | usr.sbin/ctld/uclparse.c | 26 |
2 files changed, 25 insertions, 2 deletions
diff --git a/usr.sbin/ctld/ctld.c b/usr.sbin/ctld/ctld.c index 2a69308ff067..f2b2de5b9a57 100644 --- a/usr.sbin/ctld/ctld.c +++ b/usr.sbin/ctld/ctld.c @@ -533,6 +533,7 @@ auth_group_find(const struct conf *conf, const char *name) { struct auth_group *ag; + assert(name != NULL); TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) { if (ag->ag_name != NULL && strcmp(ag->ag_name, name) == 0) return (ag); diff --git a/usr.sbin/ctld/uclparse.c b/usr.sbin/ctld/uclparse.c index f3f8df81e492..8bd1ca88d166 100644 --- a/usr.sbin/ctld/uclparse.c +++ b/usr.sbin/ctld/uclparse.c @@ -60,6 +60,7 @@ uclparse_chap(struct auth_group *auth_group, const ucl_object_t *obj) const struct auth *ca; const ucl_object_t *user, *secret; + assert(auth_group != NULL); user = ucl_object_find_key(obj, "user"); if (!user || user->type != UCL_STRING) { log_warnx("chap section in auth-group \"%s\" is missing " @@ -90,6 +91,7 @@ uclparse_chap_mutual(struct auth_group *auth_group, const ucl_object_t *obj) const ucl_object_t *user, *secret, *mutual_user; const ucl_object_t *mutual_secret; + assert(auth_group != NULL); user = ucl_object_find_key(obj, "user"); if (!user || user->type != UCL_STRING) { log_warnx("chap-mutual section in auth-group \"%s\" is missing " @@ -714,6 +716,8 @@ uclparse_target(const char *name, const ucl_object_t *top) } if (!strcmp(key, "auth-group")) { + const char *ag; + if (target->t_auth_group != NULL) { if (target->t_auth_group->ag_name != NULL) log_warnx("auth-group for target \"%s\" " @@ -725,8 +729,12 @@ uclparse_target(const char *name, const ucl_object_t *top) "target \"%s\"", target->t_name); return (1); } - target->t_auth_group = auth_group_find(conf, - ucl_object_tostring(obj)); + ag = ucl_object_tostring(obj); + if (!ag) { + log_warnx("auth-group must be a string"); + return (1); + } + target->t_auth_group = auth_group_find(conf, ag); if (target->t_auth_group == NULL) { log_warnx("unknown auth-group \"%s\" for target " "\"%s\"", ucl_object_tostring(obj), @@ -759,6 +767,20 @@ uclparse_target(const char *name, const ucl_object_t *top) } if (!strcmp(key, "chap")) { + if (target->t_auth_group != NULL) { + if (target->t_auth_group->ag_name != NULL) { + log_warnx("cannot use both auth-group " + "and chap for target \"%s\"", + target->t_name); + return (1); + } + } else { + target->t_auth_group = auth_group_new(conf, NULL); + if (target->t_auth_group == NULL) { + return (1); + } + target->t_auth_group->ag_target = target; + } if (uclparse_chap(target->t_auth_group, obj) != 0) return (1); } |