ehlo, yet another warning from clang static analyser.
sss_krb5_princ_realm set output parameter realm to NULL and len to 0 in case of failure. Clang static analysers repoted warning "Null pointer passed as an argument to a 'nonnull' parameter" in function match_principal. It was possible, that realm_name with value NULL could be used in strncmp. Function sss_krb5_princ_realm is used on other places for printing(formatting) realm_name and NULL can be safely used as a argument for printf-like functions. Patch is attached. LS
>From ff5d5a88b6a997bbe0a1e27472b673bd2f37ec0f Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik <[email protected]> Date: Mon, 14 Oct 2013 11:21:02 +0200 Subject: [PATCH] krb5: Check return value of sss_krb5_princ_realm sss_krb5_princ_realm set output parameter realm to NULL and len to 0 in case of failure. Clang static analysers reported warning "Null pointer passed as an argument to a 'nonnull' parameter" in function match_principal. It was possible, that realm_name with value NULL could be used in strncmp. --- src/util/sss_krb5.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index f8a7e6f9be15c7b2dfee9906af914533bd8ac4cd..09a6deb5b34947f4205cb13004896bbec9cd8618 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -344,6 +344,11 @@ static bool match_principal(krb5_context ctx, bool ret = false; sss_krb5_princ_realm(ctx, principal, &realm_name, &realm_len); + if (realm_len == 0) { + DEBUG(SSSDBG_MINOR_FAILURE, + ("sss_krb5_princ_realm failed\n")); + return false; + } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { -- 1.8.3.1
_______________________________________________ sssd-devel mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
