#3687 KCM: Don't pass a non null terminated string to json_loads()
Closed: cloned-to-github 3 years ago by pbrezina. Opened 5 years ago by fidencio.

By doing this, the following issues can be seen when running sssd-kcm under valgrind:

==2638== Conditional jump or move depends on uninitialised value(s)
==2638==    at 0x57DB678: stream_get.part.3 (load.c:172)
==2638==    by 0x57DB9CA: stream_get (load.c:643)
==2638==    by 0x57DB9CA: lex_get (load.c:246)
==2638==    by 0x57DB9CA: lex_scan (load.c:601)
==2638==    by 0x57DC56A: parse_json.constprop.7 (load.c:904)
==2638==    by 0x57DC6AB: json_loads (load.c:959)
==2638==    by 0x11ABEA: ??? (in /usr/libexec/sssd/sssd_kcm)
==2638==    by 0x11AEF0: ??? (in /usr/libexec/sssd/sssd_kcm)
==2638==    by 0x125D4A: ??? (in /usr/libexec/sssd/sssd_kcm)
==2638==    by 0x12623B: ??? (in /usr/libexec/sssd/sssd_kcm)
==2638==    by 0x9BCD71F: epoll_event_loop (tevent_epoll.c:728)
==2638==    by 0x9BCD71F: epoll_event_loop_once (tevent_epoll.c:930)
==2638==    by 0x9BCBBA6: std_event_loop_once (tevent_standard.c:114)
==2638==    by 0x9BC7FEC: _tevent_loop_once (tevent.c:725)
==2638==    by 0x9BC820A: tevent_common_loop_wait (tevent.c:848)

This is one of the reasons that users weren't able to properly use KCM and by solving this should solve at least part of https://bugzilla.redhat.com/show_bug.cgi?id=1494843

NOTE: It's important to check whether the other 2 uses of json_loads() are using NULL terminated strings, otherwise they'd have to also be changed to use json_loadb() instead.


Metadata Update from @fidencio:
- Issue assigned to fidencio

5 years ago

Metadata Update from @fidencio:
- Issue tagged with: KCM

5 years ago

Metadata Update from @fidencio:
- Custom field patch adjusted to on

5 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.2
- Issue tagged with: bug

5 years ago

I pushed PR #542 as a40c6b4 so that we can patch downstreams and avoid a crash while we medidate on what should the best option be.

I won't be closing this ticket as we only have a stop-gap and not a proper fix.

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.3 (was: SSSD 1.16.2)

5 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.4 (was: SSSD 1.16.3)

5 years ago

Metadata Update from @fidencio:
- Assignee reset

5 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.2 (was: SSSD 1.16.4)

5 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.3 (was: SSSD 2.2)

4 years ago

Metadata Update from @thalman:
- Issue tagged with: Next milestone

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4706

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @pbrezina:
- Issue close_status updated to: cloned-to-github
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.

Metadata