|
 |
bac598 |
From 111b8b4d62a4fe192c075e6f6bfacb408e6074b3 Mon Sep 17 00:00:00 2001
|
|
|
bac598 |
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
|
|
bac598 |
Date: Tue, 12 Jan 2021 13:50:11 +0100
|
|
|
bac598 |
Subject: [PATCH 39/39] pam_sss_gssapi: fix coverity issues
|
|
|
bac598 |
MIME-Version: 1.0
|
|
|
bac598 |
Content-Type: text/plain; charset=UTF-8
|
|
|
bac598 |
Content-Transfer-Encoding: 8bit
|
|
|
bac598 |
|
|
|
bac598 |
```
|
|
|
bac598 |
1. Defect type: RESOURCE_LEAK
|
|
|
bac598 |
7. sssd-2.4.0/src/sss_client/pam_sss_gss.c:556: leaked_storage: Variable "username" going out of scope leaks the storage it points to.
|
|
|
bac598 |
Expand
|
|
|
bac598 |
2. Defect type: RESOURCE_LEAK
|
|
|
bac598 |
3. sssd-2.4.0/src/sss_client/pam_sss_gss.c:321: leaked_storage: Variable "reply" going out of scope leaks the storage it points to.
|
|
|
bac598 |
Expand
|
|
|
bac598 |
3. Defect type: RESOURCE_LEAK
|
|
|
bac598 |
7. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260: leaked_storage: Variable "username" going out of scope leaks the storage it points to.
|
|
|
bac598 |
Expand
|
|
|
bac598 |
4. Defect type: RESOURCE_LEAK
|
|
|
bac598 |
6. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260: leaked_storage: Variable "upn" going out of scope leaks the storage it points to.
|
|
|
bac598 |
Expand
|
|
|
bac598 |
5. Defect type: RESOURCE_LEAK
|
|
|
bac598 |
7. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260: leaked_storage: Variable "target" going out of scope leaks the storage it points to.
|
|
|
bac598 |
Expand
|
|
|
bac598 |
6. Defect type: RESOURCE_LEAK
|
|
|
bac598 |
7. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260: leaked_storage: Variable "domain" going out of scope leaks the storage it points to.
|
|
|
bac598 |
|
|
|
bac598 |
1. Defect type: CLANG_WARNING
|
|
|
bac598 |
1. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260:16: warning[unix.Malloc]: Potential leak of memory pointed to by 'username'
|
|
|
bac598 |
Expand
|
|
|
bac598 |
2. Defect type: CLANG_WARNING
|
|
|
bac598 |
1. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260:16: warning[unix.Malloc]: Potential leak of memory pointed to by 'upn'
|
|
|
bac598 |
Expand
|
|
|
bac598 |
3. Defect type: CLANG_WARNING
|
|
|
bac598 |
1. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260:16: warning[unix.Malloc]: Potential leak of memory pointed to by 'target'
|
|
|
bac598 |
Expand
|
|
|
bac598 |
4. Defect type: CLANG_WARNING
|
|
|
bac598 |
1. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260:16: warning[unix.Malloc]: Potential leak of memory pointed to by 'domain'
|
|
|
bac598 |
```
|
|
|
bac598 |
|
|
|
bac598 |
Also fix compilation warning
|
|
|
bac598 |
```
|
|
|
bac598 |
../src/sss_client/pam_sss_gss.c:339:5: warning: ‘reply’ may be used uninitialized in this function [-Wmaybe-uninitialized]
|
|
|
bac598 |
339 | free(reply);
|
|
|
bac598 |
| ^~~~~~~~~~~
|
|
|
bac598 |
../src/sss_client/pam_sss_gss.c:328:14: note: ‘reply’ was declared here
|
|
|
bac598 |
328 | uint8_t *reply;
|
|
|
bac598 |
| ^~~~~
|
|
|
bac598 |
../src/sss_client/pam_sss_gss.c:270:11: warning: ‘reply_len’ may be used uninitialized in this function [-Wmaybe-uninitialized]
|
|
|
bac598 |
270 | upn = malloc(reply_len * sizeof(char));
|
|
|
bac598 |
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
bac598 |
../src/sss_client/pam_sss_gss.c:327:12: note: ‘reply_len’ was declared here
|
|
|
bac598 |
327 | size_t reply_len;
|
|
|
bac598 |
| ^~~~~~~~~
|
|
|
bac598 |
```
|
|
|
bac598 |
|
|
|
bac598 |
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
|
|
|
bac598 |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
bac598 |
---
|
|
|
bac598 |
src/sss_client/pam_sss_gss.c | 22 ++++++++++++++++++----
|
|
|
bac598 |
1 file changed, 18 insertions(+), 4 deletions(-)
|
|
|
bac598 |
|
|
|
bac598 |
diff --git a/src/sss_client/pam_sss_gss.c b/src/sss_client/pam_sss_gss.c
|
|
|
bac598 |
index cd38db7da..51be36ece 100644
|
|
|
bac598 |
--- a/src/sss_client/pam_sss_gss.c
|
|
|
bac598 |
+++ b/src/sss_client/pam_sss_gss.c
|
|
|
bac598 |
@@ -195,6 +195,8 @@ static errno_t sssd_gssapi_init_send(pam_handle_t *pamh,
|
|
|
bac598 |
struct sss_cli_req_data req_data;
|
|
|
bac598 |
size_t service_len;
|
|
|
bac598 |
size_t user_len;
|
|
|
bac598 |
+ size_t reply_len;
|
|
|
bac598 |
+ uint8_t *reply = NULL;
|
|
|
bac598 |
uint8_t *data;
|
|
|
bac598 |
errno_t ret;
|
|
|
bac598 |
int ret_errno;
|
|
|
bac598 |
@@ -217,7 +219,7 @@ static errno_t sssd_gssapi_init_send(pam_handle_t *pamh,
|
|
|
bac598 |
|
|
|
bac598 |
req_data.data = data;
|
|
|
bac598 |
|
|
|
bac598 |
- ret = sss_pam_make_request(SSS_GSSAPI_INIT, &req_data, _reply, _reply_len,
|
|
|
bac598 |
+ ret = sss_pam_make_request(SSS_GSSAPI_INIT, &req_data, &reply, &reply_len,
|
|
|
bac598 |
&ret_errno);
|
|
|
bac598 |
free(data);
|
|
|
bac598 |
if (ret != PAM_SUCCESS) {
|
|
|
bac598 |
@@ -233,6 +235,16 @@ static errno_t sssd_gssapi_init_send(pam_handle_t *pamh,
|
|
|
bac598 |
return (ret_errno != EOK) ? ret_errno : EIO;
|
|
|
bac598 |
}
|
|
|
bac598 |
|
|
|
bac598 |
+ if (ret_errno == EOK) {
|
|
|
bac598 |
+ *_reply = reply;
|
|
|
bac598 |
+ *_reply_len = reply_len;
|
|
|
bac598 |
+ } else {
|
|
|
bac598 |
+ /* We got PAM_SUCCESS therefore the communication with SSSD was
|
|
|
bac598 |
+ * successful and we have received a reply buffer. We just don't care
|
|
|
bac598 |
+ * about it, we are only interested in the error code. */
|
|
|
bac598 |
+ free(reply);
|
|
|
bac598 |
+ }
|
|
|
bac598 |
+
|
|
|
bac598 |
return ret_errno;
|
|
|
bac598 |
}
|
|
|
bac598 |
|
|
|
bac598 |
@@ -257,7 +269,8 @@ static errno_t sssd_gssapi_init_recv(uint8_t *reply,
|
|
|
bac598 |
target = malloc(reply_len * sizeof(char));
|
|
|
bac598 |
upn = malloc(reply_len * sizeof(char));
|
|
|
bac598 |
if (username == NULL || domain == NULL || target == NULL || upn == NULL) {
|
|
|
bac598 |
- return ENOMEM;
|
|
|
bac598 |
+ ret = ENOMEM;
|
|
|
bac598 |
+ goto done;
|
|
|
bac598 |
}
|
|
|
bac598 |
|
|
|
bac598 |
buf = (const char*)reply;
|
|
|
bac598 |
@@ -311,8 +324,8 @@ static errno_t sssd_gssapi_init(pam_handle_t *pamh,
|
|
|
bac598 |
char **_target,
|
|
|
bac598 |
char **_upn)
|
|
|
bac598 |
{
|
|
|
bac598 |
- size_t reply_len;
|
|
|
bac598 |
- uint8_t *reply;
|
|
|
bac598 |
+ size_t reply_len = 0;
|
|
|
bac598 |
+ uint8_t *reply = NULL;
|
|
|
bac598 |
errno_t ret;
|
|
|
bac598 |
|
|
|
bac598 |
ret = sssd_gssapi_init_send(pamh, pam_service, pam_user, &reply,
|
|
|
bac598 |
@@ -549,6 +562,7 @@ int pam_sm_authenticate(pam_handle_t *pamh,
|
|
|
bac598 |
|
|
|
bac598 |
done:
|
|
|
bac598 |
sss_pam_close_fd();
|
|
|
bac598 |
+ free(username);
|
|
|
bac598 |
free(domain);
|
|
|
bac598 |
free(target);
|
|
|
bac598 |
free(upn);
|
|
|
bac598 |
--
|
|
|
bac598 |
2.21.3
|
|
|
bac598 |
|