On (13/03/14 13:11), Sumit Bose wrote: >On Tue, Oct 15, 2013 at 01:59:28PM +0200, Pavel Březina wrote: >> On 10/14/2013 11:50 AM, Lukas Slebodnik wrote: >> >ehlo, >> > >> >yet another warning from clang static analyser. >> > >> >sss_krb5_princ_realm set output parameter realm to NULL and len to 0 >> >in case of failure. Clang static analysers repoted warning >> >"Null pointer passed as an argument to a 'nonnull' parameter" >> >in function match_principal. It was possible, that realm_name with value >> >NULL >> >could be used in strncmp. >> > >> >Function sss_krb5_princ_realm is used on other places for >> >printing(formatting) >> >realm_name and NULL can be safely used as a argument for printf-like >> >functions. >> > >> >Patch is attached. >> > >> >LS >> >> The returned value should be checked on other references as well. > >Hi Lukas, > >are you planning to update this patch? I think it would be a good idea. > >Additionally I would like to ask you if you can fix the >HAVE_KRB5_PRINCIPAL_GET_REALM branch of sss_krb5_princ_realm(). Since >krb5_principal_get_realm() may return NULL I think it is not a good idea >to call strlen() unconditionally. > >bye, >Sumit > This patch had very low priority in TODO list. I will try to send patch.
LS _______________________________________________ sssd-devel mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
