diff options
author | Stefano Brivio <sbrivio@redhat.com> | 2022-05-20 10:50:35 +0200 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2022-05-20 10:50:35 +0200 |
commit | 67103ea556da00106da900f20aac286511171ea2 (patch) | |
tree | b2c813df82abdb7c85cd89f30d2a5af3ea6cea7f /conf.c | |
parent | d27cc3e4355834a545581f4beafbfff9e0761914 (diff) | |
download | passt-67103ea556da00106da900f20aac286511171ea2.tar passt-67103ea556da00106da900f20aac286511171ea2.tar.gz passt-67103ea556da00106da900f20aac286511171ea2.tar.bz2 passt-67103ea556da00106da900f20aac286511171ea2.tar.lz passt-67103ea556da00106da900f20aac286511171ea2.tar.xz passt-67103ea556da00106da900f20aac286511171ea2.tar.zst passt-67103ea556da00106da900f20aac286511171ea2.zip |
conf: Fix one Coverity CID 258163 warning, work around another one
In conf_runas(), Coverity reports that we might dereference uid and
gid despite possibly being NULL (CWE-476) because of the check after
the first sscanf(). They can't be NULL, but I actually wanted to
check that UID and GID are non-zero (the user could otherwise pass
--runas root:root and defy the whole mechanism).
Later on, we have the same type of warning for 'gr': it's compared
against NULL, so it might be NULL, which is actually the case: but
in that case, we don't dereference it, because we'll return -ENOENT
right away. Rewrite the clause to silence the warning.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'conf.c')
-rw-r--r-- | conf.c | 8 |
1 files changed, 3 insertions, 5 deletions
@@ -857,7 +857,7 @@ static int conf_runas(const char *opt, unsigned int *uid, unsigned int *gid) struct group *gr; /* NOLINTNEXTLINE(cert-err34-c): 2 if conversion succeeds */ - if (sscanf(opt, "%u:%u", uid, gid) == 2 && uid && gid) + if (sscanf(opt, "%u:%u", uid, gid) == 2 && *uid && *gid) return 0; *uid = strtol(opt, &endptr, 0); @@ -874,12 +874,10 @@ static int conf_runas(const char *opt, unsigned int *uid, unsigned int *gid) /* NOLINTNEXTLINE(cert-err34-c): 2 if conversion succeeds */ if (sscanf(opt, "%" STR(LOGIN_NAME_MAX) "[^:]:" "%" STR(LOGIN_NAME_MAX) "s", ubuf, gbuf) == 2) { - pw = getpwnam(ubuf); - if (!pw || !(*uid = pw->pw_uid)) + if (!(pw = getpwnam(ubuf)) || !(*uid = pw->pw_uid)) return -ENOENT; - gr = getgrnam(gbuf); - if (!gr || !(*gid = gr->gr_gid)) + if (!(gr = getgrnam(gbuf)) || !(*gid = gr->gr_gid)) return -ENOENT; return 0; |