[SSSD] [PATCH] sudo: do not fail to store the rule if we can't read usn

Thu, 22 Aug 2013 05:38:20 -0700 

https://fedorahosted.org/sssd/ticket/2052

From 42e03c711abe60285958f0bc4f91f8d2bcee16f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <[email protected]>
Date: Thu, 22 Aug 2013 13:58:27 +0200
Subject: [PATCH 1/2] sudo: do not strdup usn on ENOENT

If USN attribute is not present, we call strdup on uninitialized
variable. This may cause segfault, or if we are lucky and
usn is NULL it will return ENOMEM.
---
 src/providers/ldap/sdap_sudo_cache.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/providers/ldap/sdap_sudo_cache.c b/src/providers/ldap/sdap_sudo_cache.c
index 50bb0bd52ee18bca8ae02e87029a8475bf220616..bace80ef24d396f81b9e363fb00110160ccb4c2d 100644
--- a/src/providers/ldap/sdap_sudo_cache.c
+++ b/src/providers/ldap/sdap_sudo_cache.c
@@ -39,7 +39,7 @@ static errno_t sdap_sudo_get_usn(TALLOC_CTX *mem_ctx,
     }
 
     ret = sysdb_attrs_get_string(attrs, map[SDAP_AT_SUDO_USN].sys_name, &usn);
-    if (ret != EOK && ret != ENOENT) {
+    if (ret != EOK) {
         DEBUG(SSSDBG_MINOR_FAILURE,
               ("Failed to retrieve USN value: [%s]\n", strerror(ret)));
 
-- 
1.7.11.7


From 57be0b8c58b15436331dd51511b24af3de203840 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <[email protected]>
Date: Thu, 22 Aug 2013 14:04:38 +0200
Subject: [PATCH 2/2] sudo: do not fail to store the rule if we can't read usn

Resolves:
https://fedorahosted.org/sssd/ticket/2052
---
 src/providers/ldap/sdap_sudo_cache.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/providers/ldap/sdap_sudo_cache.c b/src/providers/ldap/sdap_sudo_cache.c
index bace80ef24d396f81b9e363fb00110160ccb4c2d..0550fce788130f0fad17a37752b3d6fd6a07efff 100644
--- a/src/providers/ldap/sdap_sudo_cache.c
+++ b/src/providers/ldap/sdap_sudo_cache.c
@@ -88,9 +88,10 @@ sdap_save_native_sudorule(TALLOC_CTX *mem_ctx,
     }
 
     ret = sdap_sudo_get_usn(mem_ctx, attrs, map, rule_name, _usn);
-    if (ret != EOK && ret != ENOENT) {
+    if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, ("Could not read USN from %s\n", rule_name));
-        return ret;
+        *_usn = NULL;
+        /* but we will store the rule anyway */
     }
 
     ret = sysdb_save_sudorule(sysdb_ctx, domain, rule_name, attrs);
-- 
1.7.11.7


_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to