From 9577d2594594d11f1eaa50380268f1feb3ca9d9a Mon Sep 17 00:00:00 2001 From: James Jones Date: Thu, 8 Aug 2024 08:35:02 -0500 Subject: [PATCH] Revise write_all() parameters to avoid overflow (*CID #1604608) write_all() parameters changed to resemble write() in return type and type for the number of bytes to be written, to try to avoid an over or underflow Coverity claims occurs. --- src/modules/rlm_mschap/rlm_mschap.c | 34 +++++++++++++++-------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c index 1b540f45bfc70..f6c0034faeeba 100644 --- a/src/modules/rlm_mschap/rlm_mschap.c +++ b/src/modules/rlm_mschap/rlm_mschap.c @@ -834,8 +834,9 @@ static void mppe_add_reply(UNUSED rlm_mschap_t const *inst, /* * Write a string to an fd, followed by "\n" */ -static int write_all(int fd, char const *buf, int len) { - int rv, done=0; +static ssize_t write_all(int fd, char const *buf, size_t len) { + ssize_t rv; + size_t done=0; while (done < len) { rv = write(fd, buf+done, len-done); @@ -882,6 +883,7 @@ static int CC_HINT(nonnull) do_mschap_cpw(rlm_mschap_t const *inst, request_t *r * Password-Change-Error: blah */ + size_t size; int status, len, to_child=-1, from_child=-1; pid_t pid, child_pid; char buf[2048]; @@ -907,7 +909,7 @@ static int CC_HINT(nonnull) do_mschap_cpw(rlm_mschap_t const *inst, request_t *r vb = fr_value_box_list_head(&cpw_ctx->cpw_user); if (!vb) goto ntlm_auth_err; - if (write_all(to_child, vb->vb_strvalue, vb->vb_length) != (int)vb->vb_length) { + if (write_all(to_child, vb->vb_strvalue, vb->vb_length) != (ssize_t) vb->vb_length) { REDEBUG("Failed to write username to child"); goto ntlm_auth_err; } @@ -916,7 +918,7 @@ static int CC_HINT(nonnull) do_mschap_cpw(rlm_mschap_t const *inst, request_t *r vb = fr_value_box_list_head(&cpw_ctx->cpw_domain); if (!vb) goto no_domain; - if (write_all(to_child, vb->vb_strvalue, vb->vb_length) != (int)vb->vb_length) { + if (write_all(to_child, vb->vb_strvalue, vb->vb_length) != (ssize_t)vb->vb_length) { REDEBUG("Failed to write domain to child"); goto ntlm_auth_err; } @@ -926,18 +928,18 @@ static int CC_HINT(nonnull) do_mschap_cpw(rlm_mschap_t const *inst, request_t *r } /* now the password blobs */ - len = snprintf(buf, sizeof(buf), "new-nt-password-blob: "); - fr_base16_encode(&FR_SBUFF_OUT(buf + len, sizeof(buf) - len), &FR_DBUFF_TMP(new_nt_password, 516)); - len = strlen(buf); - if (write_all(to_child, buf, len) != len) { + size = snprintf(buf, sizeof(buf), "new-nt-password-blob: "); + fr_base16_encode(&FR_SBUFF_OUT(buf + size, sizeof(buf) - size), &FR_DBUFF_TMP(new_nt_password, 516)); + size = strlen(buf); + if (write_all(to_child, buf, size) != (ssize_t) size) { RDEBUG2("failed to write new password blob to child"); goto ntlm_auth_err; } - len = snprintf(buf, sizeof(buf), "old-nt-hash-blob: "); - fr_base16_encode(&FR_SBUFF_OUT(buf + len, sizeof(buf) - len), &FR_DBUFF_TMP(old_nt_hash, NT_DIGEST_LENGTH)); - len = strlen(buf); - if (write_all(to_child, buf, len) != len) { + size = snprintf(buf, sizeof(buf), "old-nt-hash-blob: "); + fr_base16_encode(&FR_SBUFF_OUT(buf + size, sizeof(buf) - size), &FR_DBUFF_TMP(old_nt_hash, NT_DIGEST_LENGTH)); + size = strlen(buf); + if (write_all(to_child, buf, size) != (ssize_t) size) { REDEBUG("Failed to write old hash blob to child"); goto ntlm_auth_err; } @@ -946,13 +948,13 @@ static int CC_HINT(nonnull) do_mschap_cpw(rlm_mschap_t const *inst, request_t *r * In current samba versions, failure to supply empty LM password/hash * blobs causes the change to fail. */ - len = snprintf(buf, sizeof(buf), "new-lm-password-blob: %01032i", 0); - if (write_all(to_child, buf, len) != len) { + size = snprintf(buf, sizeof(buf), "new-lm-password-blob: %01032i", 0); + if (write_all(to_child, buf, size) != (ssize_t) size) { REDEBUG("Failed to write dummy LM password to child"); goto ntlm_auth_err; } - len = snprintf(buf, sizeof(buf), "old-lm-hash-blob: %032i", 0); - if (write_all(to_child, buf, len) != len) { + size = snprintf(buf, sizeof(buf), "old-lm-hash-blob: %032i", 0); + if (write_all(to_child, buf, size) != (ssize_t) size) { REDEBUG("Failed to write dummy LM hash to child"); goto ntlm_auth_err; }