From 097ddecfd4c55c540bfa9c13b376279e2769a70c Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Wed, 13 Apr 2016 17:29:57 +0200
Subject: [PATCH] IPA_SUDO: Prevent dereference of NULL pointer

Error: NULL_RETURNS (CWE-476): [#def31]
sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:964:
    returned_null: "ipa_sudo_conv_lookup" returns null.
sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:149:9:
    return_null: Explicitly returning null.
sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:964:
    var_assigned: Assigning: "cmdgroup" = null return value
                  from "ipa_sudo_conv_lookup".
sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:966:
    dereference: Dereferencing a null pointer "cmdgroup".
 #  964|           cmdgroup = ipa_sudo_conv_lookup(conv->cmdgroups, listitem->dn);
 #  965|
 #  966|->         ret = add_strings_lists(mem_ctx, values, cmdgroup->expanded,
 #  967|                                   false, discard_const(&values));
 #  968|           if (ret != EOK) {
---
 src/providers/ipa/ipa_sudo_conversion.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/providers/ipa/ipa_sudo_conversion.c b/src/providers/ipa/ipa_sudo_conversion.c
index 278fee600369e3002cc177313c1ce9f6131c08f7..1286bf35112cbd5e529654708b9d58dbb5af62ff 100644
--- a/src/providers/ipa/ipa_sudo_conversion.c
+++ b/src/providers/ipa/ipa_sudo_conversion.c
@@ -962,6 +962,11 @@ combine_cmdgroups(TALLOC_CTX *mem_ctx,
 
     DLIST_FOR_EACH(listitem, list) {
         cmdgroup = ipa_sudo_conv_lookup(conv->cmdgroups, listitem->dn);
+        if (cmdgroup == NULL) {
+            DEBUG(SSSDBG_MINOR_FAILURE,
+                  "ipa_sudo_conv_lookup failed for DN:%s\n", listitem->dn);
+            continue;
+        }
 
         ret = add_strings_lists(mem_ctx, values, cmdgroup->expanded,
                                 false, discard_const(&values));
-- 
2.7.3