#954 Segfault if vetoed_shells are specified without allowed_shells
Closed: Fixed None Opened 10 years ago by sgallagh.

 315    user_shell = ldb_msg_find_attr_as_string(msg, SYSDB_SHELL, NULL);
 316    if (!user_shell) return NULL;
At conditional (1): "!nctx->allowed_shells" taking the true branch.
At conditional (2): "!nctx->vetoed_shells" taking the false branch.
CID 10904: Dereference after null check (FORWARD_NULL)Comparing "nctx->allowed_shells" to null implies that "nctx->allowed_shells" might be null.
 317    if (!nctx->allowed_shells && !nctx->vetoed_shells) return talloc_strdup(mem_ctx, user_shell);
 318
At conditional (3): "nctx->vetoed_shells" taking the true branch.
 319    if (nctx->vetoed_shells)
 320    {
At conditional (4): "nctx->vetoed_shells[i]" taking the true branch.
At conditional (6): "nctx->vetoed_shells[i]" taking the true branch.
At conditional (8): "nctx->vetoed_shells[i]" taking the false branch.
 321        for (i=0; nctx->vetoed_shells[i]; i++) {
At conditional (5): "strcmp(nctx->vetoed_shells[i], user_shell) == 0" taking the false branch.
At conditional (7): "strcmp(nctx->vetoed_shells[i], user_shell) == 0" taking the false branch.
 322            if (strcmp(nctx->vetoed_shells[i], user_shell) == 0) {
 323                DEBUG(5, ("The shell '%s' is vetoed. "
 324                         "Using fallback\n", user_shell));
 325                return talloc_strdup(mem_ctx, nctx->shell_fallback);
 326            }
 327        }
 328    }
 329
At conditional (9): "nctx->etc_shells[i]" taking the true branch.
At conditional (11): "nctx->etc_shells[i]" taking the true branch.
At conditional (13): "nctx->etc_shells[i]" taking the false branch.
 330    for (i=0; nctx->etc_shells[i]; i++) {
At conditional (10): "strcmp(user_shell, nctx->etc_shells[i]) == 0" taking the false branch.
At conditional (12): "strcmp(user_shell, nctx->etc_shells[i]) == 0" taking the false branch.
 331        if (strcmp(user_shell, nctx->etc_shells[i]) == 0) {
 332            DEBUG(9, ("Shell %s found in /etc/shells\n",
 333                      nctx->etc_shells[i]));
 334            break;
 335        }
 336    }
 337
At conditional (14): "nctx->etc_shells[i]" taking the false branch.
 338    if (nctx->etc_shells[i]) {
 339        DEBUG(9, ("Using original shell '%s'\n", user_shell));
 340        return talloc_strdup(mem_ctx, user_shell);
 341    }
 342
Dereferencing null variable "nctx->allowed_shells".
 343    for (i=0; nctx->allowed_shells[i]; i++) {
 344        if (strcmp(nctx->allowed_shells[i], user_shell) == 0) {
 345            DEBUG(5, ("The shell '%s' is allowed but does not exist. "
 346                      "Using fallback\n", user_shell));
 347            return talloc_strdup(mem_ctx, nctx->shell_fallback);
 348        }
 349    }

Fields changed

patch: 0 => 1
status: new => assigned

Fixed in master: b03a482

Fixed in sssd-1-6: 94b1c09

Fixed in sssd-1-5: 174dd7c

resolution: => fixed
status: assigned => closed

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.5.13

Fields changed

rhbz: => 0

Metadata Update from @sgallagh:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.5.13

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/1996

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata