[Libreoffice-commits] core.git: sal/osl
Libreoffice Gerrit user
logerrit at kemper.freedesktop.org
Sat Oct 20 22:31:41 UTC 2018
sal/osl/w32/security.cxx | 106 +++++++++++++++++++++++++++--------------------
1 file changed, 63 insertions(+), 43 deletions(-)
New commits:
commit 3846561f79cf9065abd9ca83c9fbfbe7e52e28e2
Author: Mike Kaganski <mike.kaganski at collabora.com>
AuthorDate: Sat Oct 20 22:24:26 2018 +0200
Commit: Mike Kaganski <mike.kaganski at collabora.com>
CommitDate: Sun Oct 21 00:31:19 2018 +0200
tdf#120703 (PVS)
V522 There might be dereferencing of a potential null pointer 'pSecImpl'.
Check lines: 81, 79.
Check lines: 116, 114.
Check lines: 175, 173.
V522 There might be dereferencing of a potential null pointer 'pSecImpl->m_pNetResource'.
Check lines: 176, 175.
V701 realloc() possible leak: when realloc() fails in allocating memory, original
pointer 'pInfoBuffer' is lost. Consider assigning realloc() to a temporary
pointer.
V724 Converting type 'BOOL' to type 'sal_Bool' can lead to a loss of high-order
bits. Non-zero value can become 'FALSE'.
V522 There might be dereferencing of a potential null pointer 'Ident'.
Check lines: 345, 340.
V614 Potentially uninitialized buffer 'Name' used. Consider checking the second
actual argument of the 'rtl_uString_newFromStr' function.
Change-Id: Ieadc914d0f15e9c01621f8d7b5a7f8c0778c4498
Reviewed-on: https://gerrit.libreoffice.org/62090
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski at collabora.com>
diff --git a/sal/osl/w32/security.cxx b/sal/osl/w32/security.cxx
index 2082301d2156..ebd3754705dd 100644
--- a/sal/osl/w32/security.cxx
+++ b/sal/osl/w32/security.cxx
@@ -77,12 +77,13 @@ static bool getUserNameImpl(oslSecurity Security, rtl_uString **strName, bool bI
oslSecurity SAL_CALL osl_getCurrentSecurity(void)
{
oslSecurityImpl* pSecImpl = static_cast<oslSecurityImpl *>(malloc(sizeof(oslSecurityImpl)));
-
- pSecImpl->m_pNetResource = nullptr;
- pSecImpl->m_User[0] = '\0';
- pSecImpl->m_hToken = nullptr;
- pSecImpl->m_hProfile = nullptr;
-
+ if (pSecImpl)
+ {
+ pSecImpl->m_pNetResource = nullptr;
+ pSecImpl->m_User[0] = '\0';
+ pSecImpl->m_hToken = nullptr;
+ pSecImpl->m_hProfile = nullptr;
+ }
return pSecImpl;
}
@@ -112,14 +113,15 @@ oslSecurityError SAL_CALL osl_loginUser( rtl_uString *strUserName, rtl_uString *
&hUserToken))
{
oslSecurityImpl* pSecImpl = static_cast<oslSecurityImpl *>(malloc(sizeof(oslSecurityImpl)));
-
- pSecImpl->m_pNetResource = nullptr;
- pSecImpl->m_hToken = hUserToken;
- pSecImpl->m_hProfile = nullptr;
- wcscpy(o3tl::toW(pSecImpl->m_User), o3tl::toW(strUser));
-
+ if (pSecImpl)
+ {
+ pSecImpl->m_pNetResource = nullptr;
+ pSecImpl->m_hToken = hUserToken;
+ pSecImpl->m_hProfile = nullptr;
+ wcscpy(o3tl::toW(pSecImpl->m_User), o3tl::toW(strUser));
+ }
*pSecurity = pSecImpl;
- ret = osl_Security_E_None;
+ ret = pSecImpl ? osl_Security_E_None : osl_Security_E_Unknown;
}
else
{
@@ -171,17 +173,25 @@ oslSecurityError SAL_CALL osl_loginUserOnFileServer(rtl_uString *strUserName,
if ((err == NO_ERROR) || (err == ERROR_ALREADY_ASSIGNED))
{
oslSecurityImpl* pSecImpl = static_cast<oslSecurityImpl *>(malloc(sizeof(oslSecurityImpl)));
-
- pSecImpl->m_pNetResource = static_cast<NETRESOURCEW *>(malloc(sizeof(NETRESOURCE)));
- *pSecImpl->m_pNetResource = netResource;
-
- pSecImpl->m_hToken = nullptr;
- pSecImpl->m_hProfile = nullptr;
- wcscpy(o3tl::toW(pSecImpl->m_User), o3tl::toW(rtl_uString_getStr(strUserName)));
-
+ if (pSecImpl)
+ {
+ pSecImpl->m_pNetResource = static_cast<NETRESOURCEW *>(malloc(sizeof(NETRESOURCE)));
+ if (pSecImpl->m_pNetResource)
+ {
+ *pSecImpl->m_pNetResource = netResource;
+ pSecImpl->m_hToken = nullptr;
+ pSecImpl->m_hProfile = nullptr;
+ wcscpy(o3tl::toW(pSecImpl->m_User), o3tl::toW(rtl_uString_getStr(strUserName)));
+ }
+ else
+ {
+ free(pSecImpl);
+ pSecImpl = nullptr;
+ }
+ }
*pSecurity = pSecImpl;
- ret = osl_Security_E_None;
+ ret = pSecImpl ? osl_Security_E_None : osl_Security_E_Unknown;
}
else
{
@@ -291,7 +301,14 @@ sal_Bool SAL_CALL osl_getUserIdent(oslSecurity Security, rtl_uString **strIdent)
{
if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
{
- pInfoBuffer = static_cast<UCHAR *>(realloc(pInfoBuffer, nInfoBuffer));
+ if (auto p = static_cast<UCHAR *>(realloc(pInfoBuffer, nInfoBuffer)))
+ pInfoBuffer = p;
+ else
+ {
+ free(pInfoBuffer);
+ pInfoBuffer = nullptr;
+ break;
+ }
}
else
{
@@ -325,31 +342,29 @@ sal_Bool SAL_CALL osl_getUserIdent(oslSecurity Security, rtl_uString **strIdent)
free(pInfoBuffer);
- return bResult;
+ return bResult != FALSE;
}
}
else
{
DWORD needed = 0;
- sal_Unicode *Ident;
WNetGetUserW(nullptr, nullptr, &needed);
if (needed < 16)
needed = 16;
- Ident = static_cast<sal_Unicode *>(malloc(needed*sizeof(sal_Unicode)));
-
- if (WNetGetUserW(nullptr, o3tl::toW(Ident), &needed) != NO_ERROR)
+ if (auto Ident = static_cast<sal_Unicode *>(malloc(needed*sizeof(sal_Unicode))))
{
- wcscpy(o3tl::toW(Ident), L"unknown");
- Ident[7] = L'\0';
- }
-
- rtl_uString_newFromStr( strIdent, Ident);
-
- free(Ident);
+ if (WNetGetUserW(nullptr, o3tl::toW(Ident), &needed) != NO_ERROR)
+ {
+ wcscpy(o3tl::toW(Ident), L"unknown");
+ Ident[7] = L'\0';
+ }
- return true;
+ rtl_uString_newFromStr( strIdent, Ident);
+ free(Ident);
+ return true;
+ }
}
}
@@ -710,7 +725,14 @@ static bool getUserNameImpl(oslSecurity Security, rtl_uString **strName, bool b
{
if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
{
- pInfoBuffer = static_cast<UCHAR *>(realloc(pInfoBuffer, nInfoBuffer));
+ if (auto p = static_cast<UCHAR *>(realloc(pInfoBuffer, nInfoBuffer)))
+ pInfoBuffer = p;
+ else
+ {
+ free(pInfoBuffer);
+ pInfoBuffer = nullptr;
+ break;
+ }
}
else
{
@@ -746,13 +768,11 @@ static bool getUserNameImpl(oslSecurity Security, rtl_uString **strName, bool b
{
wcscpy(o3tl::toW(Name), o3tl::toW(UserName));
}
- }
-
- rtl_uString_newFromStr( strName, Name);
- free(pInfoBuffer);
-
- return true;
+ rtl_uString_newFromStr(strName, Name);
+ free(pInfoBuffer);
+ return true;
+ }
}
}
else
More information about the Libreoffice-commits
mailing list