From c30ad97107f05be9aa4440ad9edf8a4210cbcd13 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Wed, 16 May 2018 10:48:50 -0600 Subject: [PATCH] Set handle->pw before sss_to_sudoers() since sss_check_user() uses it. Coverity CID 185651 --- plugins/sudoers/sssd.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/plugins/sudoers/sssd.c b/plugins/sudoers/sssd.c index d57f80a69..9ecdd4109 100644 --- a/plugins/sudoers/sssd.c +++ b/plugins/sudoers/sssd.c @@ -332,21 +332,24 @@ sudo_sss_query(struct sudo_nss *nss, struct passwd *pw) if (sss_result == NULL) goto done; + /* Stash a ref to the passwd struct in the handle. */ + sudo_pw_addref(pw); + handle->pw = pw; + /* Convert to sudoers parse tree. */ if (!sss_to_sudoers(handle, sss_result, &nss->userspecs)) { ret = -1; goto done; } - /* Stash a ref to the passwd struct in the handle. */ - sudo_pw_addref(pw); - handle->pw = pw; - done: /* Cleanup */ handle->fn_free_result(sss_result); - if (ret == -1) + if (ret == -1) { free_userspecs(&nss->userspecs); + sudo_pw_delref(handle->pw); + handle->pw = NULL; + } sudo_debug_printf(SUDO_DEBUG_DIAG, "Done with LDAP searches"); -- 2.40.0