From 36a3d429cd1480d57f6226541ea3be887152afa0 Mon Sep 17 00:00:00 2001 From: yasuoka Date: Tue, 5 Sep 2023 00:32:01 +0000 Subject: [PATCH] Refuse an incomplete config, an authentication block which doesn't have authentication module. The code doesn't expect this. --- usr.sbin/radiusd/parse.y | 7 ++++++- usr.sbin/radiusd/radiusd.c | 4 +++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/usr.sbin/radiusd/parse.y b/usr.sbin/radiusd/parse.y index ba3399fbf49..ef17ae1e752 100644 --- a/usr.sbin/radiusd/parse.y +++ b/usr.sbin/radiusd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.15 2023/09/04 12:28:18 yasuoka Exp $ */ +/* $OpenBSD: parse.y,v 1.16 2023/09/05 00:32:01 yasuoka Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer @@ -312,6 +312,11 @@ authenticate : AUTHENTICATE { } str_l optnl '{' authopts '}' { struct radiusd_authentication *a; + if (authen.auth == NULL) { + free_str_l(&$3); + yyerror("no authentication module specified"); + YYERROR; + } if ((a = calloc(1, sizeof(struct radiusd_authentication))) == NULL) { free_str_l(&$3); diff --git a/usr.sbin/radiusd/radiusd.c b/usr.sbin/radiusd/radiusd.c index b6d08ebbb99..8e63f9783e9 100644 --- a/usr.sbin/radiusd/radiusd.c +++ b/usr.sbin/radiusd/radiusd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radiusd.c,v 1.30 2023/09/04 23:55:23 yasuoka Exp $ */ +/* $OpenBSD: radiusd.c,v 1.31 2023/09/05 00:32:01 yasuoka Exp $ */ /* * Copyright (c) 2013 Internet Initiative Japan Inc. @@ -490,6 +490,8 @@ radiusd_listen_on_event(int fd, short evmask, void *ctx) goto on_error; } found: + RADIUSD_ASSERT(authen->auth != NULL); + if (!MODULE_DO_USERPASS(authen->auth->module) && !MODULE_DO_ACCSREQ(authen->auth->module)) { log_warnx("Received %s(code=%d) from %s id=%d " -- 2.20.1