From c97a6dd542cd490ebebdfcb66b163dc70fc2bc56 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Fri, 8 Nov 2019 21:18:05 +0000
Subject: [PATCH] make-secnet-sites: Tainted: Fix a lot of bad return values

This code had remnants of a previously intended calling convention,
where object return chaining would be used.

Unfortunately in the currently used calling style, we expect to get a
boolean back everywhere, where true meas `ok'.  Returning `self' is
always treated as `ok' because it's trueish.

Luckily this doesn't cause actual security bugs because we always
return from all of the top-level entrypoints via ._rtn[val] which
checks the ._ok setting, which does properly track problems.  So we
fail an assertion rather than printing a nice message.  This is not
pretty but it is not a vulnerability.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
 make-secnet-sites | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/make-secnet-sites b/make-secnet-sites
index c26cab0..b4cd9af 100755
--- a/make-secnet-sites
+++ b/make-secnet-sites
@@ -105,19 +105,19 @@ class Tainted:
 		assert(self._ok is not True)
 		self._ok=False
 		complain('bad parameter: %s: %s' % (what, why))
-		return self
+		return False
 
 	def _max_ok(self,what,maxlen):
 		if len(self._s) > maxlen:
-			self._bad(what,'too long (max %d)' % maxlen)
-		return self
+			return self._bad(what,'too long (max %d)' % maxlen)
+		return True
 
 	def _re_ok(self,bad,what,maxlen=None):
 		if maxlen is None: maxlen=max[what]
 		self._max_ok(what,maxlen)
-		if self._ok is False: return self
+		if self._ok is False: return False
 		if bad.search(self._s): return self._bad(what,'bad syntax')
-		return self
+		return True
 
 	def _rtnval(self, is_ok, ifgood, ifbad=''):
 		if is_ok:
-- 
2.30.2