rpms / 389-ds-base

Clone
Source Code
GIT

Blame SOURCES/0028-Coverity-fixes-12023-12024-and-12025.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-armhfp c7-beta c8-beta-stream-1.4 c8-stream-1.4 c8s-stream-1.4 c8s-stream-ds c9 c9-beta
  1.   cc3dff99a0f7d01a8d3915b540d635099f6f8fbe
  2.   SOURCES
  3.   0028-Coverity-fixes-12023-12024-and-12025.patch
Blob History Raw
ba46c7 
From 203db29666519c297a842723892f62fb294ac84b Mon Sep 17 00:00:00 2001
ba46c7 
From: Noriko Hosoi <nhosoi@redhat.com>
ba46c7 
Date: Mon, 30 Sep 2013 12:45:15 -0700
ba46c7 
Subject: [PATCH 28/28] Coverity fixes - 12023, 12024, and 12025
ba46c7
ba46c7 
. 12023 - Ignoring number of bytes read
ba46c7 
  basicInit (ldclt.c):
ba46c7 
  The return value from fread was ignored and not used for copying
ba46c7 
  the read content from buffer to mctx.attrplFileContent.
ba46c7 
. 12024 - Resource leak
ba46c7 
  roles_cache_create_object_from_entry (roles_cache.c):
ba46c7 
  When an error occurred, filter_attr_value was not freed.
ba46c7 
. 12025 - Wrong sizeof argument
ba46c7 
  read_metadata (dblayer.c):
ba46c7 
  prfinfo is declared as PRFileInfo64, but when initializing the
ba46c7 
  structure with NULL, the specified size was for PRFileInfo.
ba46c7
ba46c7 
Reviewed by rmeggins (Thank you, Rich!!)
ba46c7 
(cherry picked from commit f702868012ac1f9deb1cb92d51cdfd793353e836)
ba46c7 
(cherry picked from commit 99f7b65e4bd35ce5d2c24a05178cfca4a44645db)
ba46c7 
---
ba46c7 
 ldap/servers/plugins/roles/roles_cache.c |    3 ++-
ba46c7 
 ldap/servers/slapd/back-ldbm/dblayer.c   |    2 +-
ba46c7 
 ldap/servers/slapd/tools/ldclt/ldclt.c   |   14 +++++++++-----
ba46c7 
 3 files changed, 12 insertions(+), 7 deletions(-)
ba46c7
ba46c7 
diff --git a/ldap/servers/plugins/roles/roles_cache.c b/ldap/servers/plugins/roles/roles_cache.c
ba46c7 
index 89acc59..01e9651 100644
ba46c7 
--- a/ldap/servers/plugins/roles/roles_cache.c
ba46c7 
+++ b/ldap/servers/plugins/roles/roles_cache.c
ba46c7 
@@ -1224,6 +1224,7 @@ static int roles_cache_create_object_from_entry(Slapi_Entry *role_entry, role_ob
ba46c7 
 					    (char*)slapi_sdn_get_ndn(this_role->dn),
ba46c7 
 					    ROLE_FILTER_ATTR_NAME, filter_attr_value,
ba46c7 
 					    ROLE_FILTER_ATTR_NAME);
ba46c7 
+					slapi_ch_free_string(&filter_attr_value);
ba46c7 
 					slapi_ch_free((void**)&this_role);
ba46c7 
 					return SLAPI_ROLE_ERROR_FILTER_BAD;
ba46c7 
 				}
ba46c7 
@@ -1233,7 +1234,7 @@ static int roles_cache_create_object_from_entry(Slapi_Entry *role_entry, role_ob
ba46c7
ba46c7 
 			/* Turn it into a slapi filter object */
ba46c7 
 			filter = slapi_str2filter(filter_attr_value);
ba46c7 
-			slapi_ch_free((void**)&filter_attr_value);
ba46c7 
+			slapi_ch_free_string(&filter_attr_value);
ba46c7
ba46c7 
 			if ( filter == NULL )
ba46c7 
 			{
ba46c7 
diff --git a/ldap/servers/slapd/back-ldbm/dblayer.c b/ldap/servers/slapd/back-ldbm/dblayer.c
ba46c7 
index 22c5d2f..46334bd 100644
ba46c7 
--- a/ldap/servers/slapd/back-ldbm/dblayer.c
ba46c7 
+++ b/ldap/servers/slapd/back-ldbm/dblayer.c
ba46c7 
@@ -4947,7 +4947,7 @@ static int read_metadata(struct ldbminfo *li)
ba46c7 
     /* Open the guard file and read stuff, then delete it */
ba46c7 
     PR_snprintf(filename,sizeof(filename),"%s/guardian",priv->dblayer_home_directory);
ba46c7
ba46c7 
-    memset(&prfinfo, '\0', sizeof(PRFileInfo));
ba46c7 
+    memset(&prfinfo, '\0', sizeof(PRFileInfo64));
ba46c7 
     (void)PR_GetFileInfo64(filename, &prfinfo);
ba46c7
ba46c7 
     prfd = PR_Open(filename,PR_RDONLY,priv->dblayer_file_mode);
ba46c7 
diff --git a/ldap/servers/slapd/tools/ldclt/ldclt.c b/ldap/servers/slapd/tools/ldclt/ldclt.c
ba46c7 
index 0dbc8a4..4fb8b25 100644
ba46c7 
--- a/ldap/servers/slapd/tools/ldclt/ldclt.c
ba46c7 
+++ b/ldap/servers/slapd/tools/ldclt/ldclt.c
ba46c7 
@@ -1584,20 +1584,24 @@ basicInit (void)
ba46c7 
     /* start to read file content */
ba46c7 
     mctx.attrplFileContent = (char *)malloc(mctx.attrplFileSize + 1);
ba46c7 
     i=0;
ba46c7 
-    while ( fread(buffer, BUFFERSIZE , 1, attrF) )
ba46c7 
+    while ( (ret = fread(buffer, BUFFERSIZE , 1, attrF)) )
ba46c7 
     {
ba46c7 
-      memcpy(mctx.attrplFileContent+i, buffer , BUFFERSIZE );
ba46c7 
-      memset(buffer ,'\0', BUFFERSIZE );
ba46c7 
-      i = i + BUFFERSIZE;
ba46c7 
+      memcpy(mctx.attrplFileContent+i, buffer , ret);
ba46c7 
+      memset(buffer ,'\0', BUFFERSIZE);
ba46c7 
+      i += ret;
ba46c7 
     }
ba46c7 
     /* copy remainding content into mctx.attrplFileContent */
ba46c7 
+    /* ???
ba46c7 
+     * Why you need to copy buffer twice to fill the gap?
ba46c7 
+     * Could there any chance (mctx.attrplFileSize - 1 - i) > BUFFERSIZE ?
ba46c7 
+     */
ba46c7 
     if (i
ba46c7 
     {
ba46c7 
       memcpy(mctx.attrplFileContent+i, buffer , (mctx.attrplFileSize - 1 - i));
ba46c7 
       memset(buffer ,'\0', BUFFERSIZE );  /* clear the buffer */
ba46c7 
     }
ba46c7
ba46c7 
-    mctx.attrplFileContent[mctx.attrplFileSize]='\0'; // append the close bit
ba46c7 
+    mctx.attrplFileContent[mctx.attrplFileSize]='\0'; /* append the close bit */
ba46c7
ba46c7 
     if ((fclose(attrF)) == EOF )
ba46c7 
     {
ba46c7 
--
ba46c7 
1.7.1
ba46c7

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation