[SSSD] [sssd PR#455][comment] mmap_cache: make checks independent of input size

Tue, 21 Nov 2017 06:57:53 -0800 

  URL: https://github.com/SSSD/sssd/pull/455
Title: #455: mmap_cache: make checks independent of input size

fidencio commented:
"""
Sorry for jumping in a patch set which I'm neither the author nor the reviewer.

Covscan has found an issue with this patchset:
```
Error: NULL_RETURNS (CWE-476): [#def1]
sssd-1.16.1/src/responder/nss/nss_protocol.c:162: returned_null: "memchr" 
returns null (checked 7 out of 8 times).
sssd-1.16.1/src/responder/nss/nsssrv_mmap_cache.c:557: example_checked: Example 
1: "memchr(t_key, 0, strs_offset + strs_len - name_ptr)" has its value checked 
in "memchr(t_key, 0, strs_offset + strs_len - name_ptr) == NULL".
sssd-1.16.1/src/sss_client/idmap/sss_nss_idmap.c:171: example_assign: Example 
2: Assigning: "p" = return value from "memchr(p, 0, buf_len - (p - buf))".
sssd-1.16.1/src/sss_client/idmap/sss_nss_idmap.c:172: example_checked: Example 
2 (cont.): "p" has its value checked in "p == NULL".
sssd-1.16.1/src/sss_client/nss_mc_group.c:157: example_checked: Example 3: 
"memchr(rec_name, 0, 16UL + data->strs_len - data->name)" has its value checked 
in "memchr(rec_name, 0, 16UL + data->strs_len - data->name) == NULL".
sssd-1.16.1/src/sss_client/nss_mc_initgr.c:139: example_checked: Example 4: 
"memchr(rec_name, 0, 24UL + data->data_len - data->name)" has its value checked 
in "memchr(rec_name, 0, 24UL + data->data_len - data->name) == NULL".
sssd-1.16.1/src/sss_client/nss_mc_passwd.c:150: example_checked: Example 5: 
"memchr(rec_name, 0, 16UL + data->strs_len - data->name)" has its value checked 
in "memchr(rec_name, 0, 16UL + data->strs_len - data->name) == NULL".
sssd-1.16.1/src/responder/nss/nss_protocol.c:162: var_assigned: Assigning: "p" 
= null return value from "memchr".
sssd-1.16.1/src/responder/nss/nss_protocol.c:176: dereference: Incrementing a 
pointer which might be null: "p".
#  174|       }
#  175|   
#  176|->     p++;
#  177|       if ((p - body) + sizeof(uint32_t) != blen) {
#  178|           DEBUG(SSSDBG_CRIT_FAILURE, "Body has unexpected size!\n");
```
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/455#issuecomment-346051695

_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

Reply via email to