Learn more about these different git repos.
Other Git URLs
We need to make sure that rec_buf is allocated before memcpy(). Right now it's not set if rec_len <= buf_size.
167 void *rec_buf = NULL;
...
At conditional (8): "rec_len > buf_size" taking the false branch. 190 if (rec_len > buf_size) { 191 free(rec_buf); 192 rec_buf = malloc(rec_len); 193 if (!rec_buf) { 194 ret = ENOMEM; 195 goto done; 196 } 197 buf_size = rec_len; 198 } 199 /* we cannot access data directly, we must copy data and then 200 * access the copy */ Passing null variable "rec_buf" to function "memcpy", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.) 201 memcpy(rec_buf, rec, rec_len); 202 rec = (struct sss_mc_rec *)rec_buf;
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.9.0 rhbz: => 0
I checked the code on responder side and rec_len can never be zero, therefore the first premise (At conditional (8): "rec_len > buf_size" taking the false branch) will never be fulfilled during the first iteration.
This can be marked as false positive, I'm closing the ticket.
resolution: => invalid status: new => closed
Metadata Update from @sgallagh: - Issue assigned to jzeleny - Issue set to the milestone: SSSD 1.9.0
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2308
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.