summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Slebodnik <lslebodn@redhat.com>2016-06-06 18:15:44 +0200
committerJakub Hrozek <jhrozek@redhat.com>2016-07-12 14:23:32 +0200
commitf9d3aec54d19a771a6eafe09ba6d445cc094bfae (patch)
tree2808c811825719d07e8cffb7bb32d0b34fcc0f49
parent35567de112cd5d82acb582cbdb44c8652bbdfda1 (diff)
downloadsssd-f9d3aec54d19a771a6eafe09ba6d445cc094bfae.zip
sssd-f9d3aec54d19a771a6eafe09ba6d445cc094bfae.tar.gz
sssd-f9d3aec54d19a771a6eafe09ba6d445cc094bfae.tar.xz
TOOLS: Prevent dereference of null pointer
VAR_CHECK is called with (var, EOK, ...) EOK would be returned in case of "var != EOK" and output argument _attrs would not be initialized. Therefore there could be dereference of null pointer after calling function usermod_build_attrs. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-rw-r--r--src/tools/sss_sync_ops.c63
1 files changed, 28 insertions, 35 deletions
diff --git a/src/tools/sss_sync_ops.c b/src/tools/sss_sync_ops.c
index 7f2e3ea..a23a0b8 100644
--- a/src/tools/sss_sync_ops.c
+++ b/src/tools/sss_sync_ops.c
@@ -37,13 +37,6 @@
#define ATTR_NAME_SEP '='
#define ATTR_VAL_SEP ','
-#define VAR_CHECK(var, val, attr, msg) do { \
- if (var != (val)) { \
- DEBUG(SSSDBG_CRIT_FAILURE, msg" attribute: %s\n", attr); \
- return val; \
- } \
-} while(0)
-
static int attr_name_val_split(TALLOC_CTX *mem_ctx, const char *nameval,
char **_name, char ***_values, int *_nvals)
{
@@ -200,8 +193,9 @@ static int usermod_build_attrs(TALLOC_CTX *mem_ctx,
int lock,
struct sysdb_attrs **_attrs)
{
- int ret;
+ int ret = EOK;
struct sysdb_attrs *attrs;
+ const char *attr_name = NULL;
attrs = sysdb_new_attrs(mem_ctx);
if (attrs == NULL) {
@@ -209,60 +203,59 @@ static int usermod_build_attrs(TALLOC_CTX *mem_ctx,
}
if (shell) {
+ attr_name = SYSDB_SHELL;
ret = sysdb_attrs_add_string(attrs,
- SYSDB_SHELL,
+ attr_name,
shell);
- VAR_CHECK(ret, EOK, SYSDB_SHELL,
- "Could not add attribute to changeset\n");
}
- if (home) {
+ if (ret == EOK && home) {
+ attr_name = SYSDB_HOMEDIR;
ret = sysdb_attrs_add_string(attrs,
- SYSDB_HOMEDIR,
+ attr_name,
home);
- VAR_CHECK(ret, EOK, SYSDB_HOMEDIR,
- "Could not add attribute to changeset\n");
}
- if (gecos) {
+ if (ret == EOK && gecos) {
+ attr_name = SYSDB_GECOS;
ret = sysdb_attrs_add_string(attrs,
- SYSDB_GECOS,
+ attr_name,
gecos);
- VAR_CHECK(ret, EOK, SYSDB_GECOS,
- "Could not add attribute to changeset\n");
}
- if (uid) {
+ if (ret == EOK && uid) {
+ attr_name = SYSDB_UIDNUM;
ret = sysdb_attrs_add_long(attrs,
- SYSDB_UIDNUM,
+ attr_name,
uid);
- VAR_CHECK(ret, EOK, SYSDB_UIDNUM,
- "Could not add attribute to changeset\n");
}
- if (gid) {
+ if (ret == EOK && gid) {
+ attr_name = SYSDB_GIDNUM;
ret = sysdb_attrs_add_long(attrs,
- SYSDB_GIDNUM,
+ attr_name,
gid);
- VAR_CHECK(ret, EOK, SYSDB_GIDNUM,
- "Could not add attribute to changeset\n");
}
- if (lock == DO_LOCK) {
+ if (ret == EOK && lock == DO_LOCK) {
+ attr_name = SYSDB_DISABLED;
ret = sysdb_attrs_add_string(attrs,
- SYSDB_DISABLED,
+ attr_name,
"true");
- VAR_CHECK(ret, EOK, SYSDB_DISABLED,
- "Could not add attribute to changeset\n");
}
- if (lock == DO_UNLOCK) {
+ if (ret == EOK && lock == DO_UNLOCK) {
+ attr_name = SYSDB_DISABLED;
/* PAM code checks for 'false' value in SYSDB_DISABLED attribute */
ret = sysdb_attrs_add_string(attrs,
- SYSDB_DISABLED,
+ attr_name,
"false");
- VAR_CHECK(ret, EOK, SYSDB_DISABLED,
- "Could not add attribute to changeset\n");
+ }
+
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not add attribute [%s] to changeset.\n", attr_name);
+ return ret;
}
*_attrs = attrs;