summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Slebodnik <lslebodn@redhat.com>2013-10-14 11:21:02 +0200
committerJakub Hrozek <jhrozek@redhat.com>2014-11-28 16:06:11 +0100
commit466f5a539be1e4c6e7cfb396a2f406e1eb8c428d (patch)
tree32ca6fb17899002df59ac5348c7086ad3b65bef9
parent2dc519ba98ca886076ba9e16b95a72732909cea1 (diff)
downloadsssd-466f5a539be1e4c6e7cfb396a2f406e1eb8c428d.zip
sssd-466f5a539be1e4c6e7cfb396a2f406e1eb8c428d.tar.gz
sssd-466f5a539be1e4c6e7cfb396a2f406e1eb8c428d.tar.xz
krb5: Check return value of sss_krb5_princ_realm
sss_krb5_princ_realm set output parameter realm to NULL and len to 0 in case of failure. Clang static analysers reported warning "Null pointer passed as an argument to a 'nonnull' parameter" in function match_principal. It was possible, that realm_name with value NULL could be used in strncmp. Reviewed-by: Pavel Reichl <preichl@redhat.com>
-rw-r--r--src/providers/krb5/krb5_ccache.c5
-rw-r--r--src/providers/krb5/krb5_child.c8
-rw-r--r--src/util/sss_krb5.c12
3 files changed, 25 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_ccache.c b/src/providers/krb5/krb5_ccache.c
index 7aa36b7..8da562b 100644
--- a/src/providers/krb5/krb5_ccache.c
+++ b/src/providers/krb5/krb5_ccache.c
@@ -574,6 +574,11 @@ errno_t get_ccache_file_data(const char *ccache_file, const char *client_name,
}
sss_krb5_princ_realm(ctx, client_princ, &realm_name, &realm_length);
+ if (realm_length == 0) {
+ kerr = KRB5KRB_ERR_GENERIC;
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_princ_realm failed.\n");
+ goto done;
+ }
server_name = talloc_asprintf(NULL, "krbtgt/%.*s@%.*s",
realm_length, realm_name,
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 94cd34e..ec22665 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -974,6 +974,10 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr,
}
sss_krb5_princ_realm(kr->ctx, kr->princ, &realm_name, &realm_length);
+ if (realm_length == 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_princ_realm failed.\n");
+ return KRB5KRB_ERR_GENERIC;
+ }
DEBUG(SSSDBG_TRACE_FUNC,
"Attempting kinit for realm [%s]\n",realm_name);
@@ -1136,6 +1140,10 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim)
set_changepw_options(kr->options);
sss_krb5_princ_realm(kr->ctx, kr->princ, &realm_name, &realm_length);
+ if (realm_length == 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_princ_realm failed.\n");
+ return ERR_INTERNAL;
+ }
DEBUG(SSSDBG_TRACE_FUNC,
"Attempting kinit for realm [%s]\n",realm_name);
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
index 89240b8..b5cc553 100644
--- a/src/util/sss_krb5.c
+++ b/src/util/sss_krb5.c
@@ -212,6 +212,14 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx,
sss_krb5_princ_realm(krb_ctx, client_princ,
&realm_name,
&realm_len);
+ if (realm_len == 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_princ_realm failed.\n");
+ if (_principal) talloc_zfree(*_principal);
+ if (_primary) talloc_zfree(*_primary);
+ ret = EINVAL;
+ goto done;
+ }
+
*_realm = talloc_asprintf(mem_ctx, "%.*s",
realm_len, realm_name);
if (!*_realm) {
@@ -279,6 +287,10 @@ static bool match_principal(krb5_context ctx,
bool ret = false;
sss_krb5_princ_realm(ctx, principal, &realm_name, &realm_len);
+ if (realm_len == 0) {
+ DEBUG(SSSDBG_MINOR_FAILURE, "sss_krb5_princ_realm failed.\n");
+ return false;
+ }
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {