|
 |
ced1f5 |
From 2fd201a6e8f263f30fb3aeb3d7f826a06321e58e Mon Sep 17 00:00:00 2001
|
|
|
ced1f5 |
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
|
|
|
ced1f5 |
Date: Tue, 21 Nov 2017 16:12:24 +0100
|
|
|
ced1f5 |
Subject: [PATCH 59/59] NSS: Fix covscan warning
|
|
|
ced1f5 |
MIME-Version: 1.0
|
|
|
ced1f5 |
Content-Type: text/plain; charset=UTF-8
|
|
|
ced1f5 |
Content-Transfer-Encoding: 8bit
|
|
|
ced1f5 |
|
|
|
ced1f5 |
Error: NULL_RETURNS (CWE-476): [#def1]
|
|
|
ced1f5 |
sssd-1.16.1/src/responder/nss/nss_protocol.c:162: returned_null: "memchr" returns null (checked 7 out of 8 times).
|
|
|
ced1f5 |
sssd-1.16.1/src/responder/nss/nsssrv_mmap_cache.c:557: example_checked: Example 1: "memchr(t_key, 0, strs_offset + strs_len - name_ptr)" has its value checked in "memchr(t_key, 0, strs_offset + strs_len - name_ptr) == NULL".
|
|
|
ced1f5 |
sssd-1.16.1/src/sss_client/idmap/sss_nss_idmap.c:171: example_assign: Example 2: Assigning: "p" = return value from "memchr(p, 0, buf_len - (p - buf))".
|
|
|
ced1f5 |
sssd-1.16.1/src/sss_client/idmap/sss_nss_idmap.c:172: example_checked: Example 2 (cont.): "p" has its value checked in "p == NULL".
|
|
|
ced1f5 |
sssd-1.16.1/src/sss_client/nss_mc_group.c:157: example_checked: Example 3: "memchr(rec_name, 0, 16UL + data->strs_len - data->name)" has its value checked in "memchr(rec_name, 0, 16UL + data->strs_len - data->name) == NULL".
|
|
|
ced1f5 |
sssd-1.16.1/src/sss_client/nss_mc_initgr.c:139: example_checked: Example 4: "memchr(rec_name, 0, 24UL + data->data_len - data->name)" has its value checked in "memchr(rec_name, 0, 24UL + data->data_len - data->name) == NULL".
|
|
|
ced1f5 |
sssd-1.16.1/src/sss_client/nss_mc_passwd.c:150: example_checked: Example 5: "memchr(rec_name, 0, 16UL + data->strs_len - data->name)" has its value checked in "memchr(rec_name, 0, 16UL + data->strs_len - data->name) == NULL".
|
|
|
ced1f5 |
sssd-1.16.1/src/responder/nss/nss_protocol.c:162: var_assigned: Assigning: "p" = null return value from "memchr".
|
|
|
ced1f5 |
sssd-1.16.1/src/responder/nss/nss_protocol.c:176: dereference: Incrementing a pointer which might be null: "p".
|
|
|
ced1f5 |
# 174| }
|
|
|
ced1f5 |
# 175|
|
|
|
ced1f5 |
# 176|-> p++;
|
|
|
ced1f5 |
# 177| if ((p - body) + sizeof(uint32_t) != blen) {
|
|
|
ced1f5 |
# 178| DEBUG(SSSDBG_CRIT_FAILURE, "Body has unexpected size!\n");
|
|
|
ced1f5 |
|
|
|
ced1f5 |
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
ced1f5 |
|
|
|
ced1f5 |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
ced1f5 |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
ced1f5 |
(cherry picked from commit 1d88a0591ce8445ea3b6a88845a5997d61c915b4)
|
|
|
ced1f5 |
---
|
|
|
ced1f5 |
src/responder/nss/nss_protocol.c | 7 +++++++
|
|
|
ced1f5 |
1 file changed, 7 insertions(+)
|
|
|
ced1f5 |
|
|
|
ced1f5 |
diff --git a/src/responder/nss/nss_protocol.c b/src/responder/nss/nss_protocol.c
|
|
|
ced1f5 |
index 2655386498754c46fbb363bdd1f976f9ded6a434..13f6d1541b79bf5494e1560841f027bf98bef72b 100644
|
|
|
ced1f5 |
--- a/src/responder/nss/nss_protocol.c
|
|
|
ced1f5 |
+++ b/src/responder/nss/nss_protocol.c
|
|
|
ced1f5 |
@@ -160,6 +160,13 @@ nss_protocol_parse_name_ex(struct cli_ctx *cli_ctx, const char **_rawname,
|
|
|
ced1f5 |
}
|
|
|
ced1f5 |
|
|
|
ced1f5 |
p = memchr(body, '\0', blen);
|
|
|
ced1f5 |
+ /* Although body for sure is null terminated, let's add this check here
|
|
|
ced1f5 |
+ * so static analyzers are happier. */
|
|
|
ced1f5 |
+ if (p == NULL) {
|
|
|
ced1f5 |
+ DEBUG(SSSDBG_CRIT_FAILURE,
|
|
|
ced1f5 |
+ "memchr() returned NULL, body is not null terminated!\n");
|
|
|
ced1f5 |
+ return EINVAL;
|
|
|
ced1f5 |
+ }
|
|
|
ced1f5 |
|
|
|
ced1f5 |
/* If the body isn't valid UTF-8, fail */
|
|
|
ced1f5 |
if (!sss_utf8_check(body, (p - body))) {
|
|
|
ced1f5 |
--
|
|
|
ced1f5 |
2.14.3
|
|
|
ced1f5 |
|