Discovered by Coverity scan
Bugs:
ipa_pwd_extop.c:
int ipapwd_init( Slapi_PBlock *pb ) 1265{ 1266 int ret; 1267 1268 /* Get the arguments appended to the plugin extendedop directive. The first argument 1269 * (after the standard arguments for the directive) should contain the OID of the 1270 * extended operation. */ 1271 1272 ret = slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY, &ipapwd_plugin_id); At conditional (1): "ret != 0" taking the false branch. At conditional (2): "NULL == ipapwd_plugin_id" taking the false branch. 1273 if ((ret != 0) || (NULL == ipapwd_plugin_id)) { 1274 LOG("Could not get identity or identity was NULL\n"); 1275 return -1; 1276 } 1277 At conditional (3): "ipapwd_ext_init() != 0" taking the false branch. 1278 if (ipapwd_ext_init() != 0) { 1279 LOG("Object Extension Operation failed\n"); 1280 return -1; 1281 } 1282 1283 /* Register the plug-in function as an extended operation 1284 * plug-in function that handles the operation identified by 1285 * OID 1.3.6.1.4.1.4203.1.11.1 . Also specify the version of the server 1286 * plug-in */ 1287 ret = slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_01); At conditional (4): "!ret" taking the true branch. 1288 if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN, (void *)ipapwd_start); At conditional (5): "!ret" taking the true branch. 1289 if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&ipapwd_plugin_desc); At conditional (6): "!ret" taking the true branch. 1290 if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_OIDLIST, ipapwd_oid_list); At conditional (7): "!ret" taking the true branch. 1291 if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_NAMELIST, ipapwd_name_list); At conditional (8): "!ret" taking the true branch. CID 10745: Unchecked return value (CHECKED_RETURN) Calling function "slapi_pblock_set" without checking return value (as is done elsewhere 72 out of 77 times). No check of the return value of "slapi_pblock_set(pb, 300, (void *)ipapwd_extop)". 1292 if (!ret) slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_FN, (void *)ipapwd_extop); 1293 if (ret) { 1294 LOG("Failed to set plug-in version, function, and OID.\n" ); 1295 return -1; 1296 } 1297 static int ipapwd_chpwop(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) 143{ 144 char *bindDN = NULL; 145 char *authmethod = NULL; 146 char *dn = NULL; 147 char *oldPasswd = NULL; 148 char *newPasswd = NULL; 149 char *errMesg = NULL; 150 int ret=0, rc=0, is_root=0; 151 ber_tag_t tag=0; 152 ber_len_t len=-1; 153 struct berval *extop_value = NULL; 154 BerElement *ber = NULL; 155 Slapi_Entry *targetEntry=NULL; 156 Slapi_Value *objectclass=NULL; 157 char *attrlist[] = {"*", "passwordHistory", NULL }; 158 struct ipapwd_data pwdata; 159 int is_krb, is_smb; 160 char *principal = NULL; 161 162 /* Get the ber value of the extended operation */ 163 slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &extop_value); 164 At conditional (1): "extop_value == NULL" taking the true branch. 165 if (extop_value == NULL || 166 (extop_value->bv_len == 0 || extop_value->bv_val == NULL)) { 167 errMesg = "PasswdModify Request empty.\n"; 168 rc = LDAP_UNWILLING_TO_PERFORM; 169 goto free_and_return; 170 } 171 172 if ((ber = ber_init(extop_value)) == NULL) 173 { 174 errMesg = "PasswdModify Request decode failed.\n"; 175 rc = LDAP_PROTOCOL_ERROR; 176 goto free_and_return; 177 } ... 490 LOG_TRACE("<= result: %d\n", rc); 491 492 if (pwdata.changetype == IPA_CHANGETYPE_NORMAL) { 493 principal = slapi_entry_attr_get_charptr(pwdata.target, 494 "krbPrincipalName"); 495 } else { 496 principal = slapi_ch_smprintf("root/admin@%s", krbcfg->realm); 497 } 498 ipapwd_set_extradata(pwdata.dn, principal, pwdata.timeNow); 499 500 /* Free anything that we allocated above */ 501free_and_return: 502 slapi_ch_free_string(&oldPasswd); 503 slapi_ch_free_string(&newPasswd); 504 /* Either this is the same pointer that we allocated and set above, 505 * or whoever used it should have freed it and allocated a new 506 * value that we need to free here */ 507 slapi_pblock_get(pb, SLAPI_ORIGINAL_TARGET, &dn); 508 slapi_ch_free_string(&dn); CID 10743: Unchecked return value (CHECKED_RETURN) Calling function "slapi_pblock_set" without checking return value (as is done elsewhere 72 out of 77 times). No check of the return value of "slapi_pblock_set(pb, 109, NULL)". 509 slapi_pblock_set(pb, SLAPI_ORIGINAL_TARGET, NULL); 510 slapi_ch_free_string(&authmethod); 511 slapi_ch_free_string(&principal); 512 513 if (targetEntry) slapi_entry_free(targetEntry);
ipa_enrollment.c:
int 429ipaenrollment_init(Slapi_PBlock *pb) 430{ 431 int ret; 432 433 /* Get the arguments appended to the plugin extendedop directive 434 * in the plugin entry. The first argument 435 * (after the standard arguments for the directive) should 436 * contain the OID of the extended op. 437 */ 438 439 ret = slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY, &ipaenrollment_plugin_id); At conditional (1): "ret != 0" taking the false branch. At conditional (2): "NULL == ipaenrollment_plugin_id" taking the false branch. 440 if ((ret != 0) || (NULL == ipaenrollment_plugin_id)) { 441 LOG("Could not get identity or identity was NULL\n"); 442 return -1; 443 } 444 445 LOG("Registering plug-in for extended op.\n"); 446 447 /* Register the plug-in function as an extended operation 448 plug-in function. */ Assigning: "ret" = return value from "slapi_pblock_set(pb, 8, "01")". 449 ret = slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_01); At conditional (3): "!ret" taking the true branch. "ret" has its value checked in "ret". 450 if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN, (void *)ipaenrollment_start); At conditional (4): "!ret" taking the true branch. 451 if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&pdesc); At conditional (5): "!ret" taking the true branch. 452 if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_OIDLIST, ipaenrollment_oid_list); At conditional (6): "!ret" taking the true branch. 453 if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_NAMELIST, ipaenrollment_name_list); At conditional (7): "!ret" taking the true branch. CID 10742: Unchecked return value (CHECKED_RETURN) Calling function "slapi_pblock_set" without checking return value (as is done elsewhere 72 out of 77 times). No check of the return value of "slapi_pblock_set(pb, 300, (void *)ipaenrollment_extop)". 454 if (!ret) slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_FN, (void *)ipaenrollment_extop); 455 456 if (ret) { 457 LOG("Failed to set plug-in version, function, and OID.\n"); 458 return -1; 459 }
Fixed in master: 8276d5d 7cca50e e615bea
Metadata Update from @mkosek: - Issue assigned to simo - Issue set to the milestone: FreeIPA 3.0 Core Effort - 2011/11
Login to comment on this ticket.