diff --git a/src/eap-gtc.c b/src/eap-gtc.c index 1a242886..10387925 100644 --- a/src/eap-gtc.c +++ b/src/eap-gtc.c @@ -96,7 +96,7 @@ static bool eap_gtc_load_settings(struct eap_state *eap, char *secret; snprintf(setting, sizeof(setting), "%sGTC-Secret", prefix); - secret = l_strdup(l_settings_get_value(settings, "Security", setting)); + secret = l_settings_get_string(settings, "Security", setting); gtc = l_new(struct eap_gtc_state, 1); gtc->secret = secret; diff --git a/src/eap-md5.c b/src/eap-md5.c index 4d9d16e6..0d2fbd6c 100644 --- a/src/eap-md5.c +++ b/src/eap-md5.c @@ -112,7 +112,7 @@ static bool eap_md5_load_settings(struct eap_state *eap, char *secret; snprintf(setting, sizeof(setting), "%sMD5-Secret", prefix); - secret = l_strdup(l_settings_get_value(settings, "Security", setting)); + secret = l_settings_get_string(settings, "Security", setting); md5 = l_new(struct eap_md5_state, 1); md5->secret = secret; diff --git a/src/eap-mschapv2.c b/src/eap-mschapv2.c index 59b27d38..5ae472a7 100644 --- a/src/eap-mschapv2.c +++ b/src/eap-mschapv2.c @@ -662,22 +662,26 @@ static int eap_mschapv2_check_settings(struct l_settings *settings, const char *prefix, struct l_queue **out_missing) { - const char *identity, *password = NULL, *password_hash; + const char *password_hash; + L_AUTO_FREE_VAR(char *, password); + L_AUTO_FREE_VAR(char *, identity); const struct eap_secret_info *secret; char setting[64], setting2[64]; uint8_t hash[16]; snprintf(setting, sizeof(setting), "%sIdentity", prefix); - identity = l_settings_get_value(settings, "Security", setting); + identity = l_settings_get_string(settings, "Security", setting); snprintf(setting2, sizeof(setting2), "%sPassword", prefix); - password = l_settings_get_value(settings, "Security", setting2); + password = l_settings_get_string(settings, "Security", setting2); if (!identity) { secret = l_queue_find(secrets, eap_secret_info_match, setting); if (secret) { - identity = secret->value; - password = secret->value + strlen(secret->value) + 1; + l_free(password); + identity = l_strdup(secret->value); + password = l_strdup(secret->value + + strlen(secret->value) + 1); goto validate; } @@ -721,7 +725,7 @@ static int eap_mschapv2_check_settings(struct l_settings *settings, return 0; } - password = secret->value; + password = l_strdup(secret->value); validate: if (!l_utf8_validate(password, strlen(password), NULL)) { @@ -740,13 +744,14 @@ static bool eap_mschapv2_load_settings(struct eap_state *eap, const char *prefix) { struct eap_mschapv2_state *state; - const char *identity, *password; + L_AUTO_FREE_VAR(char *, identity); + L_AUTO_FREE_VAR(char *, password) = NULL; char setting[64]; state = l_new(struct eap_mschapv2_state, 1); snprintf(setting, sizeof(setting), "%sIdentity", prefix); - identity = l_settings_get_value(settings, "Security", setting); + identity = l_settings_get_string(settings, "Security", setting); if (!identity) goto error; @@ -755,20 +760,21 @@ static bool eap_mschapv2_load_settings(struct eap_state *eap, /* Either read the password-hash from hexdump or password and hash it */ snprintf(setting, sizeof(setting), "%sPassword", prefix); - password = l_settings_get_value(settings, "Security", setting); + password = l_settings_get_string(settings, "Security", setting); + if (password) set_password_from_string(state, password); - - if (!password) { + else { unsigned char *tmp; size_t len; + const char *hash_str; snprintf(setting, sizeof(setting), "%sPassword-Hash", prefix); - password = l_settings_get_value(settings, "Security", setting); - if (!password) + hash_str = l_settings_get_value(settings, "Security", setting); + if (!hash_str) goto error; - tmp = l_util_from_hexstring(password, &len); + tmp = l_util_from_hexstring(hash_str, &len); memcpy(state->password_hash, tmp, 16); l_free(tmp); } diff --git a/src/eap-peap.c b/src/eap-peap.c index 4957a173..fe85c7ca 100644 --- a/src/eap-peap.c +++ b/src/eap-peap.c @@ -848,12 +848,14 @@ static int eap_peap_check_settings(struct l_settings *settings, struct l_queue **out_missing) { char entry[64], client_cert_entry[64], passphrase_entry[64]; - const char *path, *client_cert, *passphrase; + L_AUTO_FREE_VAR(char *, path) = NULL; + L_AUTO_FREE_VAR(char *, client_cert) = NULL; + L_AUTO_FREE_VAR(char *, passphrase) = NULL; uint8_t *cert; size_t size; snprintf(entry, sizeof(entry), "%sPEAP-CACert", prefix); - path = l_settings_get_value(settings, "Security", entry); + path = l_settings_get_string(settings, "Security", entry); if (path) { cert = l_pem_load_certificate(path, &size); if (!cert) { @@ -866,7 +868,7 @@ static int eap_peap_check_settings(struct l_settings *settings, snprintf(client_cert_entry, sizeof(client_cert_entry), "%sPEAP-ClientCert", prefix); - client_cert = l_settings_get_value(settings, "Security", + client_cert = l_settings_get_string(settings, "Security", client_cert_entry); if (client_cert) { cert = l_pem_load_certificate(client_cert, &size); @@ -878,8 +880,10 @@ static int eap_peap_check_settings(struct l_settings *settings, l_free(cert); } + l_free(path); + snprintf(entry, sizeof(entry), "%sPEAP-ClientKey", prefix); - path = l_settings_get_value(settings, "Security", entry); + path = l_settings_get_string(settings, "Security", entry); if (path && !client_cert) { l_error("%s present but no client certificate (%s)", @@ -889,7 +893,7 @@ static int eap_peap_check_settings(struct l_settings *settings, snprintf(passphrase_entry, sizeof(passphrase_entry), "%sPEAP-ClientKeyPassphrase", prefix); - passphrase = l_settings_get_value(settings, "Security", + passphrase = l_settings_get_string(settings, "Security", passphrase_entry); if (!passphrase) { @@ -963,20 +967,16 @@ static bool eap_peap_load_settings(struct eap_state *eap, peap->version = PEAP_VERSION_NOT_NEGOTIATED; snprintf(entry, sizeof(entry), "%sPEAP-CACert", prefix); - peap->ca_cert = l_strdup(l_settings_get_value(settings, "Security", - entry)); + peap->ca_cert = l_settings_get_string(settings, "Security", entry); snprintf(entry, sizeof(entry), "%sPEAP-ClientCert", prefix); - peap->client_cert = l_strdup(l_settings_get_value(settings, "Security", - entry)); + peap->client_cert = l_settings_get_string(settings, "Security", entry); snprintf(entry, sizeof(entry), "%sPEAP-ClientKey", prefix); - peap->client_key = l_strdup(l_settings_get_value(settings, "Security", - entry)); + peap->client_key = l_settings_get_string(settings, "Security", entry); snprintf(entry, sizeof(entry), "%sPEAP-ClientKeyPassphrase", prefix); - peap->passphrase = l_strdup(l_settings_get_value(settings, "Security", - entry)); + peap->passphrase = l_settings_get_string(settings, "Security", entry); peap->phase2_eap = eap_new(eap_peap_phase2_send_response, eap_peap_phase2_complete, eap); diff --git a/src/eap-pwd.c b/src/eap-pwd.c index f5cfcec3..6f4f74da 100644 --- a/src/eap-pwd.c +++ b/src/eap-pwd.c @@ -721,12 +721,13 @@ static int eap_pwd_check_settings(struct l_settings *settings, const char *prefix, struct l_queue **out_missing) { - const char *identity, *password = NULL; + const char *password; + L_AUTO_FREE_VAR(char *, identity); const struct eap_secret_info *secret; char setting[64], setting2[64]; snprintf(setting, sizeof(setting), "%sIdentity", prefix); - identity = l_settings_get_value(settings, "Security", setting); + identity = l_settings_get_string(settings, "Security", setting); snprintf(setting2, sizeof(setting2), "%sPWD-Password", prefix); password = l_settings_get_value(settings, "Security", setting2); @@ -766,8 +767,7 @@ static bool eap_pwd_load_settings(struct eap_state *eap, pwd->state = EAP_PWD_STATE_INIT; snprintf(setting, sizeof(setting), "%sIdentity", prefix); - pwd->identity = l_strdup(l_settings_get_value(settings, "Security", - setting)); + pwd->identity = l_settings_get_string(settings, "Security", setting); if (!pwd->identity) { l_error("EAP-Identity is missing"); @@ -775,8 +775,7 @@ static bool eap_pwd_load_settings(struct eap_state *eap, } snprintf(setting, sizeof(setting), "%sPWD-Password", prefix); - pwd->password = l_strdup(l_settings_get_value(settings, "Security", - setting)); + pwd->password = l_settings_get_string(settings, "Security", setting); if (!pwd->password) { l_error("EAP-PWD password is missing"); diff --git a/src/eap-tls.c b/src/eap-tls.c index 0fdaf57a..ec4512de 100644 --- a/src/eap-tls.c +++ b/src/eap-tls.c @@ -393,12 +393,14 @@ static int eap_tls_check_settings(struct l_settings *settings, struct l_queue **out_missing) { char setting[64], client_cert_setting[64], passphrase_setting[64]; - const char *path, *client_cert, *passphrase; + L_AUTO_FREE_VAR(char *, path) = NULL; + L_AUTO_FREE_VAR(char *, client_cert) = NULL; + L_AUTO_FREE_VAR(char *, passphrase) = NULL; uint8_t *cert; size_t size; snprintf(setting, sizeof(setting), "%sTLS-CACert", prefix); - path = l_settings_get_value(settings, "Security", setting); + path = l_settings_get_string(settings, "Security", setting); if (path) { cert = l_pem_load_certificate(path, &size); if (!cert) { @@ -411,7 +413,7 @@ static int eap_tls_check_settings(struct l_settings *settings, snprintf(client_cert_setting, sizeof(client_cert_setting), "%sTLS-ClientCert", prefix); - client_cert = l_settings_get_value(settings, "Security", + client_cert = l_settings_get_string(settings, "Security", client_cert_setting); if (client_cert) { cert = l_pem_load_certificate(client_cert, &size); @@ -423,8 +425,10 @@ static int eap_tls_check_settings(struct l_settings *settings, l_free(cert); } + l_free(path); + snprintf(setting, sizeof(setting), "%sTLS-ClientKey", prefix); - path = l_settings_get_value(settings, "Security", setting); + path = l_settings_get_string(settings, "Security", setting); if (path && !client_cert) { l_error("%s present but no client certificate (%s)", @@ -434,7 +438,7 @@ static int eap_tls_check_settings(struct l_settings *settings, snprintf(passphrase_setting, sizeof(passphrase_setting), "%sTLS-ClientKeyPassphrase", prefix); - passphrase = l_settings_get_value(settings, "Security", + passphrase = l_settings_get_string(settings, "Security", passphrase_setting); if (!passphrase) { @@ -443,7 +447,7 @@ static int eap_tls_check_settings(struct l_settings *settings, secret = l_queue_find(secrets, eap_secret_info_match, passphrase_setting); if (secret) - passphrase = secret->value; + passphrase = l_strdup(secret->value); } if (path) { @@ -504,20 +508,16 @@ static bool eap_tls_load_settings(struct eap_state *eap, tls = l_new(struct eap_tls_state, 1); snprintf(setting, sizeof(setting), "%sTLS-CACert", prefix); - tls->ca_cert = l_strdup(l_settings_get_value(settings, - "Security", setting)); + tls->ca_cert = l_settings_get_string(settings, "Security", setting); snprintf(setting, sizeof(setting), "%sTLS-ClientCert", prefix); - tls->client_cert = l_strdup(l_settings_get_value(settings, - "Security", setting)); + tls->client_cert = l_settings_get_string(settings, "Security", setting); snprintf(setting, sizeof(setting), "%sTLS-ClientKey", prefix); - tls->client_key = l_strdup(l_settings_get_value(settings, - "Security", setting)); + tls->client_key = l_settings_get_string(settings, "Security", setting); snprintf(setting, sizeof(setting), "%sTLS-ClientKeyPassphrase", prefix); - tls->passphrase = l_strdup(l_settings_get_value(settings, - "Security", setting)); + tls->passphrase = l_settings_get_string(settings, "Security", setting); eap_set_data(eap, tls); diff --git a/src/eap-ttls.c b/src/eap-ttls.c index bb8586df..4d499205 100644 --- a/src/eap-ttls.c +++ b/src/eap-ttls.c @@ -660,12 +660,14 @@ static int eap_ttls_check_settings(struct l_settings *settings, struct l_queue **out_missing) { char setting[64], client_cert_setting[64], passphrase_setting[64]; - const char *path, *client_cert, *passphrase; + L_AUTO_FREE_VAR(char *, path) = NULL; + L_AUTO_FREE_VAR(char *, client_cert) = NULL; + L_AUTO_FREE_VAR(char *, passphrase) = NULL; uint8_t *cert; size_t size; snprintf(setting, sizeof(setting), "%sTTLS-CACert", prefix); - path = l_settings_get_value(settings, "Security", setting); + path = l_settings_get_string(settings, "Security", setting); if (path) { cert = l_pem_load_certificate(path, &size); if (!cert) { @@ -678,7 +680,7 @@ static int eap_ttls_check_settings(struct l_settings *settings, snprintf(client_cert_setting, sizeof(client_cert_setting), "%sTTLS-ClientCert", prefix); - client_cert = l_settings_get_value(settings, "Security", + client_cert = l_settings_get_string(settings, "Security", client_cert_setting); if (client_cert) { cert = l_pem_load_certificate(client_cert, &size); @@ -690,8 +692,10 @@ static int eap_ttls_check_settings(struct l_settings *settings, l_free(cert); } + l_free(path); + snprintf(setting, sizeof(setting), "%sTTLS-ClientKey", prefix); - path = l_settings_get_value(settings, "Security", setting); + path = l_settings_get_string(settings, "Security", setting); if (path && !client_cert) { l_error("%s present but no client certificate (%s)", @@ -701,7 +705,7 @@ static int eap_ttls_check_settings(struct l_settings *settings, snprintf(passphrase_setting, sizeof(passphrase_setting), "%sTTLS-ClientKeyPassphrase", prefix); - passphrase = l_settings_get_value(settings, "Security", + passphrase = l_settings_get_string(settings, "Security", passphrase_setting); if (!passphrase) { @@ -774,21 +778,18 @@ static bool eap_ttls_load_settings(struct eap_state *eap, ttls = l_new(struct eap_ttls_state, 1); snprintf(setting, sizeof(setting), "%sTTLS-CACert", prefix); - ttls->ca_cert = l_strdup(l_settings_get_value(settings, - "Security", setting)); + ttls->ca_cert = l_settings_get_string(settings, "Security", setting); snprintf(setting, sizeof(setting), "%sTTLS-ClientCert", prefix); - ttls->client_cert = l_strdup(l_settings_get_value(settings, - "Security", setting)); + ttls->client_cert = l_settings_get_string(settings, + "Security", setting); snprintf(setting, sizeof(setting), "%sTTLS-ClientKey", prefix); - ttls->client_key = l_strdup(l_settings_get_value(settings, - "Security", setting)); + ttls->client_key = l_settings_get_string(settings, "Security", setting); snprintf(setting, sizeof(setting), "%sTTLS-ClientKeyPassphrase", prefix); - ttls->passphrase = l_strdup(l_settings_get_value(settings, - "Security", setting)); + ttls->passphrase = l_settings_get_string(settings, "Security", setting); ttls->eap = eap_new(eap_ttls_eap_tx_packet, eap_ttls_eap_complete, eap); diff --git a/src/eap.c b/src/eap.c index 9e685ec9..5bffad52 100644 --- a/src/eap.c +++ b/src/eap.c @@ -509,8 +509,8 @@ bool eap_load_settings(struct eap_state *eap, struct l_settings *settings, /* get identity from settings or from EAP method */ if (!eap->method->get_identity) { snprintf(setting, sizeof(setting), "%sIdentity", prefix); - eap->identity = l_strdup(l_settings_get_value(settings, - "Security", setting)); + eap->identity = l_settings_get_string(settings, + "Security", setting); } else { eap->identity = l_strdup(eap->method->get_identity(eap)); }