Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Minor
Fix Version/s: rhel-10.0.beta
Affects Version/s: rhel-9.3.0
Component/s: sssd
Labels:
- SSSD-POST

Fixed in Build:
sssd-2.10.0~beta1-1.el10
Regression:
None
Severity:
Low

Pool Team:

rhel-sst-idm-sssd
Sub-System Group:

ssg_idm

Dev Target Milestone:
15
Internal Target Milestone:
20
Story Points:
0
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Git Pull Request:
https://github.com/SSSD/sssd/pull/6792
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/135948
Test Coverage:

RegressionOnly

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

(1)

Error: USE_AFTER_FREE (CWE-416):
sssd-2.9.1/src/providers/krb5/krb5_ccache.c:639: freed_arg: ""krb5_cc_close"" frees ""cc"".
sssd-2.9.1/src/providers/krb5/krb5_ccache.c:651: deref_arg: Calling ""krb5_cc_close"" dereferences freed pointer ""cc"".
#  649|   done:
#  650|       if (cc != NULL) {
#  651|->         krb5_cc_close(ctx, cc);
#  652|       }
#  653|

– fixed in https://github.com/SSSD/sssd/commit/f6bbd591d636e4309ec37659f825b0f9c53d4b6b / sssd-2.10+

(2)

Error: RESOURCE_LEAK (CWE-772):
sssd-2.9.1/src/providers/krb5/krb5_child.c:1842: alloc_arg: ""krb5_kt_resolve"" allocates memory that is stored into ""keytab"".
sssd-2.9.1/src/providers/krb5/krb5_child.c:1850: noescape: Resource ""keytab"" is not freed or pointed-to in ""krb5_kt_start_seq_get"".
sssd-2.9.1/src/providers/krb5/krb5_child.c:1854: leaked_storage: Variable ""keytab"" going out of scope leaks the storage it points to.
# 1852|           DEBUG(SSSDBG_CRIT_FAILURE, ""error reading keytab [%s], "" \
# 1853|                                       ""not verifying TGT.\n"", kr->keytab);
# 1854|->         return kerr;
# 1855|       }
# 1856|

– fixed in https://github.com/SSSD/sssd/commit/75822701770179582c344960603cce8bd54a7890 / sssd-2.10+

(3)

Error: USE_AFTER_FREE (CWE-416):
sssd-2.9.1/src/util/sss_krb5.c:282: freed_arg: ""krb5_free_context"" frees ""krb_ctx"".
sssd-2.9.1/src/util/sss_krb5.c:283: pass_freed_arg: Passing freed pointer ""krb_ctx"" as an argument to ""krb5_free_principal"".
#  281|       if (keytab) krb5_kt_close(krb_ctx, keytab);
#  282|       if (krb_ctx) krb5_free_context(krb_ctx);
#  283|->     if (client_princ) krb5_free_principal(krb_ctx, client_princ);
#  284|       talloc_free(tmp_ctx);
#  285|       return ret;

– fixed in https://github.com/SSSD/sssd/commit/d02533caca667b51f29fa02ee9ed48c8b3896c69 / sssd-2.10+

(4)

Error: RESOURCE_LEAK (CWE-772):
sssd-2.9.1/src/providers/krb5/krb5_child.c:1850: alloc_arg: ""krb5_kt_start_seq_get"" allocates memory that is stored into ""cursor"".
sssd-2.9.1/src/providers/krb5/krb5_child.c:2001: leaked_storage: Variable ""cursor"" going out of scope leaks the storage it points to.
# 1999|       }
# 2000|   
# 2001|->     return kerr;
# 2002|   
# 2003|   }

– fixed in https://github.com/SSSD/sssd/commit/a83be8fb51172d4e1a282a0a078d81ee93afdcb5 / sssd-2.10+

(5)

Error: RESOURCE_LEAK (CWE-772):
sssd-2.9.1/src/providers/ldap/ldap_child.c:189: alloc_arg: ""krb5_kt_start_seq_get"" allocates memory that is stored into ""cursor"".
sssd-2.9.1/src/providers/ldap/ldap_child.c:215: leaked_storage: Variable ""cursor"" going out of scope leaks the storage it points to.
#  213|                     ""Could not parse keytab entry\n"");
#  214|               sss_log(SSS_LOG_ERR, ""Could not parse keytab entry\n"");
#  215|->             return EIO;
#  216|           }
#  217|

– fixed in https://github.com/SSSD/sssd/commit/fd7da517ddd0e220f081ad9e7b5d7fcb0cae39b7 / sssd-2.10+

(6)

Error: RESOURCE_LEAK (CWE-772):
sssd-2.9.1/src/providers/krb5/krb5_child.c:1324: alloc_arg: ""krb5_init_context"" allocates memory that is stored into ""kctx"".
sssd-2.9.1/src/providers/krb5/krb5_child.c:1403: leaked_storage: Variable ""kctx"" going out of scope leaks the storage it points to.
# 1401|           krb5_cc_close(kctx, kcc);
# 1402|       }
# 1403|->     return kerr;
# 1404|   }
# 1405|

– fixed in https://github.com/SSSD/sssd/commit/b69ff375a2b185219bae91c48aa7bfb3138b98f2 / sssd-2.10+

(7)

Error: RESOURCE_LEAK (CWE-772):
sssd-2.9.1/src/providers/ldap/ldap_child.c:369: alloc_arg: ""krb5_parse_name"" allocates memory that is stored into ""kprinc"".
sssd-2.9.1/src/providers/ldap/ldap_child.c:552: leaked_storage: Variable ""kprinc"" going out of scope leaks the storage it points to.
#  550|       if (context) krb5_free_context(context);
#  551|       talloc_free(tmp_ctx);
#  552|->     return krberr;
#  553|   }
#  554|

– fixed in https://github.com/SSSD/sssd/commit/eca00ef4719c44c4e68ead3346a16229b6471d13 / sssd-2.10+

(8)

Error: RESOURCE_LEAK (CWE-772):
sssd-2.9.1/src/providers/krb5/krb5_keytab.c:172: alloc_arg: ""krb5_kt_resolve"" allocates memory that is stored into ""mem_keytab"".
sssd-2.9.1/src/providers/krb5/krb5_keytab.c:227: leaked_storage: Variable ""mem_keytab"" going out of scope leaks the storage it points to.
#  225|       }
#  226|   
#  227|->     return kerr;
#  228|   }

– fixed in https://github.com/SSSD/sssd/commit/01f0d067f1e4ba8ec3710f515d21631a53c9c9ef / sssd-2.10+

links to

RHBA-2024:135948 sssd update

Assignee:: Alexey Tikhonov

Reporter:: Alexey Tikhonov

Developer:: SSSD Maintainers

QA Contact:: Anuj Borah

Doc Contact:: Louise McGarry

Votes:: 0 Vote for this issue

Watchers:: 13 Start watching this issue

Created:: 2024/03/15 12:36 PM

Updated:: 2024/09/23 4:49 PM

Dev Target end:: 2024/06/10

Target end:: 2024/07/15

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates