ehlo, @see commit message in attached patch.
LS
>From d9b92a0d9b1221b07e11ed84dac80035ce5deced Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik <[email protected]> Date: Wed, 13 Apr 2016 17:29:57 +0200 Subject: [PATCH 1/3] IPA_SUDO: Prevent dereference of NULL pointer Error: NULL_RETURNS (CWE-476): [#def31] sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:964: returned_null: "ipa_sudo_conv_lookup" returns null. sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:149:9: return_null: Explicitly returning null. sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:964: var_assigned: Assigning: "cmdgroup" = null return value from "ipa_sudo_conv_lookup". sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:966: dereference: Dereferencing a null pointer "cmdgroup". # 964| cmdgroup = ipa_sudo_conv_lookup(conv->cmdgroups, listitem->dn); # 965| # 966|-> ret = add_strings_lists(mem_ctx, values, cmdgroup->expanded, # 967| false, discard_const(&values)); # 968| if (ret != EOK) { --- src/providers/ipa/ipa_sudo_conversion.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/providers/ipa/ipa_sudo_conversion.c b/src/providers/ipa/ipa_sudo_conversion.c index 278fee600369e3002cc177313c1ce9f6131c08f7..abdd8bbd705d3a2e5980f98ebf69035297b5464d 100644 --- a/src/providers/ipa/ipa_sudo_conversion.c +++ b/src/providers/ipa/ipa_sudo_conversion.c @@ -962,6 +962,11 @@ combine_cmdgroups(TALLOC_CTX *mem_ctx, DLIST_FOR_EACH(listitem, list) { cmdgroup = ipa_sudo_conv_lookup(conv->cmdgroups, listitem->dn); + if (cmdgroup == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "ipa_sudo_conv_lookup failed for DN:%s\n", listitem->dn); + continue; + } ret = add_strings_lists(mem_ctx, values, cmdgroup->expanded, false, discard_const(&values)); -- 2.7.3
_______________________________________________ sssd-devel mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
