freeipa

Clone
Source Code
GIT

#4237 Unchecked return values in IPA daemons
Closed: Fixed None Opened 10 years ago by mkosek.

Closed: Fixed
Reopen Issue

freeipa-3.3.90GIT8e98690/daemons/ipa-slapi-plugins/ipa-pwd-extop/syncreq.c

56bool sync_request_handle(Slapi_ComponentId *plugin_id, Slapi_PBlock *pb,
 57                         const char *user_dn)
 58{
 59    struct otptoken **tokens = NULL;
 60    LDAPControl **controls = NULL;
 61    BerElement *ber = NULL;
 62    char *token_dn = NULL;
 63    int second = 0;
 64    int first = 0;
 65
    1. Condition slapi_pblock_get(pb, 51, &controls) != 0, taking false branch
 66    if (slapi_pblock_get(pb, SLAPI_REQCONTROLS, &controls) != 0)
 67        return false;
 68
    2. Condition controls == NULL, taking false branch
    3. Condition controls[0] == NULL, taking false branch
 69    if (controls == NULL || controls[0] == NULL)
 70        return false;
 71
    4. Condition controls[i] != NULL, taking true branch
    7. Condition controls[i] != NULL, taking true branch
    10. Condition controls[i] != NULL, taking true branch
 72    for (int i = 0; controls[i] != NULL; i++) {
    5. Condition strcmp(controls[i]->ldctl_oid, "2.16.840.1.113730.3.8.10.6") != 0, taking true branch
    8. Condition strcmp(controls[i]->ldctl_oid, "2.16.840.1.113730.3.8.10.6") != 0, taking true branch
    11. Condition strcmp(controls[i]->ldctl_oid, "2.16.840.1.113730.3.8.10.6") != 0, taking false branch
 73        if (strcmp(controls[i]->ldctl_oid, OTP_SYNC_REQUEST_OID) != 0)
    6. Continuing loop
    9. Continuing loop
 74            continue;
 75
 76        /* Decode the request. */
 77        ber = ber_init(&controls[i]->ldctl_value);
    12. Condition ber == NULL, taking false branch
 78        if (ber == NULL)
 79            return false;
 80
 81        /* Decode the token codes. */
    13. Condition ber_scanf(ber, "{ii", &first, &second) == 18446744073709551615UL /* (ber_tag_t)-1 */, taking false branch
 82        if (ber_scanf(ber, "{ii", &first, &second) == LBER_ERROR) {
 83            ber_free(ber, 1);
 84            return false;
 85        }
 86
 87        /* Decode the optional token DN. */

CID 12448 (#1 of 1): Unchecked return value (CHECKED_RETURN)
14. check_return: Calling ber_scanf without checking return value (as is done elsewhere 32 out of 34 times).
 88        ber_scanf(ber, "a", &token_dn);
 89        if (ber_scanf(ber, "}") == LBER_ERROR) {
 90            ber_free(ber, 1);
 91            return false;
 92        }
 93        ber_free(ber, 1);

daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c

 99static inline int
100send_error(Slapi_PBlock *pb, int rc, char *errstr)
101{
102    slapi_send_ldap_result(pb, rc, NULL, errstr, 0, NULL);

CID 12449 (#1 of 1): Unchecked return value (CHECKED_RETURN)
1. check_return: Calling slapi_pblock_set without checking return value (as is done elsewhere 118 out of 129 times).
103    slapi_pblock_set(pb, SLAPI_RESULT_CODE, &rc);
104    return rc;
105}

freeipa-3.3.90GIT8e98690/daemons/ipa-kdb/ipa_kdb_principals.c

1871static krb5_error_code ipadb_modify_principal(krb5_context kcontext,
1872                                              krb5_db_entry *entry)
1873{
1874    struct ipadb_context *ipactx;
1875    krb5_error_code kerr;
        1. assign_zero: Assigning: principal = NULL.
1876    char *principal = NULL;
1877    LDAPMessage *res = NULL;
1878    LDAPMessage *lentry;
1879    struct ipadb_mods *imods = NULL;
1880    char *dn = NULL;
1881    struct ipadb_e_data *ied;
1882
1883    ipactx = ipadb_get_context(kcontext);
        2. Condition !ipactx, taking false branch
1884    if (!ipactx) {
1885        return KRB5_KDB_DBNOTINITED;
1886    }
1887
1888    ied = (struct ipadb_e_data *)entry->e_data;
        3. Condition !ied, taking false branch
        4. Condition !ied->entry_dn, taking false branch
1889    if (!ied || !ied->entry_dn) {
1890        kerr = krb5_unparse_name(kcontext, entry->princ, &principal);
1891        if (kerr != 0) {
1892            goto done;
1893        }
1894
1895        kerr = ipadb_fetch_principals(ipactx, 0, principal, &res);
1896        if (kerr != 0) {
1897            goto done;
1898        }
1899
1900        /* FIXME: no alias allowed for now, should we allow modifies
1901         * by alias name ? */
1902        kerr = ipadb_find_principal(kcontext, 0, res, &principal, &lentry);
1903        if (kerr != 0) {
1904            goto done;
1905        }
1906
1907        dn = ldap_get_dn(ipactx->lcontext, lentry);
1908        if (!dn) {
1909            kerr = KRB5_KDB_INTERNAL_ERROR;
1910            goto done;
1911        }
1912    }
1913
1914    kerr = new_ipadb_mods(&imods);
        5. Condition kerr, taking false branch
1915    if (kerr) {
1916        goto done;
1917    }
1918

CID 12453 (#1 of 1): Explicit null dereferenced (FORWARD_NULL)
6. var_deref_model: Passing null pointer principal to ipadb_entry_to_mods, which dereferences it. [show details]
1919    kerr = ipadb_entry_to_mods(kcontext, imods,
1920                               entry, principal, LDAP_MOD_REPLACE);

Moving stabilization tickets that do not affect FreeIPA 4.0 release usability in any significant way to 4.0.1 stabilization milestone.

  1. Unchecked return value (12448)
    Already marked as a 'Intentional' in Coverity.

  2. Unchecked return value (12449)
    Already marked as a 'Intentional' in Coverity.

  3. Explicit NULL dereferenced (12453)
    Already marked as a 'False Positive' in Coverity.

Metadata Update from @mkosek:
- Issue assigned to dkupka
- Issue set to the milestone: FreeIPA 4.0.1
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
DS plugins
None
0
None
None
None
None
0
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.