From 27ef368b4105f19382360fe62f944b36ca74adb7 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 6 Sep 2017 12:20:25 +0200 Subject: [PATCH 194/194] certmap: make sure eku_oid_list is always allocated MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If there are only OIDs in a part of a matching rule a NULL pointer dereference might occur. Related to https://pagure.io/SSSD/sssd/issue/3508 Reviewed-by: Lukáš Slebodník Reviewed-by: Jakub Hrozek (cherry picked from commit f5a8cd60c6f377af1954b58f007d16cf3f6dc846) --- src/lib/certmap/sss_certmap_krb5_match.c | 21 ++++++++++++--------- src/tests/cmocka/test_certmap.c | 17 +++++++++++++++++ 2 files changed, 29 insertions(+), 9 deletions(-) diff --git a/src/lib/certmap/sss_certmap_krb5_match.c b/src/lib/certmap/sss_certmap_krb5_match.c index e40f17b8ace46e61087e0a2fa570a362a84cead2..0a77ac225d73f3506e102fdbdc9084faa0f19cf0 100644 --- a/src/lib/certmap/sss_certmap_krb5_match.c +++ b/src/lib/certmap/sss_certmap_krb5_match.c @@ -179,19 +179,17 @@ static int parse_krb5_get_eku_value(TALLOC_CTX *mem_ctx, goto done; } + comp->eku_oid_list = talloc_zero_array(comp, const char *, + eku_list_size + 1); + if (comp->eku_oid_list == NULL) { + ret = ENOMEM; + goto done; + } + for (c = 0; eku_list[c] != NULL; c++) { for (k = 0; ext_key_usage[k].name != NULL; k++) { CM_DEBUG(ctx, "[%s][%s].", eku_list[c], ext_key_usage[k].name); if (strcasecmp(eku_list[c], ext_key_usage[k].name) == 0) { - if (comp->eku_oid_list == NULL) { - comp->eku_oid_list = talloc_zero_array(comp, const char *, - eku_list_size + 1); - if (comp->eku_oid_list == NULL) { - ret = ENOMEM; - goto done; - } - } - comp->eku_oid_list[e] = talloc_strdup(comp->eku_oid_list, ext_key_usage[k].oid); if (comp->eku_oid_list[e] == NULL) { @@ -225,6 +223,11 @@ CM_DEBUG(ctx, "[%s][%s].", eku_list[c], ext_key_usage[k].name); } } + if (e == 0) { + talloc_free(comp->eku_oid_list); + comp->eku_oid_list = NULL; + } + ret = 0; done: diff --git a/src/tests/cmocka/test_certmap.c b/src/tests/cmocka/test_certmap.c index c998443d086eaa72cc2a05c38ddfc5ba590a1ce7..e732bb214476943d0f723b318ab64d3b4156cace 100644 --- a/src/tests/cmocka/test_certmap.c +++ b/src/tests/cmocka/test_certmap.c @@ -445,6 +445,23 @@ static void test_sss_certmap_add_matching_rule(void **state) assert_null( ctx->prio_list->rule_list->parsed_match_rule->eku->eku_oid_list[3]); + ret = sss_certmap_add_rule(ctx, 96, + "KRB5:1.2.3", + NULL, NULL); + assert_int_equal(ret, 0); + assert_non_null(ctx->prio_list); + assert_non_null(ctx->prio_list->rule_list); + assert_non_null(ctx->prio_list->rule_list->parsed_match_rule); + assert_int_equal(ctx->prio_list->rule_list->parsed_match_rule->r, + relation_and); + assert_non_null(ctx->prio_list->rule_list->parsed_match_rule->eku); + assert_true(string_in_list("1.2.3", + discard_const( + ctx->prio_list->rule_list->parsed_match_rule->eku->eku_oid_list), + true)); + assert_null( + ctx->prio_list->rule_list->parsed_match_rule->eku->eku_oid_list[1]); + /* SAN tests */ ret = sss_certmap_add_rule(ctx, 89, "KRB5:abc", NULL, NULL); assert_int_equal(ret, 0); -- 2.13.5