On (06/06/16 18:55), Lukas Slebodnik wrote:
On (15/03/16 12:31), Lukas Slebodnik wrote:
>On (15/03/16 11:26), Pavel Březina wrote:
>>On 03/07/2016 01:33 PM, Lukas Slebodnik wrote:
>>>On (07/03/16 12:12), Pavel Březina wrote:
>>>>On 03/07/2016 10:14 AM, Lukas Slebodnik wrote:
>>>>>ehlo,
>>>>>
>>>>>simple aptch is attached.
>>>>
>>>>When there, can you also talloc_free(attrs) on error? Thanks.
>>>See updated patch
>>
>>Some time has passed now so I take it as you won't implement Sumit's
>>suggestion.
>I will but I have tasks with higher priority :-)
>
Updated patch is attached.
LS
From e616ea9e8e58d0ed70b56edc338184d783597004 Mon Sep 17 00:00:00
2001
From: Lukas Slebodnik <lslebodn(a)redhat.com>
Date: Mon, 6 Jun 2016 18:15:44 +0200
Subject: [PATCH] TOOLS: Prevent dereference of null pointer
VAR_CHECK is called with (var, EOK, ...)
EOK would be returned in case of "var != EOK"
and output argument _attrs would not be initialized.
Therefore there could be dereference of null pointer
after calling function usermod_build_attrs.
---
src/tools/sss_sync_ops.c | 62 +++++++++++++++++++++---------------------------
1 file changed, 27 insertions(+), 35 deletions(-)
diff --git a/src/tools/sss_sync_ops.c b/src/tools/sss_sync_ops.c
index 5468929b691c6539cdf55f59be3560412e398f21..e47aef37d2b89b28b7ff18555473136bdf7596cf
100644
--- a/src/tools/sss_sync_ops.c
+++ b/src/tools/sss_sync_ops.c
- if (lock == DO_UNLOCK) {
+ if (ret == EOK && lock == DO_UNLOCK) {
+ attr_name = SYSDB_DISABLED;
/* PAM code checks for 'false' value in SYSDB_DISABLED attribute */
ret = sysdb_attrs_add_string(attrs,
- SYSDB_DISABLED,
+ attr_name,
"false");
- VAR_CHECK(ret, EOK, SYSDB_DISABLED,
- "Could not add attribute to changeset\n");
+ }
+
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not add attribute [%s] to changeset.\n", attr_name);
I forgot to return error here.
}
*_attrs = attrs;
Upodated patch is attached.
LS