IPA_SUDO: Prevent dereference of NULL pointer

Error: NULL_RETURNS (CWE-476): [#def31]
sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:964:
    returned_null: "ipa_sudo_conv_lookup" returns null.
sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:149:9:
    return_null: Explicitly returning null.
sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:964:
    var_assigned: Assigning: "cmdgroup" = null return value
                  from "ipa_sudo_conv_lookup".
sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:966:
    dereference: Dereferencing a null pointer "cmdgroup".
 #  964|           cmdgroup = ipa_sudo_conv_lookup(conv->cmdgroups, listitem->dn);
 #  965|
 #  966|->         ret = add_strings_lists(mem_ctx, values, cmdgroup->expanded,
 #  967|                                   false, discard_const(&values));
 #  968|           if (ret != EOK) {

Reviewed-by: Pavel Březina <pbrezina@redhat.com>

1 files changed, 5 insertions, 0 deletions

diff --git a/src/providers/ipa/ipa_sudo_conversion.c b/src/providers/ipa/ipa_sudo_conversion.c
index 278fee600..1286bf351 100644
--- a/src/providers/ipa/ipa_sudo_conversion.c
+++ b/src/providers/ipa/ipa_sudo_conversion.c
@@ -962,6 +962,11 @@ combine_cmdgroups(TALLOC_CTX *mem_ctx,
 
     DLIST_FOR_EACH(listitem, list) {
         cmdgroup = ipa_sudo_conv_lookup(conv->cmdgroups, listitem->dn);
+        if (cmdgroup == NULL) {
+            DEBUG(SSSDBG_MINOR_FAILURE,
+                  "ipa_sudo_conv_lookup failed for DN:%s\n", listitem->dn);
+            continue;
+        }
 
         ret = add_strings_lists(mem_ctx, values, cmdgroup->expanded,
                                 false, discard_const(&values));