#719 Potential NULL dereference in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c
Closed: Fixed None Opened 13 years ago by jhrozek.

Assigning: "userpw" = 0.
 393    char *userpw = NULL;

Later on:

At conditional (19): "!bv" taking the false branch.
 564                if (!bv) {
 565                    is_pwd_op = 0;
 566                } else {
Passing null variable "userpw" to function "strncmp", which dereferences it. (Deref assumed on the basis of 'nonnull' parameter attribute.)
 567                    if (0 == strncmp(userpw, bv->bv_val, bv->bv_len) ||
 568                        0 == strncmp(unhashedpw, bv->bv_val, bv->bv_len))
 569                        is_pwd_op = 0;
 570                }
 571            default:
 572                break;
 573            }
 574        }

Metadata Update from @jhrozek:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 2.0 - 2011/01 (cleanup)

7 years ago

Login to comment on this ticket.

Metadata