[30580] in CVS-changelog-for-Kerberos-V5
krb5 commit: Squash apparent forward-null in clnttcp_create()
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Sep 11 19:30:42 2019
Date: Wed, 11 Sep 2019 19:30:19 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <201909112330.x8BNUJ7A023405@drugstore.mit.edu>
To: <cvs-krb5@mit.edu>
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/b2f688eedd4bcca525201ef9485749a8c20b808a
commit b2f688eedd4bcca525201ef9485749a8c20b808a
Author: Robbie Harwood <rharwood@redhat.com>
Date: Fri Aug 30 11:16:58 2019 -0400
Squash apparent forward-null in clnttcp_create()
clnttcp_create() only allows raddr to be NULL if *sockp is set.
Static analyzers cannot know this, so can report a forward null
defect. Add an raddr check before calling connect() to squash the
defect.
[ghudson@mit.edu: rewrote commit message]
src/lib/rpc/clnt_tcp.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/lib/rpc/clnt_tcp.c b/src/lib/rpc/clnt_tcp.c
index 8776190..dbd62d0 100644
--- a/src/lib/rpc/clnt_tcp.c
+++ b/src/lib/rpc/clnt_tcp.c
@@ -168,9 +168,9 @@ clnttcp_create(
if (*sockp < 0) {
*sockp = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
(void)bindresvport_sa(*sockp, NULL);
- if ((*sockp < 0)
- || (connect(*sockp, (struct sockaddr *)raddr,
- sizeof(*raddr)) < 0)) {
+ if (*sockp < 0 || raddr == NULL ||
+ connect(*sockp, (struct sockaddr *)raddr,
+ sizeof(*raddr)) < 0) {
rpc_createerr.cf_stat = RPC_SYSTEMERROR;
rpc_createerr.cf_error.re_errno = errno;
(void)closesocket(*sockp);
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
