andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone

Blame SOURCES/0008-Ticket-47892-coverity-defects-found-in-1.3.3.1.patch

f92ce9
From 80ee43bf0f6ad4a8702f0695b9294a3797483ebe Mon Sep 17 00:00:00 2001
f92ce9
From: Rich Megginson <rmeggins@redhat.com>
f92ce9
Date: Fri, 12 Sep 2014 13:11:26 -0600
f92ce9
Subject: [PATCH] Ticket #47892 coverity defects found in 1.3.3.1
f92ce9
MIME-Version: 1.0
f92ce9
Content-Type: text/plain; charset=UTF-8
f92ce9
Content-Transfer-Encoding: 8bit
f92ce9
f92ce9
https://fedorahosted.org/389/ticket/47892
f92ce9
Reviewed by: mreynolds, nkinder (Thanks!)
f92ce9
Branch: rhel-7.1
f92ce9
Fix Description:
f92ce9
9. 389-ds-base-1.3.3.1/ldap/servers/plugins/memberof/memberof.c:2079:var_compare_op – Comparing "group_norm_vals" to null implies that "group_norm_vals" might be null.
f92ce9
11. 389-ds-base-1.3.3.1/ldap/servers/plugins/memberof/memberof.c:2099:var_deref_model – Passing null pointer "group_norm_vals" to function "slapi_valueset_add_value_ext(Slapi_ValueSet *, Slapi_Value const *, unsigned long)", which dereferences it.
f92ce9
12. 389-ds-base-1.3.3.1/ldap/servers/slapd/valueset.c:896:2:deref_parm_in_call – Function "slapi_valueset_add_attr_valuearray_ext(Slapi_Attr const *, Slapi_ValueSet *, Slapi_Value **, int, unsigned long, int *)" dereferences "vs".
f92ce9
15. 389-ds-base-1.3.3.1/ldap/servers/slapd/valueset.c:1075:2:deref_parm – Directly dereferencing parameter "vs".
f92ce9
f92ce9
Added a check for group_norm_vals == NULL at beginning of function.  I think this had a chain effect causing 11, 12, and 15 as well.
f92ce9
f92ce9
various - deprecated conversion from string constant - added const_cast<char *> as recommended by C++ guides.
f92ce9
f92ce9
2. 389-ds-base-1.3.3.1/ldap/servers/slapd/back-ldbm/ldif2ldbm.c:2198:78:warning – 'j' may be used uninitialized in this function [-Wmaybe-uninitialized]
f92ce9
f92ce9
Should have been using SLAPI_ATTR_TOMBSTONE_CSN
f92ce9
f92ce9
2. 389-ds-base-1.3.3.1/ldap/servers/plugins/acl/aclparse.c:538:28:warning – 'is_target_to' may be used uninitialized in this function [-Wmaybe-uninitialized]
f92ce9
f92ce9
2. 389-ds-base-1.3.3.1/ldap/servers/plugins/acl/acl.c:2493:26:warning – 'attrFilterArray' may be used uninitialized in this function [-Wmaybe-uninitialized]
f92ce9
f92ce9
These are false positives.
f92ce9
f92ce9
The minor memleaks were also fixed.
f92ce9
f92ce9
Platforms tested: Fedora 20
f92ce9
Flag Day: no
f92ce9
Doc impact: no
f92ce9
f92ce9
(cherry picked from commit 66e43aee7151acf6939b1a646eb869c7ccf0f7a4)
f92ce9
(cherry picked from commit 6dc23ec794cd5644a40c223e7b66066f195d8d7d)
f92ce9
---
f92ce9
 ldap/servers/plugins/memberof/memberof.c     |  6 +++---
f92ce9
 ldap/servers/slapd/back-ldbm/ldif2ldbm.c     |  2 +-
f92ce9
 ldap/servers/slapd/tools/ldif.c              |  5 ++++-
f92ce9
 ldap/servers/slapd/tools/rsearch/nametable.c |  1 +
f92ce9
 lib/base/pool.cpp                            | 10 +++++-----
f92ce9
 lib/libaccess/aclcache.cpp                   |  2 +-
f92ce9
 6 files changed, 15 insertions(+), 11 deletions(-)
f92ce9
f92ce9
diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
f92ce9
index 6549718..bd87ee9 100644
f92ce9
--- a/ldap/servers/plugins/memberof/memberof.c
f92ce9
+++ b/ldap/servers/plugins/memberof/memberof.c
f92ce9
@@ -2044,10 +2044,10 @@ int memberof_get_groups_callback(Slapi_Entry *e, void *callback_data)
f92ce9
 		goto bail;
f92ce9
 	}
f92ce9
 
f92ce9
-	if (!groupvals)
f92ce9
+	if (!groupvals || !group_norm_vals)
f92ce9
 	{
f92ce9
 		slapi_log_error( SLAPI_LOG_PLUGIN, MEMBEROF_PLUGIN_SUBSYSTEM,
f92ce9
-			"memberof_get_groups_callback: NULL groupvals\n");
f92ce9
+			"memberof_get_groups_callback: NULL groupvals or group_norm_vals\n");
f92ce9
 		rc = -1;
f92ce9
 		goto bail;
f92ce9
 
f92ce9
@@ -2076,7 +2076,7 @@ int memberof_get_groups_callback(Slapi_Entry *e, void *callback_data)
f92ce9
 	 * in config.  We only need this attribute for it's syntax so the comparison can be
f92ce9
 	 * performed.  Since all of the grouping attributes are validated to use the Dinstinguished
f92ce9
 	 * Name syntax, we can safely just use the first group_slapiattr. */
f92ce9
-	if (group_norm_vals && slapi_valueset_find(
f92ce9
+	if (slapi_valueset_find(
f92ce9
 		((memberof_get_groups_data*)callback_data)->config->group_slapiattrs[0], group_norm_vals, group_ndn_val))
f92ce9
 	{
f92ce9
 		/* we either hit a recursive grouping, or an entry is
f92ce9
diff --git a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
f92ce9
index ab3a4a5..523da09 100644
f92ce9
--- a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
f92ce9
+++ b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
f92ce9
@@ -2195,7 +2195,7 @@ ldbm_back_ldbm2index(Slapi_PBlock *pb)
f92ce9
                         if (task) {
f92ce9
                             slapi_task_log_notice(task, "%s: ERROR: failed to begin txn for "
f92ce9
                                                   "update index '%s' (err %d: %s)",
f92ce9
-                                                  inst->inst_name, indexAttrs[j], rc,
f92ce9
+                                                  inst->inst_name, SLAPI_ATTR_TOMBSTONE_CSN, rc,
f92ce9
                                                   dblayer_strerror(rc));
f92ce9
                         }
f92ce9
                         return_value = -2;
f92ce9
diff --git a/ldap/servers/slapd/tools/ldif.c b/ldap/servers/slapd/tools/ldif.c
f92ce9
index e8e6f9b..e4527ba 100644
f92ce9
--- a/ldap/servers/slapd/tools/ldif.c
f92ce9
+++ b/ldap/servers/slapd/tools/ldif.c
f92ce9
@@ -142,7 +142,8 @@ int main( int argc, char **argv )
f92ce9
 		}
f92ce9
 
f92ce9
 		if (( out = ldif_type_and_value( type, val, cur )) == NULL ) {
f92ce9
-		    	perror( "ldif_type_and_value" );
f92ce9
+			perror( "ldif_type_and_value" );
f92ce9
+			free( val );
f92ce9
 			return( 1 );
f92ce9
 		}
f92ce9
 
f92ce9
@@ -166,6 +167,7 @@ int main( int argc, char **argv )
f92ce9
 				maxlen *= 2;
f92ce9
 				if( (buf = (char *)realloc(buf, maxlen)) == NULL ) {
f92ce9
 					perror( "realloc" );
f92ce9
+					free( buf );
f92ce9
 					return( 1 );
f92ce9
 				}
f92ce9
 				(void)fgets(buf+curlen, maxlen/2 + 1, stdin);
f92ce9
@@ -176,6 +178,7 @@ int main( int argc, char **argv )
f92ce9
 			if (( out = ldif_type_and_value( type, buf, strlen( buf ) ))
f92ce9
 				== NULL ) {
f92ce9
 				perror( "ldif_type_and_value" );
f92ce9
+				free( buf );
f92ce9
 				return( 1 );
f92ce9
 			}
f92ce9
 			fputs( out, stdout );
f92ce9
diff --git a/ldap/servers/slapd/tools/rsearch/nametable.c b/ldap/servers/slapd/tools/rsearch/nametable.c
f92ce9
index 03a6ae1..9d56a34 100644
f92ce9
--- a/ldap/servers/slapd/tools/rsearch/nametable.c
f92ce9
+++ b/ldap/servers/slapd/tools/rsearch/nametable.c
f92ce9
@@ -160,6 +160,7 @@ int nt_load(NameTable *nt, const char *filename)
f92ce9
             free(s);
f92ce9
             break;
f92ce9
         }
f92ce9
+        free(s);
f92ce9
     }
f92ce9
     PR_Close(fd);
f92ce9
     return nt->size;
f92ce9
diff --git a/lib/base/pool.cpp b/lib/base/pool.cpp
f92ce9
index 9ee1b8c..ab952d1 100644
f92ce9
--- a/lib/base/pool.cpp
f92ce9
+++ b/lib/base/pool.cpp
f92ce9
@@ -178,7 +178,7 @@ _create_block(int size)
f92ce9
 		crit_exit(freelist_lock);
f92ce9
 		if (((newblock = (block_t *)PERM_MALLOC(sizeof(block_t))) == NULL) || 
f92ce9
 		    ((newblock->data = (char *)PERM_MALLOC(bytes)) == NULL)) {
f92ce9
-			ereport(LOG_CATASTROPHE, "%s", XP_GetAdminStr(DBT_poolCreateBlockOutOfMemory_));
f92ce9
+			ereport(LOG_CATASTROPHE, const_cast<char *>("%s"), XP_GetAdminStr(DBT_poolCreateBlockOutOfMemory_));
f92ce9
 			if (newblock)
f92ce9
 				PERM_FREE(newblock);
f92ce9
 			return NULL;
f92ce9
@@ -259,7 +259,7 @@ pool_create()
f92ce9
 		}
f92ce9
 
f92ce9
 		if ( (newpool->curr_block =_create_block(BLOCK_SIZE)) == NULL) {
f92ce9
-			ereport(LOG_CATASTROPHE, "%s", XP_GetAdminStr(DBT_poolCreateOutOfMemory_));
f92ce9
+			ereport(LOG_CATASTROPHE, const_cast<char *>("%s"), XP_GetAdminStr(DBT_poolCreateOutOfMemory_));
f92ce9
 			PERM_FREE(newpool);
f92ce9
 			return NULL;
f92ce9
 		}
f92ce9
@@ -280,7 +280,7 @@ pool_create()
f92ce9
 		crit_exit(known_pools_lock);
f92ce9
 	}
f92ce9
 	else 
f92ce9
-		ereport(LOG_CATASTROPHE, "%s", XP_GetAdminStr(DBT_poolCreateOutOfMemory_1));
f92ce9
+		ereport(LOG_CATASTROPHE, const_cast<char *>("%s"), XP_GetAdminStr(DBT_poolCreateOutOfMemory_1));
f92ce9
 
f92ce9
 	return (pool_handle_t *)newpool;
f92ce9
 }
f92ce9
@@ -386,7 +386,7 @@ pool_malloc(pool_handle_t *pool_handle, size_t size)
f92ce9
 		 */
f92ce9
 		blocksize = ( (size + BLOCK_SIZE-1) / BLOCK_SIZE ) * BLOCK_SIZE;
f92ce9
 		if ( (pool->curr_block = _create_block(blocksize)) == NULL) {
f92ce9
-			ereport(LOG_CATASTROPHE, "%s", XP_GetAdminStr(DBT_poolMallocOutOfMemory_));
f92ce9
+			ereport(LOG_CATASTROPHE, const_cast<char *>("%s"), XP_GetAdminStr(DBT_poolMallocOutOfMemory_));
f92ce9
 #ifdef POOL_LOCKING
f92ce9
 			crit_exit(pool->lock);
f92ce9
 #endif
f92ce9
@@ -408,7 +408,7 @@ pool_malloc(pool_handle_t *pool_handle, size_t size)
f92ce9
 
f92ce9
 void _pool_free_error()
f92ce9
 {
f92ce9
-	ereport(LOG_WARN, "%s", XP_GetAdminStr(DBT_freeUsedWherePermFreeShouldHaveB_));
f92ce9
+	ereport(LOG_WARN, const_cast<char *>("%s"), XP_GetAdminStr(DBT_freeUsedWherePermFreeShouldHaveB_));
f92ce9
 
f92ce9
 	return;
f92ce9
 }
f92ce9
diff --git a/lib/libaccess/aclcache.cpp b/lib/libaccess/aclcache.cpp
f92ce9
index 52e019b..a96b0c9 100644
f92ce9
--- a/lib/libaccess/aclcache.cpp
f92ce9
+++ b/lib/libaccess/aclcache.cpp
f92ce9
@@ -133,7 +133,7 @@ ACL_ListHashInit()
f92ce9
 				  &ACLPermAllocOps, 
f92ce9
 				  NULL);
f92ce9
     if (ACLListHash == NULL) {
f92ce9
-	ereport(LOG_SECURITY, "Unable to allocate ACL List Hash\n");
f92ce9
+	ereport(LOG_SECURITY, const_cast<char *>("Unable to allocate ACL List Hash\n"));
f92ce9
 	return;
f92ce9
     }
f92ce9
 
f92ce9
-- 
f92ce9
1.9.3
f92ce9