Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-29454

NULL dereference in inotify handling

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • rhel-9.5
    • rhel-9.3.0
    • sssd
    • sssd-2.9.5-1.el9
    • Normal
    • sst_idm_sssd
    • ssg_idm
    • 12
    • 14
    • False
    • Hide

      None

      Show
      None 

      "Error: STRING_NULL (CWE-170):
sssd-2.9.1/src/util/inotify.c:298: string_null_source: Function ""read"" does not terminate string ""ev_buf"". [Note: The source code implementation of the function has been overridden by a builtin model.]
sssd-2.9.1/src/util/inotify.c:316: var_assign_var: Assigning: ""ptr"" = ""ev_buf"". Both now point to the same unterminated string.
sssd-2.9.1/src/util/inotify.c:320: var_assign_var: Assigning: ""in_event"" = ""ptr"". Both now point to the same unterminated string.
sssd-2.9.1/src/util/inotify.c:327: string_null: Passing unterminated string ""in_event->name"" to ""process_dir_event"", which expects a null-terminated string.
#  325|   
#  326|               if (snctx->wctx->dir_wd == in_event->wd) {
#  327|->                 ret = process_dir_event(snctx, in_event);
#  328|               } else if (snctx->wctx->file_wd == in_event->wd) {
#  329|                   ret = process_file_event(snctx, in_event);"

      – if '(in_event->len == 0)' then it might be unsafe to access 'in_event->name', so checks in `process_dir_event()` should be adjusted.

            atikhono@redhat.com Alexey Tikhonov
            atikhono@redhat.com Alexey Tikhonov
            SSSD Maintainers SSSD Maintainers
            Anuj Borah Anuj Borah
            Louise McGarry Louise McGarry
            Votes:
            0 Vote for this issue
            Watchers:
            13 Start watching this issue

              Created:
              Updated: