Learn more about these different git repos.
Other Git URLs
Found by Coverity. The pointer "res" is used uninitialized. It looks like a typo and should have been "dom_res". (line 1314)
1276int sysdb_upgrade_13(struct sysdb_ctx *sysdb, const char **ver) 1277{ 1278 struct upgrade_ctx *ctx; 1279 struct ldb_result *dom_res; CID 13113: Uninitialized pointer read (UNINIT)Declaring variable "res" without initializer. 1280 struct ldb_result *res; 1281 struct ldb_dn *basedn; 1282 const char *attrs[] = { "cn", "name", NULL }; 1283 const char *tmp_str; 1284 errno_t ret; 1285 int i, j, l, n; 1286 1287 ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_14, &ctx); At conditional (1): "ret" taking the false branch. 1288 if (ret) { 1289 return ret; 1290 } 1291 1292 basedn = ldb_dn_new(ctx, sysdb->ldb, SYSDB_BASE); At conditional (2): "!basedn" taking the false branch. 1293 if (!basedn) { 1294 DEBUG(SSSDBG_OP_FAILURE, ("Failed to build base dn\n")); 1295 ret = EIO; 1296 goto done; 1297 } 1298 1299 ret = ldb_search(sysdb->ldb, ctx, &dom_res, 1300 basedn, LDB_SCOPE_ONELEVEL, 1301 attrs, "objectclass=%s", SYSDB_SUBDOMAIN_CLASS); At conditional (3): "ret != 0" taking the false branch. 1302 if (ret != LDB_SUCCESS) { 1303 DEBUG(SSSDBG_OP_FAILURE, ("Failed to search subdomains\n")); 1304 ret = EIO; 1305 goto done; 1306 } 1307 At conditional (4): "i < dom_res->count" taking the true branch. 1308 for (i = 0; i < dom_res->count; i++) { 1309 1310 tmp_str = ldb_msg_find_attr_as_string(dom_res->msgs[i], "cn", NULL); At conditional (5): "tmp_str == NULL" taking the true branch. 1311 if (tmp_str == NULL) { At conditional (6): "debug_level & __debug_macro_newlevel" taking the true branch. At conditional (7): "debug_timestamps" taking the true branch. At conditional (8): "debug_microseconds" taking the true branch. Using uninitialized value "res". 1312 DEBUG(SSSDBG_MINOR_FAILURE, 1313 ("The object [%s] doesn't have a name\n", 1314 ldb_dn_get_linearized(res->msgs[i]->dn))); 1315 continue; 1316 }
Fields changed
description: Found by Coverity. The pointer "res" is used uninitialized. It looks like a typo and should have been "dom_res". (line 1314)
1276int sysdb_upgrade_13(struct sysdb_ctx sysdb, const char ver) 1277{ 1278 struct upgrade_ctx ctx; 1279 struct ldb_result dom_res; CID 13113: Uninitialized pointer read (UNINIT)Declaring variable "res" without initializer. 1280 struct ldb_result res; 1281 struct ldb_dn basedn; 1282 const char attrs[] = { "cn", "name", NULL }; 1283 const char tmp_str; 1284 errno_t ret; 1285 int i, j, l, n; 1286 1287 ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_14, &ctx); At conditional (1): "ret" taking the false branch. 1288 if (ret) { 1289 return ret; 1290 } 1291 1292 basedn = ldb_dn_new(ctx, sysdb->ldb, SYSDB_BASE); At conditional (2): "!basedn" taking the false branch. 1293 if (!basedn) { 1294 DEBUG(SSSDBG_OP_FAILURE, ("Failed to build base dn\n")); 1295 ret = EIO; 1296 goto done; 1297 } 1298 1299 ret = ldb_search(sysdb->ldb, ctx, &dom_res, 1300 basedn, LDB_SCOPE_ONELEVEL, 1301 attrs, "objectclass=%s", SYSDB_SUBDOMAIN_CLASS); At conditional (3): "ret != 0" taking the false branch. 1302 if (ret != LDB_SUCCESS) { 1303 DEBUG(SSSDBG_OP_FAILURE, ("Failed to search subdomains\n")); 1304 ret = EIO; 1305 goto done; 1306 } 1307 At conditional (4): "i < dom_res->count" taking the true branch. 1308 for (i = 0; i < dom_res->count; i++) { 1309 1310 tmp_str = ldb_msg_find_attr_as_string(dom_res->msgs[i], "cn", NULL); At conditional (5): "tmp_str == NULL" taking the true branch. 1311 if (tmp_str == NULL) { At conditional (6): "debug_level & __debug_macro_newlevel" taking the true branch. At conditional (7): "debug_timestamps" taking the true branch. At conditional (8): "debug_microseconds" taking the true branch. Using uninitialized value "res". 1312 DEBUG(SSSDBG_MINOR_FAILURE, 1313 ("The object [%s] doesn't have a name\n", 1314 ldb_dn_get_linearized(res->msgs[i]->dn))); 1315 continue; 1316 } => Found by Coverity. The pointer "res" is used uninitialized. It looks like a typo and should have been "dom_res". (line 1314) {{{ 1276int sysdb_upgrade_13(struct sysdb_ctx *sysdb, const char ver) 1277{ 1278 struct upgrade_ctx ctx; 1279 struct ldb_result dom_res; CID 13113: Uninitialized pointer read (UNINIT)Declaring variable "res" without initializer. 1280 struct ldb_result res; 1281 struct ldb_dn basedn; 1282 const char attrs[] = { "cn", "name", NULL }; 1283 const char *tmp_str; 1284 errno_t ret; 1285 int i, j, l, n; 1286 1287 ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_14, &ctx); At conditional (1): "ret" taking the false branch. 1288 if (ret) { 1289 return ret; 1290 } 1291 1292 basedn = ldb_dn_new(ctx, sysdb->ldb, SYSDB_BASE); At conditional (2): "!basedn" taking the false branch. 1293 if (!basedn) { 1294 DEBUG(SSSDBG_OP_FAILURE, ("Failed to build base dn\n")); 1295 ret = EIO; 1296 goto done; 1297 } 1298 1299 ret = ldb_search(sysdb->ldb, ctx, &dom_res, 1300 basedn, LDB_SCOPE_ONELEVEL, 1301 attrs, "objectclass=%s", SYSDB_SUBDOMAIN_CLASS); At conditional (3): "ret != 0" taking the false branch. 1302 if (ret != LDB_SUCCESS) { 1303 DEBUG(SSSDBG_OP_FAILURE, ("Failed to search subdomains\n")); 1304 ret = EIO; 1305 goto done; 1306 } 1307 At conditional (4): "i < dom_res->count" taking the true branch. 1308 for (i = 0; i < dom_res->count; i++) { 1309 1310 tmp_str = ldb_msg_find_attr_as_string(dom_res->msgs[i], "cn", NULL); At conditional (5): "tmp_str == NULL" taking the true branch. 1311 if (tmp_str == NULL) { At conditional (6): "debug_level & __debug_macro_newlevel" taking the true branch. At conditional (7): "debug_timestamps" taking the true branch. At conditional (8): "debug_microseconds" taking the true branch. Using uninitialized value "res". 1312 DEBUG(SSSDBG_MINOR_FAILURE, 1313 ("The object [%s] doesn't have a name\n", 1314 ldb_dn_get_linearized(res->msgs[i]->dn))); 1315 continue; 1316 } }}}
owner: somebody => mzidek
patch: 0 => 1
milestone: NEEDS_TRIAGE => SSSD 1.8.6 resolution: => fixed status: new => closed
rhbz: => 0
Metadata Update from @mzidek: - Issue assigned to mzidek - Issue set to the milestone: SSSD 1.8.6 (LTM)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2715
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.