Fix issues found by Coverity.

tickets 1166, 1167, 1168, 1169
2025-02-25 18:55:28 -06:00 · 2011-04-29 13:15:39 +02:00 · 2011-04-29 13:15:39 +02:00 · 16d1db4996
commit 16d1db4996
parent d3f74d2b7c
6 changed files with 63 additions and 15 deletions
--- a/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
+++ b/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
@ -155,7 +155,7 @@ ipa_join(Slapi_PBlock *pb)
        errMesg = "Kerberos realm is not set.\n";
        LOG_FATAL("%s", errMesg);
        rc = LDAP_OPERATIONS_ERROR;
-        goto done;
+        goto free_and_return;
    }

    /* Get Bind DN */
@ -234,7 +234,11 @@ ipa_join(Slapi_PBlock *pb)
     */

    is_root = slapi_dn_isroot(bindDN);
-    slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root);
+    if (slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root)) {
+        LOG_FATAL("slapi_pblock_set failed!\n");
+        rc = LDAP_OPERATIONS_ERROR;
+        goto free_and_return;
+    }

    /* In order to perform the access control check,
     * we need to select a backend (even though
@ -242,7 +246,11 @@ ipa_join(Slapi_PBlock *pb)
     */
    sdn = slapi_sdn_new_dn_byval(bindDN);
    be = slapi_be_select(sdn);
-    slapi_pblock_set(pb, SLAPI_BACKEND, be);
+    if (slapi_pblock_set(pb, SLAPI_BACKEND, be)) {
+        LOG_FATAL("slapi_pblock_set failed!\n");
+        rc = LDAP_OPERATIONS_ERROR;
+        goto free_and_return;
+    }

    /* Access Strategy:
     * If the user has WRITE-ONLY access, a new keytab is set on the entry.
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@ -265,7 +265,11 @@ parse_req_done:
                          "using the bind DN instead.\n");
 	 }

-	 slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, dn );
+	 if (slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, dn )) {
+		LOG_FATAL("slapi_pblock_set failed!\n");
+		rc = LDAP_OPERATIONS_ERROR;
+		goto free_and_return;
+	 }

 	 /* Now we have the DN, look for the entry */
 	 ret = ipapwd_getEntry(dn, &targetEntry, attrlist);
@ -292,7 +296,11 @@ parse_req_done:
 	  */

 	is_root = slapi_dn_isroot(bindDN);
-	slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root);
+	if (slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root)) {
+		LOG_FATAL("slapi_pblock_set failed!\n");
+		rc = LDAP_OPERATIONS_ERROR;
+		goto free_and_return;
+	}

 	/* In order to perform the access control check, we need to select a
 	 * backend (even though we don't actually need it otherwise).
@ -306,7 +314,11 @@ parse_req_done:
 			rc = LDAP_OPERATIONS_ERROR;
 			goto free_and_return;
 		}
-		slapi_pblock_set(pb, SLAPI_BACKEND, be);
+		if (slapi_pblock_set(pb, SLAPI_BACKEND, be)) {
+			LOG_FATAL("slapi_pblock_set failed!\n");
+			rc = LDAP_OPERATIONS_ERROR;
+			goto free_and_return;
+		}
 	}

 	ret = slapi_access_allowed( pb, targetEntry, "krbPrincipalKey", NULL, SLAPI_ACL_WRITE );
@ -613,13 +625,21 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg)
 	 */

 	is_root = slapi_dn_isroot(bindDN);
-	slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root);
+	if (slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root)) {
+		LOG_FATAL("slapi_pblock_set failed!\n");
+		rc = LDAP_OPERATIONS_ERROR;
+		goto free_and_return;
+	}

 	/* In order to perform the access control check,
 	 * we need to select a backend (even though
 	 * we don't actually need it otherwise).
 	 */
-	slapi_pblock_set(pb, SLAPI_BACKEND, be);
+	if (slapi_pblock_set(pb, SLAPI_BACKEND, be)) {
+		LOG_FATAL("slapi_pblock_set failed!\n");
+		rc = LDAP_OPERATIONS_ERROR;
+		goto free_and_return;
+	}

 	/* Access Strategy:
 	 * If the user has WRITE-ONLY access, a new keytab is set on the entry.
@ -869,7 +889,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg)
 				slapi_mods_free(&smods);
 				goto free_and_return;
 			}
-			
+
 			evals[0] = slapi_value_new_string(bindDN);
 			slapi_mods_add_mod_values(smods, LDAP_MOD_ADD, "enrolledBy", evals);
 		} else {
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c
@ -766,7 +766,10 @@ done:
    /* put back a, possibly modified, set of mods */
    if (smods) {
        mods = slapi_mods_get_ldapmods_passout(smods);
-        slapi_pblock_set(pb, SLAPI_MODIFY_MODS, mods);
+        if (slapi_pblock_set(pb, SLAPI_MODIFY_MODS, mods)) {
+            LOG_FATAL("slapi_pblock_set failed!\n");
+            rc = LDAP_OPERATIONS_ERROR;
+        }
        slapi_mods_free(&smods);
    }

--- a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
+++ b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
@ -277,7 +277,7 @@ ipauuid_internal_preop_init(Slapi_PBlock *pb)
                         (void *) ipauuid_add_pre_op) != 0) {
        status = EFAIL;
    }
- 
+
    return status;
 }

@ -1111,8 +1111,14 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
                    slapi_entry_set_sdn(e, sdn);

                    /* reset the target DN since we've changed it. */
-                    slapi_pblock_set(pb, SLAPI_ADD_TARGET,
-                                         (char*)slapi_sdn_get_ndn(slapi_entry_get_sdn_const(e)));
+                    if (slapi_pblock_set(pb, SLAPI_ADD_TARGET,
+                                             (char*)slapi_sdn_get_ndn(slapi_entry_get_sdn_const(e)))) {
+                        LOG_FATAL("slapi_block_set failed!\n");
+                        ret = LDAP_OPERATIONS_ERROR;
+                        slapi_rdn_free(&rdn);
+                        slapi_sdn_free(&sdn);
+                        goto done;
+                    }
                }
                slapi_rdn_free(&rdn);
                slapi_sdn_free(&sdn);
@ -1164,7 +1170,10 @@ done:
    if (smods != NULL) {
        /* Put the updated mods back into place. */
        mods = slapi_mods_get_ldapmods_passout(smods);
-        slapi_pblock_set(pb, SLAPI_MODIFY_MODS, mods);
+        if (slapi_pblock_set(pb, SLAPI_MODIFY_MODS, mods)) {
+            LOG_FATAL("slapi_pblock_set failed!\n");
+            ret = LDAP_OPERATIONS_ERROR;
+        }
        slapi_mods_free(&smods);
    }

--- a/ipa-client/config.c
+++ b/ipa-client/config.c
@ -64,6 +64,10 @@ read_config_file(const char *filename)
    }
    left = st.st_size;
    data = malloc(st.st_size + 1);
+    if (data == NULL) {
+        fprintf(stderr, _("out of memory\n"));
+        return NULL;
+    }
    dest = data;
    while (left != 0) {
        ssize_t res;
--- a/ipa-client/ipa-join.c
+++ b/ipa-client/ipa-join.c
@ -139,6 +139,10 @@ callRPC(xmlrpc_env *            const envP,
    XMLRPC_ASSERT(xmlrpc_value_type(paramArrayP) == XMLRPC_TYPE_ARRAY);

    curlXportParmsP = malloc(sizeof(*curlXportParmsP));
+    if (curlXportParmsP == NULL) {
+        xmlrpc_env_set_fault(envP, XMLRPC_INTERNAL_ERROR, _("Out of memory!"));
+        return;
+    }
    memset(curlXportParmsP, 0, sizeof(*curlXportParmsP));

    /* Have curl do SSL certificate validation */
@ -930,7 +934,7 @@ join(const char *server, const char *hostname, const char *bindpw, const char *k
            rval = 5;
            goto cleanup;
        }
-        
+
        krberr = krb5_cc_get_principal(krbctx, ccache, &uprinc);
        if (krberr) {
            fprintf(stderr, _("Unable to join host: Kerberos User Principal "