#1684 Dereference after null check in sss_idmap_sid_to_unix
Closed: Fixed None Opened 7 years ago by mzidek.

We could return error code if NULL is passed to this function.

enum idmap_error_code sss_idmap_sid_to_unix(struct sss_idmap_ctx *ctx,
293                                            const char *sid,
294                                            uint32_t *id)
296    struct idmap_domain_info *idmap_domain_info;
297    size_t dom_len;
298    long long rid;
299    char *endptr;
303    idmap_domain_info = ctx->idmap_domain_info;
At conditional (1): "sid" taking the false branch.
CID 13117: Dereference after null check (FORWARD_NULL)Comparing "sid" to null implies that "sid" might be null.
305    if (sid && sss_idmap_sid_is_builtin(sid)) {
306        return IDMAP_BUILTIN_SID;
307    }
At conditional (2): "idmap_domain_info != NULL" taking the true branch.
309    while (idmap_domain_info != NULL) {
310        dom_len = strlen(idmap_domain_info->sid);
Passing null variable "sid" to function "strlen", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)
311        if (strlen(sid) > dom_len && sid[dom_len] == '-' &&

Fields changed

owner: somebody => mzidek
status: new => assigned

milestone: NEEDS_TRIAGE => SSSD 1.9.3
resolution: => fixed
status: assigned => closed

Found by Coverity. Nothing to test in RHEL.

rhbz: => 0

Metadata Update from @mzidek:
- Issue assigned to mzidek
- Issue set to the milestone: SSSD 1.9.3

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2726

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.