-
Bug
-
Resolution: Done
-
Normal
-
rhel-10.0.beta
-
ipa-4.12.2-1.el10
-
No
-
None
-
2
-
rhel-idm-ipa
-
ssg_idm
-
25
-
26
-
1
-
Dev ack
-
False
-
False
-
-
No
-
2024-Q3-Alpha-S4, 2024-Q3-Alpha-S5
-
Pass
-
RegressionOnly
-
Unspecified Release Note Type - Unknown
-
None
Cloned from: https://pagure.io/freeipa/issue/9367
After running Covscan the following issues were found:
```
2. freeipa-4.9.11/util/ipa_krb5.c:890: alloc_arg: "krb5_get_permitted_enctypes" allocates memory that is stored into "ktypes".
10. freeipa-4.9.11/util/ipa_krb5.c:901: leaked_storage: Variable "ktypes" going out of scope leaks the storage it points to.
# 899| if (NULL == ksdata) {
# 900| *err_msg = _("Out of memory!?\n");
# 901|-> return 0;
# 902| }
# 903|
```
```
9. freeipa-4.9.11/daemons/ipa-otpd/forward.c:121: alloc_fn: Storage is returned from allocation function "krb5_get_error_message".
10. freeipa-4.9.11/daemons/ipa-otpd/forward.c:121: noescape: Resource "krb5_get_error_message(ctx.kctx, retval)" is not freed or pointed-to in "otpd_log_req_".
11. freeipa-4.9.11/daemons/ipa-otpd/forward.c:121: leaked_storage: Failing to save or free storage allocated by "krb5_get_error_message(ctx.kctx, retval)" leaks it.
# 119| error:
# 120| if (retval != 0)
# 121|-> otpd_log_req((*item)->req, "forward end: %s",
# 122| krb5_get_error_message(ctx.kctx, retval));
# 123| return retval;
```
```
4. freeipa-4.9.11/daemons/ipa-otpd/forward.c:46: alloc_fn: Storage is returned from allocation function "krb5_get_error_message".
5. freeipa-4.9.11/daemons/ipa-otpd/forward.c:46: noescape: Resource "(retval == 0) ? krad_code_num2name(code) : krb5_get_error_message(ctx.kctx, retval)" is not freed or pointed-to in "otpd_log_req_".
6. freeipa-4.9.11/daemons/ipa-otpd/forward.c:46: leaked_storage: Failing to save or free storage allocated by "krb5_get_error_message(ctx.kctx, retval)" leaks it.
# 44| }
# 45|
# 46|-> otpd_log_req(item->req, "forward end: %s",
# 47| retval == 0
# 48| ? krad_code_num2name(code)
```
```
6. freeipa-4.9.11/daemons/ipa-otpd/bind.c:121: alloc_fn: Storage is returned from allocation function "krb5_get_error_message".
7. freeipa-4.9.11/daemons/ipa-otpd/bind.c:121: var_assign: Assigning: "errstr" = storage returned from "krb5_get_error_message(ctx.kctx, i)".
11. freeipa-4.9.11/daemons/ipa-otpd/bind.c:136: leaked_storage: Variable "errstr" going out of scope leaks the storage it points to.
# 134| VERTO_EV_FLAG_IO_READ |
# 135| VERTO_EV_FLAG_IO_WRITE);
# 136|-> }
# 137|
# 138| void otpd_on_bind_io(verto_ctx *vctx, verto_ev *ev)
```
```
7. freeipa-4.9.11/client/ipa-rmkeytab.c:158: alloc_arg: "krb5_kt_start_seq_get" allocates memory that is stored into "kt_cursor".
14. freeipa-4.9.11/client/ipa-rmkeytab.c:175: leaked_storage: Variable "kt_cursor" going out of scope leaks the storage it points to.
# 173| done:
# 174|
# 175|-> return rval;
# 176| }
# 177|
```
```
3. freeipa-4.9.11/client/ipa-rmkeytab.c:131: alloc_arg: "krb5_unparse_name" allocates memory that is stored into "entry_princ_s".
6. freeipa-4.9.11/client/ipa-rmkeytab.c:152: identity_transfer: Passing "entry_princ_s" as argument 1 to function "strstr", which returns an offset off that argument.
7. freeipa-4.9.11/client/ipa-rmkeytab.c:152: noescape: Resource "entry_princ_s" is not freed or pointed-to in "strstr".
9. freeipa-4.9.11/client/ipa-rmkeytab.c:154: noescape: Resource "entry_princ_s" is not freed or pointed-to in "remove_principal".
12. freeipa-4.9.11/client/ipa-rmkeytab.c:175: leaked_storage: Variable "entry_princ_s" going out of scope leaks the storage it points to.
# 173| done:
# 174|
# 175|-> return rval;
# 176| }
# 177|
```
```
12. freeipa-4.9.11/client/ipa-getkeytab.c:251: alloc_arg: "krb5_init_context" allocates memory that is stored into "krbctx".
14. freeipa-4.9.11/client/ipa-getkeytab.c:262: noescape: Resource "krbctx" is not freed or pointed-to in "krb5_unparse_name".
29. freeipa-4.9.11/client/ipa-getkeytab.c:291: leaked_storage: Variable "krbctx" going out of scope leaks the storage it points to.
# 289| }
# 290| }
# 291|-> return ret;
# 292| }
# 293|
```
- links to
-
RHSA-2024:133524
ipa bug fix and enhancement update
