summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Kosek <mkosek@redhat.com>2011-01-11 11:48:22 +0100
committerRob Crittenden <rcritten@redhat.com>2011-01-12 11:31:26 -0500
commit974287895ec5dbb377a65a83c050f088df79ffb7 (patch)
tree64bb85e498d5df957fbd4c79585d9b547697ab85
parentb739df4c111c63e99ece4a9e2f5a548156f7a3fb (diff)
downloadfreeipa-974287895ec5dbb377a65a83c050f088df79ffb7.tar.gz
freeipa-974287895ec5dbb377a65a83c050f088df79ffb7.tar.xz
freeipa-974287895ec5dbb377a65a83c050f088df79ffb7.zip
Unchecked return values in ipa-join
krb5_get_default_realm() and asprintf() return values were ignored. This could lead to unhandled error issues or memory access issues. This patch adds return value checks to all such functions. As a consequence, one new return value has been added to man page. https://fedorahosted.org/freeipa/ticket/720
-rw-r--r--ipa-client/ipa-join.c70
-rw-r--r--ipa-client/man/ipa-join.12
2 files changed, 62 insertions, 10 deletions
diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c
index 921a4123..fa2e11d7 100644
--- a/ipa-client/ipa-join.c
+++ b/ipa-client/ipa-join.c
@@ -401,8 +401,24 @@ join_ldap(const char *ipaserver, char *hostname, const char ** binddn, const cha
goto done;
}
/* Search for the entry. */
- asprintf(&filter, "(fqdn=%s)", hostname);
- asprintf(&search_base, "cn=computers,cn=accounts,%s", ldap_base);
+ ret = asprintf(&filter, "(fqdn=%s)", hostname);
+ if (ret == -1)
+ {
+ if (!quiet)
+ fprintf(stderr, _("Out of memory!\n"));
+ rval = 3;
+ goto done;
+ }
+
+ ret = asprintf(&search_base, "cn=computers,cn=accounts,%s", ldap_base);
+ if (ret == -1)
+ {
+ if (!quiet)
+ fprintf(stderr, _("Out of memory!\n"));
+ rval = 3;
+ goto done;
+ }
+
if (debug) {
fprintf(stderr, _("Searching with %s in %s\n"), filter, search_base);
}
@@ -512,6 +528,7 @@ join_krb5(const char *ipaserver, char *hostname, const char **hostdn, const char
const char *krblastpwdchange = NULL;
char * url = NULL;
int rval = 0;
+ int ret;
*hostdn = NULL;
*subject = NULL;
@@ -527,10 +544,18 @@ join_krb5(const char *ipaserver, char *hostname, const char **hostdn, const char
xmlrpc_client_setup_global_const(&env);
#if 1
- asprintf(&url, "https://%s:443/ipa/xml", ipaserver);
+ ret = asprintf(&url, "https://%s:443/ipa/xml", ipaserver);
#else
- asprintf(&url, "http://%s:8888/", ipaserver);
+ ret = asprintf(&url, "http://%s:8888/", ipaserver);
#endif
+ if (ret == -1)
+ {
+ if (!quiet)
+ fprintf(stderr, _("Out of memory!\n"));
+ rval = 3;
+ goto cleanup;
+ }
+
serverInfoP = xmlrpc_server_info_new(&env, url);
argArrayP = xmlrpc_array_new(&env);
@@ -631,6 +656,7 @@ static int
unenroll_host(const char *server, const char *hostname, const char *ktname, int quiet)
{
int rval = 0;
+ int ret;
char *ipaserver = NULL;
char *host = NULL;
struct utsname uinfo;
@@ -696,11 +722,28 @@ unenroll_host(const char *server, const char *hostname, const char *ktname, int
if (!quiet)
fprintf(stderr, _("Error resolving keytab: %s.\n"),
error_message(krberr));
- rval = 7;
- goto cleanup;
+ rval = 7;
+ goto cleanup;
+ }
+
+ krberr = krb5_get_default_realm(krbctx, &realm);
+ if (krberr != 0) {
+ if (!quiet)
+ fprintf(stderr, _("Error getting default Kerberos realm: %s.\n"),
+ error_message(krberr));
+ rval = 21;
+ goto cleanup;
}
- krb5_get_default_realm(krbctx, &realm);
- asprintf(&principal, "host/%s@%s", host, realm);
+
+ ret = asprintf(&principal, "host/%s@%s", host, realm);
+ if (ret == -1)
+ {
+ if (!quiet)
+ fprintf(stderr, _("Out of memory!\n"));
+ rval = 3;
+ goto cleanup;
+ }
+
krberr = krb5_parse_name(krbctx, principal, &princ);
if (krberr != 0) {
if (!quiet)
@@ -757,10 +800,17 @@ unenroll_host(const char *server, const char *hostname, const char *ktname, int
xmlrpc_client_setup_global_const(&env);
#if 1
- asprintf(&url, "https://%s:443/ipa/xml", ipaserver);
+ ret = asprintf(&url, "https://%s:443/ipa/xml", ipaserver);
#else
- asprintf(&url, "http://%s:8888/", ipaserver);
+ ret = asprintf(&url, "http://%s:8888/", ipaserver);
#endif
+ if (ret == -1)
+ {
+ if (!quiet)
+ fprintf(stderr, _("Out of memory!\n"));
+ rval = 3;
+ goto cleanup;
+ }
serverInfoP = xmlrpc_server_info_new(&env, url);
argArrayP = xmlrpc_array_new(&env);
diff --git a/ipa-client/man/ipa-join.1 b/ipa-client/man/ipa-join.1
index 6eb93f36..47d5966d 100644
--- a/ipa-client/man/ipa-join.1
+++ b/ipa-client/man/ipa-join.1
@@ -121,3 +121,5 @@ The exit status is 0 on success, nonzero on error.
19 Unable to generate Kerberos credentials cache
20 Unenrollment result not in XML\-RPC response
+
+21 Failed to get default Kerberos realm