From patchwork Tue Oct 13 09:47:58 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gert Doering <gert@greenie.muc.de>
X-Patchwork-Id: 1514
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6])
	by backend30.mail.ord1d.rsapps.net with LMTP
	id MGQdDdoShl9edwAAIUCqbw
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Tue, 13 Oct 2020 16:49:30 -0400
Received: from proxy15.mail.ord1d.rsapps.net ([172.30.191.6])
	by director9.mail.ord1d.rsapps.net with LMTP
	id +DEZDdoShl8mRgAAalYnBA
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Tue, 13 Oct 2020 16:49:30 -0400
Received: from smtp33.gate.ord1c ([172.30.191.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy15.mail.ord1d.rsapps.net with LMTPS
	id oPzJDNoShl8aFQAAAY1PeQ
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Tue, 13 Oct 2020 16:49:30 -0400
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp33.gate.ord1c.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=greenie.muc.de
X-Suspicious-Flag: YES
X-Classification-ID: 9648da16-0d95-11eb-9337-54520067fec4-1-1
Received: from [216.105.38.7] ([216.105.38.7:39458]
 helo=lists.sourceforge.net)
	by smtp33.gate.ord1c.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 20/7F-12446-9D2168F5; Tue, 13 Oct 2020 16:49:29 -0400
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
	by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1kSRDa-0001oY-Er; Tue, 13 Oct 2020 20:48:22 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-2.v29.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1)
 (envelope-from <gert@gentoo.ov.greenie.net>) id 1kSRDW-0001oG-QP
 for openvpn-devel@lists.sourceforge.net; Tue, 13 Oct 2020 20:48:18 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id:
 Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=MGlJA0SpAXjlkuyFo6baWc+7WgudJzfVCw6JU/JKRYw=; b=C7pf++hSkC3xa+Kb+7HrHxK0wk
 CvW358mhzQKVEdahqdiDP07RdiRGNbbeqQVdYsxxJzFPxAzX5KqzqFXoKCAmwSe/UG9zF+moc88bX
 5b7RCzOeRLADZwfVTTauKISqBWlDj9NcgB3Jm2XVUmT1gPJjngJjO0XrEZvk6w+nBv9s=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From:
 Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date:
 Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
 References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:
 List-Owner:List-Archive; bh=MGlJA0SpAXjlkuyFo6baWc+7WgudJzfVCw6JU/JKRYw=; b=P
 09k/XTIneRFRow0/BrxlO1DVGGIJCPWoJ5GqQFtGRulQwUt4n0uy4LBxumWBKyv3Cv+lWmhd9tXNZ
 HHB9M/NXUEu2+HpWbJRb+Vw4UhTHoBByUeTDTrhH9e7VZdVd8k7p9vNYmLXndAOWNpltsk57PucZE
 Adi8SFD65VMzcQ7g=;
Received: from vmail1.greenie.net ([195.30.8.66])
 by sfi-mx-1.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2)
 id 1kSRDS-00DyIl-Ik
 for openvpn-devel@lists.sourceforge.net; Tue, 13 Oct 2020 20:48:18 +0000
Received: from gentoo.ov.greenie.net (gentoo.ov.greenie.net
 [IPv6:2001:608:0:814:0:0:f000:11])
 by vmail1.greenie.net (8.16.1/8.12.11) with SMTP id 09DKlwrW079389
 for <openvpn-devel@lists.sourceforge.net>;
 Tue, 13 Oct 2020 22:47:58 +0200 (CEST)
Received: (nullmailer pid 2518 invoked by uid 1000);
 Tue, 13 Oct 2020 20:47:58 -0000
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Tue, 13 Oct 2020 22:47:58 +0200
Message-Id: <20201013204758.2472-1-gert@greenie.muc.de>
X-Mailer: git-send-email 2.26.2
MIME-Version: 1.0
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2
 (vmail1.greenie.net [IPv6:2001:608:1:995a:20c:29ff:feb8:10eb]);
 Tue, 13 Oct 2020 22:47:58 +0200 (CEST)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
 See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
 for more information. [URIs: muc.de]
 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
 domains are different
 0.0 SPF_NONE               SPF: sender does not publish an SPF Record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
X-Headers-End: 1kSRDS-00DyIl-Ik
Subject: [Openvpn-devel] [PATCH] Avoid passing NULL to argv_printf_cat() in
 temp_file error case.
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

To pass username + password to verify_user_pass_script(), OpenVPN
can either put both into environment, or create a temp file, and
pass that file name to the "user-pass-verify" script.  The file
name is initialized as "", so if no file is desired, it's well
defined - but if the file can not be created, the pointer is NULL
afterwards.

Change the sequence of events, setting up the argv before the
"if (file)" conditional, and add the file name only inside that
clause, if creating the temp file succeeded.

commit a4eeef17b2 did not create the problem, but modified the
code enough so that the static analyzer in gcc 9.2.0 *now* noticed
and issued a warning.

 ssl_verify.c:1132:5: warning: '%s' directive argument is null
              1132 |     argv_printf_cat(&argv, "%s", tmp_file);

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-By: David Sommerseth <davids@openvpn.net>
---
 src/openvpn/ssl_verify.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
index e19644c8..5c0aa6da 100644
--- a/src/openvpn/ssl_verify.c
+++ b/src/openvpn/ssl_verify.c
@@ -1098,6 +1098,9 @@ verify_user_pass_script(struct tls_session *session, struct tls_multi *multi,
     /* Set environmental variables prior to calling script */
     setenv_str(session->opt->es, "script_type", "user-pass-verify");
 
+    /* format command line */
+    argv_parse_cmd(&argv, session->opt->auth_user_pass_verify_script);
+
     if (session->opt->auth_user_pass_verify_script_via_file)
     {
         struct status_output *so;
@@ -1115,6 +1118,8 @@ verify_user_pass_script(struct tls_session *session, struct tls_multi *multi,
                     tmp_file);
                 goto done;
             }
+            /* pass temp file name to script */
+            argv_printf_cat(&argv, "%s", tmp_file);
         }
         else
         {
@@ -1127,10 +1132,6 @@ verify_user_pass_script(struct tls_session *session, struct tls_multi *multi,
         setenv_str(session->opt->es, "password", up->password);
     }
 
-    /* format command line */
-    argv_parse_cmd(&argv, session->opt->auth_user_pass_verify_script);
-    argv_printf_cat(&argv, "%s", tmp_file);
-
     /* call command */
     ret = openvpn_run_script(&argv, session->opt->es, 0,
                              "--auth-user-pass-verify");