URL: https://github.com/SSSD/sssd/pull/137 Title: #137: Initial pkinit support
jhrozek commented: """ There are some Coverity warnings: ``` Error: UNINIT (CWE-457): sssd-1.15.1/src/p11_child/p11_child_nss.c:112: var_decl: Declaring variable "key_id_str" without initializer. sssd-1.15.1/src/p11_child/p11_child_nss.c:482: uninit_use_in_call: Using uninitialized value "key_id_str" when calling "PORT_Free". # 480| # 481| SECITEM_FreeItem(key_id, PR_TRUE); # 482|-> PORT_Free(key_id_str); # 483| # 484| PORT_Free(signed_random_value.data); Error: COMPILER_WARNING: sssd-1.15.1/src/p11_child/p11_child_nss.c: scope_hint: In function 'do_work' sssd-1.15.1/src/p11_child/p11_child_nss.c:482:5: warning: 'key_id_str' may be used uninitialized in this function [-Wmaybe-uninitialized] # PORT_Free(key_id_str); # ^ # 480| # 481| SECITEM_FreeItem(key_id, PR_TRUE); # 482|-> PORT_Free(key_id_str); # 483| # 484| PORT_Free(signed_random_value.data); Error: NEGATIVE_RETURNS (CWE-394): sssd-1.15.1/src/providers/krb5/krb5_child.c:1836: negative_return_fn: Function "get_and_save_tgt(kr, newpassword)" returns a negative number. sssd-1.15.1/src/providers/krb5/krb5_child.c:1484:9: return_negative_constant: Explicitly returning negative value "-1765328324". sssd-1.15.1/src/providers/krb5/krb5_child.c:1836: var_assign: Assigning: signed variable "kerr" = "get_and_save_tgt". sssd-1.15.1/src/providers/krb5/krb5_child.c:1844: negative_returns: "kerr" is passed to a parameter that cannot be negative. sssd-1.15.1/src/providers/krb5/krb5_child.c:1603:9: neg_sink_parm_call: Passing "kerr" to "sss_strerror", which cannot accept a negative number. sssd-1.15.1/src/util/util_errors.c:117:5: neg_sink_parm_call: Passing "error" to "strerror", which cannot accept a negative number. # 1842| kerr = k5c_attach_ccname_msg(kr); # 1843| } # 1844|-> return map_krb5_error(kerr); # 1845| } # 1846| Error: NEGATIVE_RETURNS (CWE-394): sssd-1.15.1/src/providers/krb5/krb5_child.c:1878: negative_return_fn: Function "get_and_save_tgt(kr, password)" returns a negative number. sssd-1.15.1/src/providers/krb5/krb5_child.c:1484:9: return_negative_constant: Explicitly returning negative value "-1765328324". sssd-1.15.1/src/providers/krb5/krb5_child.c:1878: var_assign: Assigning: signed variable "kerr" = "get_and_save_tgt". sssd-1.15.1/src/providers/krb5/krb5_child.c:1913: negative_returns: "kerr" is passed to a parameter that cannot be negative. sssd-1.15.1/src/providers/krb5/krb5_child.c:1603:9: neg_sink_parm_call: Passing "kerr" to "sss_strerror", which cannot accept a negative number. sssd-1.15.1/src/util/util_errors.c:117:5: neg_sink_parm_call: Passing "error" to "strerror", which cannot accept a negative number. # 1911| } # 1912| } # 1913|-> ret = map_krb5_error(kerr); # 1914| goto done; # 1915| } Error: UNUSED_VALUE (CWE-563): sssd-1.15.1/src/responder/pam/pamsrv_cmd.c:1505: value_overwrite: Overwriting previous write to "ret" with value from "pam_check_user_search(preq)". sssd-1.15.1/src/responder/pam/pamsrv_cmd.c:1507: value_overwrite: Overwriting previous write to "ret" with value "0". sssd-1.15.1/src/responder/pam/pamsrv_cmd.c:1488: returned_value: Assigning value from "sss_parse_name_for_domains(preq->pd, preq->cctx->rctx->domains, preq->cctx->rctx->default_domain, cert_user, &preq->pd->domain, &preq->pd->user)" to "ret" here, but that stored value is overwritten before it can be used. # 1486| cert_user); # 1487| # 1488|-> ret = sss_parse_name_for_domains(preq->pd, # 1489| preq->cctx->rctx->domains, # 1490| preq->cctx->rctx->default_domain, Error: UNINIT (CWE-457): sssd-1.15.1/src/util/authtok.c:597: var_decl: Declaring variable "key_id_len" without initializer. sssd-1.15.1/src/util/authtok.c:665: uninit_use: Using uninitialized value "key_id_len". # 663| } # 664| # 665|-> if (key_id_len != 0) { # 666| *key_id = talloc_strndup(mem_ctx, # 667| (const char *) blob + c + pin_len Error: COMPILER_WARNING: sssd-1.15.1/src/util/authtok.c: scope_hint: In function 'sss_auth_unpack_sc_blob' sssd-1.15.1/src/util/authtok.c:666:19: warning: 'key_id_len' may be used uninitialized in this function [-Wmaybe-uninitialized] # *key_id = talloc_strndup(mem_ctx, # ^ # 664| # 665| if (key_id_len != 0) { # 666|-> *key_id = talloc_strndup(mem_ctx, # 667| (const char *) blob + c + pin_len # 668| + token_name_len ``` """ See the full comment at https://github.com/SSSD/sssd/pull/137#issuecomment-277775771
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org