URL: https://github.com/SSSD/sssd/pull/433 Title: #433: PAM: Multiple certificates on a Smartcard
lslebodn commented: """ Just a note. I would like to avoid following change:
``` diff --git a/src/util/authtok.c b/src/util/authtok.c index c2f78be32..2c5a26ce3 100644 --- a/src/util/authtok.c +++ b/src/util/authtok.c @@ -27,6 +27,10 @@ struct sss_auth_token {
enum sss_authtok_type sss_authtok_get_type(struct sss_auth_token *tok) { + if (tok == NULL) { + return SSS_AUTHTOK_TYPE_EMPTY; + } + return tok->type; } ```
We need to properly initialise authtok in all cases. It must not be `NULL` BTW following report from static analysers part is outdated:
``` Error: FORWARD_NULL (CWE-476): [#def2]
sssd-1.16.1/src/responder/pam/pamsrv_p11.c:433: var_compare_op: Comparing "pd->authtok" to null implies that "pd->authtok" might be null. sssd-1.16.1/src/responder/pam/pamsrv_p11.c:461: var_deref_model: Passing null pointer "pd->authtok" to "sss_authtok_get_type", which dereferences it. sssd-1.16.1/src/util/authtok.c:30:5: deref_parm: Directly dereferencing parameter "tok". # 28| enum sss_authtok_type sss_authtok_get_type(struct sss_auth_token *tok) # 29| { # 30|-> return tok->type; # 31| } # 32| ```` """
See the full comment at https://github.com/SSSD/sssd/pull/433#issuecomment-343228941