From aba0ca74ba0e282cdb40204952fd67f946076f22 Mon Sep 17 00:00:00 2001 From: huaraz Date: Fri, 17 Jan 2025 17:08:18 +0000 Subject: [PATCH] Fix GCC v14 [-Wanalyzer-null-dereference] warnings in Kerberos (#1983) src/acl/external/kerberos_ldap_group/support_sasl.cc:190:17: error: dereference of NULL 'defs' [CWE-476] [-Wanalyzer-null-dereference] src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc:235:19: error: dereference of NULL 'Rids' [CWE-476] [-Wanalyzer-null-dereference] --- .../kerberos_ldap_group/support_sasl.cc | 20 +++++++++---------- .../kerberos/negotiate_kerberos_pac.cc | 6 ++++++ 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/src/acl/external/kerberos_ldap_group/support_sasl.cc b/src/acl/external/kerberos_ldap_group/support_sasl.cc index 6c0ced6deb2..7a0beced207 100644 --- a/src/acl/external/kerberos_ldap_group/support_sasl.cc +++ b/src/acl/external/kerberos_ldap_group/support_sasl.cc @@ -202,16 +202,16 @@ void lutil_sasl_freedefs( void *defaults) { - lutilSASLdefaults *defs = (lutilSASLdefaults *) defaults; - - xfree(defs->mech); - xfree(defs->realm); - xfree(defs->authcid); - xfree(defs->passwd); - xfree(defs->authzid); - xfree(defs->resps); - - xfree(defs); + if (const auto defs = static_cast(defaults)) { + xfree(defs->mech); + xfree(defs->realm); + xfree(defs->authcid); + xfree(defs->passwd); + xfree(defs->authzid); + xfree(defs->resps); + + xfree(defs); + } } int diff --git a/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc b/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc index f5dff1d75dc..5e2f99002b1 100644 --- a/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc +++ b/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc @@ -202,6 +202,12 @@ getdomaingids(char *ad_groups, uint32_t DomainLogonId, char **Rids, uint32_t Gro return nullptr; } + if (!Rids) { + debug((char *) "%s| %s: ERR: Invalid RIDS list\n", + LogTime(), PROGRAM); + return nullptr; + } + if (DomainLogonId!= 0) { uint8_t rev; uint64_t idauth;