Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-29454

NULL dereference in inotify handling

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Minor Minor
    • rhel-9.5
    • rhel-9.3.0
    • sssd
    • sssd-2.9.5-1.el9
    • None
    • Moderate
    • rhel-sst-idm-sssd
    • ssg_idm
    • 12
    • 14
    • 0
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None

      "Error: STRING_NULL (CWE-170):
      sssd-2.9.1/src/util/inotify.c:298: string_null_source: Function ""read"" does not terminate string ""ev_buf"". [Note: The source code implementation of the function has been overridden by a builtin model.]
      sssd-2.9.1/src/util/inotify.c:316: var_assign_var: Assigning: ""ptr"" = ""ev_buf"". Both now point to the same unterminated string.
      sssd-2.9.1/src/util/inotify.c:320: var_assign_var: Assigning: ""in_event"" = ""ptr"". Both now point to the same unterminated string.
      sssd-2.9.1/src/util/inotify.c:327: string_null: Passing unterminated string ""in_event->name"" to ""process_dir_event"", which expects a null-terminated string.
      #  325|   
      #  326|               if (snctx->wctx->dir_wd == in_event->wd) {
      #  327|->                 ret = process_dir_event(snctx, in_event);
      #  328|               } else if (snctx->wctx->file_wd == in_event->wd) {
      #  329|                   ret = process_file_event(snctx, in_event);"
      

      – if '(in_event->len == 0)' then it might be unsafe to access 'in_event->name', so checks in `process_dir_event()` should be adjusted.

              atikhono@redhat.com Alexey Tikhonov
              atikhono@redhat.com Alexey Tikhonov
              SSSD Maintainers SSSD Maintainers
              Anuj Borah Anuj Borah
              Louise McGarry Louise McGarry
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated:
                Resolved: