#1080 Unchecked return value for setenv() in check_and_export_options()
Closed: Fixed None Opened 9 years ago by sgallagh.

Occurs at lines 174 and 176.

106errno_t check_and_export_options(struct dp_option *opts,
107                                 struct sss_domain_info *dom,
108                                 struct krb5_ctx *krb5_ctx)
109{
110    int ret;
111    const char *realm;
112    const char *dummy;
113    char *use_fast_str;
114    char *fast_principal;
115
116    realm = dp_opt_get_cstring(opts, KRB5_REALM);
At conditional (1): "realm == NULL" taking the true branch.
117    if (realm == NULL) {
118        ret = dp_opt_set_string(opts, KRB5_REALM, dom->name);
At conditional (2): "ret != 0" taking the false branch.
119        if (ret != EOK) {
120            DEBUG(1, ("dp_opt_set_string failed.\n"));
121            return ret;
122        }
123        realm = dom->name;
124    }
125
Assigning: "ret" = return value from "setenv("SSSD_KRB5_REALM", realm, 1)".
126    ret = setenv(SSSD_KRB5_REALM, realm, 1);
At conditional (3): "ret != 0" taking the false branch.
"ret" has its value checked in "ret != 0".
127    if (ret != EOK) {
128        DEBUG(2, ("setenv %s failed, authentication might fail.\n",
129                  SSSD_KRB5_REALM));
130    }
131
132    ret = check_and_export_lifetime(opts, KRB5_RENEWABLE_LIFETIME,
133                                    SSSD_KRB5_RENEWABLE_LIFETIME);
At conditional (4): "ret != 0" taking the false branch.
134    if (ret != EOK) {
135        DEBUG(1, ("Failed to check value of krb5_renewable_lifetime. [%d][%s]\n",
136                  ret, strerror(ret)));
137        return ret;
138    }
139
140    ret = check_and_export_lifetime(opts, KRB5_LIFETIME,
141                                    SSSD_KRB5_LIFETIME);
At conditional (5): "ret != 0" taking the false branch.
142    if (ret != EOK) {
143        DEBUG(1, ("Failed to check value of krb5_lifetime. [%d][%s]\n",
144                  ret, strerror(ret)));
145        return ret;
146    }
147
148
149    use_fast_str = dp_opt_get_string(opts, KRB5_USE_FAST);
At conditional (6): "use_fast_str != NULL" taking the true branch.
150    if (use_fast_str != NULL) {
151        ret = check_fast(use_fast_str, &krb5_ctx->use_fast);
At conditional (7): "ret != 0" taking the false branch.
152        if (ret != EOK) {
153            DEBUG(1, ("check_fast failed.\n"));
154            return ret;
155        }
156
At conditional (8): "krb5_ctx->use_fast" taking the true branch.
157        if (krb5_ctx->use_fast) {
Assigning: "ret" = return value from "setenv("SSSD_KRB5_USE_FAST", use_fast_str, 1)".
158            ret = setenv(SSSD_KRB5_USE_FAST, use_fast_str, 1);
At conditional (9): "ret != 0" taking the false branch.
"ret" has its value checked in "ret != 0".
159            if (ret != EOK) {
160                DEBUG(2, ("setenv [%s] failed.\n", SSSD_KRB5_USE_FAST));
161            } else {
162                fast_principal = dp_opt_get_string(opts, KRB5_FAST_PRINCIPAL);
At conditional (10): "fast_principal != NULL" taking the true branch.
163                if (fast_principal != NULL) {
Assigning: "ret" = return value from "setenv("SSSD_KRB5_FAST_PRINCIPAL", fast_principal, 1)".
164                    ret = setenv(SSSD_KRB5_FAST_PRINCIPAL, fast_principal, 1);
At conditional (11): "ret != 0" taking the false branch.
"ret" has its value checked in "ret != 0".
165                    if (ret != EOK) {
166                        DEBUG(2, ("setenv [%s] failed.\n", SSSD_KRB5_FAST_PRINCIPAL));
167                    }
168                }
169            }
170        }
171    }
172
At conditional (12): "_dp_opt_get_bool(opts, 14, <anonymous>)" taking the false branch.
173    if (dp_opt_get_bool(opts, KRB5_CANONICALIZE)) {
CID 12194: Unchecked return value (CHECKED_RETURN) [select defect]
174        setenv(SSSD_KRB5_CANONICALIZE, "true", 1);
175    } else {
CID 12194: Unchecked return value (CHECKED_RETURN)Calling function "setenv" without checking return value (as is done elsewhere 9 out of 11 times).
No check of the return value of "setenv("SSSD_KRB5_CANONICALIZE", "false", 1)".
176        setenv(SSSD_KRB5_CANONICALIZE, "false", 1);
177    }

Fields changed

patch: 0 => 1
status: new => assigned

Fixed in: 98e0f08

resolution: => fixed
status: assigned => closed

Fields changed

rhbz: => 0

Metadata Update from @sgallagh:
- Issue assigned to jzeleny
- Issue set to the milestone: SSSD 1.7.0

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2122

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata