code: check return value of functions in logout.c

zandbelt · zandbelt · commit 74db443ce601 · 2024-12-16T18:10:00.000+01:00
oidc_get_provider_from_session and oidc_refresh_token_grant

Signed-off-by: Hans Zandbelt &lt;hans.zandbelt@openidc.com&gt;
diff --git a/ChangeLog b/ChangeLog
@@ -3,6 +3,7 @@
 - code: declare enum members as int so they can be set to OIDC_CONFIG_POS_INT_UNSET without warning
 - code: declare memcache members as int so they can be set to OIDC_CONFIG_POS_INT_UNSET without warning
 - code: declare introspection_endpoint_method member as int so it can be set to OIDC_CONFIG_POS_INT_UNSET without warning
+- code: check return value of oidc_get_provider_from_session and oidc_refresh_token_grant in logout.c
 
 12/15/2024
 - add Coverity Github action
diff --git a/src/handle/logout.c b/src/handle/logout.c
@@ -474,12 +474,14 @@ int oidc_logout(request_rec *r, oidc_cfg_t *c, oidc_session_t *session) {
 		}
 	}
 
-	oidc_get_provider_from_session(r, c, session, &provider);
+	if (oidc_get_provider_from_session(r, c, session, &provider) == FALSE)
+		oidc_warn(r, "oidc_get_provider_from_session failed");
 
 	if ((provider != NULL) && (oidc_cfg_provider_end_session_endpoint_get(provider) != NULL)) {
 
 		if (apr_table_get(r->subprocess_env, OIDC_REFRESH_TOKENS_BEFORE_LOGOUT_ENVVAR) != NULL) {
-			oidc_refresh_token_grant(r, c, session, provider, NULL, NULL, &id_token_hint);
+			if (oidc_refresh_token_grant(r, c, session, provider, NULL, NULL, &id_token_hint) == FALSE)
+				oidc_warn(r, "id_token_hint could not be refreshed before logout");
 		} else {
 			id_token_hint = apr_pstrdup(r->pool, oidc_session_get_idtoken(r, session));
 		}
diff --git a/src/http.c b/src/http.c
@@ -751,12 +751,12 @@ static apr_byte_t oidc_http_request(request_rec *r, const char *url, const char
 
 	/* setup the buffer where the response data will be written to */
 	OIDC_HTTP_CURL_SETOPT(CURLOPT_WRITEFUNCTION, oidc_http_response_data);
-	/* coverity[bad_sizeof] */                                                                              \
+	/* coverity[bad_sizeof] */
 	OIDC_HTTP_CURL_SETOPT(CURLOPT_WRITEDATA, &d_buf);
 
 	/* setup the buffer where the response headers will be written to */
 	OIDC_HTTP_CURL_SETOPT(CURLOPT_HEADERFUNCTION, oidc_http_response_header);
-	/* coverity[bad_sizeof] */                                                                              \
+	/* coverity[bad_sizeof] */
 	OIDC_HTTP_CURL_SETOPT(CURLOPT_HEADERDATA, &h_buf);
 
 #ifndef LIBCURL_NO_CURLPROTO

Original file line number	Diff line number	Diff line change
`@@ -474,12 +474,14 @@ int oidc_logout(request_rec r, oidc_cfg_t c, oidc_session_t *session) {`
`474`	`474`	`}`
`475`	`475`	`}`
`476`	`476`
`477`		`- oidc_get_provider_from_session(r, c, session, &provider);`
	`477`	`+ if (oidc_get_provider_from_session(r, c, session, &provider) == FALSE)`
	`478`	`+ oidc_warn(r, "oidc_get_provider_from_session failed");`
`478`	`479`
`479`	`480`	`if ((provider != NULL) && (oidc_cfg_provider_end_session_endpoint_get(provider) != NULL)) {`
`480`	`481`
`481`	`482`	`if (apr_table_get(r->subprocess_env, OIDC_REFRESH_TOKENS_BEFORE_LOGOUT_ENVVAR) != NULL) {`
`482`		`- oidc_refresh_token_grant(r, c, session, provider, NULL, NULL, &id_token_hint);`
	`483`	`+ if (oidc_refresh_token_grant(r, c, session, provider, NULL, NULL, &id_token_hint) == FALSE)`
	`484`	`+ oidc_warn(r, "id_token_hint could not be refreshed before logout");`
`483`	`485`	`} else {`
`484`	`486`	`id_token_hint = apr_pstrdup(r->pool, oidc_session_get_idtoken(r, session));`
`485`	`487`	`}`