From fe9ead9eabbf60202d21e4393a581293644da84d Mon Sep 17 00:00:00 2001 From: Nikolai Kondrashov Date: Oct 14 2014 15:26:29 +0000 Subject: Fix five issues --- diff --git a/freeradius-access-union-consistently.patch b/freeradius-access-union-consistently.patch new file mode 100644 index 0000000..5e65d6e --- /dev/null +++ b/freeradius-access-union-consistently.patch @@ -0,0 +1,401 @@ +From 5e8a69d547461c757abe2870ecbff2aa7a1fea55 Mon Sep 17 00:00:00 2001 +From: Nikolai Kondrashov +Date: Wed, 1 Oct 2014 11:51:51 -0400 +Subject: [PATCH 2/4] Access union value_data members consistently + +Use the same, appropriate union value_data member for each access of +BOOLEAN, BYTE and SHORT PW_TYPEs, without assuming they're +interchangeable with "integer", as that is only true on little-endian +architectures. + +This fixes at least this wimax unit test failure on s390x and ppc64: + + Mismatch in line 11 of src/tests/unit/wimax.txt, got: 1a 0c 00 00 60 b5 01 06 00 02 03 00 expected: 1a 0c 00 00 60 b5 01 06 00 02 03 01 +--- + src/lib/print.c | 56 ++++++++++++------ + src/lib/radius.c | 8 +-- + src/lib/valuepair.c | 83 +++++++++++++++++++-------- + src/main/evaluate.c | 4 +- + src/main/valuepair.c | 4 ++ + src/main/xlat.c | 4 +- + src/modules/rlm_couchbase/mod.c | 17 +++++- + src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c | 4 +- + 8 files changed, 128 insertions(+), 52 deletions(-) + +diff --git a/src/lib/print.c b/src/lib/print.c +index 67263bc..fc1ae42 100644 +--- a/src/lib/print.c ++++ b/src/lib/print.c +@@ -314,6 +314,7 @@ size_t vp_data_prints_value(char *out, size_t outlen, + char const *a = NULL; + time_t t; + struct tm s_tm; ++ unsigned int i; + + size_t len = 0, freespace = outlen; + +@@ -365,15 +366,24 @@ size_t vp_data_prints_value(char *out, size_t outlen, + return fr_print_string(data->strvalue, data_len, out, outlen); + + case PW_TYPE_INTEGER: +- case PW_TYPE_BYTE: ++ i = data->integer; ++ goto print_int; ++ + case PW_TYPE_SHORT: ++ i = data->ushort; ++ goto print_int; ++ ++ case PW_TYPE_BYTE: ++ i = data->byte; ++ ++print_int: + /* Normal, non-tagged attribute */ +- if ((v = dict_valbyattr(da->attr, da->vendor, data->integer)) != NULL) { ++ if ((v = dict_valbyattr(da->attr, da->vendor, i)) != NULL) { + a = v->name; + len = strlen(a); + } else { + /* should never be truncated */ +- len = snprintf(buf, sizeof(buf), "%u", data->integer); ++ len = snprintf(buf, sizeof(buf), "%u", i); + a = buf; + } + break; +@@ -590,12 +600,20 @@ size_t vp_prints_value_json(char *out, size_t outlen, VALUE_PAIR const *vp) + if (!vp->da->flags.has_tag) { + switch (vp->da->type) { + case PW_TYPE_INTEGER: +- case PW_TYPE_BYTE: +- case PW_TYPE_SHORT: + if (vp->da->flags.has_value) break; + + return snprintf(out, freespace, "%u", vp->vp_integer); + ++ case PW_TYPE_SHORT: ++ if (vp->da->flags.has_value) break; ++ ++ return snprintf(out, freespace, "%u", (unsigned int) vp->vp_short); ++ ++ case PW_TYPE_BYTE: ++ if (vp->da->flags.has_value) break; ++ ++ return snprintf(out, freespace, "%u", (unsigned int) vp->vp_byte); ++ + case PW_TYPE_SIGNED: + return snprintf(out, freespace, "%d", vp->vp_signed); + +@@ -834,6 +852,8 @@ void vp_printlist(FILE *fp, VALUE_PAIR const *vp) + char *vp_aprint_value(TALLOC_CTX *ctx, VALUE_PAIR const *vp, bool escape) + { + char *p; ++ unsigned int i; ++ DICT_VALUE const *dv; + + switch (vp->da->type) { + case PW_TYPE_STRING: +@@ -860,19 +880,23 @@ char *vp_aprint_value(TALLOC_CTX *ctx, VALUE_PAIR const *vp, bool escape) + break; + } + +- case PW_TYPE_BYTE: +- case PW_TYPE_SHORT: + case PW_TYPE_INTEGER: +- { +- DICT_VALUE *dv; ++ i = vp->vp_integer; ++ goto print_int; + +- dv = dict_valbyattr(vp->da->attr, vp->da->vendor, +- vp->vp_integer); +- if (dv) { +- p = talloc_typed_strdup(ctx, dv->name); +- } else { +- p = talloc_typed_asprintf(ctx, "%u", vp->vp_integer); +- } ++ case PW_TYPE_SHORT: ++ i = vp->vp_short; ++ goto print_int; ++ ++ case PW_TYPE_BYTE: ++ i = vp->vp_byte; ++ ++ print_int: ++ dv = dict_valbyattr(vp->da->attr, vp->da->vendor, i); ++ if (dv) { ++ p = talloc_typed_strdup(ctx, dv->name); ++ } else { ++ p = talloc_typed_asprintf(ctx, "%u", i); + } + break; + +diff --git a/src/lib/radius.c b/src/lib/radius.c +index 0a40682..aabc545 100644 +--- a/src/lib/radius.c ++++ b/src/lib/radius.c +@@ -3984,18 +3984,18 @@ ssize_t rad_vp2data(uint8_t const **out, VALUE_PAIR const *vp) + } + + case PW_TYPE_BOOLEAN: +- buffer[0] = vp->vp_integer & 0x01; ++ buffer[0] = vp->vp_byte & 0x01; + *out = buffer; + break; + + case PW_TYPE_BYTE: +- buffer[0] = vp->vp_integer & 0xff; ++ buffer[0] = vp->vp_byte & 0xff; + *out = buffer; + break; + + case PW_TYPE_SHORT: +- buffer[0] = (vp->vp_integer >> 8) & 0xff; +- buffer[1] = vp->vp_integer & 0xff; ++ buffer[0] = (vp->vp_short >> 8) & 0xff; ++ buffer[1] = vp->vp_short & 0xff; + *out = buffer; + break; + +diff --git a/src/lib/valuepair.c b/src/lib/valuepair.c +index 9dcae70..7d6ee88 100644 +--- a/src/lib/valuepair.c ++++ b/src/lib/valuepair.c +@@ -1369,65 +1369,100 @@ int pairparsevalue(VALUE_PAIR *vp, char const *value, size_t inlen) + case PW_TYPE_BYTE: + { + char *p; +- vp->length = 1; ++ unsigned int i; + + /* + * Note that ALL integers are unsigned! + */ +- vp->vp_integer = fr_strtoul(value, &p); +- if (!*p) { +- if (vp->vp_integer > 255) { ++ i = fr_strtoul(value, &p); ++ ++ /* ++ * Look for the named value for the given ++ * attribute. ++ */ ++ if (*p && !is_whitespace(p)) { ++ if ((dval = dict_valbyname(vp->da->attr, vp->da->vendor, value)) == NULL) { ++ fr_strerror_printf("Unknown value '%s' for attribute '%s'", value, vp->da->name); ++ return -1; ++ } ++ ++ vp->vp_byte = dval->value; ++ } else { ++ if (i > 255) { + fr_strerror_printf("Byte value \"%s\" is larger than 255", value); + return -1; + } +- break; ++ ++ vp->vp_byte = i; + } +- if (is_whitespace(p)) break; ++ ++ vp->length = 1; ++ break; + } +- goto check_for_value; + + case PW_TYPE_SHORT: + { + char *p; ++ unsigned int i; + + /* + * Note that ALL integers are unsigned! + */ +- vp->vp_integer = fr_strtoul(value, &p); +- vp->length = 2; +- if (!*p) { +- if (vp->vp_integer > 65535) { +- fr_strerror_printf("Byte value \"%s\" is larger than 65535", value); ++ i = fr_strtoul(value, &p); ++ ++ /* ++ * Look for the named value for the given ++ * attribute. ++ */ ++ if (*p && !is_whitespace(p)) { ++ if ((dval = dict_valbyname(vp->da->attr, vp->da->vendor, value)) == NULL) { ++ fr_strerror_printf("Unknown value '%s' for attribute '%s'", value, vp->da->name); + return -1; + } +- break; ++ ++ vp->vp_short = dval->value; ++ } else { ++ if (i > 65535) { ++ fr_strerror_printf("Short value \"%s\" is larger than 65535", value); ++ return -1; ++ } ++ ++ vp->vp_short = i; + } +- if (is_whitespace(p)) break; ++ ++ vp->length = 2; ++ break; + } +- goto check_for_value; + + case PW_TYPE_INTEGER: + { + char *p; ++ unsigned int i; + + /* + * Note that ALL integers are unsigned! + */ +- vp->vp_integer = fr_strtoul(value, &p); +- vp->length = 4; +- if (!*p) break; +- if (is_whitespace(p)) break; ++ i = fr_strtoul(value, &p); + +- check_for_value: + /* + * Look for the named value for the given + * attribute. + */ +- if ((dval = dict_valbyname(vp->da->attr, vp->da->vendor, value)) == NULL) { +- fr_strerror_printf("Unknown value '%s' for attribute '%s'", value, vp->da->name); +- return -1; ++ if (*p && !is_whitespace(p)) { ++ if ((dval = dict_valbyname(vp->da->attr, vp->da->vendor, value)) == NULL) { ++ fr_strerror_printf("Unknown value '%s' for attribute '%s'", value, vp->da->name); ++ return -1; ++ } ++ ++ vp->vp_integer = dval->value; ++ } else { ++ /* ++ * Value is always within the limits ++ */ ++ vp->vp_integer = i; + } +- vp->vp_integer = dval->value; ++ ++ vp->length = 4; + } + break; + +diff --git a/src/main/evaluate.c b/src/main/evaluate.c +index 5cf597d..a100c70 100644 +--- a/src/main/evaluate.c ++++ b/src/main/evaluate.c +@@ -485,11 +485,11 @@ static int do_cast_copy(VALUE_PAIR *dst, VALUE_PAIR const *src) + break; + + case PW_TYPE_SHORT: +- dst->vp_integer = ntohs(*(uint16_t const *) src->vp_octets); ++ dst->vp_short = ntohs(*(uint16_t const *) src->vp_octets); + break; + + case PW_TYPE_BYTE: +- dst->vp_integer = src->vp_octets[0]; ++ dst->vp_byte = src->vp_octets[0]; + break; + + default: +diff --git a/src/main/valuepair.c b/src/main/valuepair.c +index dc2bfc7..2dd517a 100644 +--- a/src/main/valuepair.c ++++ b/src/main/valuepair.c +@@ -180,7 +180,11 @@ int radius_compare_vps(UNUSED REQUEST *request, VALUE_PAIR *check, VALUE_PAIR *v + break; + + case PW_TYPE_BYTE: ++ ret = vp->vp_byte - check->vp_byte; ++ break; + case PW_TYPE_SHORT: ++ ret = vp->vp_short - check->vp_short; ++ break; + case PW_TYPE_INTEGER: + ret = vp->vp_integer - check->vp_integer; + break; +diff --git a/src/main/xlat.c b/src/main/xlat.c +index f2c8aff..a069919 100644 +--- a/src/main/xlat.c ++++ b/src/main/xlat.c +@@ -177,9 +177,11 @@ static ssize_t xlat_integer(UNUSED void *instance, REQUEST *request, + + case PW_TYPE_INTEGER: + case PW_TYPE_DATE: ++ return snprintf(out, outlen, "%u", vp->vp_integer); + case PW_TYPE_BYTE: ++ return snprintf(out, outlen, "%u", (unsigned int) vp->vp_byte); + case PW_TYPE_SHORT: +- return snprintf(out, outlen, "%u", vp->vp_integer); ++ return snprintf(out, outlen, "%u", (unsigned int) vp->vp_short); + + /* + * Ethernet is weird... It's network related, so we assume to it should be +diff --git a/src/modules/rlm_couchbase/mod.c b/src/modules/rlm_couchbase/mod.c +index cc14677..36406a0 100644 +--- a/src/modules/rlm_couchbase/mod.c ++++ b/src/modules/rlm_couchbase/mod.c +@@ -296,22 +296,33 @@ json_object *mod_value_pair_to_json_object(REQUEST *request, VALUE_PAIR *vp) + + /* add this attribute/value pair to our json output */ + if (!vp->da->flags.has_tag) { ++ unsigned int i; ++ + switch (vp->da->type) { + case PW_TYPE_INTEGER: +- case PW_TYPE_BYTE: ++ i = vp->vp_integer; ++ goto print_int; ++ + case PW_TYPE_SHORT: ++ i = vp->vp_short; ++ goto print_int; ++ ++ case PW_TYPE_BYTE: ++ i = vp->vp_byte; ++ ++ print_int: + /* skip if we have flags */ + if (vp->da->flags.has_value) break; + #ifdef HAVE_JSON_OBJECT_NEW_INT64 + /* debug */ + RDEBUG3("creating new int64 for unsigned 32 bit int/byte/short '%s'", vp->da->name); + /* return as 64 bit int - JSON spec does not support unsigned ints */ +- return json_object_new_int64(vp->vp_integer); ++ return json_object_new_int64(i); + #else + /* debug */ + RDEBUG3("creating new int for unsigned 32 bit int/byte/short '%s'", vp->da->name); + /* return as 64 bit int - JSON spec does not support unsigned ints */ +- return json_object_new_int(vp->vp_integer); ++ return json_object_new_int(i); + #endif + break; + case PW_TYPE_SIGNED: +diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c +index 152f4ca..55e8e14 100644 +--- a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c ++++ b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c +@@ -325,12 +325,12 @@ static VALUE_PAIR *diameter2vp(REQUEST *request, REQUEST *fake, SSL *ssl, + + case PW_TYPE_BYTE: + if (size != vp->length) goto raw; +- vp->vp_integer = data[0]; ++ vp->vp_byte = data[0]; + break; + + case PW_TYPE_SHORT: + if (size != vp->length) goto raw; +- vp->vp_integer = (data[0] * 256) + data[1]; ++ vp->vp_short = (data[0] * 256) + data[1]; + break; + + case PW_TYPE_SIGNED: +-- +2.1.0 + diff --git a/freeradius-dont-detach-after-perl_parse.patch b/freeradius-dont-detach-after-perl_parse.patch new file mode 100644 index 0000000..f793945 --- /dev/null +++ b/freeradius-dont-detach-after-perl_parse.patch @@ -0,0 +1,50 @@ +From fa9b2cd01fb5dbe583f5063f611a45c9d033a54a Mon Sep 17 00:00:00 2001 +From: Nikolai Kondrashov +Date: Tue, 30 Sep 2014 16:19:47 +0300 +Subject: [PATCH 1/1] perl: Don't call detach after failed perl_parse + +Don't call "detach" callback in rlm_perl, if perl_parse of the Perl +module failed. + +This fixes segfault when the module file cannot be read: + + Can't open perl script "/etc/raddb/mods-config/perl/example.pl": Permission denied + rlm_perl: perl_parse failed: /etc/raddb/mods-config/perl/example.pl not found or has syntax errors. + /etc/raddb/mods-enabled/perl[7]: Instantiation failed for module "perl" + Segmentation fault +--- + src/modules/rlm_perl/rlm_perl.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/modules/rlm_perl/rlm_perl.c b/src/modules/rlm_perl/rlm_perl.c +index d423524..039d7c8 100644 +--- a/src/modules/rlm_perl/rlm_perl.c ++++ b/src/modules/rlm_perl/rlm_perl.c +@@ -73,6 +73,7 @@ typedef struct rlm_perl_t { + char const *xlat_name; + char const *perl_flags; + PerlInterpreter *perl; ++ bool perl_parsed; + pthread_key_t *thread_key; + + #ifdef USE_ITHREADS +@@ -538,6 +539,7 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance) + PL_endav = (AV *)NULL; + + if(!exitstatus) { ++ inst->perl_parsed = true; + perl_run(inst->perl); + } else { + ERROR("rlm_perl: perl_parse failed: %s not found or has syntax errors. \n", inst->module); +@@ -1012,7 +1014,7 @@ static int mod_detach(void *instance) + } + #endif + +- if (inst->func_detach) { ++ if (inst->perl_parsed && inst->func_detach) { + dTHXa(inst->perl); + PERL_SET_CONTEXT(inst->perl); + { +-- +2.1.0 + diff --git a/freeradius-dont-swap-uint128-printing-on-be.patch b/freeradius-dont-swap-uint128-printing-on-be.patch new file mode 100644 index 0000000..ba3c670 --- /dev/null +++ b/freeradius-dont-swap-uint128-printing-on-be.patch @@ -0,0 +1,46 @@ +From 168275c3f4ffe9d0e09ed7a3789b45b440416f73 Mon Sep 17 00:00:00 2001 +From: Nikolai Kondrashov +Date: Wed, 1 Oct 2014 16:32:11 +0300 +Subject: [PATCH 4/4] Don't assume little-endian in fr_prints_uint128 + +Add handling of big-endian architectures to fr_prints_uint128. +--- + src/lib/misc.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/src/lib/misc.c b/src/lib/misc.c +index 66171ff..d0ccd6c 100644 +--- a/src/lib/misc.c ++++ b/src/lib/misc.c +@@ -1366,6 +1366,13 @@ size_t fr_prints_uint128(char *out, size_t outlen, uint128_t const num) + uint64_t n[2]; + char *p = buff; + int i; ++#ifdef RADIUS_LITTLE_ENDIAN ++ const size_t l = 0; ++ const size_t h = 1; ++#else ++ const size_t l = 1; ++ const size_t h = 0; ++#endif + + memset(buff, '0', sizeof(buff) - 1); + buff[sizeof(buff) - 1] = '\0'; +@@ -1376,11 +1383,11 @@ size_t fr_prints_uint128(char *out, size_t outlen, uint128_t const num) + ssize_t j; + int carry; + +- carry = (n[1] >= 0x8000000000000000); ++ carry = (n[h] >= 0x8000000000000000); + + // Shift n[] left, doubling it +- n[1] = ((n[1] << 1) & 0xffffffffffffffff) + (n[0] >= 0x8000000000000000); +- n[0] = ((n[0] << 1) & 0xffffffffffffffff); ++ n[h] = ((n[h] << 1) & 0xffffffffffffffff) + (n[l] >= 0x8000000000000000); ++ n[l] = ((n[l] << 1) & 0xffffffffffffffff); + + // Add s[] to itself in decimal, doubling it + for (j = sizeof(buff) - 2; j >= 0; j--) { +-- +2.1.0 + diff --git a/freeradius-dont-truncate-uint64.patch b/freeradius-dont-truncate-uint64.patch new file mode 100644 index 0000000..d64a47c --- /dev/null +++ b/freeradius-dont-truncate-uint64.patch @@ -0,0 +1,27 @@ +From de77beacf1c0bd64335f0f949af9da71437d3ba5 Mon Sep 17 00:00:00 2001 +From: Nikolai Kondrashov +Date: Tue, 30 Sep 2014 22:27:36 +0300 +Subject: [PATCH 1/4] Don't truncate 64-bit integers in do_cast_copy + +Assign converted octets to vp_integer64, instead of vp_integer to avoid +truncation in do_cast_copy. +--- + src/main/evaluate.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/main/evaluate.c b/src/main/evaluate.c +index f91d482..5cf597d 100644 +--- a/src/main/evaluate.c ++++ b/src/main/evaluate.c +@@ -475,7 +475,7 @@ static int do_cast_copy(VALUE_PAIR *dst, VALUE_PAIR const *src) + do_octets: + switch (dst->da->type) { + case PW_TYPE_INTEGER64: +- dst->vp_integer = ntohll(*(uint64_t const *) src->vp_octets); ++ dst->vp_integer64 = ntohll(*(uint64_t const *) src->vp_octets); + break; + + case PW_TYPE_INTEGER: +-- +2.1.0 + diff --git a/freeradius-fix-dhcp-dictionary-loading.patch b/freeradius-fix-dhcp-dictionary-loading.patch new file mode 100644 index 0000000..7cde423 --- /dev/null +++ b/freeradius-fix-dhcp-dictionary-loading.patch @@ -0,0 +1,40 @@ +From dda57af171687d60e21e8e2620e87b25939d0c29 Mon Sep 17 00:00:00 2001 +From: Nikolai Kondrashov +Date: Mon, 6 Oct 2014 17:00:25 +0300 +Subject: [PATCH 1/1] dhcpclient: Load dictionary.dhcp from DICTDIR. + +Load dictionary.dhcp from DICTDIR instead of RADDBDIR in dhcpclient.c, +as it is found only in the former. + +This fixes the following error printed when invoking dhcpclient: + + Failed reading dictionary.dhcp: dict_init: Couldn't open dictionary + "/etc/raddb/dictionary.dhcp": No such file or directory +--- + src/modules/proto_dhcp/dhcpclient.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/modules/proto_dhcp/dhcpclient.c b/src/modules/proto_dhcp/dhcpclient.c +index b29b9a2..ac52ffd 100644 +--- a/src/modules/proto_dhcp/dhcpclient.c ++++ b/src/modules/proto_dhcp/dhcpclient.c +@@ -264,6 +264,7 @@ int main(int argc, char **argv) + char *p; + int c; + char const *radius_dir = RADDBDIR; ++ char const *dict_dir = DICTDIR; + char const *filename = NULL; + DICT_ATTR const *da; + +@@ -315,7 +316,7 @@ int main(int argc, char **argv) + */ + da = dict_attrbyname("DHCP-Message-Type"); + if (!da) { +- if (dict_read(radius_dir, "dictionary.dhcp") < 0) { ++ if (dict_read(dict_dir, "dictionary.dhcp") < 0) { + fprintf(stderr, "Failed reading dictionary.dhcp: %s", + fr_strerror()); + return -1; +-- +2.1.1 + diff --git a/freeradius-prefix-endian-macros.patch b/freeradius-prefix-endian-macros.patch new file mode 100644 index 0000000..80e3924 --- /dev/null +++ b/freeradius-prefix-endian-macros.patch @@ -0,0 +1,168 @@ +From 4a906c702ac31da5977eba6698fa5435474cb47f Mon Sep 17 00:00:00 2001 +From: Nikolai Kondrashov +Date: Wed, 1 Oct 2014 15:11:12 +0300 +Subject: [PATCH 3/4] Prefix *_ENDIAN macros with RADIUS_ + +Rename LITTLE_ENDIAN and BIG_ENDIAN macros to RADIUS_LITTLE_ENDIAN and +RADIUS_BIG_ENDIAN respectively to avoid clashes with +/usr/include/endian.h defines, which result in always assuming +little-endian architecture. +--- + configure | 4 ++-- + configure.ac | 4 ++-- + src/include/autoconf.h.in | 16 ++++++++-------- + src/include/build.h | 6 +++--- + src/include/missing-h | 4 ++-- + src/lib/missing.c | 2 +- + src/main/version.c | 4 ++-- + 7 files changed, 20 insertions(+), 20 deletions(-) + +diff --git a/configure b/configure +index f15072d..1b54efd 100755 +--- a/configure ++++ b/configure +@@ -4771,11 +4771,11 @@ $as_echo "$ac_cv_c_bigendian" >&6; } + case $ac_cv_c_bigendian in #( + yes) + +-$as_echo "#define BIG_ENDIAN 1" >>confdefs.h ++$as_echo "#define RADIUS_BIG_ENDIAN 1" >>confdefs.h + ;; #( + no) + +-$as_echo "#define LITTLE_ENDIAN 1" >>confdefs.h ++$as_echo "#define RADIUS_LITTLE_ENDIAN 1" >>confdefs.h + + ;; #( + universal) +diff --git a/configure.ac b/configure.ac +index 76466ec..30b226b 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -167,8 +167,8 @@ dnl # check for system bytesex + dnl # AC_DEFINES WORDS_BIGENDIAN + dnl # + AC_C_BIGENDIAN( +- [AC_DEFINE(BIG_ENDIAN, 1, [Define if your processor stores words with the most significant byte first])], +- [AC_DEFINE(LITTLE_ENDIAN, 1, [Define if your processor stores words with the least significant byte first])] ++ [AC_DEFINE(RADIUS_BIG_ENDIAN, 1, [Define if your processor stores words with the most significant byte first])], ++ [AC_DEFINE(RADIUS_LITTLE_ENDIAN, 1, [Define if your processor stores words with the least significant byte first])] + ) + + dnl # +diff --git a/src/include/autoconf.h.in b/src/include/autoconf.h.in +index 6e6e355..c313bca 100644 +--- a/src/include/autoconf.h.in ++++ b/src/include/autoconf.h.in +@@ -3,10 +3,6 @@ + /* Define if building universal (internal helper macro) */ + #undef AC_APPLE_UNIVERSAL_BUILD + +-/* Define if your processor stores words with the most significant byte first +- */ +-#undef BIG_ENDIAN +- + /* BSD-Style get*byaddr_r */ + #undef BSDSTYLE + +@@ -443,10 +439,6 @@ + /* compiler specific 128 bit unsigned integer */ + #undef HAVE___UINT128_T + +-/* Define if your processor stores words with the least significant byte first +- */ +-#undef LITTLE_ENDIAN +- + /* define if you have OSFC2 authentication */ + #undef OSFC2 + +@@ -483,6 +475,14 @@ + /* Raw version string from VERSION file */ + #undef RADIUSD_VERSION_STRING + ++/* Define if your processor stores words with the most significant byte first ++ */ ++#undef RADIUS_BIG_ENDIAN ++ ++/* Define if your processor stores words with the least significant byte first ++ */ ++#undef RADIUS_LITTLE_ENDIAN ++ + /* Define as the return type of signal handlers (`int' or `void'). */ + #undef RETSIGTYPE + +diff --git a/src/include/build.h b/src/include/build.h +index 66c3087..4c1bf1a 100644 +--- a/src/include/build.h ++++ b/src/include/build.h +@@ -105,13 +105,13 @@ extern "C" { + * Here at least the endianess can be set explicitly with + * -DLITTLE_ENDIAN or -DBIG_ENDIAN. + */ +-#if !defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN) ++#if !defined(RADIUS_LITTLE_ENDIAN) && !defined(RADIUS_BIG_ENDIAN) + # if defined(__LITTLE_ENDIAN__) || \ + (defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)) +-# define LITTLE_ENDIAN 1 ++# define RADIUS_LITTLE_ENDIAN 1 + # elif defined(__BIG_ENDIAN__) || \ + (defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__)) +-# define BIG_ENDIAN 1 ++# define RADIUS_BIG_ENDIAN 1 + # else + # error Failed determining endianness of system + # endif +diff --git a/src/include/missing-h b/src/include/missing-h +index 3f286a4..7136172 100644 +--- a/src/include/missing-h ++++ b/src/include/missing-h +@@ -424,7 +424,7 @@ typedef struct int128_t { uint8_t v[16]; } int128_t; + + /* abcd efgh -> dcba hgfe -> hgfe dcba */ + #ifndef HAVE_HTON_LL +-# ifdef LITTLE_ENDIAN ++# ifdef RADIUS_LITTLE_ENDIAN + # ifdef HAVE_BUILTIN_BSWAP64 + # define ntohll(x) __builtin_bswap64(x) + # else +@@ -437,7 +437,7 @@ typedef struct int128_t { uint8_t v[16]; } int128_t; + #endif + + #ifndef HAVE_HTON_LLL +-# ifdef LITTLE_ENDIAN ++# ifdef RADIUS_LITTLE_ENDIAN + # ifdef HAVE_128BIT_INTEGERS + # define ntohlll(x) (((uint128_t)ntohll((uint64_t)(x >> 64))) | (((uint128_t)ntohll(((uint64_t) x)) << 64))) + # else +diff --git a/src/lib/missing.c b/src/lib/missing.c +index 4598c8f..efd5461 100644 +--- a/src/lib/missing.c ++++ b/src/lib/missing.c +@@ -273,7 +273,7 @@ ntp2timeval(struct timeval *tv, char const *ntp) + tv->tv_usec = usec / 4295; /* close enough */ + } + +-#if !defined(HAVE_128BIT_INTEGERS) && defined(LITTLE_ENDIAN) ++#if !defined(HAVE_128BIT_INTEGERS) && defined(RADIUS_LITTLE_ENDIAN) + /** Swap byte order of 128 bit integer + * + * @param num 128bit integer to swap. +diff --git a/src/main/version.c b/src/main/version.c +index 0aba383..8b56ffa 100644 +--- a/src/main/version.c ++++ b/src/main/version.c +@@ -276,9 +276,9 @@ void version(void) + DEBUG3(" 0x%llx", (unsigned long long) libmagic); + + DEBUG3("Endianess:"); +-#if defined(LITTLE_ENDIAN) ++#if defined(RADIUS_LITTLE_ENDIAN) + DEBUG3(" little"); +-#elif defined(BIG_ENDIAN) ++#elif defined(RADIUS_BIG_ENDIAN) + DEBUG3(" big"); + #else + DEBUG3(" unknown"); +-- +2.1.0 + diff --git a/freeradius-talloc-dummy-request.patch b/freeradius-talloc-dummy-request.patch new file mode 100644 index 0000000..e84111f --- /dev/null +++ b/freeradius-talloc-dummy-request.patch @@ -0,0 +1,48 @@ +From 03c5915208234255484ece4c233c9e252776e3a3 Mon Sep 17 00:00:00 2001 +From: Nikolai Kondrashov +Date: Mon, 29 Sep 2014 17:40:10 +0300 +Subject: [PATCH 1/1] process: Talloc home_trigger dummy request + +Allocate the dummy request in home_trigger with talloc, instead of +allocating it on the stack, as the rest of the code expects it to be a +valid talloc context. + +This fixes a talloc_abort resulting from xlat_tokenize_request invoking +talloc_typed_strdup with the dummy request as the talloc context. +--- + src/main/process.c | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) + +diff --git a/src/main/process.c b/src/main/process.c +index 76ce4ea..7e1a51e 100644 +--- a/src/main/process.c ++++ b/src/main/process.c +@@ -3212,16 +3212,17 @@ static void ping_home_server(void *ctx) + + static void home_trigger(home_server_t *home, char const *trigger) + { +- REQUEST my_request; +- RADIUS_PACKET my_packet; ++ REQUEST *my_request; ++ RADIUS_PACKET *my_packet; + +- memset(&my_request, 0, sizeof(my_request)); +- memset(&my_packet, 0, sizeof(my_packet)); +- my_request.proxy = &my_packet; +- my_packet.dst_ipaddr = home->ipaddr; +- my_packet.src_ipaddr = home->src_ipaddr; ++ my_request = talloc_zero(NULL, REQUEST); ++ my_packet = talloc_zero(my_request, RADIUS_PACKET); ++ my_request->proxy = my_packet; ++ my_packet->dst_ipaddr = home->ipaddr; ++ my_packet->src_ipaddr = home->src_ipaddr; + +- exec_trigger(&my_request, home->cs, trigger, false); ++ exec_trigger(my_request, home->cs, trigger, false); ++ talloc_free(my_request); + } + + static void mark_home_server_zombie(home_server_t *home, struct timeval *now, struct timeval *response_window) +-- +2.1.0 + diff --git a/freeradius.spec b/freeradius.spec index 68dc490..50a24e0 100644 --- a/freeradius.spec +++ b/freeradius.spec @@ -1,7 +1,7 @@ Summary: High-performance and highly configurable free RADIUS server Name: freeradius Version: 3.0.4 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ and LGPLv2+ Group: System Environment/Daemons URL: http://www.freeradius.org/ @@ -24,6 +24,13 @@ Source104: freeradius-tmpfiles.conf Patch1: freeradius-redhat-config.patch Patch2: freeradius-postgres-sql.patch Patch3: freeradius-heartbleed-confirm.patch +Patch4: freeradius-talloc-dummy-request.patch +Patch5: freeradius-dont-detach-after-perl_parse.patch +Patch6: freeradius-access-union-consistently.patch +Patch7: freeradius-dont-truncate-uint64.patch +Patch8: freeradius-prefix-endian-macros.patch +Patch9: freeradius-dont-swap-uint128-printing-on-be.patch +Patch10: freeradius-fix-dhcp-dictionary-loading.patch %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}} @@ -183,6 +190,13 @@ This plugin provides the unixODBC support for the FreeRADIUS server project. %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 %build # Force compile/link options, extra security for network facing daemon @@ -658,7 +672,7 @@ exit 0 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/perl %dir %attr(750,root,radiusd) /etc/raddb/mods-config/perl -/etc/raddb/mods-config/perl/example.pl +%attr(640,root,radiusd) /etc/raddb/mods-config/perl/example.pl %{_libdir}/freeradius/rlm_perl.so @@ -764,6 +778,13 @@ exit 0 %{_libdir}/freeradius/rlm_sql_unixodbc.so %changelog +* Mon Oct 6 2014 Nikolai Kondrashov - 3.0.4-2 +- Fix abort on home server triggers. +- Fix segfault upon example.pl read failure. +- Fix example.pl permissions. +- Fix integer handling in various cases. +- Fix dhcpclient's dictionary.dhcp loading. + * Mon Sep 15 2014 Nikolai Kondrashov - 3.0.4-1 - Upgrade to upstream 3.0.4 release. See upstream ChangeLog for details (in freeradius-doc subpackage).