#1863 Dereference after a NULL check in krb5_child.c
Closed: Invalid None Opened 5 years ago by jhrozek.

Found by Coverity:

1135    /* Use the updated principal in the creds in case canonicalized */

23. Condition "kr->creds", taking false branch

24. var_compare_op: Comparing "kr->creds" to null implies that "kr->creds" might be null.
1136    kerr = create_ccache(kr->uid, kr->gid, kr->ctx,
1137                         kr->creds ? kr->creds->client : kr->princ,
1138                         kr->ccname, kr->creds);

25. Condition "kerr != 0", taking false branch
1139    if (kerr != 0) {
1140        KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
1141        goto done;
1142    }
1143

CID 10022 (#1 of 1): Dereference after null check (FORWARD_NULL)26. var_deref_model: Passing "kr" to function "add_ticket_times_and_upn_to_response(struct krb5_req *)", which dereferences null "kr->creds". [show details]
1144    kerr = add_ticket_times_and_upn_to_response(kr);
1145    if (kerr != 0) {
1146        DEBUG(1, ("add_ticket_times_and_upn_to_response failed.\n"));
1147    }

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.10.0
rhbz: => 0

Fields changed

owner: somebody => okos

This was a false-positive, coverity suspected that kr->creds might be NULL because of the check in create_ccache call, but the function itself then creates kr->creds. The only reason for the null check is to determine, if we have the creds yet, or we're creating them from principal.

resolution: => invalid
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to okos
- Issue set to the milestone: SSSD 1.10.0

2 years ago

Login to comment on this ticket.

Metadata