[Freeipa-devel] FYI pushed patch was:[Fwd: server/responder]
Stephen Gallagher
sgallagh at redhat.com
Mon Apr 13 14:31:06 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Simo Sorce wrote:
> I pushed this patch to be able to release 0.3.0 today.
> It's tested and fixes clear segfaults.
>
> Simo.
>
> -------- Forwarded Message --------
> From: Simo Sorce <simo at fedoraproject.org>
> To: gitsssd-members at fedoraproject.org
> Subject: server/responder
> Date: Mon, 13 Apr 2009 14:18:58 +0000 (UTC)
>
> server/responder/nss/nsssrv_cmd.c | 29 ++++++++++++++++++++---------
> 1 file changed, 20 insertions(+), 9 deletions(-)
>
> New commits:
> commit d497830d687951be2d49df1a9fa3cce57268670f
> Author: Simo Sorce <ssorce at redhat.com>
> Date: Mon Apr 13 10:15:50 2009 -0400
>
> Fix segfaults when passing an unknown domain
>
> Also setting dctx->domain to NULL is a recipe for segfaults :-)
> Assign dctx->domain only when dom actually holds a domain pointer.
>
> diff --git a/server/responder/nss/nsssrv_cmd.c b/server/responder/nss/nsssrv_cmd.c
> index 3531421..f5555ed 100644
> --- a/server/responder/nss/nsssrv_cmd.c
> +++ b/server/responder/nss/nsssrv_cmd.c
> @@ -88,6 +88,8 @@ static struct sss_domain_info *nss_get_dom(struct sss_domain_info *doms,
> for (dom = doms; dom; dom = dom->next) {
> if (strcasecmp(dom->name, domain) == 0) break;
> }
> + if (!dom) DEBUG(2, ("Unknown domain [%s]!\n", domain));
> +
> return dom;
> }
>
> @@ -340,8 +342,6 @@ static void nss_cmd_getpwnam_callback(void *ptr, int status,
> /* reset neghit if we still have a domain to check */
> if (dom) neghit = false;
>
> - dctx->domain = dom;
> -
> if (neghit) {
> DEBUG(2, ("User [%s] does not exist! (negative cache)\n",
> cmdctx->name));
> @@ -354,6 +354,7 @@ static void nss_cmd_getpwnam_callback(void *ptr, int status,
> }
>
> if (ret == EOK) {
> + dctx->domain = dom;
> dctx->check_provider = (dctx->domain->provider != NULL);
> if (dctx->res) talloc_free(res);
> dctx->res = NULL;
> @@ -519,6 +520,10 @@ static int nss_cmd_getpwnam(struct cli_ctx *cctx)
>
> if (domname) {
> dctx->domain = nss_get_dom(cctx->rctx->domains, domname);
> + if (!dctx->domain) {
> + ret = ENOENT;
> + goto done;
> + }
>
> /* verify this user has not yet been negatively cached,
> * or has been permanently filtered */
> @@ -1713,9 +1718,7 @@ static void nss_cmd_getgrnam_callback(void *ptr, int status,
> /* reset neghit if we still have a domain to check */
> if (dom) neghit = false;
>
> - dctx->domain = dom;
> -
> - if (neghit) {
> + if (neghit) {
> DEBUG(2, ("Group [%s] does not exist! (negative cache)\n",
> cmdctx->name));
> ret = ENOENT;
> @@ -1727,6 +1730,7 @@ static void nss_cmd_getgrnam_callback(void *ptr, int status,
> }
>
> if (ret == EOK) {
> + dctx->domain = dom;
> dctx->check_provider = (dctx->domain->provider != NULL);
> if (dctx->res) talloc_free(res);
> dctx->res = NULL;
> @@ -1887,6 +1891,10 @@ static int nss_cmd_getgrnam(struct cli_ctx *cctx)
>
> if (domname) {
> dctx->domain = nss_get_dom(cctx->rctx->domains, domname);
> + if (!dctx->domain) {
> + ret = ENOENT;
> + goto done;
> + }
>
> /* verify this user has not yet been negatively cached,
> * or has been permanently filtered */
> @@ -2880,20 +2888,19 @@ static void nss_cmd_getinit_callback(void *ptr, int status,
> /* reset neghit if we still have a domain to check */
> if (dom) neghit = false;
>
> - dctx->domain = dom;
> -
> - if (neghit) {
> + if (neghit) {
> DEBUG(2, ("User [%s] does not exist! (negative cache)\n",
> cmdctx->name));
> ret = ENOENT;
> }
> - if (dctx->domain == NULL) {
> + if (dom == NULL) {
> DEBUG(2, ("No matching domain found for [%s], fail!\n",
> cmdctx->name));
> ret = ENOENT;
> }
>
> if (ret == EOK) {
> + dctx->domain = dom;
> dctx->check_provider = (dctx->domain->provider != NULL);
> if (dctx->res) talloc_free(res);
> dctx->res = NULL;
> @@ -3020,6 +3027,10 @@ static int nss_cmd_initgroups(struct cli_ctx *cctx)
>
> if (domname) {
> dctx->domain = nss_get_dom(cctx->rctx->domains, domname);
> + if (!dctx->domain) {
> + ret = ENOENT;
> + goto done;
> + }
>
> /* verify this user has not yet been negatively cached,
> * or has been permanently filtered */
>
>
Ack (after the fact)
- --
Stephen Gallagher
RHCE 804006346421761
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAknjTKYACgkQeiVVYja6o6OQswCeOAe78yyMkb1uq9ps/jBqhMV7
jYAAn2SfXqkJe5ebAbK6kN5/VcN0ZqE/
=pZ4D
-----END PGP SIGNATURE-----
More information about the Freeipa-devel
mailing list