#718 Unsafe return condition in ipa_access_handler
Closed: Fixed None Opened 10 years ago by sgallagh.

 1663    hbac_ctx = talloc_zero(be_req, struct hbac_ctx);
At conditional (1): "hbac_ctx == NULL" taking the true branch.
Comparing "hbac_ctx" to null implies that "hbac_ctx" might be null.
 1664    if (hbac_ctx == NULL) {
At conditional (2): "1 <= debug_level" taking the true branch.
At conditional (3): "debug_timestamps" taking the true branch.
 1665        DEBUG(1, ("talloc failed.\n"));
 1666        goto fail;
 1667    }


Passing null variable "hbac_ctx" to function "ipa_access_reply", which dereferences it. [show details]
 1704    ipa_access_reply(hbac_ctx, pam_status);

This bug will occur only in an out of memory condition, but it should still be fixed.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.5.1

Fields changed

coverity: => 10009

Fixed by c0d9451

milestone: SSSD 1.5.1 => SSSD 1.5.0
resolution: => fixed
status: new => closed

Fields changed

rhbz: => 0

Metadata Update from @sgallagh:
- Issue assigned to sgallagh
- Issue set to the milestone: SSSD 1.5.0

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/1760

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.