This patch checks that view_name is not null in ipa_s2n_save_objects before
using it. The segfault was introduced in
3453e4734d2f7738034af61edb7d33c0c7095d8a. Patch is against master, but it
should be included in master and sssd-1-12.
/aron
From c684b77517a507097aa7896ae15285b3ad1e78a8 Mon Sep 17 00:00:00 2001
From: Aron Parsons <parso...@bit-sys.com>
Date: Wed, 29 Apr 2015 03:19:32 +0000
Subject: [PATCH] IPA: fix segfault in ipa_s2n_exop
can be triggered on demand by assigning a POSIX group
with external members sudo privileges, then dropping
the cache and doing a sudo -U <user> -l.
---
src/providers/ipa/ipa_s2n_exop.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c
index 688fdefe8eefe29a0cd13010bb3998527f3111f4..d07923cffb49bbfeb7d500f281b1a2aff547ed1c 100644
--- a/src/providers/ipa/ipa_s2n_exop.c
+++ b/src/providers/ipa/ipa_s2n_exop.c
@@ -2165,7 +2165,7 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,
goto done;
}
- if (strcmp(view_name, SYSDB_DEFAULT_VIEW_NAME) != 0) {
+ if (view_name != NULL && strcmp(view_name, SYSDB_DEFAULT_VIEW_NAME) != 0) {
/* For the default view the data return by the extdom plugin already
* contains all needed data and it is not expected to have a separate
* override object. */
--
1.8.3.1
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
