Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix wrong config-unhexing if %25 (%) occurs
  • Loading branch information
Fabian Mauchle committed Oct 16, 2019
1 parent d55adf8 commit fde6a66
Show file tree
Hide file tree
Showing 5 changed files with 51 additions and 38 deletions.
6 changes: 5 additions & 1 deletion ChangeLog
@@ -1,4 +1,8 @@
2019-09-30 changes since 1.8.0
chanes since 1.8.1
Bug fixes:
- Fix wrong config-unhexing if %25 (%) occurs

2019-10-01 1.8.1
Bug fixes:
- Handle Tunnel-Password attribute correctly
- Fix BSD platform issues
Expand Down
63 changes: 35 additions & 28 deletions gconfig.c
Expand Up @@ -415,12 +415,14 @@ int getgenericconfig(struct gconffile **cf, char *block, ...) {
while ((word = va_arg(ap, char *))) {
type = va_arg(ap, int);
switch (type) {
case CONF_STR:
case CONF_STR: /*intentional fall-thru, these are identical*/
case CONF_STR_NOESC:
str = va_arg(ap, char **);
if (!str)
goto errparam;
break;
case CONF_MSTR:
case CONF_MSTR: /*intentional fall-thru, these are identical*/
case CONF_MSTR_NOESC:
mstr = va_arg(ap, char ***);
if (!mstr)
goto errparam;
Expand Down Expand Up @@ -456,38 +458,43 @@ int getgenericconfig(struct gconffile **cf, char *block, ...) {
goto errexit;
}

if (((type == CONF_STR || type == CONF_MSTR || type == CONF_BLN || type == CONF_LINT) && conftype != CONF_STR) ||
(type == CONF_CBK && conftype != CONF_CBK)) {
if (((type == CONF_STR || type == CONF_STR_NOESC || type == CONF_MSTR || type == CONF_MSTR_NOESC ||
type == CONF_BLN || type == CONF_LINT) && conftype != CONF_STR) ||
(type == CONF_CBK && conftype != CONF_CBK)) {
if (block)
debug(DBG_ERR, "configuration error in block %s, wrong syntax for option %s", block, opt);
debug(DBG_ERR, "configuration error, wrong syntax for option %s", opt);
goto errexit;
}

switch (type) {
case CONF_STR:
if (*str) {
debug(DBG_ERR, "configuration error, option %s already set to %s", opt, *str);
goto errexit;
}
unhex(val,0);
*str = val;
break;
case CONF_MSTR:
if (*mstr)
for (n = 0; (*mstr)[n]; n++);
else
n = 0;
newmstr = realloc(*mstr, sizeof(char *) * (n + 2));
if (!newmstr) {
debug(DBG_ERR, "malloc failed");
goto errexit;
}
unhex(val,0);
newmstr[n] = val;
newmstr[n + 1] = NULL;
*mstr = newmstr;
break;
switch (type) {
case CONF_STR: /*intentional fall-thru, these are almost identical*/
case CONF_STR_NOESC:
if (*str) {
debug(DBG_ERR, "configuration error, option %s already set to %s", opt, *str);
goto errexit;
}
if (type == CONF_STR)
unhex(val,0);
*str = val;
break;
case CONF_MSTR: /*intentional fall-thru, these are almost identical*/
case CONF_MSTR_NOESC:
if (*mstr)
for (n = 0; (*mstr)[n]; n++);
else
n = 0;
newmstr = realloc(*mstr, sizeof(char *) * (n + 2));
if (!newmstr) {
debug(DBG_ERR, "malloc failed");
goto errexit;
}
if (type == CONF_MSTR)
unhex(val,0);
newmstr[n] = val;
newmstr[n + 1] = NULL;
*mstr = newmstr;
break;
case CONF_BLN:
if (!strcasecmp(val, "on"))
*bln = 1;
Expand Down
2 changes: 2 additions & 0 deletions gconfig.h
Expand Up @@ -6,6 +6,8 @@
#define CONF_MSTR 3
#define CONF_BLN 4
#define CONF_LINT 5
#define CONF_STR_NOESC 6
#define CONF_MSTR_NOESC 7

#include <stdio.h>

Expand Down
12 changes: 6 additions & 6 deletions radsecproxy.c
Expand Up @@ -2322,7 +2322,7 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char
"host", CONF_MSTR, &conf->hostsrc,
"IPv4Only", CONF_BLN, &ipv4only,
"IPv6Only", CONF_BLN, &ipv6only,
"secret", CONF_STR, &conf->confsecret,
"secret", CONF_STR_NOESC, &conf->confsecret,
#if defined(RADPROT_TLS) || defined(RADPROT_DTLS)
"tls", CONF_STR, &conf->tls,
"matchcertificateattribute", CONF_STR, &conf->matchcertattr,
Expand Down Expand Up @@ -2523,7 +2523,7 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char
"IPv4Only", CONF_BLN, &ipv4only,
"IPv6Only", CONF_BLN, &ipv6only,
"port", CONF_STR, &conf->portsrc,
"secret", CONF_STR, &conf->confsecret,
"secret", CONF_STR_NOESC, &conf->confsecret,
#if defined(RADPROT_TLS) || defined(RADPROT_DTLS)
"tls", CONF_STR, &conf->tls,
"MatchCertificateAttribute", CONF_STR, &conf->matchcertattr,
Expand Down Expand Up @@ -2688,12 +2688,12 @@ int confrewrite_cb(struct gconffile **cf, void *arg, char *block, char *opt, cha
"removeVendorAttribute", CONF_MSTR, &rmvattrs,
"whitelistAttribute", CONF_MSTR, &wlattrs,
"whitelistVendorAttribute", CONF_MSTR, &wlvattrs,
"addAttribute", CONF_MSTR, &addattrs,
"addVendorAttribute", CONF_MSTR, &addvattrs,
"addAttribute", CONF_MSTR_NOESC, &addattrs,
"addVendorAttribute", CONF_MSTR_NOESC, &addvattrs,
"modifyAttribute", CONF_MSTR, &modattrs,
"modifyVendorAttribute", CONF_MSTR, &modvattrs,
"supplementAttribute", CONF_MSTR, &supattrs,
"supplementVendorAttribute", CONF_MSTR, &supvattrs,
"supplementAttribute", CONF_MSTR_NOESC, &supattrs,
"supplementVendorAttribute", CONF_MSTR_NOESC, &supvattrs,
NULL))
debugx(1, DBG_ERR, "configuration error");
addrewrite(val, whitelist_mode, whitelist_mode? wlattrs : rmattrs, whitelist_mode? wlvattrs : rmvattrs,
Expand Down
6 changes: 3 additions & 3 deletions tests/t_rewrite_config.c
Expand Up @@ -17,16 +17,16 @@ main (int argc, char *argv[])
char **addattrs;
int numtests = 1, i;
struct tlv *tlv, *expected;
uint8_t expectedvalue[] = {'1',0,0,'1','A'};
uint8_t expectedvalue[] = {'1',0,0,'1','A','%','4','1'};

printf("1..%d\n", numtests);
numtests = 1;

addattrs = malloc(2);
addattrs[0] = stringcopy("1:'1%00%001%41", 0);
addattrs[0] = stringcopy("1:'1%00%001%41%2541", 0);
addattrs[1] = NULL;

expected = maketlv(1,5,expectedvalue);
expected = maketlv(1,8,expectedvalue);

addrewrite(rewritename, 0, NULL, NULL, addattrs,
NULL, NULL, NULL, NULL, NULL);
Expand Down

0 comments on commit fde6a66

Please sign in to comment.