#1237 only free if sure data has been allocated
Closed: Fixed None Opened 8 years ago by jhrozek.

78        do {
 79            ret = _sss_getautomntent_r(&key, &value, ctx);
At conditional (2): "ret == 0" taking the true branch.
 80            if (ret == 0) {
CID 12583: Use after free (USE_AFTER_FREE) [select defect]
CID 12584: Use after free (USE_AFTER_FREE)Passing freed pointer "value" as an argument to function "printf".
 81                printf("key: %s\t\tvalue: %s\n", key, value);
 82            }
CID 12583: Double free (USE_AFTER_FREE) [select defect]
 83            free(key);
CID 12584: Double free (USE_AFTER_FREE) [select defect]
"free" frees "value".
 84            free(value);
At conditional (1): "ret == 0" taking the true branch.
 85        } while(ret == 0);

We should move the "free" calls to the "if (ret == 0)" branch only.

Setting priority to trivial - this only affects the test CLI tool.


Fields changed

keywords: => Coverity

Fields changed

component: SSSD => AutoFS Responder
owner: somebody => jhrozek
patch: 0 => 1

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.8.1 (LTM)
rhbz: => 0

resolution: => fixed
status: new => closed

These two issues are still being reported by Coverity scans:

75    if (!pc_key) {
 76        key = NULL;
 77        value = NULL;
 78        do {
 79            ret = _sss_getautomntent_r(&key, &value, ctx);
At conditional (2): "ret == 0" taking the true branch.
 80            if (ret == 0) {
CID 12583: Use after free (USE_AFTER_FREE) [select defect]
CID 12584: Use after free (USE_AFTER_FREE)Passing freed pointer "value" as an argument to function "printf".
 81                printf("key: %s\t\tvalue: %s\n", key, value);
 82                free(key);
"free" frees "value".
 83                free(value);
 84            }
At conditional (1): "ret == 0" taking the true branch.
 85        } while(ret == 0);
 86
 87        if (ret != 0 && ret != ENOENT) {
 88            fprintf(stderr, "getautomntent_r failed [%d]: %s\n",
 89                    ret, strerror(ret));
 90            exit(EXIT_FAILURE);
 91        }

and

75    if (!pc_key) {
 76        key = NULL;
 77        value = NULL;
 78        do {
 79            ret = _sss_getautomntent_r(&key, &value, ctx);
At conditional (2): "ret == 0" taking the true branch.
 80            if (ret == 0) {
CID 12584: Use after free (USE_AFTER_FREE) [select defect]
CID 12583: Use after free (USE_AFTER_FREE)Passing freed pointer "key" as an argument to function "printf".
 81                printf("key: %s\t\tvalue: %s\n", key, value);
"free" frees "key".
 82                free(key);
 83                free(value);
 84            }
At conditional (1): "ret == 0" taking the true branch.
 85        } while(ret == 0);
 86
 87        if (ret != 0 && ret != ENOENT) {
 88            fprintf(stderr, "getautomntent_r failed [%d]: %s\n",
 89                    ret, strerror(ret));
 90            exit(EXIT_FAILURE);
 91        }

resolution: fixed =>
status: closed => reopened

Fields changed

milestone: SSSD 1.8.1 (LTM) => SSSD 1.8.2 (LTM)

Fields changed

status: reopened => new

A second attempt is one the list.

status: new => assigned

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.8.2 (LTM)

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2279

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata