URL: https://github.com/SSSD/sssd/pull/433
Title: #433: PAM: Multiple certificates on a Smartcard
lslebodn commented:
"""
Just a note. I would like to avoid following change:
```
diff --git a/src/util/authtok.c b/src/util/authtok.c
index c2f78be32..2c5a26ce3 100644
--- a/src/util/authtok.c
+++ b/src/util/authtok.c
@@ -27,6 +27,10 @@ struct sss_auth_token {
enum sss_authtok_type sss_authtok_get_type(struct sss_auth_token *tok)
{
+ if (tok == NULL) {
+ return SSS_AUTHTOK_TYPE_EMPTY;
+ }
+
return tok->type;
}
```
We need to properly initialise authtok in all cases. It must not be `NULL`
BTW following report from static analysers part is outdated:
```
Error: FORWARD_NULL (CWE-476): [#def2]
sssd-1.16.1/src/responder/pam/pamsrv_p11.c:433: var_compare_op: Comparing
"pd->authtok" to null implies that "pd->authtok" might be null.
sssd-1.16.1/src/responder/pam/pamsrv_p11.c:461: var_deref_model: Passing null
pointer "pd->authtok" to "sss_authtok_get_type", which dereferences it.
sssd-1.16.1/src/util/authtok.c:30:5: deref_parm: Directly dereferencing
parameter "tok".
# 28| enum sss_authtok_type sss_authtok_get_type(struct sss_auth_token *tok)
# 29| {
# 30|-> return tok->type;
# 31| }
# 32|
````
"""
See the full comment at
https://github.com/SSSD/sssd/pull/433#issuecomment-343228941
_______________________________________________
sssd-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
