catch corner cases in parsing files

alandekok · alandekok · commit 1cdcb70ed728 · 2026-03-11T15:18:28.000-04:00
diff --git a/src/lib/server/cf_file.c b/src/lib/server/cf_file.c
@@ -715,6 +715,9 @@ cf_file_check_err_t cf_file_check_effective(char const *filename,
 		if (seteuid(conf_check_uid) < 0) {
 			fr_strerror_printf("Failed setting effective user ID (%d) for file check: %s",
 					   (int) conf_check_uid, fr_syserror(errno));
+
+		restore_gid:
+			if (conf_check_gid != egid) (void) setegid(egid);
 			return CF_FILE_OTHER_ERROR;
 		}
 	}
@@ -723,7 +726,7 @@ cf_file_check_err_t cf_file_check_effective(char const *filename,
 		if (seteuid(euid) < 0) {
 			fr_strerror_printf("Failed restoring effective user ID (%d) after file check: %s",
 					   (int) euid, fr_syserror(errno));
-			return CF_FILE_OTHER_ERROR;
+			goto restore_gid;
 		}
 	}
 	if (conf_check_gid != egid) {
@@ -3976,13 +3979,18 @@ CONF_ITEM *cf_reference_item(CONF_SECTION const *parent_cs,
 				return NULL;
 			}
 
-			if (n2) break;
-
 			/*
 			 *	"name1[name2", but not "name1[name2]"
+			 *
+			 *	The inner loop exited because it found *q == '\0',
+			 *	meaning that the closing ']' was never found.
 			 */
-			fr_strerror_printf("Invalid reference after '%s', missing close ']'", n2);
-			return NULL;
+			if (!*q) {
+				fr_strerror_printf("Invalid reference after '%s', missing close ']'", n1);
+				return NULL;
+			}
+
+			break;
 		}
 		p = q;		/* get it ready for the next round */
 
