Bug 750625 - Fix Coverity (11096) Explicit null dereferenced

https://bugzilla.redhat.com/show_bug.cgi?id=750625

lib/libaccess/aclutil.cpp (LASGroupEval)

Bug Description: Dereferencing null variable "req_time".

Fix Description: Check "req_time" when it's returned from acl_
get_req_time. If it is NULL, return LAS_EVAL_FAIL and it does
not go further. Also, adding a check for the malloc failure to
acl_get_req_time.

lib/libaccess/aclutil.cpp

@@ -247,13 +247,16 @@ time_t *acl_get_req_time (PList_t resource)
 {
     time_t *req_time = 0;
     int rv = PListGetValue(resource, ACL_ATTR_TIME_INDEX, (void **)&req_time,
-			   NULL);
+                           NULL);
 
     if (rv < 0) {
-	req_time = (time_t *)pool_malloc(PListGetPool(resource), sizeof(time_t));
-	time(req_time);
-	PListInitProp(resource, ACL_ATTR_TIME_INDEX, ACL_ATTR_TIME,
-		      (void *)req_time, NULL);
+        req_time = (time_t *)pool_malloc(PListGetPool(resource), sizeof(time_t));
+        if (NULL == req_time) {
+            return NULL;
+        }
+        time(req_time);
+        PListInitProp(resource, ACL_ATTR_TIME_INDEX, ACL_ATTR_TIME,
+                      (void *)req_time, NULL);
     }
 
     return req_time;

lib/libaccess/lasgroup.cpp

@@ -126,12 +126,14 @@ int LASGroupEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator,
         return LAS_EVAL_FAIL;
     }
 
-    rv = LAS_EVAL_FALSE;
+    /* Regardless of cache, req_time needs to be filled. */
+    req_time = acl_get_req_time(resource);
+    if (NULL == req_time) {
+        return LAS_EVAL_FAIL;
+    }
 
+    rv = LAS_EVAL_FALSE;
     if (acl_usr_cache_enabled()) {
-	/* avoid unnecessary system call to get time if cache is disabled */
-	req_time = acl_get_req_time(resource);
-
 	/* Loop through all the groups and check if any is in the cache */
 	group = groups;
 	delim = ',';