Fix GCC v14 [-Wanalyzer-null-dereference] warnings in Kerberos (#1983)

    src/acl/external/kerberos_ldap_group/support_sasl.cc:190:17: error:
    dereference of NULL 'defs' [CWE-476] [-Wanalyzer-null-dereference]

    src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc:235:19: error:
    dereference of NULL 'Rids' [CWE-476] [-Wanalyzer-null-dereference]

diff --git a/src/acl/external/kerberos_ldap_group/support_sasl.cc b/src/acl/external/kerberos_ldap_group/support_sasl.cc
index 6c0ced6deb278af6bb38c8c783c99177131205eb..7a0beced207de5de1f475fc9a6b0e972fb51b470 100644 (file)
--- a/src/acl/external/kerberos_ldap_group/support_sasl.cc
+++ b/src/acl/external/kerberos_ldap_group/support_sasl.cc
@@ -202,16 +202,16 @@ void
 lutil_sasl_freedefs(
     void *defaults)
 {
-    lutilSASLdefaults *defs = (lutilSASLdefaults *) defaults;
-
-    xfree(defs->mech);
-    xfree(defs->realm);
-    xfree(defs->authcid);
-    xfree(defs->passwd);
-    xfree(defs->authzid);
-    xfree(defs->resps);
-
-    xfree(defs);
+    if (const auto defs = static_cast<lutilSASLdefaults*>(defaults)) {
+        xfree(defs->mech);
+        xfree(defs->realm);
+        xfree(defs->authcid);
+        xfree(defs->passwd);
+        xfree(defs->authzid);
+        xfree(defs->resps);
+
+        xfree(defs);
+    }
 }
 
 int

diff --git a/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc b/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
index f5dff1d75dce2b0e1ccd5851a1a83b731134583d..5e2f99002b1690f617a57342ea1643db2dd006cc 100644 (file)
--- a/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
+++ b/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
@@ -202,6 +202,12 @@ getdomaingids(char *ad_groups, uint32_t DomainLogonId, char **Rids, uint32_t Gro
         return nullptr;
     }
 
+    if (!Rids) {
+        debug((char *) "%s| %s: ERR: Invalid RIDS list\n",
+              LogTime(), PROGRAM);
+        return nullptr;
+    }
+
     if (DomainLogonId!= 0) {
         uint8_t rev;
         uint64_t idauth;