Learn more about these different git repos.
Other Git URLs
78 do { 79 ret = _sss_getautomntent_r(&key, &value, ctx); At conditional (2): "ret == 0" taking the true branch. 80 if (ret == 0) { CID 12583: Use after free (USE_AFTER_FREE) [select defect] CID 12584: Use after free (USE_AFTER_FREE)Passing freed pointer "value" as an argument to function "printf". 81 printf("key: %s\t\tvalue: %s\n", key, value); 82 } CID 12583: Double free (USE_AFTER_FREE) [select defect] 83 free(key); CID 12584: Double free (USE_AFTER_FREE) [select defect] "free" frees "value". 84 free(value); At conditional (1): "ret == 0" taking the true branch. 85 } while(ret == 0);
We should move the "free" calls to the "if (ret == 0)" branch only.
Setting priority to trivial - this only affects the test CLI tool.
Fields changed
keywords: => Coverity
component: SSSD => AutoFS Responder owner: somebody => jhrozek patch: 0 => 1
milestone: NEEDS_TRIAGE => SSSD 1.8.1 (LTM) rhbz: => 0
resolution: => fixed status: new => closed
These two issues are still being reported by Coverity scans:
75 if (!pc_key) { 76 key = NULL; 77 value = NULL; 78 do { 79 ret = _sss_getautomntent_r(&key, &value, ctx); At conditional (2): "ret == 0" taking the true branch. 80 if (ret == 0) { CID 12583: Use after free (USE_AFTER_FREE) [select defect] CID 12584: Use after free (USE_AFTER_FREE)Passing freed pointer "value" as an argument to function "printf". 81 printf("key: %s\t\tvalue: %s\n", key, value); 82 free(key); "free" frees "value". 83 free(value); 84 } At conditional (1): "ret == 0" taking the true branch. 85 } while(ret == 0); 86 87 if (ret != 0 && ret != ENOENT) { 88 fprintf(stderr, "getautomntent_r failed [%d]: %s\n", 89 ret, strerror(ret)); 90 exit(EXIT_FAILURE); 91 }
and
75 if (!pc_key) { 76 key = NULL; 77 value = NULL; 78 do { 79 ret = _sss_getautomntent_r(&key, &value, ctx); At conditional (2): "ret == 0" taking the true branch. 80 if (ret == 0) { CID 12584: Use after free (USE_AFTER_FREE) [select defect] CID 12583: Use after free (USE_AFTER_FREE)Passing freed pointer "key" as an argument to function "printf". 81 printf("key: %s\t\tvalue: %s\n", key, value); "free" frees "key". 82 free(key); 83 free(value); 84 } At conditional (1): "ret == 0" taking the true branch. 85 } while(ret == 0); 86 87 if (ret != 0 && ret != ENOENT) { 88 fprintf(stderr, "getautomntent_r failed [%d]: %s\n", 89 ret, strerror(ret)); 90 exit(EXIT_FAILURE); 91 }
resolution: fixed => status: closed => reopened
milestone: SSSD 1.8.1 (LTM) => SSSD 1.8.2 (LTM)
status: reopened => new
A second attempt is one the list.
status: new => assigned
resolution: => fixed status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.8.2 (LTM)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2279
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.