diff options
author | Martin Kosek <mkosek@redhat.com> | 2011-01-11 11:48:22 +0100 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-01-12 11:31:26 -0500 |
commit | 974287895ec5dbb377a65a83c050f088df79ffb7 (patch) | |
tree | 64bb85e498d5df957fbd4c79585d9b547697ab85 | |
parent | b739df4c111c63e99ece4a9e2f5a548156f7a3fb (diff) | |
download | freeipa-974287895ec5dbb377a65a83c050f088df79ffb7.tar.gz freeipa-974287895ec5dbb377a65a83c050f088df79ffb7.tar.xz freeipa-974287895ec5dbb377a65a83c050f088df79ffb7.zip |
Unchecked return values in ipa-join
krb5_get_default_realm() and asprintf() return values were ignored.
This could lead to unhandled error issues or memory access
issues.
This patch adds return value checks to all such functions.
As a consequence, one new return value has been added to man page.
https://fedorahosted.org/freeipa/ticket/720
-rw-r--r-- | ipa-client/ipa-join.c | 70 | ||||
-rw-r--r-- | ipa-client/man/ipa-join.1 | 2 |
2 files changed, 62 insertions, 10 deletions
diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c index 921a4123..fa2e11d7 100644 --- a/ipa-client/ipa-join.c +++ b/ipa-client/ipa-join.c @@ -401,8 +401,24 @@ join_ldap(const char *ipaserver, char *hostname, const char ** binddn, const cha goto done; } /* Search for the entry. */ - asprintf(&filter, "(fqdn=%s)", hostname); - asprintf(&search_base, "cn=computers,cn=accounts,%s", ldap_base); + ret = asprintf(&filter, "(fqdn=%s)", hostname); + if (ret == -1) + { + if (!quiet) + fprintf(stderr, _("Out of memory!\n")); + rval = 3; + goto done; + } + + ret = asprintf(&search_base, "cn=computers,cn=accounts,%s", ldap_base); + if (ret == -1) + { + if (!quiet) + fprintf(stderr, _("Out of memory!\n")); + rval = 3; + goto done; + } + if (debug) { fprintf(stderr, _("Searching with %s in %s\n"), filter, search_base); } @@ -512,6 +528,7 @@ join_krb5(const char *ipaserver, char *hostname, const char **hostdn, const char const char *krblastpwdchange = NULL; char * url = NULL; int rval = 0; + int ret; *hostdn = NULL; *subject = NULL; @@ -527,10 +544,18 @@ join_krb5(const char *ipaserver, char *hostname, const char **hostdn, const char xmlrpc_client_setup_global_const(&env); #if 1 - asprintf(&url, "https://%s:443/ipa/xml", ipaserver); + ret = asprintf(&url, "https://%s:443/ipa/xml", ipaserver); #else - asprintf(&url, "http://%s:8888/", ipaserver); + ret = asprintf(&url, "http://%s:8888/", ipaserver); #endif + if (ret == -1) + { + if (!quiet) + fprintf(stderr, _("Out of memory!\n")); + rval = 3; + goto cleanup; + } + serverInfoP = xmlrpc_server_info_new(&env, url); argArrayP = xmlrpc_array_new(&env); @@ -631,6 +656,7 @@ static int unenroll_host(const char *server, const char *hostname, const char *ktname, int quiet) { int rval = 0; + int ret; char *ipaserver = NULL; char *host = NULL; struct utsname uinfo; @@ -696,11 +722,28 @@ unenroll_host(const char *server, const char *hostname, const char *ktname, int if (!quiet) fprintf(stderr, _("Error resolving keytab: %s.\n"), error_message(krberr)); - rval = 7; - goto cleanup; + rval = 7; + goto cleanup; + } + + krberr = krb5_get_default_realm(krbctx, &realm); + if (krberr != 0) { + if (!quiet) + fprintf(stderr, _("Error getting default Kerberos realm: %s.\n"), + error_message(krberr)); + rval = 21; + goto cleanup; } - krb5_get_default_realm(krbctx, &realm); - asprintf(&principal, "host/%s@%s", host, realm); + + ret = asprintf(&principal, "host/%s@%s", host, realm); + if (ret == -1) + { + if (!quiet) + fprintf(stderr, _("Out of memory!\n")); + rval = 3; + goto cleanup; + } + krberr = krb5_parse_name(krbctx, principal, &princ); if (krberr != 0) { if (!quiet) @@ -757,10 +800,17 @@ unenroll_host(const char *server, const char *hostname, const char *ktname, int xmlrpc_client_setup_global_const(&env); #if 1 - asprintf(&url, "https://%s:443/ipa/xml", ipaserver); + ret = asprintf(&url, "https://%s:443/ipa/xml", ipaserver); #else - asprintf(&url, "http://%s:8888/", ipaserver); + ret = asprintf(&url, "http://%s:8888/", ipaserver); #endif + if (ret == -1) + { + if (!quiet) + fprintf(stderr, _("Out of memory!\n")); + rval = 3; + goto cleanup; + } serverInfoP = xmlrpc_server_info_new(&env, url); argArrayP = xmlrpc_array_new(&env); diff --git a/ipa-client/man/ipa-join.1 b/ipa-client/man/ipa-join.1 index 6eb93f36..47d5966d 100644 --- a/ipa-client/man/ipa-join.1 +++ b/ipa-client/man/ipa-join.1 @@ -121,3 +121,5 @@ The exit status is 0 on success, nonzero on error. 19 Unable to generate Kerberos credentials cache 20 Unenrollment result not in XML\-RPC response + +21 Failed to get default Kerberos realm |