[Freeipa-devel] FYI pushed patch was:[Fwd: server/responder]

Stephen Gallagher sgallagh at redhat.com
Mon Apr 13 14:31:06 UTC 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Simo Sorce wrote:
> I pushed this patch to be able to release 0.3.0 today.
> It's tested and fixes clear segfaults.
> 
> Simo.
> 
> -------- Forwarded Message --------
> From: Simo Sorce <simo at fedoraproject.org>
> To: gitsssd-members at fedoraproject.org
> Subject: server/responder
> Date: Mon, 13 Apr 2009 14:18:58 +0000 (UTC)
> 
> server/responder/nss/nsssrv_cmd.c |   29 ++++++++++++++++++++---------
>  1 file changed, 20 insertions(+), 9 deletions(-)
> 
> New commits:
> commit d497830d687951be2d49df1a9fa3cce57268670f
> Author: Simo Sorce <ssorce at redhat.com>
> Date:   Mon Apr 13 10:15:50 2009 -0400
> 
>     Fix segfaults when passing an unknown domain
>     
>     Also setting dctx->domain to NULL is a recipe for segfaults :-)
>     Assign dctx->domain only when dom actually holds a domain pointer.
> 
> diff --git a/server/responder/nss/nsssrv_cmd.c b/server/responder/nss/nsssrv_cmd.c
> index 3531421..f5555ed 100644
> --- a/server/responder/nss/nsssrv_cmd.c
> +++ b/server/responder/nss/nsssrv_cmd.c
> @@ -88,6 +88,8 @@ static struct sss_domain_info *nss_get_dom(struct sss_domain_info *doms,
>      for (dom = doms; dom; dom = dom->next) {
>          if (strcasecmp(dom->name, domain) == 0) break;
>      }
> +    if (!dom) DEBUG(2, ("Unknown domain [%s]!\n", domain));
> +
>      return dom;
>  }
>  
> @@ -340,8 +342,6 @@ static void nss_cmd_getpwnam_callback(void *ptr, int status,
>              /* reset neghit if we still have a domain to check */
>              if (dom) neghit = false;
>  
> -            dctx->domain = dom;
> -
>             if (neghit) {
>                  DEBUG(2, ("User [%s] does not exist! (negative cache)\n",
>                            cmdctx->name));
> @@ -354,6 +354,7 @@ static void nss_cmd_getpwnam_callback(void *ptr, int status,
>              }
>  
>              if (ret == EOK) {
> +                dctx->domain = dom;
>                  dctx->check_provider = (dctx->domain->provider != NULL);
>                  if (dctx->res) talloc_free(res);
>                  dctx->res = NULL;
> @@ -519,6 +520,10 @@ static int nss_cmd_getpwnam(struct cli_ctx *cctx)
>  
>      if (domname) {
>          dctx->domain = nss_get_dom(cctx->rctx->domains, domname);
> +        if (!dctx->domain) {
> +            ret = ENOENT;
> +            goto done;
> +        }
>  
>          /* verify this user has not yet been negatively cached,
>           * or has been permanently filtered */
> @@ -1713,9 +1718,7 @@ static void nss_cmd_getgrnam_callback(void *ptr, int status,
>              /* reset neghit if we still have a domain to check */
>              if (dom) neghit = false;
>  
> -            dctx->domain = dom;
> -
> -           if (neghit) {
> +            if (neghit) {
>                  DEBUG(2, ("Group [%s] does not exist! (negative cache)\n",
>                            cmdctx->name));
>                  ret = ENOENT;
> @@ -1727,6 +1730,7 @@ static void nss_cmd_getgrnam_callback(void *ptr, int status,
>              }
>  
>              if (ret == EOK) {
> +                dctx->domain = dom;
>                  dctx->check_provider = (dctx->domain->provider != NULL);
>                  if (dctx->res) talloc_free(res);
>                  dctx->res = NULL;
> @@ -1887,6 +1891,10 @@ static int nss_cmd_getgrnam(struct cli_ctx *cctx)
>  
>      if (domname) {
>          dctx->domain = nss_get_dom(cctx->rctx->domains, domname);
> +        if (!dctx->domain) {
> +            ret = ENOENT;
> +            goto done;
> +        }
>  
>          /* verify this user has not yet been negatively cached,
>           * or has been permanently filtered */
> @@ -2880,20 +2888,19 @@ static void nss_cmd_getinit_callback(void *ptr, int status,
>              /* reset neghit if we still have a domain to check */
>              if (dom) neghit = false;
>  
> -            dctx->domain = dom;
> -
> -           if (neghit) {
> +            if (neghit) {
>                  DEBUG(2, ("User [%s] does not exist! (negative cache)\n",
>                            cmdctx->name));
>                  ret = ENOENT;
>              }
> -            if (dctx->domain == NULL) {
> +            if (dom == NULL) {
>                  DEBUG(2, ("No matching domain found for [%s], fail!\n",
>                            cmdctx->name));
>                  ret = ENOENT;
>              }
>  
>              if (ret == EOK) {
> +                dctx->domain = dom;
>                  dctx->check_provider = (dctx->domain->provider != NULL);
>                  if (dctx->res) talloc_free(res);
>                  dctx->res = NULL;
> @@ -3020,6 +3027,10 @@ static int nss_cmd_initgroups(struct cli_ctx *cctx)
>  
>      if (domname) {
>          dctx->domain = nss_get_dom(cctx->rctx->domains, domname);
> +        if (!dctx->domain) {
> +            ret = ENOENT;
> +            goto done;
> +        }
>  
>          /* verify this user has not yet been negatively cached,
>           * or has been permanently filtered */
> 
> 

Ack (after the fact)

- --
Stephen Gallagher
RHCE 804006346421761

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAknjTKYACgkQeiVVYja6o6OQswCeOAe78yyMkb1uq9ps/jBqhMV7
jYAAn2SfXqkJe5ebAbK6kN5/VcN0ZqE/
=pZ4D
-----END PGP SIGNATURE-----

More information about the Freeipa-devel mailing list