freeipa

Clone
Source Code
GIT

#2036 Fix coverity bugs in server daemons
Closed: Fixed None Opened 12 years ago by mkosek.

Closed: Fixed
Reopen Issue

Discovered by Coverity scan

Bugs:

ipa_pwd_extop.c:

int ipapwd_init( Slapi_PBlock *pb )
1265{
1266    int ret;
1267
1268    /* Get the arguments appended to the plugin extendedop directive. The first argument
1269     * (after the standard arguments for the directive) should contain the OID of the
1270     * extended operation. */
1271
1272    ret = slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY, &ipapwd_plugin_id);
At conditional (1): "ret != 0" taking the false branch.
At conditional (2): "NULL == ipapwd_plugin_id" taking the false branch.
1273    if ((ret != 0) || (NULL == ipapwd_plugin_id)) {
1274        LOG("Could not get identity or identity was NULL\n");
1275        return -1;
1276    }
1277
At conditional (3): "ipapwd_ext_init() != 0" taking the false branch.
1278    if (ipapwd_ext_init() != 0) {
1279        LOG("Object Extension Operation failed\n");
1280        return -1;
1281    }
1282
1283    /* Register the plug-in function as an extended operation
1284     * plug-in function that handles the operation identified by
1285     * OID 1.3.6.1.4.1.4203.1.11.1 .  Also specify the version of the server
1286     * plug-in */
1287    ret = slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_01);
At conditional (4): "!ret" taking the true branch.
1288    if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN, (void *)ipapwd_start);
At conditional (5): "!ret" taking the true branch.
1289    if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&ipapwd_plugin_desc);
At conditional (6): "!ret" taking the true branch.
1290    if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_OIDLIST, ipapwd_oid_list);
At conditional (7): "!ret" taking the true branch.
1291    if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_NAMELIST, ipapwd_name_list);
At conditional (8): "!ret" taking the true branch.
CID 10745: Unchecked return value (CHECKED_RETURN)
Calling function "slapi_pblock_set" without checking return value (as is done elsewhere 72 out of 77 times).
No check of the return value of "slapi_pblock_set(pb, 300, (void *)ipapwd_extop)".
1292    if (!ret) slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_FN, (void *)ipapwd_extop);
1293    if (ret) {
1294        LOG("Failed to set plug-in version, function, and OID.\n" );
1295        return -1;
1296    }
1297




static int ipapwd_chpwop(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg)
 143{
 144        char            *bindDN = NULL;
 145        char            *authmethod = NULL;
 146        char            *dn = NULL;
 147        char            *oldPasswd = NULL;
 148        char            *newPasswd = NULL;
 149        char            *errMesg = NULL;
 150        int             ret=0, rc=0, is_root=0;
 151        ber_tag_t       tag=0;
 152        ber_len_t       len=-1;
 153        struct berval   *extop_value = NULL;
 154        BerElement      *ber = NULL;
 155        Slapi_Entry *targetEntry=NULL;
 156        Slapi_Value *objectclass=NULL;
 157        char *attrlist[] = {"*", "passwordHistory", NULL };
 158        struct ipapwd_data pwdata;
 159        int is_krb, is_smb;
 160    char *principal = NULL;
 161
 162        /* Get the ber value of the extended operation */
 163        slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &extop_value);
 164
At conditional (1): "extop_value == NULL" taking the true branch.
 165    if (extop_value == NULL ||
 166        (extop_value->bv_len == 0 || extop_value->bv_val == NULL)) {
 167        errMesg = "PasswdModify Request empty.\n";
 168        rc = LDAP_UNWILLING_TO_PERFORM;
 169        goto free_and_return;
 170    }
 171
 172        if ((ber = ber_init(extop_value)) == NULL)
 173        {
 174                errMesg = "PasswdModify Request decode failed.\n";
 175                rc = LDAP_PROTOCOL_ERROR;
 176                goto free_and_return;
 177        }
...
 490        LOG_TRACE("<= result: %d\n", rc);
 491
 492    if (pwdata.changetype == IPA_CHANGETYPE_NORMAL) {
 493        principal = slapi_entry_attr_get_charptr(pwdata.target,
 494                                                 "krbPrincipalName");
 495    } else {
 496        principal = slapi_ch_smprintf("root/admin@%s", krbcfg->realm);
 497    }
 498    ipapwd_set_extradata(pwdata.dn, principal, pwdata.timeNow);
 499
 500        /* Free anything that we allocated above */
 501free_and_return:
 502        slapi_ch_free_string(&oldPasswd);
 503        slapi_ch_free_string(&newPasswd);
 504        /* Either this is the same pointer that we allocated and set above,
 505         * or whoever used it should have freed it and allocated a new
 506         * value that we need to free here */
 507        slapi_pblock_get(pb, SLAPI_ORIGINAL_TARGET, &dn);
 508        slapi_ch_free_string(&dn);
CID 10743: Unchecked return value (CHECKED_RETURN)
Calling function "slapi_pblock_set" without checking return value (as is done elsewhere 72 out of 77 times).
No check of the return value of "slapi_pblock_set(pb, 109, NULL)".
 509        slapi_pblock_set(pb, SLAPI_ORIGINAL_TARGET, NULL);
 510        slapi_ch_free_string(&authmethod);
 511    slapi_ch_free_string(&principal);
 512
 513        if (targetEntry) slapi_entry_free(targetEntry);

ipa_enrollment.c:

int
429ipaenrollment_init(Slapi_PBlock *pb)
430{
431    int ret;
432
433    /* Get the arguments appended to the plugin extendedop directive
434     * in the plugin entry.  The first argument
435     * (after the standard arguments for the directive) should
436     * contain the OID of the extended op.
437    */
438
439    ret = slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY, &ipaenrollment_plugin_id);
At conditional (1): "ret != 0" taking the false branch.
At conditional (2): "NULL == ipaenrollment_plugin_id" taking the false branch.
440    if ((ret != 0) || (NULL == ipaenrollment_plugin_id)) {
441        LOG("Could not get identity or identity was NULL\n");
442        return -1;
443    }
444
445    LOG("Registering plug-in for extended op.\n");
446
447    /* Register the plug-in function as an extended operation
448       plug-in function. */
Assigning: "ret" = return value from "slapi_pblock_set(pb, 8, "01")".
449    ret = slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_01);
At conditional (3): "!ret" taking the true branch.
"ret" has its value checked in "ret".
450    if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN, (void *)ipaenrollment_start);
At conditional (4): "!ret" taking the true branch.
451    if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&pdesc);
At conditional (5): "!ret" taking the true branch.
452    if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_OIDLIST, ipaenrollment_oid_list);
At conditional (6): "!ret" taking the true branch.
453    if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_NAMELIST, ipaenrollment_name_list);
At conditional (7): "!ret" taking the true branch.
CID 10742: Unchecked return value (CHECKED_RETURN)
Calling function "slapi_pblock_set" without checking return value (as is done elsewhere 72 out of 77 times).
No check of the return value of "slapi_pblock_set(pb, 300, (void *)ipaenrollment_extop)".
454    if (!ret) slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_FN, (void *)ipaenrollment_extop);
455
456    if (ret) {
457        LOG("Failed to set plug-in version, function, and OID.\n");
458        return -1;
459    }

Fixed in master:
8276d5d
7cca50e
e615bea

Metadata Update from @mkosek:
- Issue assigned to simo
- Issue set to the milestone: FreeIPA 3.0 Core Effort - 2011/11
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
IPA
None
1
None
None
None
None
0
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.