Issue #711: Uninitialized pointer read in ipa-rmkeytab - freeipa

freeipa

#711 Uninitialized pointer read in ipa-rmkeytab

Closed: Fixed None Opened 13 years ago by jhrozek.

In ipa-rmkeytab.c:

 150    char * ktname;
Declaring variable "atrealm" without initializer.
 151    char * atrealm;

Later on, we might use the uninitialized pointer:

 199    /* The remove_realm function just does a substring match. Ensure that
 200     * the string we pass in looks like a realm.
 201     */
At conditional (8): "realm" taking the true branch.
 202    if (realm) {
At conditional (9): "realm[0] != 64" taking the false branch.
 203        if (realm[0] != '@')
 204            ret = asprintf(&atrealm, "@%s", realm);
At conditional (10): "ret == -1" taking the false branch.
 205            if (ret == -1) {
 206                rval = 2;
 207                goto cleanup;
 208            }
 209        else
Using uninitialized value "atrealm" when calling "strcpy".
 210            atrealm = strcpy(atrealm, realm);
 211    }

mkosek commented 13 years ago

master: e2d4e94

Metadata Update from @jhrozek:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 2.0 - 2011/01 (cleanup)

7 years ago

Metadata

Assignee

mkosek

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 2.0 - 2011/01 (cleanup)

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

Coverity

test_coverage

None

reviewer

None

external_tracker

None

rhbz

tester

None

changelog

None

design

None

freeipa

Source Code

#711 Uninitialized pointer read in ipa-rmkeytab Closed: Fixed None Opened 13 years ago by jhrozek.

Metadata

#711 Uninitialized pointer read in ipa-rmkeytab

Closed: Fixed None Opened 13 years ago by jhrozek.