Improper NULL check in fo_add_srv_server

[sssd-bot]

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/717

• Created at 2010-12-14 14:25:20 by sgallagh
• Closed as Fixed
• Assigned to sbose

---

512 if (fo_is_srv_lookup(server)) {
At conditional (1): "dns_domain == NULL" taking the true branch.
At conditional (2): "server->srv_data->dns_domain == NULL" taking the false branch.
Comparing "dns_domain" to null implies that "dns_domain" might be null.
Passing null variable "dns_domain" to function "strcasecmp", which dereferences it. (Deref assumed on the basis of 'nonnull' parameter attribute.)
513 if (((dns_domain == NULL && server->srv_data->dns_domain == NULL) ||
514 strcasecmp(server->srv_data->dns_domain, dns_domain) == 0) &&
515 strcasecmp(server->srv_data->proto, proto) == 0) {
516 return EEXIST;
517 }

This if statement needs to be broken out more. It's very confusing and is vulnerable to a null dereference if dns_domain was passed in as NULL (which is valid)

Comments

---

Comment from sgallagh at 2010-12-14 15:34:51

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.5.0

---

Comment from sgallagh at 2010-12-15 14:18:35

Fixed by 6ad2d3a

coverity: => 10008
resolution: => fixed
status: new => closed

---

Comment from dpal at 2012-01-19 03:00:31

Fields changed

rhbz: => 0

---

Comment from sgallagh at 2017-02-24 14:32:07

Metadata Update from @sgallagh:

• Issue assigned to sbose
• Issue set to the milestone: SSSD 1.5.0