https://fedorahosted.org/freeipa/ticket/1166
https://fedorahosted.org/freeipa/ticket/1167
https://fedorahosted.org/freeipa/ticket/1168
https://fedorahosted.org/freeipa/ticket/1169
--
Jan Cholasta
>From 92e8887f257a30b48c1a8d313ec4a6d68e17012a Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Fri, 29 Apr 2011 13:15:39 +0200
Subject: [PATCH] Fix issues found by Coverity.
tickets 1166, 1167, 1168, 1169
---
.../ipa-enrollment/ipa_enrollment.c | 14 +++++++--
.../ipa-pwd-extop/ipa_pwd_extop.c | 32 ++++++++++++++++----
.../ipa-pwd-extop/ipapwd_prepost.c | 5 ++-
daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c | 17 ++++++++--
ipa-client/config.c | 4 ++
ipa-client/ipa-join.c | 6 +++-
6 files changed, 63 insertions(+), 15 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c b/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
index 161a731..5d276de 100644
--- a/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
+++ b/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
@@ -155,7 +155,7 @@ ipa_join(Slapi_PBlock *pb)
errMesg = "Kerberos realm is not set.\n";
LOG_FATAL("%s", errMesg);
rc = LDAP_OPERATIONS_ERROR;
- goto done;
+ goto free_and_return;
}
/* Get Bind DN */
@@ -234,7 +234,11 @@ ipa_join(Slapi_PBlock *pb)
*/
is_root = slapi_dn_isroot(bindDN);
- slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root);
+ if (slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root)) {
+ LOG_FATAL("slapi_pblock_set failed!\n");
+ rc = LDAP_OPERATIONS_ERROR;
+ goto free_and_return;
+ }
/* In order to perform the access control check,
* we need to select a backend (even though
@@ -242,7 +246,11 @@ ipa_join(Slapi_PBlock *pb)
*/
sdn = slapi_sdn_new_dn_byval(bindDN);
be = slapi_be_select(sdn);
- slapi_pblock_set(pb, SLAPI_BACKEND, be);
+ if (slapi_pblock_set(pb, SLAPI_BACKEND, be)) {
+ LOG_FATAL("slapi_pblock_set failed!\n");
+ rc = LDAP_OPERATIONS_ERROR;
+ goto free_and_return;
+ }
/* Access Strategy:
* If the user has WRITE-ONLY access, a new keytab is set on the entry.
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
index 9a1ca2b..f1da293 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -265,7 +265,11 @@ parse_req_done:
"using the bind DN instead.\n");
}
- slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, dn );
+ if (slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, dn )) {
+ LOG_FATAL("slapi_pblock_set failed!\n");
+ rc = LDAP_OPERATIONS_ERROR;
+ goto free_and_return;
+ }
/* Now we have the DN, look for the entry */
ret = ipapwd_getEntry(dn, &targetEntry, attrlist);
@@ -292,7 +296,11 @@ parse_req_done:
*/
is_root = slapi_dn_isroot(bindDN);
- slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root);
+ if (slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root)) {
+ LOG_FATAL("slapi_pblock_set failed!\n");
+ rc = LDAP_OPERATIONS_ERROR;
+ goto free_and_return;
+ }
/* In order to perform the access control check, we need to select a
* backend (even though we don't actually need it otherwise).
@@ -306,7 +314,11 @@ parse_req_done:
rc = LDAP_OPERATIONS_ERROR;
goto free_and_return;
}
- slapi_pblock_set(pb, SLAPI_BACKEND, be);
+ if (slapi_pblock_set(pb, SLAPI_BACKEND, be)) {
+ LOG_FATAL("slapi_pblock_set failed!\n");
+ rc = LDAP_OPERATIONS_ERROR;
+ goto free_and_return;
+ }
}
ret = slapi_access_allowed( pb, targetEntry, "krbPrincipalKey", NULL, SLAPI_ACL_WRITE );
@@ -613,13 +625,21 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg)
*/
is_root = slapi_dn_isroot(bindDN);
- slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root);
+ if (slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root)) {
+ LOG_FATAL("slapi_pblock_set failed!\n");
+ rc = LDAP_OPERATIONS_ERROR;
+ goto free_and_return;
+ }
/* In order to perform the access control check,
* we need to select a backend (even though
* we don't actually need it otherwise).
*/
- slapi_pblock_set(pb, SLAPI_BACKEND, be);
+ if (slapi_pblock_set(pb, SLAPI_BACKEND, be)) {
+ LOG_FATAL("slapi_pblock_set failed!\n");
+ rc = LDAP_OPERATIONS_ERROR;
+ goto free_and_return;
+ }
/* Access Strategy:
* If the user has WRITE-ONLY access, a new keytab is set on the entry.
@@ -869,7 +889,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg)
slapi_mods_free(&smods);
goto free_and_return;
}
-
+
evals[0] = slapi_value_new_string(bindDN);
slapi_mods_add_mod_values(smods, LDAP_MOD_ADD, "enrolledBy", evals);
} else {
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c
index fc0a684..2b1c7d1 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c
@@ -766,7 +766,10 @@ done:
/* put back a, possibly modified, set of mods */
if (smods) {
mods = slapi_mods_get_ldapmods_passout(smods);
- slapi_pblock_set(pb, SLAPI_MODIFY_MODS, mods);
+ if (slapi_pblock_set(pb, SLAPI_MODIFY_MODS, mods)) {
+ LOG_FATAL("slapi_pblock_set failed!\n");
+ rc = LDAP_OPERATIONS_ERROR;
+ }
slapi_mods_free(&smods);
}
diff --git a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
index 5cd65b3..3249ce4 100644
--- a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
+++ b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
@@ -277,7 +277,7 @@ ipauuid_internal_preop_init(Slapi_PBlock *pb)
(void *) ipauuid_add_pre_op) != 0) {
status = EFAIL;
}
-
+
return status;
}
@@ -1111,8 +1111,14 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
slapi_entry_set_sdn(e, sdn);
/* reset the target DN since we've changed it. */
- slapi_pblock_set(pb, SLAPI_ADD_TARGET,
- (char*)slapi_sdn_get_ndn(slapi_entry_get_sdn_const(e)));
+ if (slapi_pblock_set(pb, SLAPI_ADD_TARGET,
+ (char*)slapi_sdn_get_ndn(slapi_entry_get_sdn_const(e)))) {
+ LOG_FATAL("slapi_block_set failed!\n");
+ ret = LDAP_OPERATIONS_ERROR;
+ slapi_rdn_free(&rdn);
+ slapi_sdn_free(&sdn);
+ goto done;
+ }
}
slapi_rdn_free(&rdn);
slapi_sdn_free(&sdn);
@@ -1164,7 +1170,10 @@ done:
if (smods != NULL) {
/* Put the updated mods back into place. */
mods = slapi_mods_get_ldapmods_passout(smods);
- slapi_pblock_set(pb, SLAPI_MODIFY_MODS, mods);
+ if (slapi_pblock_set(pb, SLAPI_MODIFY_MODS, mods)) {
+ LOG_FATAL("slapi_pblock_set failed!\n");
+ ret = LDAP_OPERATIONS_ERROR;
+ }
slapi_mods_free(&smods);
}
diff --git a/ipa-client/config.c b/ipa-client/config.c
index 0ee8f44..493d740 100644
--- a/ipa-client/config.c
+++ b/ipa-client/config.c
@@ -64,6 +64,10 @@ read_config_file(const char *filename)
}
left = st.st_size;
data = malloc(st.st_size + 1);
+ if (data == NULL) {
+ fprintf(stderr, _("out of memory\n"));
+ return NULL;
+ }
dest = data;
while (left != 0) {
ssize_t res;
diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c
index b66c429..21c087b 100644
--- a/ipa-client/ipa-join.c
+++ b/ipa-client/ipa-join.c
@@ -139,6 +139,10 @@ callRPC(xmlrpc_env * const envP,
XMLRPC_ASSERT(xmlrpc_value_type(paramArrayP) == XMLRPC_TYPE_ARRAY);
curlXportParmsP = malloc(sizeof(*curlXportParmsP));
+ if (curlXportParmsP == NULL) {
+ xmlrpc_env_set_fault(envP, XMLRPC_INTERNAL_ERROR, _("Out of memory!"));
+ return;
+ }
memset(curlXportParmsP, 0, sizeof(*curlXportParmsP));
/* Have curl do SSL certificate validation */
@@ -930,7 +934,7 @@ join(const char *server, const char *hostname, const char *bindpw, const char *k
rval = 5;
goto cleanup;
}
-
+
krberr = krb5_cc_get_principal(krbctx, ccache, &uprinc);
if (krberr) {
fprintf(stderr, _("Unable to join host: Kerberos User Principal "
--
1.7.4.4
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
