URL: https://github.com/freeipa/freeipa/pull/2508 Author: tiran Title: #2508: [Backport][ipa-4-6] Fixes for more issues found by coverity Action: opened
PR body: """ This PR was opened automatically because PR #2505 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2508/head:pr2508 git checkout pr2508
From 9bb01936c06f7bd492896a338c981e7306eae6aa Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Thu, 1 Nov 2018 11:41:29 +0100 Subject: [PATCH 1/3] has_krbprincipalkey: avoid double free Set keys to NULL after free rder to avoid potential double free. See: https://pagure.io/freeipa/issue/7738 Signed-off-by: Christian Heimes <chei...@redhat.com> --- daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c index 209d596255..3c3c7e8845 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c @@ -176,7 +176,11 @@ static bool has_krbprincipalkey(Slapi_Entry *entry) { if (rc || (num_keys <= 0)) { /* this one is not valid, ignore it */ - if (keys) ipa_krb5_free_key_data(keys, num_keys); + if (keys) { + ipa_krb5_free_key_data(keys, num_keys); + keys = NULL; + num_keys = 0; + } } else { /* It exists at least this one that is valid, no need to continue */ if (keys) ipa_krb5_free_key_data(keys, num_keys); From b8a766143f0205c467fa51be57103d2657c66d61 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Thu, 1 Nov 2018 11:41:41 +0100 Subject: [PATCH 2/3] ipadb_mspac_get_trusted_domains: NULL ptr deref Fix potential NULL pointer deref in ipadb_mspac_get_trusted_domains(). In theory, dn could be empty and rdn NULL. The man page for ldap_str2dn() does not guarantee that it returns a non-empty result. See: https://pagure.io/freeipa/issue/7738 Signed-off-by: Christian Heimes <chei...@redhat.com> --- daemons/ipa-kdb/ipa_kdb_mspac.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c index 11e036986a..329a5c1158 100644 --- a/daemons/ipa-kdb/ipa_kdb_mspac.c +++ b/daemons/ipa-kdb/ipa_kdb_mspac.c @@ -2586,6 +2586,12 @@ krb5_error_code ipadb_mspac_get_trusted_domains(struct ipadb_context *ipactx) } /* We should have a single AVA in the domain RDN */ + if (rdn == NULL) { + ldap_dnfree(dn); + ret = EINVAL; + goto done; + } + t[n].parent_name = strndup(rdn[0]->la_value.bv_val, rdn[0]->la_value.bv_len); ldap_dnfree(dn); From a9d8be170fe679c901b26be6bb3385840d047ba2 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Thu, 1 Nov 2018 11:41:47 +0100 Subject: [PATCH 3/3] ipapwd_pre_mod: NULL ptr deref In ipapwd_pre_mod, check userpw for NULL before dereferencing its first element. See: https://pagure.io/freeipa/issue/7738 Signed-off-by: Christian Heimes <chei...@redhat.com> --- daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c index 3c3c7e8845..9aef2f7d7d 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c @@ -766,7 +766,7 @@ static int ipapwd_pre_mod(Slapi_PBlock *pb) /* Check this is a clear text password, or refuse operation (only if we need * to comput other hashes */ if (! unhashedpw && (gen_krb_keys || is_smb || is_ipant)) { - if ('{' == userpw[0]) { + if ((userpw != NULL) && ('{' == userpw[0])) { if (0 == strncasecmp(userpw, "{CLEAR}", strlen("{CLEAR}"))) { unhashedpw = slapi_ch_strdup(&userpw[strlen("{CLEAR}")]); if (NULL == unhashedpw) {
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
