URL: https://github.com/freeipa/freeipa/pull/2505 Author: tiran Title: #2505: Fixes for more issues found by coverity Action: opened
PR body: """ * ipa_krb5_free_key_data: avoid double free * ipadb_mspac_get_trusted_domains: NULL ptr deref * ipapwd_pre_mod: NULL ptr deref See https://pagure.io/freeipa/issue/7738 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2505/head:pr2505 git checkout pr2505
From 48efec757be54942425e45bc59beabafdaf42c0f Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Thu, 1 Nov 2018 11:41:29 +0100 Subject: [PATCH 1/3] ipa_krb5_free_key_data: avoid double free At the end of ipa_krb5_free_key_data(), set keys to NULL in order to avoid potential double free in has_krbprincipalkey(). See: https://pagure.io/freeipa/issue/7738 Signed-off-by: Christian Heimes <chei...@redhat.com> --- util/ipa_krb5.c | 1 + 1 file changed, 1 insertion(+) diff --git a/util/ipa_krb5.c b/util/ipa_krb5.c index a27cd4a4e5..473654e0f1 100644 --- a/util/ipa_krb5.c +++ b/util/ipa_krb5.c @@ -316,6 +316,7 @@ void ipa_krb5_free_key_data(krb5_key_data *keys, int num_keys) free(keys[i].key_data_contents[1]); } free(keys); + keys = NULL; } /* Novell key-format scheme: From a5d3e0fed3382b91d1cd00d1b00190c4a4ace36f Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Thu, 1 Nov 2018 11:41:41 +0100 Subject: [PATCH 2/3] ipadb_mspac_get_trusted_domains: NULL ptr deref Fix potential NULL pointer deref in ipadb_mspac_get_trusted_domains(). In theory, dn could be empty and rdn NULL. The man page for ldap_str2dn() does not guarantee that it returns a non-empty result. See: https://pagure.io/freeipa/issue/7738 Signed-off-by: Christian Heimes <chei...@redhat.com> --- daemons/ipa-kdb/ipa_kdb_mspac.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c index 11e036986a..329a5c1158 100644 --- a/daemons/ipa-kdb/ipa_kdb_mspac.c +++ b/daemons/ipa-kdb/ipa_kdb_mspac.c @@ -2586,6 +2586,12 @@ krb5_error_code ipadb_mspac_get_trusted_domains(struct ipadb_context *ipactx) } /* We should have a single AVA in the domain RDN */ + if (rdn == NULL) { + ldap_dnfree(dn); + ret = EINVAL; + goto done; + } + t[n].parent_name = strndup(rdn[0]->la_value.bv_val, rdn[0]->la_value.bv_len); ldap_dnfree(dn); From bb7a0a618483bc14bf13032fb6c11cf5129295b9 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Thu, 1 Nov 2018 11:41:47 +0100 Subject: [PATCH 3/3] ipapwd_pre_mod: NULL ptr deref In ipapwd_pre_mod, check userpw for NULL before dereferencing its first element. See: https://pagure.io/freeipa/issue/7738 Signed-off-by: Christian Heimes <chei...@redhat.com> --- daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c index 209d596255..31844d3571 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c @@ -762,7 +762,7 @@ static int ipapwd_pre_mod(Slapi_PBlock *pb) /* Check this is a clear text password, or refuse operation (only if we need * to comput other hashes */ if (! unhashedpw && (gen_krb_keys || is_smb || is_ipant)) { - if ('{' == userpw[0]) { + if (userpw && ('{' == userpw[0]) { if (0 == strncasecmp(userpw, "{CLEAR}", strlen("{CLEAR}"))) { unhashedpw = slapi_ch_strdup(&userpw[strlen("{CLEAR}")]); if (NULL == unhashedpw) {
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
