Add missing NULL checks for messages inside other protobuf messages.

When using nesting messages in protocol buffers, we need to verify
that the nested message (or struct) is non-NULL before using it.
Also correct the checks for strings, which are initialized to the
empty string and not NULL.

Thanks to Joshua Rogers for finding these.

Author: millert

logsrvd/iolog_writer.c

@@ -178,7 +178,11 @@ evlog_new(const TimeSpec *submit_time, InfoMessage * const *info_msgs,
     /* Pull out values by key from info array. */
     for (idx = 0; idx < infolen; idx++) {
 	const InfoMessage *info = info_msgs[idx];
-	const char *key = info->key;
+	const char *key;
+
+	if (info == NULL)
+	    continue;
+	key = info->key;
 	switch (key[0]) {
 	case 'c':
 	    if (strcmp(key, "columns") == 0) {

logsrvd/logsrvd.c

@@ -458,7 +458,7 @@ handle_accept(const AcceptMessage *msg, const uint8_t *buf, size_t len,
     }
 
     /* Check that message is valid. */
-    if (msg->submit_time == NULL || msg->n_info_msgs == 0) {
+    if (msg == NULL || msg->submit_time == NULL || msg->n_info_msgs == 0) {
 	sudo_warnx(U_("%s: %s"), source, U_("invalid AcceptMessage"));
 	closure->errstr = _("invalid AcceptMessage");
 	debug_return_bool(false);
@@ -495,7 +495,8 @@ handle_reject(const RejectMessage *msg, const uint8_t *buf, size_t len,
     }
 
     /* Check that message is valid. */
-    if (msg->submit_time == NULL || msg->n_info_msgs == 0) {
+    if (msg == NULL || msg->submit_time == NULL || msg->reason[0] == '\0' ||
+	    msg->n_info_msgs == 0) {
 	sudo_warnx(U_("%s: %s"), source, U_("invalid RejectMessage"));
 	closure->errstr = _("invalid RejectMessage");
 	debug_return_bool(false);
@@ -527,7 +528,7 @@ handle_exit(const ExitMessage *msg, const uint8_t *buf, size_t len,
     }
 
     /* Check that message is valid. */
-    if (msg->run_time == NULL) {
+    if (msg == NULL || msg->run_time == NULL) {
 	sudo_warnx(U_("%s: %s"), source, U_("invalid ExitMessage"));
 	closure->errstr = _("invalid ExitMessage");
 	debug_return_bool(false);
@@ -581,7 +582,7 @@ handle_restart(const RestartMessage *msg, const uint8_t *buf, size_t len,
     }
 
     /* Check that message is valid. */
-    if (msg->log_id == NULL || msg->resume_point == NULL) {
+    if (msg == NULL || msg->log_id[0] == '\0' || msg->resume_point == NULL) {
 	sudo_warnx(U_("%s: %s"), source, U_("invalid RestartMessage"));
 	closure->errstr = _("invalid RestartMessage");
 	debug_return_bool(false);
@@ -616,7 +617,7 @@ handle_alert(const AlertMessage *msg, const uint8_t *buf, size_t len,
     debug_decl(handle_alert, SUDO_DEBUG_UTIL);
 
     /* Check that message is valid. */
-    if (msg->alert_time == NULL || msg->reason == NULL) {
+    if (msg == NULL || msg->alert_time == NULL || msg->reason[0] == '\0') {
 	sudo_warnx(U_("%s: %s"), source, U_("invalid AlertMessage"));
 	closure->errstr = _("invalid AlertMessage");
 	debug_return_bool(false);
@@ -665,7 +666,7 @@ handle_iobuf(int iofd, const IoBuffer *iobuf, const uint8_t *buf, size_t len,
     }
 
     /* Check that message is valid. */
-    if (iobuf->delay == NULL) {
+    if (iobuf == NULL || iobuf->delay == NULL || iobuf->data.len == 0) {
 	sudo_warnx(U_("%s: %s"), source, U_("invalid IoBuffer"));
 	closure->errstr = _("invalid IoBuffer");
 	debug_return_bool(false);
@@ -701,7 +702,7 @@ handle_winsize(const ChangeWindowSize *msg, const uint8_t *buf, size_t len,
     }
 
     /* Check that message is valid. */
-    if (msg->delay == NULL) {
+    if (msg == NULL || msg->delay == NULL) {
 	sudo_warnx(U_("%s: %s"), source, U_("invalid ChangeWindowSize"));
 	closure->errstr = _("invalid ChangeWindowSize");
 	debug_return_bool(false);
@@ -737,7 +738,7 @@ handle_suspend(const CommandSuspend *msg, const uint8_t *buf, size_t len,
     }
 
     /* Check that message is valid. */
-    if (msg->delay == NULL || msg->signal == NULL) {
+    if (msg == NULL || msg->delay == NULL || msg->signal[0] == '\0') {
 	sudo_warnx(U_("%s: %s"), source, U_("invalid CommandSuspend"));
 	closure->errstr = _("invalid CommandSuspend");
 	debug_return_bool(false);
@@ -767,10 +768,16 @@ handle_client_hello(const ClientHello *msg, const uint8_t *buf, size_t len,
 	debug_return_bool(false);
     }
 
+    /* Check that message is valid. */
+    if (msg == NULL || msg->client_id[0] == '\0') {
+	sudo_warnx(U_("%s: %s"), source, U_("invalid ClientHello"));
+	closure->errstr = _("invalid ClientHello");
+	debug_return_bool(false);
+    }
     sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received ClientHello",
 	__func__);
     sudo_debug_printf(SUDO_DEBUG_INFO, "%s: client ID %s",
-	__func__, msg->client_id ? msg->client_id : "unknown");
+	__func__, msg->client_id);
 
     debug_return_bool(true);
 }

logsrvd/logsrvd_local.c

@@ -405,12 +405,13 @@ store_exit_local(const ExitMessage *msg, const uint8_t *buf, size_t len,
     int flags = 0;
     debug_decl(store_exit_local, SUDO_DEBUG_UTIL);
 
+    /* TODO: store the "error" string if present. */
     if (msg->run_time != NULL) {
 	evlog->run_time.tv_sec = (time_t)msg->run_time->tv_sec;
 	evlog->run_time.tv_nsec = (long)msg->run_time->tv_nsec;
     }
     evlog->exit_value = msg->exit_value;
-    if (msg->signal != NULL && msg->signal[0] != '\0') {
+    if (msg->signal[0] != '\0') {
 	sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
 	    "command was killed by SIG%s%s", msg->signal,
 	    msg->dumped_core ? " (core dumped)" : "");

logsrvd/logsrvd_relay.c

@@ -516,7 +516,7 @@ handle_server_hello(const ServerHello *msg, struct connection_closure *closure)
     }
 
     /* Check that ServerHello is valid. */
-    if (msg->server_id == NULL || msg->server_id[0] == '\0') {
+    if (msg == NULL || msg->server_id == NULL || msg->server_id[0] == '\0') {
 	sudo_warnx(U_("%s: invalid ServerHello, missing server_id"),
 	    relay_closure->relay_name.ipaddr);
 	closure->errstr = _("invalid ServerHello");
@@ -533,7 +533,7 @@ handle_server_hello(const ServerHello *msg, struct connection_closure *closure)
 }
 
 /*
- * Respond to a CommitPoint message from the relay.
+ * Respond to a commit_point ServerMessage from the relay.
  * Returns true on success, false on error.
  */
 static bool
@@ -549,13 +549,21 @@ handle_commit_point(const TimeSpec *commit_point,
 	debug_return_bool(false);
     }
 
+    /* Check that ServerMessage's commit_point is valid. */
+    if (commit_point == NULL) {
+	sudo_warnx(U_("%s: invalid ServerMessage, missing commit_point"),
+	    closure->relay_closure->relay_name.ipaddr);
+	closure->errstr = _("invalid ServerMessage");
+	debug_return_bool(false);
+    }
+
     /* Pass commit point from relay to client. */
     debug_return_bool(schedule_commit_point(commit_point, closure));
 }
 
 /*
- * Respond to a LogId message from the relay.
- * Always returns true.
+ * Respond to a log_id ServerMessage from the relay.
+ * Returns true on success, false on error.
  */
 static bool
 handle_log_id(const char *id, struct connection_closure *closure)
@@ -574,6 +582,13 @@ handle_log_id(const char *id, struct connection_closure *closure)
     if (closure->write_ev == NULL)
 	debug_return_bool(true);
 
+    if (id[0] == '\0') {
+	sudo_warnx(U_("%s: invalid ServerMessage, missing log_id string"),
+	    closure->relay_closure->relay_name.ipaddr);
+	closure->errstr = _("invalid ServerMessage");
+	debug_return_bool(false);
+    }
+
     /* Generate a new log ID that includes the relay host. */
     len = asprintf(&new_id, "%s/%s", id,
 	closure->relay_closure->relay_name.name);
@@ -593,8 +608,8 @@ handle_log_id(const char *id, struct connection_closure *closure)
 }
 
 /*
- * Respond to a ServerError message from the relay.
- * Always returns false.
+ * Respond to an error ServerMessage from the relay.
+ * Returns true on success, false on error.
  */
 static bool
 handle_server_error(const char *errmsg, struct connection_closure *closure)
@@ -611,15 +626,19 @@ handle_server_error(const char *errmsg, struct connection_closure *closure)
     sudo_ev_del(closure->evbase, closure->relay_closure->read_ev);
     sudo_ev_del(closure->evbase, closure->relay_closure->write_ev);
 
+    /* Missing error string. */
+    if (errmsg[0] == '\0')
+	errmsg = "unknown error";
+
     if (!schedule_error_message(errmsg, closure))
 	debug_return_bool(false);
 
     debug_return_bool(true);
 }
 
 /*
- * Respond to a ServerAbort message from the server.
- * Always returns false.
+ * Respond to an abort ServerMessage from the relay.
+ * Returns true on success, false on error.
  */
 static bool
 handle_server_abort(const char *errmsg, struct connection_closure *closure)
@@ -632,6 +651,10 @@ handle_server_abort(const char *errmsg, struct connection_closure *closure)
 	relay_closure->relay_name.name, relay_closure->relay_name.ipaddr,
 	errmsg);
 
+    /* Missing error string. */
+    if (errmsg[0] == '\0')
+	errmsg = "unknown error";
+
     if (!schedule_error_message(errmsg, closure))
 	debug_return_bool(false);
 

logsrvd/sendlog.c

@@ -1132,7 +1132,7 @@ handle_server_hello(const ServerHello *msg, struct client_closure *closure)
     }
 
     /* Check that ServerHello is valid. */
-    if (msg->server_id == NULL || msg->server_id[0] == '\0') {
+    if (msg == NULL || msg->server_id == NULL || msg->server_id[0] == '\0') {
 	sudo_warnx("%s", U_("invalid ServerHello"));
 	debug_return_bool(false);
     }
@@ -1151,7 +1151,7 @@ handle_server_hello(const ServerHello *msg, struct client_closure *closure)
 }
 
 /*
- * Respond to a CommitPoint message from the server.
+ * Respond to a commit_point ServerMessage from the server.
  * Returns true on success, false on error.
  */
 static bool
@@ -1166,6 +1166,13 @@ handle_commit_point(const TimeSpec *commit_point,
 	debug_return_bool(false);
     }
 
+    /* Check that ServerMessage's commit_point is valid. */
+    if (commit_point == NULL) {
+	sudo_warnx(U_("%s: invalid ServerMessage, missing commit_point"),
+	    server_info.name);
+	debug_return_bool(false);
+    }
+
     sudo_debug_printf(SUDO_DEBUG_INFO, "%s: commit point: [%lld, %d]",
 	__func__, (long long)commit_point->tv_sec, commit_point->tv_nsec);
     closure->committed.tv_sec = (time_t)commit_point->tv_sec;
@@ -1175,7 +1182,7 @@ handle_commit_point(const TimeSpec *commit_point,
 }
 
 /*
- * Respond to a LogId message from the server.
+ * Respond to a log_id ServerMessage from the relay.
  * Always returns true.
  */
 static bool

plugins/sudoers/log_client.c

@@ -1502,7 +1502,7 @@ handle_server_hello(const ServerHello *msg, struct client_closure *closure)
     }
 
     /* Check that ServerHello is valid. */
-    if (msg->server_id == NULL || msg->server_id[0] == '\0') {
+    if (msg == NULL || msg->server_id == NULL || msg->server_id[0] == '\0') {
 	sudo_warnx("%s", U_("invalid ServerHello"));
 	debug_return_bool(false);
     }
@@ -1526,7 +1526,7 @@ handle_server_hello(const ServerHello *msg, struct client_closure *closure)
 }
 
 /*
- * Respond to a CommitPoint message from the server.
+ * Respond to a commit_point ServerMessage from the server.
  * Returns true on success, false on error.
  */
 static bool
@@ -1541,6 +1541,12 @@ handle_commit_point(const TimeSpec *commit_point,
 	debug_return_bool(false);
     }
 
+    /* Check that ServerMessage's commit_point is valid. */
+    if (commit_point == NULL) {
+	sudo_warnx(U_("invalid ServerMessage"));
+	debug_return_bool(false);
+    }
+
     closure->committed.tv_sec = (time_t)commit_point->tv_sec;
     closure->committed.tv_nsec = (long)commit_point->tv_nsec;
     sudo_debug_printf(SUDO_DEBUG_INFO,
@@ -1570,6 +1576,12 @@ handle_log_id(const char *id, struct client_closure *closure)
     debug_decl(handle_log_id, SUDOERS_DEBUG_UTIL);
 
     sudo_debug_printf(SUDO_DEBUG_INFO, "%s: remote log ID: %s", __func__, id);
+
+    if (id[0] == '\0') {
+	sudo_warnx(U_("invalid ServerMessage"));
+	debug_return_bool(false);
+    }
+
     if (closure->iolog_id == NULL) {
 	if ((closure->iolog_id = strdup(id)) == NULL)
 	    sudo_fatal(U_("%s: %s"), __func__, U_("unable to allocate memory"));