packages/sssd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!64 fix cwe-394

Browse Source 
From: @zhouchenchen123 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
This commit is contained in:
openeuler-ci-bot 2022-12-21 02:51:23 +00:00 committed by Gitee
commit 0cd9b08cd6
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
backport-UTILS-fixes-CWE-394.patch Normal file
View File

@ -0,0 +1,55 @@
From 60c30a3fdc5207d3c009b00384190dc75b153d49 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Tue, 22 Mar 2022 11:55:58 +0100
Subject: [PATCH] UTILS: fixes CWE-394
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
like:
```
src/responder/nss/nsssrv.c:339: negative_return_fn: Function "sss_mmap_cache_init(nctx, "passwd", nctx->mc_uid, nctx->mc_gid, SSS_MC_PASSWD, mc_size_passwd * 26214UL, (time_t)memcache_timeout, &nctx->pwd_mc_ctx)" returns a negative number.
src/responder/nss/nsssrv.c:339: assign: Assigning: "ret" = "sss_mmap_cache_init(nctx, "passwd", nctx->mc_uid, nctx->mc_gid, SSS_MC_PASSWD, mc_size_passwd * 26214UL, (time_t)memcache_timeout, &nctx->pwd_mc_ctx)".
src/responder/nss/nsssrv.c:346: negative_returns: "ret" is passed to a parameter that cannot be negative.
# 344| &nctx->pwd_mc_ctx);
# 345| if (ret) {
# 346|-> DEBUG(SSSDBG_CRIT_FAILURE,
# 347| "Failed to initialize passwd mmap cache: '%s'\n",
# 348| sss_strerror(ret));
```
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
---
src/util/util_lock.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/util/util_lock.c b/src/util/util_lock.c
index 62c80b296..9f2885805 100644
--- a/src/util/util_lock.c
+++ b/src/util/util_lock.c
@@ -63,8 +63,9 @@ errno_t sss_br_lock_file(int fd, size_t start, size_t len,
if (retries_left - 1 > 0) {
ret = usleep(wait);
if (ret == -1) {
+ ret = errno;
DEBUG(SSSDBG_MINOR_FAILURE,
- "usleep() failed -> ignoring\n");
+ "usleep() failed with %d -> ignoring\n", ret);
}
}
} else {
@@ -76,6 +77,9 @@ errno_t sss_br_lock_file(int fd, size_t start, size_t len,
} else if (ret == 0) {
/* File successfully locked */
break;
+ } else {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Unexpected fcntl() return code: %d\n", ret);
}
}
if (retries_left == 0) {
--
2.32.0.windows.1

7
sssd.spec
View File

@ -1,6 +1,6 @@
Name: sssd Name: sssd
Version: 2.6.1 Version: 2.6.1
Release: 4 Release: 5
Summary: System Security Services Daemon Summary: System Security Services Daemon
License: GPLv3+ and LGPLv3+ License: GPLv3+ and LGPLv3+
URL: https://pagure.io/SSSD/sssd/ URL: https://pagure.io/SSSD/sssd/
@ -14,6 +14,8 @@ Recommends: bind-utils
Recommends: bind-utils Recommends: bind-utils
Recommends: adcli Recommends: adcli
Patch6000: backport-UTILS-fixes-CWE-394.patch
Provides: libsss_sudo-devel = %{version}-%{release} Provides: libsss_sudo-devel = %{version}-%{release}
Provides: sssd-common = %{version}-%{release} Provides: sssd-common = %{version}-%{release}
Provides: sssd-ldap = %{version}-%{release} Provides: sssd-ldap = %{version}-%{release}
@ -512,6 +514,9 @@ fi
%systemd_postun_with_restart sssd.service %systemd_postun_with_restart sssd.service
%changelog %changelog
* Tue Dec 20 2022 zhouchenchen <zhouchenchen@huawei.com> - 2.6.1-5
- fix CWE-394
* Tue Nov 22 2022 zhouchenchen <zhouchenchen@huawei.com> - 2.6.1-4 * Tue Nov 22 2022 zhouchenchen <zhouchenchen@huawei.com> - 2.6.1-4
- delete duplicate file sssd-example.conf - delete duplicate file sssd-example.conf