Issue #1231: Use of unininitialized value in sss_sudo_parse_response - sssd

SSSD / sssd

#1231 Use of unininitialized value in sss_sudo_parse_response

Closed: Fixed None Opened 12 years ago by sgallagh.

 51int sss_sudo_parse_response(const char *message,
 52                            size_t message_len,
 53                            struct sss_sudo_result **_result,
 54                            uint32_t *_error)
 55{
CID 12582: Uninitialized pointer read (UNINIT)Declaring variable "result".
 56    struct sss_sudo_result *result = NULL;
 57    size_t cursor = 0;
 58    int ret = EOK;
 59    int i = 0;
 60
 61    /* error code */
 62    ret = sss_sudo_parse_uint32(message, message_len, &cursor, _error);
At conditional (1): "ret != 0" taking the false branch.
At conditional (2): "*_error != 0U" taking the false branch.
 63    if (ret != EOK || *_error != SSS_SUDO_ERROR_OK) {
 64        return ret;
 65    }
 66
 67    /* result */
Assigning: "result" = "malloc(16UL)", which is allocated but not initialized.
 68    result = malloc(sizeof(struct sss_sudo_result));
At conditional (3): "result == NULL" taking the false branch.
 69    if (result == NULL) {
 70        return ENOMEM;
 71    }
 72
 73    /* rules_num */
 74    ret = sss_sudo_parse_uint32(message, message_len,
 75                                &cursor, &result->num_rules);
At conditional (4): "ret != 0" taking the true branch.
 76    if (ret != EOK) {
 77        goto fail;
 78    }
 79
 80    /* rules */
 81    result->rules = calloc(result->num_rules, sizeof(struct sss_sudo_rule));
 82    if (result->rules == NULL) {
 83        ret = ENOMEM;
 84        goto fail;
 85    }
 86
 87    for (i = 0; i < result->num_rules; i++) {
 88        ret = sss_sudo_parse_rule(message, message_len,
 89                                  &cursor, &result->rules[i]);
 90        if (ret != EOK) {
 91            goto fail;
 92        }
 93    }
 94
 95    *_result = result;
 96
 97    return EOK;
 98
 99fail:
Using uninitialized value "result->rules" when calling "sss_sudo_free_result". [show details]
100    sss_sudo_free_result(result);
101    return ret;
102}

sgallagh commented 12 years ago

We should probably memset the {{{struct sss_sudo_result}}} to zero.

sgallagh commented 12 years ago

Fields changed

priority: minor => trivial

dpal commented 12 years ago

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.0
rhbz: => 0

pbrezina commented 12 years ago

Fields changed

patch: 0 => 1

pbrezina commented 12 years ago

Fields changed

owner: somebody => pbrezina
status: new => assigned

sgallagh commented 12 years ago

Fixed by:
- a24f7f1 (master)
- c91cb8b (sssd-1-8)

milestone: SSSD 1.9.0 => SSSD 1.8.1 (LTM)
resolution: => fixed
status: assigned => closed

Metadata Update from @sgallagh:
- Issue assigned to pbrezina
- Issue set to the milestone: SSSD 1.8.1 (LTM)

7 years ago

pbrezina commented 4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2273

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata

Assignee

pbrezina

Tags

None

Blocking

None

Depending on

None

Priority

trivial

Milestone

SSSD 1.8.1 (LTM)

type

defect

component

SUDO Responder

version

1.8.0

selected

None

testsupdated

patch

rhbz

design_review

None

review

None

changelog

None

keywords

Coverity

coverity

12582

mark

None

blocking

None

design

None

sensitive

None

blockedby

None

feature_milestone

None

SSSD / sssd

Source Code

Documentation

#1231 Use of unininitialized value in sss_sudo_parse_response Closed: Fixed None Opened 12 years ago by sgallagh.

Metadata

#1231 Use of unininitialized value in sss_sudo_parse_response

Closed: Fixed None Opened 12 years ago by sgallagh.