From 71c98b23a8872aed85d6bc76a198e00ebe0f1fdd Mon Sep 17 00:00:00 2001 From: reshke Date: Thu, 20 May 2021 18:05:17 +0500 Subject: [PATCH] fix a couple of coverity issues --- .gitignore | 2 +- sources/auth.c | 3 ++- sources/auth_query.c | 4 ++++ sources/auth_query.h | 2 ++ sources/config_reader.c | 2 +- sources/frontend.c | 21 ++++++++------------- sources/ldap.c | 1 + 7 files changed, 19 insertions(+), 16 deletions(-) diff --git a/.gitignore b/.gitignore index d2549db1..f11d10af 100644 --- a/.gitignore +++ b/.gitignore @@ -3,7 +3,7 @@ *.so .idea/ .init -.swp +*.swp .conf.example .logrotate sources/odyssey diff --git a/sources/auth.c b/sources/auth.c index f130c468..5b38fc32 100644 --- a/sources/auth.c +++ b/sources/auth.c @@ -784,7 +784,8 @@ static inline int od_auth_backend_md5(od_server_t *server, char salt[4], } else if (route->rule->password) { password = route->rule->password; password_len = route->rule->password_len; - } else if (client->received_password.password != NULL) { + } else if (client != NULL && + client->received_password.password != NULL) { password = client->received_password.password; password_len = client->received_password.password_len - 1; } else { diff --git a/sources/auth_query.c b/sources/auth_query.c index 2c60de6e..4c71e5cf 100644 --- a/sources/auth_query.c +++ b/sources/auth_query.c @@ -93,6 +93,10 @@ static inline int od_auth_query_do(od_server_t *server, char *query, /* password */ uint32_t password_len; rc = kiwi_read32(&password_len, &pos, &pos_size); + if (password_len > + ODYSSEY_AUTH_QUERY_MAX_PASSSWORD_LEN) { + goto error; + } if (kiwi_unlikely(rc == -1)) goto error; char *password = pos; diff --git a/sources/auth_query.h b/sources/auth_query.h index 2f5ca1f2..cb126bf5 100644 --- a/sources/auth_query.h +++ b/sources/auth_query.h @@ -7,6 +7,8 @@ * Scalable PostgreSQL connection pooler. */ +#define ODYSSEY_AUTH_QUERY_MAX_PASSSWORD_LEN 4096 + int od_auth_query(od_client_t *, char *); #endif /* ODYSSEY_AUTH_QUERY_H */ diff --git a/sources/config_reader.c b/sources/config_reader.c index 43a12d34..a8bf806f 100644 --- a/sources/config_reader.c +++ b/sources/config_reader.c @@ -763,7 +763,7 @@ static int od_config_reader_route(od_config_reader_t *reader, char *db_name, if (!od_config_reader_string(reader, &rule->auth)) return -1; #ifndef USE_SCRAM - if (rule->auth == "scram-sha-256") { + if (strcmp(rule->auth, "scram-sha-256") == 0) { od_config_reader_error( reader, &token, "SCRAM auth is not supported in this build, try to recompile"); diff --git a/sources/frontend.c b/sources/frontend.c index 9f747b73..f772d320 100644 --- a/sources/frontend.c +++ b/sources/frontend.c @@ -1354,6 +1354,11 @@ void od_frontend(void *arg) rc = od_auth_frontend(client); if (rc != OK_RESPONSE) { + /* rc == -1 + * here we ignore module retcode because auth already failed + * we just inform side modules that usr was trying to log in + */ + module->auth_complete_cb(client, rc); goto cleanup; } @@ -1362,19 +1367,9 @@ void od_frontend(void *arg) { od_module_t *module; module = od_container_of(i, od_module_t, link); - - if (rc == OK_RESPONSE) { - rc = module->auth_complete_cb(client, rc); - if (rc != OD_MODULE_CB_OK_RETCODE) { - // user blocked from module callback - goto cleanup; - } - } else { - /* rc == -1 - * here we ignore module retcode because auth already failed - * we just inform side modules that usr was trying to log in - */ - module->auth_complete_cb(client, rc); + rc = module->auth_complete_cb(client, rc); + if (rc != OD_MODULE_CB_OK_RETCODE) { + // user blocked from module callback goto cleanup; } } diff --git a/sources/ldap.c b/sources/ldap.c index 0a286e4b..5d075a3a 100644 --- a/sources/ldap.c +++ b/sources/ldap.c @@ -283,6 +283,7 @@ static inline od_ldap_server_t *od_ldap_server_attach(od_route_t *route, /* special case, when we are interested only in an idle connection * and do not want to start a new one */ // NOT IMPL + od_route_unlock(route); return NULL; } else { /* Maybe start new connection, if pool_size is zero */