Bug 15598 - NULL_AFTER_DEREF in /source4/kdc/mit_samba.c
Summary: NULL_AFTER_DEREF in /source4/kdc/mit_samba.c
Status: RESOLVED INVALID
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.16.11
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-03-02 16:09 UTC by e.bykhanova@fobos-nt.ru
Modified: 2024-03-04 00:05 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description e.bykhanova@fobos-nt.ru 2024-03-02 16:09:08 UTC 
The static analyzer has detected NULL_AFTER_DEREF: Pointer 'server', which is dereferenced at mit_samba.c:562, is compared to a NULL value at mit_samba.c:579.

Seems that it's better to move 'if (server == NULL)' to mit_samba.c:562 (or above)  or get rid of this code at mit_samba.c:579. Otherwise, this condition allows NULL-dereference at partition.c:1165, or it's just a dead code.

GitHub:
1) mit_samba.c:579
https://github.com/samba-team/samba/blob/225a003a043eee399b6d266d94440c399b6877e4/source4/kdc/mit_samba.c#L579-L582

2) mit_samba.c:562
https://github.com/samba-team/samba/blob/225a003a043eee399b6d266d94440c399b6877e4/source4/kdc/mit_samba.c#L562


Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE.

Author E. Bykhanova (e.bykhanova@fobos-nt.ru).
Comment 1 Jennifer Sutton 2024-03-04 00:05:54 UTC 
Thanks for reporting this, but this code is found only in Samba versions older than 4.17, which are no longer supported.