#1674 Explicit null dereferenced
Closed: Fixed None Opened 6 years ago by mzidek.

Null pointer was dereferenced if ldb_msg_find_element(res->msgs[0], "version") returned NULL.

At conditional (12): "res->count == 1U" taking the true branch.
1048    if (res->count == 1) {
1049        el = ldb_msg_find_element(res->msgs[0], "version");
At conditional (13): "el" taking the false branch.
1050        if (el) {
1051            if (el->num_values != 1) {
1052                ret = EINVAL;
1053                goto done;
1054            }
1055            version = talloc_strndup(tmp_ctx,
1056                                     (char *)(el->values[0].data),
1057                                     el->values[0].length);
1058            if (!version) {
1059                ret = ENOMEM;
1060                goto done;
1061            }
1062
1063            if (strcmp(version, SYSDB_VERSION) == 0) {
1064                /* all fine, return */
1065                ret = EOK;
1066                goto done;
1067            }
1068
1069            if (!allow_upgrade) {
1070                DEBUG(0, ("Wrong DB version (got %s expected %s)\n",
1071                          version, SYSDB_VERSION));
1072                ret = sysdb_version_check(SYSDB_VERSION, version);
1073                goto done;
1074            }
1075
1076            DEBUG(4, ("Upgrading DB [%s] from version: %s\n",
1077                      domain->name, version));
1078
1079            if (strcmp(version, SYSDB_VERSION_0_3) == 0) {
1080                ret = sysdb_upgrade_03(sysdb, &version);
1081                if (ret != EOK) {
1082                    goto done;
1083                }
1084            }
1085
1086            if (strcmp(version, SYSDB_VERSION_0_4) == 0) {
1087                ret = sysdb_upgrade_04(sysdb, &version);
1088                if (ret != EOK) {
1089                    goto done;
1090                }
1091            }
1092
1093            if (strcmp(version, SYSDB_VERSION_0_5) == 0) {
1094                ret = sysdb_upgrade_05(sysdb, &version);
1095                if (ret != EOK) {
1096                    goto done;
1097                }
1098            }
1099
1100            if (strcmp(version, SYSDB_VERSION_0_6) == 0) {
1101                ret = sysdb_upgrade_06(sysdb, &version);
1102                if (ret != EOK) {
1103                    goto done;
1104                }
1105            }
1106
1107            if (strcmp(version, SYSDB_VERSION_0_7) == 0) {
1108                ret = sysdb_upgrade_07(sysdb, &version);
1109                if (ret != EOK) {
1110                    goto done;
1111                }
1112            }
1113
1114            if (strcmp(version, SYSDB_VERSION_0_8) == 0) {
1115                ret = sysdb_upgrade_08(sysdb, &version);
1116                if (ret != EOK) {
1117                    goto done;
1118                }
1119            }
1120
1121            if (strcmp(version, SYSDB_VERSION_0_9) == 0) {
1122                ret = sysdb_upgrade_09(sysdb, &version);
1123                if (ret != EOK) {
1124                    goto done;
1125                }
1126            }
1127
1128            if (strcmp(version, SYSDB_VERSION_0_10) == 0) {
1129                ret = sysdb_upgrade_10(sysdb, &version);
1130                if (ret != EOK) {
1131                    goto done;
1132                }
1133            }
1134
1135            if (strcmp(version, SYSDB_VERSION_0_11) == 0) {
1136                ret = sysdb_upgrade_11(sysdb, &version);
1137                if (ret != EOK) {
1138                    goto done;
1139                }
1140            }
1141
1142            if (strcmp(version, SYSDB_VERSION_0_12) == 0) {
1143                ret = sysdb_upgrade_12(sysdb, &version);
1144                if (ret != EOK) {
1145                    goto done;
1146                }
1147            }
1148
1149            if (strcmp(version, SYSDB_VERSION_0_13) == 0) {
1150                ret = sysdb_upgrade_13(sysdb, &version);
1151                if (ret != EOK) {
1152                    goto done;
1153                }
1154            }
1155
1156            /* The version should now match SYSDB_VERSION.
1157             * If not, it means we didn't match any of the
1158             * known older versions. The DB might be
1159             * corrupt or generated by a newer version of
1160             * SSSD.
1161             */
1162            if (strcmp(version, SYSDB_VERSION) == 0) {
1163                /* The cache has been upgraded.
1164                 * We need to reopen the LDB to ensure that
1165                 * any changes made above take effect.
1166                 */
1167                talloc_zfree(sysdb->ldb);
1168                ret = sysdb_ldb_connect(sysdb, sysdb->ldb_file, &sysdb->ldb);
1169                if (ret != EOK) {
1170                    DEBUG(1, ("sysdb_ldb_connect failed.\n"));
1171                }
1172                goto done;
1173            }
1174        }
1175
At conditional (14): "debug_level & __debug_macro_newlevel" taking the true branch.
At conditional (15): "debug_timestamps" taking the true branch.
At conditional (16): "debug_microseconds" taking the true branch.
At conditional (17): "version" taking the false branch.
1176        DEBUG(0,("Unknown DB version [%s], expected [%s] for domain %s!\n",
1177                 version?version:"not found", SYSDB_VERSION, domain->name));
Passing null variable "version" to function "sysdb_version_check", which dereferences it. [show details]
1178        ret = sysdb_version_check(SYSDB_VERSION, version);
1179        goto done;
1180    }

Fields changed

patch: 0 => 1

milestone: NEEDS_TRIAGE => SSSD 1.9.3
resolution: => fixed
status: new => closed

Fields changed

rhbz: => 0

Metadata Update from @mzidek:
- Issue set to the milestone: SSSD 1.9.3

2 years ago

Login to comment on this ticket.

Metadata