[Freeipa-devel] [PATCHES 151-153] ipasam: fix wrong usage of talloc_new()
Sumit Bose
sbose at redhat.com
Wed Nov 18 11:45:46 UTC 2015
Hi,
please find attached 3 small patches for ipasam. The first fixes
https://fedorahosted.org/freeipa/ticket/5457 . The second is related
because if the compat tree is enabled the lookup will still fails
because the group is found twice.
The third patch fixes an issue valgrind found while I was checking the
other issue.
bye,
Sumit
-------------- next part --------------
From 8b4025136271f158ae50172cdbc6dca4fbe2ee65 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose at redhat.com>
Date: Wed, 18 Nov 2015 12:29:43 +0100
Subject: [PATCH 151/153] ipasam: fix wrong usage of talloc_new()
Fixes https://fedorahosted.org/freeipa/ticket/5457
---
daemons/ipa-sam/ipa_sam.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c
index 96452302f31e7a102b0ae2c17f343c75014b987b..37b5cf9140b9507e189363bff4c56cb33a82a89b 100644
--- a/daemons/ipa-sam/ipa_sam.c
+++ b/daemons/ipa-sam/ipa_sam.c
@@ -3029,7 +3029,7 @@ static int ipasam_get_sid_by_gid(struct ldapsam_privates *ldap_state,
enum idmap_error_code err;
struct unixid id;
- tmp_ctx = talloc_new("ipasam_get_sid_by_gid");
+ tmp_ctx = talloc_init("ipasam_get_sid_by_gid");
if (tmp_ctx == NULL) {
return ENOMEM;
}
--
2.4.3
-------------- next part --------------
From deea949d98bff62493dd9048f0de3b5986103534 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose at redhat.com>
Date: Wed, 18 Nov 2015 12:31:26 +0100
Subject: [PATCH 152/153] ipasam: use more restrictive search filter for group
lookup
Since we are interested in looking up the SID of a group it makes sense
to include the objectclass which contains the SID attribute in the
search filter. This makes sure the group is not accidentally found a
second time in the compat tree.
Related to https://fedorahosted.org/freeipa/ticket/5457
---
daemons/ipa-sam/ipa_sam.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c
index 37b5cf9140b9507e189363bff4c56cb33a82a89b..60e73374df6c3e1cda8287069bc062101439fc64 100644
--- a/daemons/ipa-sam/ipa_sam.c
+++ b/daemons/ipa-sam/ipa_sam.c
@@ -3034,9 +3034,11 @@ static int ipasam_get_sid_by_gid(struct ldapsam_privates *ldap_state,
return ENOMEM;
}
- filter = talloc_asprintf(tmp_ctx, "(&(%s=%s)(%s=%lu))",
+ filter = talloc_asprintf(tmp_ctx, "(&(%s=%s)(%s=%s)(%s=%lu))",
LDAP_ATTRIBUTE_OBJECTCLASS,
LDAP_OBJ_POSIXGROUP,
+ LDAP_ATTRIBUTE_OBJECTCLASS,
+ LDAP_OBJ_GROUPMAP,
LDAP_ATTRIBUTE_GIDNUMBER,
(unsigned long) gid);
if (filter == NULL) {
--
2.4.3
-------------- next part --------------
From 08195df7a456cacd6438b8e75be8dc215c6c780c Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose at redhat.com>
Date: Wed, 18 Nov 2015 12:34:49 +0100
Subject: [PATCH 153/153] ipasam: fix a use-after-free issue
Since endptr points to a location inside of dummy, dummy should be freed
only after dereferencing endptr.
---
daemons/ipa-sam/ipa_sam.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c
index 60e73374df6c3e1cda8287069bc062101439fc64..c51316757a80994a3992ab29f52e21b5a2c5673c 100644
--- a/daemons/ipa-sam/ipa_sam.c
+++ b/daemons/ipa-sam/ipa_sam.c
@@ -2105,11 +2105,12 @@ static bool get_uint32_t_from_ldap_msg(struct ldapsam_privates *ldap_state,
}
l = strtoul(dummy, &endptr, 10);
- TALLOC_FREE(dummy);
if (l < 0 || l > UINT32_MAX || *endptr != '\0') {
+ TALLOC_FREE(dummy);
return false;
}
+ TALLOC_FREE(dummy);
*val = l;
--
2.4.3
More information about the Freeipa-devel
mailing list