143 int scope = LDAP_SCOPE_SUBTREE; Declaring variable "principal" without initializer. 144 char *principal; 145 struct berval retbval; 146 147 /* Get Bind DN */ 148 slapi_pblock_get(pb, SLAPI_CONN_DN, &bindDN); 149 150 /* If the connection is bound anonymously we must refuse to process 151 * this operation. 152 */ At conditional (1): "bindDN == NULL" taking the true branch. 153 if (bindDN == NULL || *bindDN == '\0') {
Principal would be freed even though it was not initialized:
307 Using uninitialized value "principal" when calling "free". 308 free(principal); 309
When p == NULL (i.e. strchr did not find ',' in remaining string) NULL+1 value is assigned to pointer t.
This could be dangerous. However, such a pointer is never used as the FOR loop is run N times, where N is number of comma-separated fields in the string.
N is computed before the FOR loop using the very same strchr approach.
This info was meant for ticket:718 - reopening.
master: eba72c8
Metadata Update from @jhrozek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 2.0 - 2011/01 (cleanup)
Login to comment on this ticket.