|
 |
f92ce9 |
From 80ee43bf0f6ad4a8702f0695b9294a3797483ebe Mon Sep 17 00:00:00 2001
|
|
|
f92ce9 |
From: Rich Megginson <rmeggins@redhat.com>
|
|
|
f92ce9 |
Date: Fri, 12 Sep 2014 13:11:26 -0600
|
|
|
f92ce9 |
Subject: [PATCH] Ticket #47892 coverity defects found in 1.3.3.1
|
|
|
f92ce9 |
MIME-Version: 1.0
|
|
|
f92ce9 |
Content-Type: text/plain; charset=UTF-8
|
|
|
f92ce9 |
Content-Transfer-Encoding: 8bit
|
|
|
f92ce9 |
|
|
|
f92ce9 |
https://fedorahosted.org/389/ticket/47892
|
|
|
f92ce9 |
Reviewed by: mreynolds, nkinder (Thanks!)
|
|
|
f92ce9 |
Branch: rhel-7.1
|
|
|
f92ce9 |
Fix Description:
|
|
|
f92ce9 |
9. 389-ds-base-1.3.3.1/ldap/servers/plugins/memberof/memberof.c:2079:var_compare_op – Comparing "group_norm_vals" to null implies that "group_norm_vals" might be null.
|
|
|
f92ce9 |
11. 389-ds-base-1.3.3.1/ldap/servers/plugins/memberof/memberof.c:2099:var_deref_model – Passing null pointer "group_norm_vals" to function "slapi_valueset_add_value_ext(Slapi_ValueSet *, Slapi_Value const *, unsigned long)", which dereferences it.
|
|
|
f92ce9 |
12. 389-ds-base-1.3.3.1/ldap/servers/slapd/valueset.c:896:2:deref_parm_in_call – Function "slapi_valueset_add_attr_valuearray_ext(Slapi_Attr const *, Slapi_ValueSet *, Slapi_Value **, int, unsigned long, int *)" dereferences "vs".
|
|
|
f92ce9 |
15. 389-ds-base-1.3.3.1/ldap/servers/slapd/valueset.c:1075:2:deref_parm – Directly dereferencing parameter "vs".
|
|
|
f92ce9 |
|
|
|
f92ce9 |
Added a check for group_norm_vals == NULL at beginning of function. I think this had a chain effect causing 11, 12, and 15 as well.
|
|
|
f92ce9 |
|
|
|
f92ce9 |
various - deprecated conversion from string constant - added const_cast<char *> as recommended by C++ guides.
|
|
|
f92ce9 |
|
|
|
f92ce9 |
2. 389-ds-base-1.3.3.1/ldap/servers/slapd/back-ldbm/ldif2ldbm.c:2198:78:warning – 'j' may be used uninitialized in this function [-Wmaybe-uninitialized]
|
|
|
f92ce9 |
|
|
|
f92ce9 |
Should have been using SLAPI_ATTR_TOMBSTONE_CSN
|
|
|
f92ce9 |
|
|
|
f92ce9 |
2. 389-ds-base-1.3.3.1/ldap/servers/plugins/acl/aclparse.c:538:28:warning – 'is_target_to' may be used uninitialized in this function [-Wmaybe-uninitialized]
|
|
|
f92ce9 |
|
|
|
f92ce9 |
2. 389-ds-base-1.3.3.1/ldap/servers/plugins/acl/acl.c:2493:26:warning – 'attrFilterArray' may be used uninitialized in this function [-Wmaybe-uninitialized]
|
|
|
f92ce9 |
|
|
|
f92ce9 |
These are false positives.
|
|
|
f92ce9 |
|
|
|
f92ce9 |
The minor memleaks were also fixed.
|
|
|
f92ce9 |
|
|
|
f92ce9 |
Platforms tested: Fedora 20
|
|
|
f92ce9 |
Flag Day: no
|
|
|
f92ce9 |
Doc impact: no
|
|
|
f92ce9 |
|
|
|
f92ce9 |
(cherry picked from commit 66e43aee7151acf6939b1a646eb869c7ccf0f7a4)
|
|
|
f92ce9 |
(cherry picked from commit 6dc23ec794cd5644a40c223e7b66066f195d8d7d)
|
|
|
f92ce9 |
---
|
|
|
f92ce9 |
ldap/servers/plugins/memberof/memberof.c | 6 +++---
|
|
|
f92ce9 |
ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 2 +-
|
|
|
f92ce9 |
ldap/servers/slapd/tools/ldif.c | 5 ++++-
|
|
|
f92ce9 |
ldap/servers/slapd/tools/rsearch/nametable.c | 1 +
|
|
|
f92ce9 |
lib/base/pool.cpp | 10 +++++-----
|
|
|
f92ce9 |
lib/libaccess/aclcache.cpp | 2 +-
|
|
|
f92ce9 |
6 files changed, 15 insertions(+), 11 deletions(-)
|
|
|
f92ce9 |
|
|
|
f92ce9 |
diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
|
|
|
f92ce9 |
index 6549718..bd87ee9 100644
|
|
|
f92ce9 |
--- a/ldap/servers/plugins/memberof/memberof.c
|
|
|
f92ce9 |
+++ b/ldap/servers/plugins/memberof/memberof.c
|
|
|
f92ce9 |
@@ -2044,10 +2044,10 @@ int memberof_get_groups_callback(Slapi_Entry *e, void *callback_data)
|
|
|
f92ce9 |
goto bail;
|
|
|
f92ce9 |
}
|
|
|
f92ce9 |
|
|
|
f92ce9 |
- if (!groupvals)
|
|
|
f92ce9 |
+ if (!groupvals || !group_norm_vals)
|
|
|
f92ce9 |
{
|
|
|
f92ce9 |
slapi_log_error( SLAPI_LOG_PLUGIN, MEMBEROF_PLUGIN_SUBSYSTEM,
|
|
|
f92ce9 |
- "memberof_get_groups_callback: NULL groupvals\n");
|
|
|
f92ce9 |
+ "memberof_get_groups_callback: NULL groupvals or group_norm_vals\n");
|
|
|
f92ce9 |
rc = -1;
|
|
|
f92ce9 |
goto bail;
|
|
|
f92ce9 |
|
|
|
f92ce9 |
@@ -2076,7 +2076,7 @@ int memberof_get_groups_callback(Slapi_Entry *e, void *callback_data)
|
|
|
f92ce9 |
* in config. We only need this attribute for it's syntax so the comparison can be
|
|
|
f92ce9 |
* performed. Since all of the grouping attributes are validated to use the Dinstinguished
|
|
|
f92ce9 |
* Name syntax, we can safely just use the first group_slapiattr. */
|
|
|
f92ce9 |
- if (group_norm_vals && slapi_valueset_find(
|
|
|
f92ce9 |
+ if (slapi_valueset_find(
|
|
|
f92ce9 |
((memberof_get_groups_data*)callback_data)->config->group_slapiattrs[0], group_norm_vals, group_ndn_val))
|
|
|
f92ce9 |
{
|
|
|
f92ce9 |
/* we either hit a recursive grouping, or an entry is
|
|
|
f92ce9 |
diff --git a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
|
|
|
f92ce9 |
index ab3a4a5..523da09 100644
|
|
|
f92ce9 |
--- a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
|
|
|
f92ce9 |
+++ b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
|
|
|
f92ce9 |
@@ -2195,7 +2195,7 @@ ldbm_back_ldbm2index(Slapi_PBlock *pb)
|
|
|
f92ce9 |
if (task) {
|
|
|
f92ce9 |
slapi_task_log_notice(task, "%s: ERROR: failed to begin txn for "
|
|
|
f92ce9 |
"update index '%s' (err %d: %s)",
|
|
|
f92ce9 |
- inst->inst_name, indexAttrs[j], rc,
|
|
|
f92ce9 |
+ inst->inst_name, SLAPI_ATTR_TOMBSTONE_CSN, rc,
|
|
|
f92ce9 |
dblayer_strerror(rc));
|
|
|
f92ce9 |
}
|
|
|
f92ce9 |
return_value = -2;
|
|
|
f92ce9 |
diff --git a/ldap/servers/slapd/tools/ldif.c b/ldap/servers/slapd/tools/ldif.c
|
|
|
f92ce9 |
index e8e6f9b..e4527ba 100644
|
|
|
f92ce9 |
--- a/ldap/servers/slapd/tools/ldif.c
|
|
|
f92ce9 |
+++ b/ldap/servers/slapd/tools/ldif.c
|
|
|
f92ce9 |
@@ -142,7 +142,8 @@ int main( int argc, char **argv )
|
|
|
f92ce9 |
}
|
|
|
f92ce9 |
|
|
|
f92ce9 |
if (( out = ldif_type_and_value( type, val, cur )) == NULL ) {
|
|
|
f92ce9 |
- perror( "ldif_type_and_value" );
|
|
|
f92ce9 |
+ perror( "ldif_type_and_value" );
|
|
|
f92ce9 |
+ free( val );
|
|
|
f92ce9 |
return( 1 );
|
|
|
f92ce9 |
}
|
|
|
f92ce9 |
|
|
|
f92ce9 |
@@ -166,6 +167,7 @@ int main( int argc, char **argv )
|
|
|
f92ce9 |
maxlen *= 2;
|
|
|
f92ce9 |
if( (buf = (char *)realloc(buf, maxlen)) == NULL ) {
|
|
|
f92ce9 |
perror( "realloc" );
|
|
|
f92ce9 |
+ free( buf );
|
|
|
f92ce9 |
return( 1 );
|
|
|
f92ce9 |
}
|
|
|
f92ce9 |
(void)fgets(buf+curlen, maxlen/2 + 1, stdin);
|
|
|
f92ce9 |
@@ -176,6 +178,7 @@ int main( int argc, char **argv )
|
|
|
f92ce9 |
if (( out = ldif_type_and_value( type, buf, strlen( buf ) ))
|
|
|
f92ce9 |
== NULL ) {
|
|
|
f92ce9 |
perror( "ldif_type_and_value" );
|
|
|
f92ce9 |
+ free( buf );
|
|
|
f92ce9 |
return( 1 );
|
|
|
f92ce9 |
}
|
|
|
f92ce9 |
fputs( out, stdout );
|
|
|
f92ce9 |
diff --git a/ldap/servers/slapd/tools/rsearch/nametable.c b/ldap/servers/slapd/tools/rsearch/nametable.c
|
|
|
f92ce9 |
index 03a6ae1..9d56a34 100644
|
|
|
f92ce9 |
--- a/ldap/servers/slapd/tools/rsearch/nametable.c
|
|
|
f92ce9 |
+++ b/ldap/servers/slapd/tools/rsearch/nametable.c
|
|
|
f92ce9 |
@@ -160,6 +160,7 @@ int nt_load(NameTable *nt, const char *filename)
|
|
|
f92ce9 |
free(s);
|
|
|
f92ce9 |
break;
|
|
|
f92ce9 |
}
|
|
|
f92ce9 |
+ free(s);
|
|
|
f92ce9 |
}
|
|
|
f92ce9 |
PR_Close(fd);
|
|
|
f92ce9 |
return nt->size;
|
|
|
f92ce9 |
diff --git a/lib/base/pool.cpp b/lib/base/pool.cpp
|
|
|
f92ce9 |
index 9ee1b8c..ab952d1 100644
|
|
|
f92ce9 |
--- a/lib/base/pool.cpp
|
|
|
f92ce9 |
+++ b/lib/base/pool.cpp
|
|
|
f92ce9 |
@@ -178,7 +178,7 @@ _create_block(int size)
|
|
|
f92ce9 |
crit_exit(freelist_lock);
|
|
|
f92ce9 |
if (((newblock = (block_t *)PERM_MALLOC(sizeof(block_t))) == NULL) ||
|
|
|
f92ce9 |
((newblock->data = (char *)PERM_MALLOC(bytes)) == NULL)) {
|
|
|
f92ce9 |
- ereport(LOG_CATASTROPHE, "%s", XP_GetAdminStr(DBT_poolCreateBlockOutOfMemory_));
|
|
|
f92ce9 |
+ ereport(LOG_CATASTROPHE, const_cast<char *>("%s"), XP_GetAdminStr(DBT_poolCreateBlockOutOfMemory_));
|
|
|
f92ce9 |
if (newblock)
|
|
|
f92ce9 |
PERM_FREE(newblock);
|
|
|
f92ce9 |
return NULL;
|
|
|
f92ce9 |
@@ -259,7 +259,7 @@ pool_create()
|
|
|
f92ce9 |
}
|
|
|
f92ce9 |
|
|
|
f92ce9 |
if ( (newpool->curr_block =_create_block(BLOCK_SIZE)) == NULL) {
|
|
|
f92ce9 |
- ereport(LOG_CATASTROPHE, "%s", XP_GetAdminStr(DBT_poolCreateOutOfMemory_));
|
|
|
f92ce9 |
+ ereport(LOG_CATASTROPHE, const_cast<char *>("%s"), XP_GetAdminStr(DBT_poolCreateOutOfMemory_));
|
|
|
f92ce9 |
PERM_FREE(newpool);
|
|
|
f92ce9 |
return NULL;
|
|
|
f92ce9 |
}
|
|
|
f92ce9 |
@@ -280,7 +280,7 @@ pool_create()
|
|
|
f92ce9 |
crit_exit(known_pools_lock);
|
|
|
f92ce9 |
}
|
|
|
f92ce9 |
else
|
|
|
f92ce9 |
- ereport(LOG_CATASTROPHE, "%s", XP_GetAdminStr(DBT_poolCreateOutOfMemory_1));
|
|
|
f92ce9 |
+ ereport(LOG_CATASTROPHE, const_cast<char *>("%s"), XP_GetAdminStr(DBT_poolCreateOutOfMemory_1));
|
|
|
f92ce9 |
|
|
|
f92ce9 |
return (pool_handle_t *)newpool;
|
|
|
f92ce9 |
}
|
|
|
f92ce9 |
@@ -386,7 +386,7 @@ pool_malloc(pool_handle_t *pool_handle, size_t size)
|
|
|
f92ce9 |
*/
|
|
|
f92ce9 |
blocksize = ( (size + BLOCK_SIZE-1) / BLOCK_SIZE ) * BLOCK_SIZE;
|
|
|
f92ce9 |
if ( (pool->curr_block = _create_block(blocksize)) == NULL) {
|
|
|
f92ce9 |
- ereport(LOG_CATASTROPHE, "%s", XP_GetAdminStr(DBT_poolMallocOutOfMemory_));
|
|
|
f92ce9 |
+ ereport(LOG_CATASTROPHE, const_cast<char *>("%s"), XP_GetAdminStr(DBT_poolMallocOutOfMemory_));
|
|
|
f92ce9 |
#ifdef POOL_LOCKING
|
|
|
f92ce9 |
crit_exit(pool->lock);
|
|
|
f92ce9 |
#endif
|
|
|
f92ce9 |
@@ -408,7 +408,7 @@ pool_malloc(pool_handle_t *pool_handle, size_t size)
|
|
|
f92ce9 |
|
|
|
f92ce9 |
void _pool_free_error()
|
|
|
f92ce9 |
{
|
|
|
f92ce9 |
- ereport(LOG_WARN, "%s", XP_GetAdminStr(DBT_freeUsedWherePermFreeShouldHaveB_));
|
|
|
f92ce9 |
+ ereport(LOG_WARN, const_cast<char *>("%s"), XP_GetAdminStr(DBT_freeUsedWherePermFreeShouldHaveB_));
|
|
|
f92ce9 |
|
|
|
f92ce9 |
return;
|
|
|
f92ce9 |
}
|
|
|
f92ce9 |
diff --git a/lib/libaccess/aclcache.cpp b/lib/libaccess/aclcache.cpp
|
|
|
f92ce9 |
index 52e019b..a96b0c9 100644
|
|
|
f92ce9 |
--- a/lib/libaccess/aclcache.cpp
|
|
|
f92ce9 |
+++ b/lib/libaccess/aclcache.cpp
|
|
|
f92ce9 |
@@ -133,7 +133,7 @@ ACL_ListHashInit()
|
|
|
f92ce9 |
&ACLPermAllocOps,
|
|
|
f92ce9 |
NULL);
|
|
|
f92ce9 |
if (ACLListHash == NULL) {
|
|
|
f92ce9 |
- ereport(LOG_SECURITY, "Unable to allocate ACL List Hash\n");
|
|
|
f92ce9 |
+ ereport(LOG_SECURITY, const_cast<char *>("Unable to allocate ACL List Hash\n"));
|
|
|
f92ce9 |
return;
|
|
|
f92ce9 |
}
|
|
|
f92ce9 |
|
|
|
f92ce9 |
--
|
|
|
f92ce9 |
1.9.3
|
|
|
f92ce9 |
|