UTILS: inotify: avoid potential NULL deref #7248

alexey-tikhonov · 2024-03-18T11:18:51Z

Fixes following error:

Error: STRING_NULL (CWE-170):
sssd-2.9.1/src/util/inotify.c:298: string_null_source: Function ""read"" does not terminate string ""ev_buf"". [Note: The source code implementation of the function has been overridden by a builtin model.]
sssd-2.9.1/src/util/inotify.c:316: var_assign_var: Assigning: ""ptr"" = ""ev_buf"". Both now point to the same unterminated string.
sssd-2.9.1/src/util/inotify.c:320: var_assign_var: Assigning: ""in_event"" = ""ptr"". Both now point to the same unterminated string.
sssd-2.9.1/src/util/inotify.c:327: string_null: Passing unterminated string ""in_event->name"" to ""process_dir_event"", which expects a null-terminated string.
 #  325|
 #  326|               if (snctx->wctx->dir_wd == in_event->wd) {
 #  327|->                 ret = process_dir_event(snctx, in_event);
 #  328|               } else if (snctx->wctx->file_wd == in_event->wd) {
 #  329|                   ret = process_file_event(snctx, in_event);

-- it might be unsafe to dereference in_event->name
if in_event->len == 0

Fixes following error: ``` Error: STRING_NULL (CWE-170): sssd-2.9.1/src/util/inotify.c:298: string_null_source: Function ""read"" does not terminate string ""ev_buf"". [Note: The source code implementation of the function has been overridden by a builtin model.] sssd-2.9.1/src/util/inotify.c:316: var_assign_var: Assigning: ""ptr"" = ""ev_buf"". Both now point to the same unterminated string. sssd-2.9.1/src/util/inotify.c:320: var_assign_var: Assigning: ""in_event"" = ""ptr"". Both now point to the same unterminated string. sssd-2.9.1/src/util/inotify.c:327: string_null: Passing unterminated string ""in_event->name"" to ""process_dir_event"", which expects a null-terminated string. # 325| # 326| if (snctx->wctx->dir_wd == in_event->wd) { # 327|-> ret = process_dir_event(snctx, in_event); # 328| } else if (snctx->wctx->file_wd == in_event->wd) { # 329| ret = process_file_event(snctx, in_event); ``` -- it might be unsafe to dereference `in_event->name` if `in_event->len == 0`

alexey-tikhonov · 2024-03-18T11:20:09Z

https://issues.redhat.com/browse/RHEL-29454

aplopez

LGTM.

sumit-bose

Hi,

thank you for the fix, ACK.

bye,
Sumit

alexey-tikhonov · 2024-03-21T09:30:26Z

Pushed PR: #7248

master
- 4085ee0 - UTILS: inotify: avoid potential NULL deref
sssd-2-9
- 182b6c6 - UTILS: inotify: avoid potential NULL deref

alexey-tikhonov added Waiting for review backport-to-stable labels Mar 18, 2024

alexey-tikhonov requested review from sumit-bose and aplopez March 18, 2024 11:19

alexey-tikhonov added the Bugzilla label Mar 18, 2024

aplopez approved these changes Mar 18, 2024

View reviewed changes

sumit-bose approved these changes Mar 18, 2024

View reviewed changes

alexey-tikhonov assigned sumit-bose and aplopez Mar 18, 2024

alexey-tikhonov added Accepted Ready to push Ready to push labels Mar 18, 2024

alexey-tikhonov added Pushed and removed Accepted Ready to push Ready to push labels Mar 21, 2024

alexey-tikhonov closed this Mar 21, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

UTILS: inotify: avoid potential NULL deref #7248

UTILS: inotify: avoid potential NULL deref #7248

alexey-tikhonov commented Mar 18, 2024

alexey-tikhonov commented Mar 18, 2024

aplopez left a comment

sumit-bose left a comment

alexey-tikhonov commented Mar 21, 2024

UTILS: inotify: avoid potential NULL deref #7248

UTILS: inotify: avoid potential NULL deref #7248

Conversation

alexey-tikhonov commented Mar 18, 2024

alexey-tikhonov commented Mar 18, 2024

aplopez left a comment

Choose a reason for hiding this comment

sumit-bose left a comment

Choose a reason for hiding this comment

alexey-tikhonov commented Mar 21, 2024