[SSSD] Re: [PATCH] Two code-hardening patches
On (03/08/16 18:05), Jakub Hrozek wrote:
Hi,
these two patches add error handling to the code. The first prevents
operating on ldb_message if retrieving the message fails. I only tested
an SSH login with a UPN to make sure we actually hit this codepath. I
don't like the deep indendation nesting, so I welcome suggestions how to
fix the code better.
The second just checks a return value.
From a27529da7c03a27f8d87c624e4b6660fd5b22edf Mon Sep 17 00:00:00
2001
From: Jakub Hrozek <jhrozek(a)redhat.com>
Date: Wed, 3 Aug 2016 18:03:59 +0200
Subject: [PATCH 2/2] IPA: Check the return value of sss_parse_internal_fqname
---
src/providers/ipa/ipa_subdomains_id.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/providers/ipa/ipa_subdomains_id.c
b/src/providers/ipa/ipa_subdomains_id.c
index 76fdaa8a1213069bd6b45e0b69b6cdb0d034d721..886813dc648f04c8fadd234524fce94455f31ee4
100644
--- a/src/providers/ipa/ipa_subdomains_id.c
+++ b/src/providers/ipa/ipa_subdomains_id.c
@@ -509,6 +509,12 @@ static void ipa_get_subdom_acct_connected(struct tevent_req *subreq)
} else {
ret = sss_parse_internal_fqname(req_input, state->filter,
&shortname, NULL);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot parse internal name [%s]: %d\n",
+ state->filter, ret);
+ }
+
We should either fail or use less verbose debug_level.
LS