conf: Fix one Coverity CID 258163 warning, work around another one

In conf_runas(), Coverity reports that we might dereference uid and
gid despite possibly being NULL (CWE-476) because of the check after
the first sscanf(). They can't be NULL, but I actually wanted to
check that UID and GID are non-zero (the user could otherwise pass
--runas root:root and defy the whole mechanism).

Later on, we have the same type of warning for 'gr': it's compared
against NULL, so it might be NULL, which is actually the case: but
in that case, we don't dereference it, because we'll return -ENOENT
right away. Rewrite the clause to silence the warning.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
Stefano Brivio 2022-05-20 10:50:35 +02:00
parent d27cc3e435
commit 67103ea556

8
conf.c
View file

@ -857,7 +857,7 @@ static int conf_runas(const char *opt, unsigned int *uid, unsigned int *gid)
struct group *gr; struct group *gr;
/* NOLINTNEXTLINE(cert-err34-c): 2 if conversion succeeds */ /* NOLINTNEXTLINE(cert-err34-c): 2 if conversion succeeds */
if (sscanf(opt, "%u:%u", uid, gid) == 2 && uid && gid) if (sscanf(opt, "%u:%u", uid, gid) == 2 && *uid && *gid)
return 0; return 0;
*uid = strtol(opt, &endptr, 0); *uid = strtol(opt, &endptr, 0);
@ -874,12 +874,10 @@ static int conf_runas(const char *opt, unsigned int *uid, unsigned int *gid)
/* NOLINTNEXTLINE(cert-err34-c): 2 if conversion succeeds */ /* NOLINTNEXTLINE(cert-err34-c): 2 if conversion succeeds */
if (sscanf(opt, "%" STR(LOGIN_NAME_MAX) "[^:]:" if (sscanf(opt, "%" STR(LOGIN_NAME_MAX) "[^:]:"
"%" STR(LOGIN_NAME_MAX) "s", ubuf, gbuf) == 2) { "%" STR(LOGIN_NAME_MAX) "s", ubuf, gbuf) == 2) {
pw = getpwnam(ubuf); if (!(pw = getpwnam(ubuf)) || !(*uid = pw->pw_uid))
if (!pw || !(*uid = pw->pw_uid))
return -ENOENT; return -ENOENT;
gr = getgrnam(gbuf); if (!(gr = getgrnam(gbuf)) || !(*gid = gr->gr_gid))
if (!gr || !(*gid = gr->gr_gid))
return -ENOENT; return -ENOENT;
return 0; return 0;