On 06/26/2014 07:28 AM, Lukas Slebodnik wrote:
ehlo,
there is a bunch of error reported from static analysers
Dereferencing a pointer that might be null "error" when calling
"sbus_request_fail_and_finish"
similar problem is with dereferencing NULL pointer in function
sbus_request_invoke_or_finish.
These situation can happen mostly with handling errors.
LS
Hi,
the attached patch should fix it.
From d021b2302ff64798497cc08969fa328183e3063e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Mon, 30 Jun 2014 11:23:21 +0200
Subject: [PATCH] sbus_request: fix potential NULL dereference
---
src/sbus/sssd_dbus_request.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/sbus/sssd_dbus_request.c b/src/sbus/sssd_dbus_request.c
index 2852f87d833d448e330fb36525083c4c8eb78605..c39a6a4afc4af36c044995ad30bfd2c32fe32d8b 100644
--- a/src/sbus/sssd_dbus_request.c
+++ b/src/sbus/sssd_dbus_request.c
@@ -63,10 +63,12 @@ sbus_request_invoke_or_finish(struct sbus_request *dbus_req,
DBusError error;
int ret;
- if (invoker_fn) {
+ if (handler_fn != NULL && invoker_fn != NULL) {
ret = invoker_fn(dbus_req, handler_fn);
- } else {
+ } else if (handler_fn != NULL) {
ret = handler_fn(dbus_req, handler_data);
+ } else {
+ ret = EINVAL;
}
switch(ret) {
@@ -313,6 +315,11 @@ int sbus_request_fail_and_finish(struct sbus_request *dbus_req,
DBusMessage *reply;
int ret;
+ if (error == NULL) {
+ sbus_request_finish(dbus_req, NULL);
+ return ENOMEM;
+ }
+
reply = dbus_message_new_error(dbus_req->message, error->name, error->message);
if (!reply) {
DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory allocating DBus message\n");
--
1.7.11.7
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
