|
 |
b2d430 |
From be811502403246414b99f3a8834355c53f6f0511 Mon Sep 17 00:00:00 2001
|
|
|
b2d430 |
From: Lukas Slebodnik <lslebodn@redhat.com>
|
|
|
b2d430 |
Date: Mon, 6 Jun 2016 18:15:44 +0200
|
|
|
b2d430 |
Subject: [PATCH 12/14] TOOLS: Prevent dereference of null pointer
|
|
|
b2d430 |
MIME-Version: 1.0
|
|
|
b2d430 |
Content-Type: text/plain; charset=UTF-8
|
|
|
b2d430 |
Content-Transfer-Encoding: 8bit
|
|
|
b2d430 |
|
|
|
b2d430 |
VAR_CHECK is called with (var, EOK, ...)
|
|
|
b2d430 |
EOK would be returned in case of "var != EOK"
|
|
|
b2d430 |
and output argument _attrs would not be initialized.
|
|
|
b2d430 |
Therefore there could be dereference of null pointer
|
|
|
b2d430 |
after calling function usermod_build_attrs.
|
|
|
b2d430 |
|
|
|
b2d430 |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
b2d430 |
(cherry picked from commit f9d3aec54d19a771a6eafe09ba6d445cc094bfae)
|
|
|
b2d430 |
---
|
|
|
b2d430 |
src/tools/sss_sync_ops.c | 63 +++++++++++++++++++++---------------------------
|
|
|
b2d430 |
1 file changed, 28 insertions(+), 35 deletions(-)
|
|
|
b2d430 |
|
|
|
b2d430 |
diff --git a/src/tools/sss_sync_ops.c b/src/tools/sss_sync_ops.c
|
|
|
b2d430 |
index 7f2e3ea85d5874e3c40f53f327b400e38e430228..a23a0b8c30366d2fb68554bfed184b8fce675e2b 100644
|
|
|
b2d430 |
--- a/src/tools/sss_sync_ops.c
|
|
|
b2d430 |
+++ b/src/tools/sss_sync_ops.c
|
|
|
b2d430 |
@@ -37,13 +37,6 @@
|
|
|
b2d430 |
#define ATTR_NAME_SEP '='
|
|
|
b2d430 |
#define ATTR_VAL_SEP ','
|
|
|
b2d430 |
|
|
|
b2d430 |
-#define VAR_CHECK(var, val, attr, msg) do { \
|
|
|
b2d430 |
- if (var != (val)) { \
|
|
|
b2d430 |
- DEBUG(SSSDBG_CRIT_FAILURE, msg" attribute: %s\n", attr); \
|
|
|
b2d430 |
- return val; \
|
|
|
b2d430 |
- } \
|
|
|
b2d430 |
-} while(0)
|
|
|
b2d430 |
-
|
|
|
b2d430 |
static int attr_name_val_split(TALLOC_CTX *mem_ctx, const char *nameval,
|
|
|
b2d430 |
char **_name, char ***_values, int *_nvals)
|
|
|
b2d430 |
{
|
|
|
b2d430 |
@@ -200,8 +193,9 @@ static int usermod_build_attrs(TALLOC_CTX *mem_ctx,
|
|
|
b2d430 |
int lock,
|
|
|
b2d430 |
struct sysdb_attrs **_attrs)
|
|
|
b2d430 |
{
|
|
|
b2d430 |
- int ret;
|
|
|
b2d430 |
+ int ret = EOK;
|
|
|
b2d430 |
struct sysdb_attrs *attrs;
|
|
|
b2d430 |
+ const char *attr_name = NULL;
|
|
|
b2d430 |
|
|
|
b2d430 |
attrs = sysdb_new_attrs(mem_ctx);
|
|
|
b2d430 |
if (attrs == NULL) {
|
|
|
b2d430 |
@@ -209,60 +203,59 @@ static int usermod_build_attrs(TALLOC_CTX *mem_ctx,
|
|
|
b2d430 |
}
|
|
|
b2d430 |
|
|
|
b2d430 |
if (shell) {
|
|
|
b2d430 |
+ attr_name = SYSDB_SHELL;
|
|
|
b2d430 |
ret = sysdb_attrs_add_string(attrs,
|
|
|
b2d430 |
- SYSDB_SHELL,
|
|
|
b2d430 |
+ attr_name,
|
|
|
b2d430 |
shell);
|
|
|
b2d430 |
- VAR_CHECK(ret, EOK, SYSDB_SHELL,
|
|
|
b2d430 |
- "Could not add attribute to changeset\n");
|
|
|
b2d430 |
}
|
|
|
b2d430 |
|
|
|
b2d430 |
- if (home) {
|
|
|
b2d430 |
+ if (ret == EOK && home) {
|
|
|
b2d430 |
+ attr_name = SYSDB_HOMEDIR;
|
|
|
b2d430 |
ret = sysdb_attrs_add_string(attrs,
|
|
|
b2d430 |
- SYSDB_HOMEDIR,
|
|
|
b2d430 |
+ attr_name,
|
|
|
b2d430 |
home);
|
|
|
b2d430 |
- VAR_CHECK(ret, EOK, SYSDB_HOMEDIR,
|
|
|
b2d430 |
- "Could not add attribute to changeset\n");
|
|
|
b2d430 |
}
|
|
|
b2d430 |
|
|
|
b2d430 |
- if (gecos) {
|
|
|
b2d430 |
+ if (ret == EOK && gecos) {
|
|
|
b2d430 |
+ attr_name = SYSDB_GECOS;
|
|
|
b2d430 |
ret = sysdb_attrs_add_string(attrs,
|
|
|
b2d430 |
- SYSDB_GECOS,
|
|
|
b2d430 |
+ attr_name,
|
|
|
b2d430 |
gecos);
|
|
|
b2d430 |
- VAR_CHECK(ret, EOK, SYSDB_GECOS,
|
|
|
b2d430 |
- "Could not add attribute to changeset\n");
|
|
|
b2d430 |
}
|
|
|
b2d430 |
|
|
|
b2d430 |
- if (uid) {
|
|
|
b2d430 |
+ if (ret == EOK && uid) {
|
|
|
b2d430 |
+ attr_name = SYSDB_UIDNUM;
|
|
|
b2d430 |
ret = sysdb_attrs_add_long(attrs,
|
|
|
b2d430 |
- SYSDB_UIDNUM,
|
|
|
b2d430 |
+ attr_name,
|
|
|
b2d430 |
uid);
|
|
|
b2d430 |
- VAR_CHECK(ret, EOK, SYSDB_UIDNUM,
|
|
|
b2d430 |
- "Could not add attribute to changeset\n");
|
|
|
b2d430 |
}
|
|
|
b2d430 |
|
|
|
b2d430 |
- if (gid) {
|
|
|
b2d430 |
+ if (ret == EOK && gid) {
|
|
|
b2d430 |
+ attr_name = SYSDB_GIDNUM;
|
|
|
b2d430 |
ret = sysdb_attrs_add_long(attrs,
|
|
|
b2d430 |
- SYSDB_GIDNUM,
|
|
|
b2d430 |
+ attr_name,
|
|
|
b2d430 |
gid);
|
|
|
b2d430 |
- VAR_CHECK(ret, EOK, SYSDB_GIDNUM,
|
|
|
b2d430 |
- "Could not add attribute to changeset\n");
|
|
|
b2d430 |
}
|
|
|
b2d430 |
|
|
|
b2d430 |
- if (lock == DO_LOCK) {
|
|
|
b2d430 |
+ if (ret == EOK && lock == DO_LOCK) {
|
|
|
b2d430 |
+ attr_name = SYSDB_DISABLED;
|
|
|
b2d430 |
ret = sysdb_attrs_add_string(attrs,
|
|
|
b2d430 |
- SYSDB_DISABLED,
|
|
|
b2d430 |
+ attr_name,
|
|
|
b2d430 |
"true");
|
|
|
b2d430 |
- VAR_CHECK(ret, EOK, SYSDB_DISABLED,
|
|
|
b2d430 |
- "Could not add attribute to changeset\n");
|
|
|
b2d430 |
}
|
|
|
b2d430 |
|
|
|
b2d430 |
- if (lock == DO_UNLOCK) {
|
|
|
b2d430 |
+ if (ret == EOK && lock == DO_UNLOCK) {
|
|
|
b2d430 |
+ attr_name = SYSDB_DISABLED;
|
|
|
b2d430 |
/* PAM code checks for 'false' value in SYSDB_DISABLED attribute */
|
|
|
b2d430 |
ret = sysdb_attrs_add_string(attrs,
|
|
|
b2d430 |
- SYSDB_DISABLED,
|
|
|
b2d430 |
+ attr_name,
|
|
|
b2d430 |
"false");
|
|
|
b2d430 |
- VAR_CHECK(ret, EOK, SYSDB_DISABLED,
|
|
|
b2d430 |
- "Could not add attribute to changeset\n");
|
|
|
b2d430 |
+ }
|
|
|
b2d430 |
+
|
|
|
b2d430 |
+ if (ret != EOK) {
|
|
|
b2d430 |
+ DEBUG(SSSDBG_CRIT_FAILURE,
|
|
|
b2d430 |
+ "Could not add attribute [%s] to changeset.\n", attr_name);
|
|
|
b2d430 |
+ return ret;
|
|
|
b2d430 |
}
|
|
|
b2d430 |
|
|
|
b2d430 |
*_attrs = attrs;
|
|
|
b2d430 |
--
|
|
|
b2d430 |
2.4.11
|
|
|
b2d430 |
|