mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
OTP: emit a log message when LDAP entry for config record is not found
This patch proposes a fix to the following defect found by covscan of FreeIPA master code: """ Error: CHECKED_RETURN (CWE-252): /daemons/ipa-slapi-plugins/libotp/otp_config.c:239: check_return: Calling "slapi_search_internal_get_entry" without checking return value (as is done elsewhere 14 out of 16 times). /daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c:402: example_checked: Example 1: "slapi_search_internal_get_entry(sdn, NULL, &config_entry, ipaenrollment_plugin_id)" has its value checked in "(rc = slapi_search_internal_get_entry(sdn, NULL, &config_entry, ipaenrollment_plugin_id)) != 0". /daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c:207: example_assign: Example 2: Assigning: "ret" = return value from "slapi_search_internal_get_entry(sdn, NULL, &config_entry, getPluginID())". /daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c:212: example_checked: Example 2 (cont.): "ret" has its value checked in "ret". /daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c:651: example_assign: Example 3: Assigning: "search_result" = return value from "slapi_search_internal_get_entry(sdn, attrlist, e2, ipapwd_plugin_id)". /daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c:653: example_checked: Example 3 (cont.): "search_result" has its value checked in "search_result != 0". /daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:1035: example_assign: Example 4: Assigning: "ret" = return value from "slapi_search_internal_get_entry(tmp_dn, NULL, &pwdop->pwdata.target, ipapwd_plugin_id)". /daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:1039: example_checked: Example 4 (cont.): "ret" has its value checked in "ret != 0". /daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:817: example_assign: Example 5: Assigning: "ret" = return value from "slapi_search_internal_get_entry(tmp_dn, NULL, &e, getPluginID())". /daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:820: example_checked: Example 5 (cont.): "ret" has its value checked in "ret == 10". """ The patch is a part of series related to https://fedorahosted.org/freeipa/ticket/4795 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
parent
d0fbfaf582
commit
782ad36639
@ -1,5 +1,7 @@
|
|||||||
MAINTAINERCLEANFILES = *~ Makefile.in
|
MAINTAINERCLEANFILES = *~ Makefile.in
|
||||||
AM_CPPFLAGS = -I/usr/include/dirsrv
|
PLUGIN_COMMON_DIR = ../common
|
||||||
|
AM_CPPFLAGS = -I/usr/include/dirsrv \
|
||||||
|
-I$(PLUGIN_COMMON_DIR)
|
||||||
|
|
||||||
noinst_LTLIBRARIES = libhotp.la libotp.la
|
noinst_LTLIBRARIES = libhotp.la libotp.la
|
||||||
libhotp_la_SOURCES = hotp.c hotp.h
|
libhotp_la_SOURCES = hotp.c hotp.h
|
||||||
|
@ -38,6 +38,7 @@
|
|||||||
* END COPYRIGHT BLOCK **/
|
* END COPYRIGHT BLOCK **/
|
||||||
|
|
||||||
#include "otp_config.h"
|
#include "otp_config.h"
|
||||||
|
#include "util.h"
|
||||||
|
|
||||||
#include <pratom.h>
|
#include <pratom.h>
|
||||||
#include <plstr.h>
|
#include <plstr.h>
|
||||||
@ -214,6 +215,7 @@ struct otp_config *otp_config_init(Slapi_ComponentId *plugin_id)
|
|||||||
|
|
||||||
struct otp_config *cfg = NULL;
|
struct otp_config *cfg = NULL;
|
||||||
void *node = NULL;
|
void *node = NULL;
|
||||||
|
int search_result = 0;
|
||||||
|
|
||||||
cfg = (typeof(cfg)) slapi_ch_calloc(1, sizeof(*cfg));
|
cfg = (typeof(cfg)) slapi_ch_calloc(1, sizeof(*cfg));
|
||||||
cfg->plugin_id = plugin_id;
|
cfg->plugin_id = plugin_id;
|
||||||
@ -236,7 +238,14 @@ struct otp_config *otp_config_init(Slapi_ComponentId *plugin_id)
|
|||||||
cfg->records = rec;
|
cfg->records = rec;
|
||||||
|
|
||||||
/* Load the specified entry. */
|
/* Load the specified entry. */
|
||||||
slapi_search_internal_get_entry(rec->sdn, NULL, &entry, plugin_id);
|
search_result = slapi_search_internal_get_entry(rec->sdn,
|
||||||
|
NULL, &entry, plugin_id);
|
||||||
|
if (search_result != LDAP_SUCCESS) {
|
||||||
|
LOG_TRACE("File '%s' line %d: Unable to access LDAP entry "
|
||||||
|
"'%s'. Perhaps it doesn't exist? "
|
||||||
|
"Error code: %d\n", __FILE__, __LINE__,
|
||||||
|
slapi_sdn_get_dn(rec->sdn), search_result);
|
||||||
|
}
|
||||||
update(cfg, rec->sdn, entry);
|
update(cfg, rec->sdn, entry);
|
||||||
slapi_entry_free(entry);
|
slapi_entry_free(entry);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user