certmap: make sure eku_oid_list is always allocated

If there are only OIDs in a <EKU> part of a matching rule a NULL pointer dereference might occur. Related to https://pagure.io/SSSD/sssd/issue/3508 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
author: Sumit Bose <sbose@redhat.com> 2017-09-06 12:20:25 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2017-09-14 16:57:04 +0200
commit: f5a8cd60c6f377af1954b58f007d16cf3f6dc846 (patch)
tree: 526a4f23b9965f40b50e43e4d632287df6f6dc11 /src/lib/certmap
parent: c20a9efbf5da0587fbb6a855a2d366ce19f1abe1 (diff)
download: sssd-f5a8cd60c6f377af1954b58f007d16cf3f6dc846.tar.gz
sssd-f5a8cd60c6f377af1954b58f007d16cf3f6dc846.tar.xz
sssd-f5a8cd60c6f377af1954b58f007d16cf3f6dc846.zip
1 files changed, 12 insertions, 9 deletions
diff --git a/src/lib/certmap/sss_certmap_krb5_match.c b/src/lib/certmap/sss_certmap_krb5_match.c
index 0cd339387..125e925d9 100644
--- a/src/lib/certmap/sss_certmap_krb5_match.c
+++ b/src/lib/certmap/sss_certmap_krb5_match.c
@@ -180,19 +180,17 @@ static int parse_krb5_get_eku_value(TALLOC_CTX *mem_ctx,
         goto done;
     }
 
+    comp->eku_oid_list = talloc_zero_array(comp, const char *,
+                                           eku_list_size + 1);
+    if (comp->eku_oid_list == NULL) {
+        ret = ENOMEM;
+        goto done;
+    }
+
     for (c = 0; eku_list[c] != NULL; c++) {
         for (k = 0; ext_key_usage[k].name != NULL; k++) {
 CM_DEBUG(ctx, "[%s][%s].", eku_list[c], ext_key_usage[k].name);
             if (strcasecmp(eku_list[c], ext_key_usage[k].name) == 0) {
-                if (comp->eku_oid_list == NULL) {
-                    comp->eku_oid_list = talloc_zero_array(comp, const char *,
-                                                           eku_list_size + 1);
-                    if (comp->eku_oid_list == NULL) {
-                        ret = ENOMEM;
-                        goto done;
-                    }
-                }
-
                 comp->eku_oid_list[e] = talloc_strdup(comp->eku_oid_list,
                                                       ext_key_usage[k].oid);
                 if (comp->eku_oid_list[e] == NULL) {
@@ -226,6 +224,11 @@ CM_DEBUG(ctx, "[%s][%s].", eku_list[c], ext_key_usage[k].name);
         }
     }
 
+    if (e == 0) {
+        talloc_free(comp->eku_oid_list);
+        comp->eku_oid_list = NULL;
+    }
+
     ret = 0;
 
 done:
author	Sumit Bose <sbose@redhat.com>	2017-09-06 12:20:25 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2017-09-14 16:57:04 +0200
commit	f5a8cd60c6f377af1954b58f007d16cf3f6dc846 (patch)
tree	526a4f23b9965f40b50e43e4d632287df6f6dc11 /src/lib/certmap
parent	c20a9efbf5da0587fbb6a855a2d366ce19f1abe1 (diff)
download	sssd-f5a8cd60c6f377af1954b58f007d16cf3f6dc846.tar.gz sssd-f5a8cd60c6f377af1954b58f007d16cf3f6dc846.tar.xz sssd-f5a8cd60c6f377af1954b58f007d16cf3f6dc846.zip