Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Covscan fixes #5498

Closed
wants to merge 4 commits into from
Closed

Covscan fixes #5498

wants to merge 4 commits into from

Conversation

abbra
Copy link
Contributor

@abbra abbra commented Feb 10, 2021

No description provided.

@abbra
prompt config: fix covscan errors
7a6cc2f 
Covscan is confused by dangling pointers in arrays after freeing. Its
analyzer may decide to visit already visited list elements and since
they weren't NULL-ed, it may consider double-free to happen in the code.

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
@abbra
pam_sss: free env_item when not needed
0f65a39 
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
@abbra
covscan: initialize ret variable before use
2eeb233 
covscan does consider 'ret' unitialized even though
GET_ATTR/GET_ATTR_ARRAY macros have explicit and unconditional
assignment to ret. This is confusing but causing actual failures in
covscan runs.

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
@abbra
covscan: symlink() expects non-NULL second argument
273ff9e 
There are no checks that talloc()-ed symlink file name is not NULL.

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
@abbra abbra mentioned this pull request Feb 10, 2021
Closed
@alexey-tikhonov alexey-tikhonov self-assigned this Feb 10, 2021
alexey-tikhonov
alexey-tikhonov reviewed Feb 17, 2021
View reviewed changes
src/sss_client/pam_sss.c
@@ -1207,6 +1209,9 @@ static int eval_response(pam_handle_t *pamh, size_t buflen, uint8_t *buf,
p += len;

--c;

free(env_item);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably I miss something, but man putenv:

int putenv(char *string);

The string pointed to by string becomes part of the environment, so altering the string changes the environment.

so we shouldn't free it in case we return 'PAM_SUCCESS'?

The question what should we do in case we return 'PAM_BUF_ERR' is more tricky.

alexey-tikhonov
alexey-tikhonov reviewed Feb 17, 2021
View reviewed changes
src/sbus/server/sbus_server.c
if (symlink_filename == NULL) {
return ENOMEM;
}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are no checks that talloc()-ed symlink file name is not NULL.

Strictly speaking, there is a check:

sssd/src/sbus/server/sbus_server.c

Line 99 in 273ff9e

if (symlink == NULL) {

But having additional check here won't hurt. Though IMO it would be more suitable to use 'EINVAL' here.

@alexey-tikhonov
Copy link
Member

Hi @abbra,

thanks again for the patches.

I had a couple of minor remarks/questions (please see inline) and just realized that probably you didn't receive a notification for inline comments...

@abbra
Copy link
Contributor Author

abbra commented Mar 3, 2021

I did receive them but had no time to fix. If you have some time, please feel free to overtake this PR. I don't think I'll have much time until maybe mid March.

@alexey-tikhonov alexey-tikhonov mentioned this pull request Mar 3, 2021
Closed
@alexey-tikhonov
Copy link
Member

Hi @abbra,

3 patches were pushed via #5526

This leaves pam_sss: free env_item when not needed out but I believe corresponding covscan warning is "false positive" and from my point of view patch isn't entirely correct.

I will close this PR. Please open a new one if you still want to propose [another version of] this patch.

@abbra
Copy link
Contributor Author

abbra commented Mar 8, 2021

@alexey-tikhonov thanks for handling this. I am OK with dropping the remaining patch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexey-tikhonov alexey-tikhonov alexey-tikhonov left review comments

Assignees

@alexey-tikhonov alexey-tikhonov

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@abbra @alexey-tikhonov