packages/sssd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
sssd/backport-CLIENT-idmap-fix-coverity-warning.patch
xuraoqing 988a61df65 backport patches to fix bugs 
Signed-off-by: xuraoqing <xuraoqing@huawei.com>
2024-10-25 14:51:11 +08:00

52 lines
2.1 KiB
Diff
Raw Blame History

From 7c913edc84e0201020b5ab770dd0823911387781 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Wed, 22 May 2024 20:19:05 +0200
Subject: [PATCH] CLIENT:idmap: fix coverity warning
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fixes following issue:
```
"Error: INTEGER_OVERFLOW (CWE-190):
sssd-2.10.0/src/sss_client/idmap/sss_nss_idmap.c:306:5: tainted_data_argument: The value returned in ""replen"" is considered tainted.
sssd-2.10.0/src/sss_client/idmap/sss_nss_idmap.c:331:5: overflow: The expression ""replen - 12UL"" might be negative, but is used in a context that treats it as unsigned.
sssd-2.10.0/src/sss_client/idmap/sss_nss_idmap.c:331:5: assign: Assigning: ""data_len"" = ""replen - 12UL"".
sssd-2.10.0/src/sss_client/idmap/sss_nss_idmap.c:347:9: overflow: The expression ""1UL * data_len"" is deemed underflowed because at least one of its arguments has underflowed.
sssd-2.10.0/src/sss_client/idmap/sss_nss_idmap.c:347:9: overflow_sink: ""1UL * data_len"", which might have underflowed, is passed to ""malloc(1UL * data_len)"".
# 345| }
# 346|
# 347|-> str = malloc(sizeof(char) * data_len);
# 348| if (str == NULL) {
# 349| ret = ENOMEM;"
```
Reviewed-by: Alejandro López <allopez@redhat.com>
Reference: https://github.com/SSSD/sssd/commit/7c913edc84e0201020b5ab770dd0823911387781
Conflict: NA
---
src/sss_client/idmap/sss_nss_idmap.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/sss_client/idmap/sss_nss_idmap.c b/src/sss_client/idmap/sss_nss_idmap.c
index 575d03057..604933c6d 100644
--- a/src/sss_client/idmap/sss_nss_idmap.c
+++ b/src/sss_client/idmap/sss_nss_idmap.c
@@ -324,6 +324,11 @@ static int sss_nss_getyyybyxxx(union input inp, enum sss_cli_command cmd,
goto done;
}
+ if (replen < DATA_START) { /* make sure 'type' is present */
+ ret = EBADMSG;
+ goto done;
+ }
+
/* Skip first two 32 bit values (number of results and
* reserved padding) */
SAFEALIGN_COPY_UINT32(&out->type, repbuf + 2 * sizeof(uint32_t), NULL);
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink