#1674 Explicit null dereferenced
Closed: Fixed None Opened 7 years ago by mzidek.

Null pointer was dereferenced if ldb_msg_find_element(res->msgs[0], "version") returned NULL.

At conditional (12): "res->count == 1U" taking the true branch.
1048    if (res->count == 1) {
1049        el = ldb_msg_find_element(res->msgs[0], "version");
At conditional (13): "el" taking the false branch.
1050        if (el) {
1051            if (el->num_values != 1) {
1052                ret = EINVAL;
1053                goto done;
1054            }
1055            version = talloc_strndup(tmp_ctx,
1056                                     (char *)(el->values[0].data),
1057                                     el->values[0].length);
1058            if (!version) {
1059                ret = ENOMEM;
1060                goto done;
1061            }
1062
1063            if (strcmp(version, SYSDB_VERSION) == 0) {
1064                /* all fine, return */
1065                ret = EOK;
1066                goto done;
1067            }
1068
1069            if (!allow_upgrade) {
1070                DEBUG(0, ("Wrong DB version (got %s expected %s)\n",
1071                          version, SYSDB_VERSION));
1072                ret = sysdb_version_check(SYSDB_VERSION, version);
1073                goto done;
1074            }
1075
1076            DEBUG(4, ("Upgrading DB [%s] from version: %s\n",
1077                      domain->name, version));
1078
1079            if (strcmp(version, SYSDB_VERSION_0_3) == 0) {
1080                ret = sysdb_upgrade_03(sysdb, &version);
1081                if (ret != EOK) {
1082                    goto done;
1083                }
1084            }
1085
1086            if (strcmp(version, SYSDB_VERSION_0_4) == 0) {
1087                ret = sysdb_upgrade_04(sysdb, &version);
1088                if (ret != EOK) {
1089                    goto done;
1090                }
1091            }
1092
1093            if (strcmp(version, SYSDB_VERSION_0_5) == 0) {
1094                ret = sysdb_upgrade_05(sysdb, &version);
1095                if (ret != EOK) {
1096                    goto done;
1097                }
1098            }
1099
1100            if (strcmp(version, SYSDB_VERSION_0_6) == 0) {
1101                ret = sysdb_upgrade_06(sysdb, &version);
1102                if (ret != EOK) {
1103                    goto done;
1104                }
1105            }
1106
1107            if (strcmp(version, SYSDB_VERSION_0_7) == 0) {
1108                ret = sysdb_upgrade_07(sysdb, &version);
1109                if (ret != EOK) {
1110                    goto done;
1111                }
1112            }
1113
1114            if (strcmp(version, SYSDB_VERSION_0_8) == 0) {
1115                ret = sysdb_upgrade_08(sysdb, &version);
1116                if (ret != EOK) {
1117                    goto done;
1118                }
1119            }
1120
1121            if (strcmp(version, SYSDB_VERSION_0_9) == 0) {
1122                ret = sysdb_upgrade_09(sysdb, &version);
1123                if (ret != EOK) {
1124                    goto done;
1125                }
1126            }
1127
1128            if (strcmp(version, SYSDB_VERSION_0_10) == 0) {
1129                ret = sysdb_upgrade_10(sysdb, &version);
1130                if (ret != EOK) {
1131                    goto done;
1132                }
1133            }
1134
1135            if (strcmp(version, SYSDB_VERSION_0_11) == 0) {
1136                ret = sysdb_upgrade_11(sysdb, &version);
1137                if (ret != EOK) {
1138                    goto done;
1139                }
1140            }
1141
1142            if (strcmp(version, SYSDB_VERSION_0_12) == 0) {
1143                ret = sysdb_upgrade_12(sysdb, &version);
1144                if (ret != EOK) {
1145                    goto done;
1146                }
1147            }
1148
1149            if (strcmp(version, SYSDB_VERSION_0_13) == 0) {
1150                ret = sysdb_upgrade_13(sysdb, &version);
1151                if (ret != EOK) {
1152                    goto done;
1153                }
1154            }
1155
1156            /* The version should now match SYSDB_VERSION.
1157             * If not, it means we didn't match any of the
1158             * known older versions. The DB might be
1159             * corrupt or generated by a newer version of
1160             * SSSD.
1161             */
1162            if (strcmp(version, SYSDB_VERSION) == 0) {
1163                /* The cache has been upgraded.
1164                 * We need to reopen the LDB to ensure that
1165                 * any changes made above take effect.
1166                 */
1167                talloc_zfree(sysdb->ldb);
1168                ret = sysdb_ldb_connect(sysdb, sysdb->ldb_file, &sysdb->ldb);
1169                if (ret != EOK) {
1170                    DEBUG(1, ("sysdb_ldb_connect failed.\n"));
1171                }
1172                goto done;
1173            }
1174        }
1175
At conditional (14): "debug_level & __debug_macro_newlevel" taking the true branch.
At conditional (15): "debug_timestamps" taking the true branch.
At conditional (16): "debug_microseconds" taking the true branch.
At conditional (17): "version" taking the false branch.
1176        DEBUG(0,("Unknown DB version [%s], expected [%s] for domain %s!\n",
1177                 version?version:"not found", SYSDB_VERSION, domain->name));
Passing null variable "version" to function "sysdb_version_check", which dereferences it. [show details]
1178        ret = sysdb_version_check(SYSDB_VERSION, version);
1179        goto done;
1180    }

Fields changed

patch: 0 => 1

milestone: NEEDS_TRIAGE => SSSD 1.9.3
resolution: => fixed
status: new => closed

Fields changed

rhbz: => 0

Metadata Update from @mzidek:
- Issue set to the milestone: SSSD 1.9.3

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2716

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata