From 9ebc911b04e35d464556bad27d534ab8b1e5e503 Mon Sep 17 00:00:00 2001
From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
Date: Jan 19 2015 17:24:41 +0000
Subject: Don't return stack memory in fr_getgrnam


This fixes the following Coverity issue:

    Error: RETURN_LOCAL (CWE-562):
    freeradius-server-3.0.4/src/modules/rlm_unix/rlm_unix.c:87: local_ptr_identity_local: "getgrnam_r(name, &my_group, group_buffer, group_size, &grp)" stores "&my_group" (address of local variable "my_group") into "grp".
    freeradius-server-3.0.4/src/modules/rlm_unix/rlm_unix.c:99: return_local_addr_alias: Returning pointer "grp" which points to local variable "my_group".

Resolves: Bug#1120234

---

diff --git a/freeradius-make-grp-tallo-c-too.patch b/freeradius-make-grp-tallo-c-too.patch
new file mode 100644
index 0000000..ad7d192
--- /dev/null
+++ b/freeradius-make-grp-tallo-c-too.patch
@@ -0,0 +1,53 @@
+From d51daa8f56f5c55f2effdb308ef4a14016118753 Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland@freeradius.org>
+Date: Sun, 5 Oct 2014 17:22:26 -0400
+Subject: [PATCH 1/1] Make grp tallo'c, too
+
+---
+ src/modules/rlm_unix/rlm_unix.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/src/modules/rlm_unix/rlm_unix.c b/src/modules/rlm_unix/rlm_unix.c
+index 0a01074..9e55c26 100644
+--- a/src/modules/rlm_unix/rlm_unix.c
++++ b/src/modules/rlm_unix/rlm_unix.c
+@@ -75,20 +75,20 @@ static const CONF_PARSER module_config[] = {
+ #else
+ static struct group *fr_getgrnam(TALLOC_CTX *ctx, char const *name)
+ {
+-	struct group	*grp, my_group;
++	struct group	*grp, *result;
+ 	char		*group_buffer;
+ 	size_t		group_size = 1024;
+ 
+-	grp = NULL;
+-	group_buffer = talloc_array(ctx, char, group_size);
++	grp = talloc(ctx, struct group);
++	group_buffer = talloc_array(grp, char, group_size);
+ 	while (group_buffer) {
+ 		int err;
+ 
+-		err = getgrnam_r(name, &my_group, group_buffer, group_size, &grp);
++		err = getgrnam_r(name, grp, group_buffer, group_size, &result);
+ 		if (err == ERANGE) {
+ 			group_size *= 2;
+ 			talloc_free(group_buffer);
+-			group_buffer = talloc_array(ctx, char, group_size);
++			group_buffer = talloc_array(grp, char, group_size);
+ 			continue;
+ 		}
+ 
+@@ -145,6 +145,10 @@ static int groupcmp(UNUSED void *instance, REQUEST *req, UNUSED VALUE_PAIR *requ
+ 		}
+ 	}
+ 
++#ifdef HAVE_GETGRNAM_R
++	talloc_free(grp);
++#endif
++
+ 	return retval;
+ }
+ 
+-- 
+2.1.1
+
diff --git a/freeradius.spec b/freeradius.spec
index c064c85..7b8e6c0 100644
--- a/freeradius.spec
+++ b/freeradius.spec
@@ -39,6 +39,7 @@ Patch15: freeradius-raddb-use-appropriate-module-names-in-traps.patch
 Patch16: freeradius-connection-fall-through-to-global-module-triggers.patch
 Patch17: freeradius-ignore-SIGTERM-when-firing-stop-and-signal.term.patch
 Patch18: freeradius-raddb-update-triggers-in-trigger.conf.patch
+Patch19: freeradius-make-grp-tallo-c-too.patch
 
 %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
 
@@ -213,6 +214,7 @@ This plugin provides the unixODBC support for the FreeRADIUS server project.
 %patch16 -p1
 %patch17 -p1
 %patch18 -p1
+%patch19 -p1
 
 %build
 # Force compile/link options, extra security for network facing daemon