49 lines
1.5 KiB
Diff
49 lines
1.5 KiB
Diff
From 19df6a5d2ed220e6236aa1c921b7abdeba233dd1 Mon Sep 17 00:00:00 2001
|
|
From: Alexey Tikhonov <atikhono@redhat.com>
|
|
Date: Wed, 22 May 2024 21:13:31 +0200
|
|
Subject: [PATCH] SSH: sanity check to please coverity
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Fixes:
|
|
```
|
|
Error: INTEGER_OVERFLOW (CWE-190):
|
|
sssd-2.10.0/src/util/sss_ssh.c:195:13: underflow: The decrement operator on the unsigned variable ""len"" might result in an underflow.
|
|
sssd-2.10.0/src/util/sss_ssh.c:204:9: overflow_sink: ""len"", which might have underflowed, is passed to ""memcpy(out, pubkey->data, len)"". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
# 202| }
|
|
# 203|
|
|
# 204|-> memcpy(out, pubkey->data, len);
|
|
# 205| out[len] = '\0';
|
|
# 206| }
|
|
```
|
|
|
|
Reviewed-by: Alejandro López <allopez@redhat.com>
|
|
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
|
|
|
|
Reference: https://github.com/SSSD/sssd/commit/19df6a5d2ed220e6236aa1c921b7abdeba233dd1
|
|
Conflict: NA
|
|
|
|
---
|
|
src/util/sss_ssh.c | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/src/util/sss_ssh.c b/src/util/sss_ssh.c
|
|
index 9df397873..f9c0918fd 100644
|
|
--- a/src/util/sss_ssh.c
|
|
+++ b/src/util/sss_ssh.c
|
|
@@ -191,6 +191,10 @@ sss_ssh_format_pubkey(TALLOC_CTX *mem_ctx,
|
|
}
|
|
|
|
len = pubkey->data_len;
|
|
+ if (len == 0) {
|
|
+ ret = EINVAL;
|
|
+ goto done;
|
|
+ }
|
|
if (pubkey->data[len - 1] == '\n') {
|
|
len--;
|
|
}
|
|
--
|
|
2.33.0
|
|
|