[3103] in Kerberos-V5-bugs
krb5-clients/744: clients/ksu/heuristic.c compiler warnings are really errors
daemon@ATHENA.MIT.EDU (Ezra Peisach)
Thu Sep 2 09:57:14 1999
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, epeisach@engrailed.mit.edu
Message-Id: <199909021345.JAA64345@engrailed.mit.edu>
Date: Thu, 2 Sep 1999 09:45:54 -0400 (EDT)
From: epeisach@engrailed.mit.edu (Ezra Peisach)
Reply-To: epeisach@engrailed.mit.edu
To: krb5-bugs@MIT.EDU
>Number: 744
>Category: krb5-clients
>Synopsis: ksu/heuristic.c can possibly call fclose with bogus pointer
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Sep 02 09:57:01 EDT 1999
>Last-Modified:
>Originator: Ezra Peisach
>Organization:
MIT
>Release: krb5-1.1-beta1
>Environment:
System: IRIX64 engrailed 6.5 05190004 IP30
>Description:
While compiling under IRIX 6.5, there were warnings in ksu.
(There will be another report for the other).
In ksu: heuristic.c:
"../../../src/clients/ksu/heuristic.c", line 223: warning(1551): variable
"users_fp" is used before its value is set
close_time(k5users_flag,users_fp, k5login_flag,login_fp);
^
Based on the code paths, k5users_flag and k5login_fp are both the
result of a stat call. close_time() simply checks the flags and calls
fclose. If one traces the code path, he will see that if both the
k5login_path and k5users_path exist, then fclose will be called with
an unitialized pointer.
>How-To-Repeat:
Compile....
>Fix:
My fix is to initialize users_fp and login_fp to 0, and in
close_time(), only fclose if the FILE * is non-zero.
*** heuristic.c 1999/09/02 13:30:50 1.1
--- heuristic.c 1999/09/02 13:34:40
***************
*** 199,205 ****
struct passwd *pwd;
int k5login_flag =0;
int k5users_flag =0;
! FILE * login_fp, * users_fp;
char ** k5login_list = NULL, ** k5users_list = NULL;
char ** k5users_filt_list = NULL;
char ** combined_list = NULL;
--- 199,205 ----
struct passwd *pwd;
int k5login_flag =0;
int k5users_flag =0;
! FILE * login_fp = 0, * users_fp = 0;
char ** k5login_list = NULL, ** k5users_list = NULL;
char ** k5users_filt_list = NULL;
char ** combined_list = NULL;
***************
*** 278,285 ****
FILE *login_fp;
{
! if (!k5users_flag) fclose(users_fp);
! if (!k5login_flag) fclose(login_fp);
}
--- 278,285 ----
FILE *login_fp;
{
! if (!k5users_flag && users_fp) fclose(users_fp);
! if (!k5login_flag && login_fp) fclose(login_fp);
}
>Audit-Trail:
>Unformatted:
