From 73722c28d461401b93d750a16c6ecc6eb975d58d Mon Sep 17 00:00:00 2001 From: Frank Cusack Date: Wed, 13 Nov 2002 18:19:26 +0000 Subject: [PATCH] add rc_avpair_copy() and use it when sending user-specified av's. This fixes a bug with a dangling pointer. Thanks to Peter Kjellerstedt for the report and suggested fix. --- pppd/plugins/radius/radius.c | 12 +++---- .../radiusclient/include/radiusclient.h | 3 +- pppd/plugins/radius/radiusclient/lib/avpair.c | 33 ++++++++++++++++++- 3 files changed, 40 insertions(+), 8 deletions(-) diff --git a/pppd/plugins/radius/radius.c b/pppd/plugins/radius/radius.c index 1fd2593..5e27ee0 100644 --- a/pppd/plugins/radius/radius.c +++ b/pppd/plugins/radius/radius.c @@ -24,7 +24,7 @@ * ***********************************************************************/ static char const RCSID[] = -"$Id: radius.c,v 1.17 2002/10/01 09:27:50 fcusack Exp $"; +"$Id: radius.c,v 1.18 2002/11/13 18:19:26 fcusack Exp $"; #include "pppd.h" #include "chap.h" @@ -276,7 +276,7 @@ radius_pap_auth(char *user, /* Add user specified vp's */ if (rstate.avp) - rc_avpair_insert(&send, NULL, rstate.avp); + rc_avpair_insert(&send, NULL, rc_avpair_copy(rstate.avp)); if (rstate.authserver) { result = rc_auth_using_server(rstate.authserver, @@ -437,7 +437,7 @@ radius_chap_auth(char *user, /* Add user specified vp's */ if (rstate.avp) - rc_avpair_insert(&send, NULL, rstate.avp); + rc_avpair_insert(&send, NULL, rc_avpair_copy(rstate.avp)); /* * make authentication with RADIUS server @@ -844,7 +844,7 @@ radius_acct_start(void) /* Add user specified vp's */ if (rstate.avp) - rc_avpair_insert(&send, NULL, rstate.avp); + rc_avpair_insert(&send, NULL, rc_avpair_copy(rstate.avp)); if (rstate.acctserver) { result = rc_acct_using_server(rstate.acctserver, @@ -944,7 +944,7 @@ radius_acct_stop(void) /* Add user specified vp's */ if (rstate.avp) - rc_avpair_insert(&send, NULL, rstate.avp); + rc_avpair_insert(&send, NULL, rc_avpair_copy(rstate.avp)); if (rstate.acctserver) { result = rc_acct_using_server(rstate.acctserver, @@ -1040,7 +1040,7 @@ radius_acct_interim(void *ignored) /* Add user specified vp's */ if (rstate.avp) - rc_avpair_insert(&send, NULL, rstate.avp); + rc_avpair_insert(&send, NULL, rc_avpair_copy(rstate.avp)); if (rstate.acctserver) { result = rc_acct_using_server(rstate.acctserver, diff --git a/pppd/plugins/radius/radiusclient/include/radiusclient.h b/pppd/plugins/radius/radiusclient/include/radiusclient.h index 518683f..9ce2a39 100644 --- a/pppd/plugins/radius/radiusclient/include/radiusclient.h +++ b/pppd/plugins/radius/radiusclient/include/radiusclient.h @@ -1,5 +1,5 @@ /* - * $Id: radiusclient.h,v 1.8 2002/07/25 16:29:16 dfs Exp $ + * $Id: radiusclient.h,v 1.9 2002/11/13 18:19:26 fcusack Exp $ * * Copyright (C) 1995,1996,1997,1998 Lars Fenneberg * @@ -409,6 +409,7 @@ int rc_avpair_assign __P((VALUE_PAIR *, void *, int)); VALUE_PAIR *rc_avpair_new __P((int, void *, int, int)); VALUE_PAIR *rc_avpair_gen __P((AUTH_HDR *)); VALUE_PAIR *rc_avpair_get __P((VALUE_PAIR *, UINT4)); +VALUE_PAIR *rc_avpair_copy __P((VALUE_PAIR *)); void rc_avpair_insert __P((VALUE_PAIR **, VALUE_PAIR *, VALUE_PAIR *)); void rc_avpair_free __P((VALUE_PAIR *)); int rc_avpair_parse __P((char *, VALUE_PAIR **)); diff --git a/pppd/plugins/radius/radiusclient/lib/avpair.c b/pppd/plugins/radius/radiusclient/lib/avpair.c index 7db2249..5f0644b 100644 --- a/pppd/plugins/radius/radiusclient/lib/avpair.c +++ b/pppd/plugins/radius/radiusclient/lib/avpair.c @@ -1,5 +1,5 @@ /* - * $Id: avpair.c,v 1.2 2002/10/01 08:35:21 fcusack Exp $ + * $Id: avpair.c,v 1.3 2002/11/13 18:19:26 fcusack Exp $ * * Copyright (C) 1995 Lars Fenneberg * @@ -361,6 +361,34 @@ VALUE_PAIR *rc_avpair_get (VALUE_PAIR *vp, UINT4 attr) return (vp); } +/* + * Function: rc_avpair_copy + * + * Purpose: Return a copy of the existing list "p" ala strdup(). + * + */ +VALUE_PAIR *rc_avpair_copy(VALUE_PAIR *p) +{ + VALUE_PAIR *vp, *fp = NULL, *lp = NULL; + + while (p) { + vp = malloc(sizeof(VALUE_PAIR)); + if (!vp) { + rc_log(LOG_CRIT, "rc_avpair_copy: out of memory"); + return NULL; /* leaks a little but so what */ + } + *vp = *p; + if (!fp) + fp = vp; + if (lp) + lp->next = vp; + lp = vp; + p = p->next; + } + + return fp; +} + /* * Function: rc_avpair_insert * @@ -382,6 +410,9 @@ void rc_avpair_insert (VALUE_PAIR **a, VALUE_PAIR *p, VALUE_PAIR *b) return; } + if (!b) + return; + vp = *a; if ( p == (VALUE_PAIR *) NULL) /* run to end of "a" list */ -- 2.39.2