|
 |
ba46c7 |
From b67e23018d0be5de44e709d2cc7c074b42aae586 Mon Sep 17 00:00:00 2001
|
|
|
ba46c7 |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
ba46c7 |
Date: Tue, 25 Jun 2013 10:38:26 -0400
|
|
|
ba46c7 |
Subject: [PATCH 38/39] Coverity Fixes
|
|
|
ba46c7 |
|
|
|
ba46c7 |
13177 - Unreachable code (backend.c)
|
|
|
ba46c7 |
13175 - Resource leak (repl5_ruv.c)
|
|
|
ba46c7 |
|
|
|
ba46c7 |
Did code cleanup in libaccess/oneval.cpp before I do the fix for 13176(resource leak).
|
|
|
ba46c7 |
This is will be a separate commit.
|
|
|
ba46c7 |
|
|
|
ba46c7 |
https://bugzilla.redhat.com/show_bug.cgi?id=970221
|
|
|
ba46c7 |
|
|
|
ba46c7 |
Reviewed by: richm(Thanks!)
|
|
|
ba46c7 |
(cherry picked from commit 6e07f4df6c1963f40368d0ae17e0775aa33362af)
|
|
|
ba46c7 |
removed the repl5_ruv.c changes because they do not apply to 1.3.1
|
|
|
ba46c7 |
(cherry picked from commit 21dccd37e7883ff3b9ace01350e3123dc42b3b82)
|
|
|
ba46c7 |
---
|
|
|
ba46c7 |
ldap/servers/slapd/backend.c | 1 -
|
|
|
ba46c7 |
lib/libaccess/oneeval.cpp | 259 +++++++++++++++++++++---------------------
|
|
|
ba46c7 |
2 files changed, 128 insertions(+), 132 deletions(-)
|
|
|
ba46c7 |
|
|
|
ba46c7 |
diff --git a/ldap/servers/slapd/backend.c b/ldap/servers/slapd/backend.c
|
|
|
ba46c7 |
index ead251e..8a72b13 100644
|
|
|
ba46c7 |
--- a/ldap/servers/slapd/backend.c
|
|
|
ba46c7 |
+++ b/ldap/servers/slapd/backend.c
|
|
|
ba46c7 |
@@ -669,7 +669,6 @@ slapi_back_transaction_commit(Slapi_PBlock *pb)
|
|
|
ba46c7 |
} else {
|
|
|
ba46c7 |
return txn_commit(pb);
|
|
|
ba46c7 |
}
|
|
|
ba46c7 |
- return txn_commit(pb);
|
|
|
ba46c7 |
}
|
|
|
ba46c7 |
|
|
|
ba46c7 |
/* API to expose DB transaction abort */
|
|
|
ba46c7 |
diff --git a/lib/libaccess/oneeval.cpp b/lib/libaccess/oneeval.cpp
|
|
|
ba46c7 |
index fbaa6d8..8077969 100644
|
|
|
ba46c7 |
--- a/lib/libaccess/oneeval.cpp
|
|
|
ba46c7 |
+++ b/lib/libaccess/oneeval.cpp
|
|
|
ba46c7 |
@@ -358,8 +358,8 @@ ACLEvalBuildContext(
|
|
|
ba46c7 |
/* Allocate the cache context and link it into the ACLListHandle */
|
|
|
ba46c7 |
cache = (ACLListCache_t *)PERM_CALLOC(sizeof(ACLListCache_t));
|
|
|
ba46c7 |
if (cache == NULL) {
|
|
|
ba46c7 |
- nserrGenerate(errp, ACLERRNOMEM, ACLERR4010, ACL_Program, 0);
|
|
|
ba46c7 |
- goto error;
|
|
|
ba46c7 |
+ nserrGenerate(errp, ACLERRNOMEM, ACLERR4010, ACL_Program, 0);
|
|
|
ba46c7 |
+ goto error;
|
|
|
ba46c7 |
}
|
|
|
ba46c7 |
|
|
|
ba46c7 |
/* Allocate the access rights hash table */
|
|
|
ba46c7 |
@@ -371,9 +371,9 @@ ACLEvalBuildContext(
|
|
|
ba46c7 |
NULL);
|
|
|
ba46c7 |
|
|
|
ba46c7 |
if (cache->Table == NULL) {
|
|
|
ba46c7 |
- nserrGenerate(errp, ACLERRNOMEM, ACLERR4000, ACL_Program, 1,
|
|
|
ba46c7 |
- XP_GetAdminStr(DBT_EvalBuildContextUnableToCreateHash));
|
|
|
ba46c7 |
- goto error;
|
|
|
ba46c7 |
+ nserrGenerate(errp, ACLERRNOMEM, ACLERR4000, ACL_Program, 1,
|
|
|
ba46c7 |
+ XP_GetAdminStr(DBT_EvalBuildContextUnableToCreateHash));
|
|
|
ba46c7 |
+ goto error;
|
|
|
ba46c7 |
}
|
|
|
ba46c7 |
|
|
|
ba46c7 |
wrapper = acleval->acllist->acl_list_head;
|
|
|
ba46c7 |
@@ -395,162 +395,159 @@ ACLEvalBuildContext(
|
|
|
ba46c7 |
XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAceEntry));
|
|
|
ba46c7 |
goto error;
|
|
|
ba46c7 |
}
|
|
|
ba46c7 |
- new_ace->acep = ace;
|
|
|
ba46c7 |
+ new_ace->acep = ace;
|
|
|
ba46c7 |
ace_cnt++;
|
|
|
ba46c7 |
|
|
|
ba46c7 |
if (cache->acelist == NULL)
|
|
|
ba46c7 |
- cache->acelist = acelast = new_ace;
|
|
|
ba46c7 |
+ cache->acelist = acelast = new_ace;
|
|
|
ba46c7 |
else {
|
|
|
ba46c7 |
if(acelast)
|
|
|
ba46c7 |
- acelast->next = new_ace;
|
|
|
ba46c7 |
- acelast = new_ace;
|
|
|
ba46c7 |
- new_ace->acep = ace;
|
|
|
ba46c7 |
+ acelast->next = new_ace;
|
|
|
ba46c7 |
+ acelast = new_ace;
|
|
|
ba46c7 |
+ new_ace->acep = ace;
|
|
|
ba46c7 |
}
|
|
|
ba46c7 |
- new_ace->next = NULL;
|
|
|
ba46c7 |
+ new_ace->next = NULL;
|
|
|
ba46c7 |
|
|
|
ba46c7 |
- argp = ace->expr_argv;
|
|
|
ba46c7 |
+ argp = ace->expr_argv;
|
|
|
ba46c7 |
|
|
|
ba46c7 |
- switch (ace->expr_type)
|
|
|
ba46c7 |
- {
|
|
|
ba46c7 |
- case ACL_EXPR_TYPE_ALLOW:
|
|
|
ba46c7 |
- case ACL_EXPR_TYPE_DENY:
|
|
|
ba46c7 |
-
|
|
|
ba46c7 |
- /* Add this ACE to the appropriate entries in the access rights
|
|
|
ba46c7 |
- * hash table
|
|
|
ba46c7 |
- */
|
|
|
ba46c7 |
- while (*argp)
|
|
|
ba46c7 |
- {
|
|
|
ba46c7 |
- entry =
|
|
|
ba46c7 |
- (ACLAceNumEntry_t *)PERM_CALLOC(sizeof(ACLAceNumEntry_t));
|
|
|
ba46c7 |
- if (entry == (ACLAceNumEntry_t *)NULL) {
|
|
|
ba46c7 |
- nserrGenerate(errp, ACLERRNOMEM, ACLERR4030, ACL_Program, 1,
|
|
|
ba46c7 |
- XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAceEntry));
|
|
|
ba46c7 |
- goto error;
|
|
|
ba46c7 |
- }
|
|
|
ba46c7 |
- if (cache->chain_head == NULL)
|
|
|
ba46c7 |
- cache->chain_head = cache->chain_tail = entry;
|
|
|
ba46c7 |
- else {
|
|
|
ba46c7 |
- cache->chain_tail->chain = entry;
|
|
|
ba46c7 |
- cache->chain_tail = entry;
|
|
|
ba46c7 |
+ switch (ace->expr_type)
|
|
|
ba46c7 |
+ {
|
|
|
ba46c7 |
+ case ACL_EXPR_TYPE_ALLOW:
|
|
|
ba46c7 |
+ case ACL_EXPR_TYPE_DENY:
|
|
|
ba46c7 |
+
|
|
|
ba46c7 |
+ /* Add this ACE to the appropriate entries in the access rights
|
|
|
ba46c7 |
+ * hash table
|
|
|
ba46c7 |
+ */
|
|
|
ba46c7 |
+ while (*argp)
|
|
|
ba46c7 |
+ {
|
|
|
ba46c7 |
+ entry = (ACLAceNumEntry_t *)PERM_CALLOC(sizeof(ACLAceNumEntry_t));
|
|
|
ba46c7 |
+ if (entry == (ACLAceNumEntry_t *)NULL) {
|
|
|
ba46c7 |
+ nserrGenerate(errp, ACLERRNOMEM, ACLERR4030, ACL_Program, 1,
|
|
|
ba46c7 |
+ XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAceEntry));
|
|
|
ba46c7 |
+ goto error;
|
|
|
ba46c7 |
+ }
|
|
|
ba46c7 |
+ if (cache->chain_head == NULL)
|
|
|
ba46c7 |
+ cache->chain_head = cache->chain_tail = entry;
|
|
|
ba46c7 |
+ else {
|
|
|
ba46c7 |
+ cache->chain_tail->chain = entry;
|
|
|
ba46c7 |
+ cache->chain_tail = entry;
|
|
|
ba46c7 |
+ }
|
|
|
ba46c7 |
+ entry->acenum = ace_cnt;
|
|
|
ba46c7 |
+
|
|
|
ba46c7 |
+ /*
|
|
|
ba46c7 |
+ * OK to call PL_HasTableLookup() even though it mods
|
|
|
ba46c7 |
+ * the Table as this routine is called in critical section.
|
|
|
ba46c7 |
+ */
|
|
|
ba46c7 |
+ temp_entry = (ACLAceNumEntry_t *)PL_HashTableLookup(cache->Table, *argp);
|
|
|
ba46c7 |
+ /* the first ACE for this right? */
|
|
|
ba46c7 |
+ if (temp_entry) {
|
|
|
ba46c7 |
+ /* Link it in at the end */
|
|
|
ba46c7 |
+ while (temp_entry->next) {
|
|
|
ba46c7 |
+ temp_entry = temp_entry->next;
|
|
|
ba46c7 |
+ }
|
|
|
ba46c7 |
+ temp_entry->next = entry;
|
|
|
ba46c7 |
+ } else /* just link it in */
|
|
|
ba46c7 |
+ PR_HashTableAdd(cache->Table, *argp, entry);
|
|
|
ba46c7 |
+ argp++;
|
|
|
ba46c7 |
}
|
|
|
ba46c7 |
- entry->acenum = ace_cnt;
|
|
|
ba46c7 |
-
|
|
|
ba46c7 |
- /*
|
|
|
ba46c7 |
- * OK to call PL_HasTableLookup() even though it mods
|
|
|
ba46c7 |
- * the Table as this routine is called in critical section.
|
|
|
ba46c7 |
- */
|
|
|
ba46c7 |
- temp_entry = (ACLAceNumEntry_t *)PL_HashTableLookup(cache->Table, *argp);
|
|
|
ba46c7 |
- /* the first ACE for this right? */
|
|
|
ba46c7 |
- if (temp_entry) {
|
|
|
ba46c7 |
- /* Link it in at the end */
|
|
|
ba46c7 |
- while (temp_entry->next) {
|
|
|
ba46c7 |
- temp_entry = temp_entry->next;
|
|
|
ba46c7 |
- }
|
|
|
ba46c7 |
- temp_entry->next = entry;
|
|
|
ba46c7 |
- } else /* just link it in */
|
|
|
ba46c7 |
- PR_HashTableAdd(cache->Table, *argp, entry);
|
|
|
ba46c7 |
-
|
|
|
ba46c7 |
- argp++;
|
|
|
ba46c7 |
|
|
|
ba46c7 |
- }
|
|
|
ba46c7 |
-
|
|
|
ba46c7 |
- /* See if any of the clauses require authentication. */
|
|
|
ba46c7 |
- if (curauthplist) {
|
|
|
ba46c7 |
- for (i = 0; i < ace->expr_term_index; i++) {
|
|
|
ba46c7 |
- expr = &ace->expr_arry[i];
|
|
|
ba46c7 |
- rv = PListFindValue(curauthplist, expr->attr_name,
|
|
|
ba46c7 |
- NULL, &authplist);
|
|
|
ba46c7 |
- if (rv > 0) {
|
|
|
ba46c7 |
- /* First one for this ACE? */
|
|
|
ba46c7 |
- if (!new_ace->autharray) {
|
|
|
ba46c7 |
- new_ace->autharray = (PList_t *)PERM_CALLOC(sizeof(PList_t) * ace->expr_term_index);
|
|
|
ba46c7 |
+ /* See if any of the clauses require authentication. */
|
|
|
ba46c7 |
+ if (curauthplist) {
|
|
|
ba46c7 |
+ for (i = 0; i < ace->expr_term_index; i++) {
|
|
|
ba46c7 |
+ expr = &ace->expr_arry[i];
|
|
|
ba46c7 |
+ rv = PListFindValue(curauthplist, expr->attr_name,
|
|
|
ba46c7 |
+ NULL, &authplist);
|
|
|
ba46c7 |
+ if (rv > 0) {
|
|
|
ba46c7 |
+ /* First one for this ACE? */
|
|
|
ba46c7 |
if (!new_ace->autharray) {
|
|
|
ba46c7 |
- nserrGenerate(errp, ACLERRNOMEM, ACLERR4040, ACL_Program, 1, XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAuthPointerArray));
|
|
|
ba46c7 |
- goto error;
|
|
|
ba46c7 |
- }
|
|
|
ba46c7 |
- }
|
|
|
ba46c7 |
- new_ace->autharray[i] = authplist;
|
|
|
ba46c7 |
- }
|
|
|
ba46c7 |
- }
|
|
|
ba46c7 |
- }
|
|
|
ba46c7 |
- break;
|
|
|
ba46c7 |
-
|
|
|
ba46c7 |
- case ACL_EXPR_TYPE_AUTH:
|
|
|
ba46c7 |
+ new_ace->autharray = (PList_t *)PERM_CALLOC(sizeof(PList_t) * ace->expr_term_index);
|
|
|
ba46c7 |
+ if (!new_ace->autharray) {
|
|
|
ba46c7 |
+ nserrGenerate(errp, ACLERRNOMEM, ACLERR4040, ACL_Program, 1,
|
|
|
ba46c7 |
+ XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAuthPointerArray));
|
|
|
ba46c7 |
+ goto error;
|
|
|
ba46c7 |
+ }
|
|
|
ba46c7 |
+ }
|
|
|
ba46c7 |
+ new_ace->autharray[i] = authplist;
|
|
|
ba46c7 |
+ }
|
|
|
ba46c7 |
+ }
|
|
|
ba46c7 |
+ }
|
|
|
ba46c7 |
+ break;
|
|
|
ba46c7 |
|
|
|
ba46c7 |
- /* Allocate the running auth tables if none yet */
|
|
|
ba46c7 |
- if (!curauthplist) {
|
|
|
ba46c7 |
- curauthplist = PListNew(NULL);
|
|
|
ba46c7 |
- if (!curauthplist) {
|
|
|
ba46c7 |
- nserrGenerate(errp, ACLERRNOMEM, ACLERR4050, ACL_Program, 1, XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAuthPlist));
|
|
|
ba46c7 |
- goto error;
|
|
|
ba46c7 |
- }
|
|
|
ba46c7 |
- absauthplist = PListNew(NULL);
|
|
|
ba46c7 |
- if (!absauthplist) {
|
|
|
ba46c7 |
- nserrGenerate(errp, ACLERRNOMEM, ACLERR4050, ACL_Program, 1, XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAuthPlist));
|
|
|
ba46c7 |
- goto error;
|
|
|
ba46c7 |
- }
|
|
|
ba46c7 |
- } else { /* duplicate the existing auth table */
|
|
|
ba46c7 |
- curauthplist = PListDuplicate(curauthplist, NULL, 0);
|
|
|
ba46c7 |
- if (!curauthplist) {
|
|
|
ba46c7 |
- nserrGenerate(errp, ACLERRNOMEM, ACLERR4050, ACL_Program, 1, XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAuthPlist));
|
|
|
ba46c7 |
- goto error;
|
|
|
ba46c7 |
- }
|
|
|
ba46c7 |
- }
|
|
|
ba46c7 |
+ case ACL_EXPR_TYPE_AUTH:
|
|
|
ba46c7 |
+
|
|
|
ba46c7 |
+ /* Allocate the running auth tables if none yet */
|
|
|
ba46c7 |
+ if (!curauthplist) {
|
|
|
ba46c7 |
+ curauthplist = PListNew(NULL);
|
|
|
ba46c7 |
+ if (!curauthplist) {
|
|
|
ba46c7 |
+ nserrGenerate(errp, ACLERRNOMEM, ACLERR4050, ACL_Program, 1,
|
|
|
ba46c7 |
+ XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAuthPlist));
|
|
|
ba46c7 |
+ goto error;
|
|
|
ba46c7 |
+ }
|
|
|
ba46c7 |
+ absauthplist = PListNew(NULL);
|
|
|
ba46c7 |
+ if (!absauthplist) {
|
|
|
ba46c7 |
+ nserrGenerate(errp, ACLERRNOMEM, ACLERR4050, ACL_Program, 1,
|
|
|
ba46c7 |
+ XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAuthPlist));
|
|
|
ba46c7 |
+ goto error;
|
|
|
ba46c7 |
+ }
|
|
|
ba46c7 |
+ } else { /* duplicate the existing auth table */
|
|
|
ba46c7 |
+ curauthplist = PListDuplicate(curauthplist, NULL, 0);
|
|
|
ba46c7 |
+ if (!curauthplist) {
|
|
|
ba46c7 |
+ nserrGenerate(errp, ACLERRNOMEM, ACLERR4050, ACL_Program, 1,
|
|
|
ba46c7 |
+ XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAuthPlist));
|
|
|
ba46c7 |
+ goto error;
|
|
|
ba46c7 |
+ }
|
|
|
ba46c7 |
+ }
|
|
|
ba46c7 |
|
|
|
ba46c7 |
- /* For each listed attribute */
|
|
|
ba46c7 |
- while (*argp)
|
|
|
ba46c7 |
- {
|
|
|
ba46c7 |
- /* skip any attributes that were absoluted */
|
|
|
ba46c7 |
- if (PListFindValue(absauthplist, *argp, NULL, NULL) < 0)
|
|
|
ba46c7 |
- {
|
|
|
ba46c7 |
- /* Save pointer to the property list */
|
|
|
ba46c7 |
- PListInitProp(curauthplist, 0, *argp, ace->expr_auth,
|
|
|
ba46c7 |
- ace->expr_auth);
|
|
|
ba46c7 |
- if (IS_ABSOLUTE(ace->expr_flags))
|
|
|
ba46c7 |
- PListInitProp(absauthplist, 0, *argp, NULL,
|
|
|
ba46c7 |
- NULL);
|
|
|
ba46c7 |
- }
|
|
|
ba46c7 |
+ /* For each listed attribute */
|
|
|
ba46c7 |
+ while (*argp) {
|
|
|
ba46c7 |
+ /* skip any attributes that were absoluted */
|
|
|
ba46c7 |
+ if (PListFindValue(absauthplist, *argp, NULL, NULL) < 0){
|
|
|
ba46c7 |
+ /* Save pointer to the property list */
|
|
|
ba46c7 |
+ PListInitProp(curauthplist, 0, *argp, ace->expr_auth, ace->expr_auth);
|
|
|
ba46c7 |
+ if (IS_ABSOLUTE(ace->expr_flags))
|
|
|
ba46c7 |
+ PListInitProp(absauthplist, 0, *argp, NULL, NULL);
|
|
|
ba46c7 |
+ }
|
|
|
ba46c7 |
+ argp++;
|
|
|
ba46c7 |
+ }
|
|
|
ba46c7 |
|
|
|
ba46c7 |
- argp++;
|
|
|
ba46c7 |
- }
|
|
|
ba46c7 |
+ break;
|
|
|
ba46c7 |
|
|
|
ba46c7 |
- break;
|
|
|
ba46c7 |
+ case ACL_EXPR_TYPE_RESPONSE:
|
|
|
ba46c7 |
+ (void) ACL_ExprGetDenyWith(NULL, ace, &cache->deny_type,
|
|
|
ba46c7 |
+ &cache->deny_response);
|
|
|
ba46c7 |
+ break;
|
|
|
ba46c7 |
|
|
|
ba46c7 |
- case ACL_EXPR_TYPE_RESPONSE:
|
|
|
ba46c7 |
- (void) ACL_ExprGetDenyWith(NULL, ace, &cache->deny_type,
|
|
|
ba46c7 |
- &cache->deny_response);
|
|
|
ba46c7 |
- break;
|
|
|
ba46c7 |
+ default:
|
|
|
ba46c7 |
+ PR_ASSERT(0);
|
|
|
ba46c7 |
|
|
|
ba46c7 |
- default:
|
|
|
ba46c7 |
- PR_ASSERT(0);
|
|
|
ba46c7 |
-
|
|
|
ba46c7 |
- } /* switch expr_type */
|
|
|
ba46c7 |
+ } /* switch expr_type */
|
|
|
ba46c7 |
|
|
|
ba46c7 |
- new_ace->global_auth = curauthplist;
|
|
|
ba46c7 |
- ace = ace->expr_next;
|
|
|
ba46c7 |
- }
|
|
|
ba46c7 |
+ new_ace->global_auth = curauthplist;
|
|
|
ba46c7 |
+ ace = ace->expr_next;
|
|
|
ba46c7 |
+ } /* while (ace) */
|
|
|
ba46c7 |
|
|
|
ba46c7 |
- /* Next ACL please */
|
|
|
ba46c7 |
+ /* Next ACL please */
|
|
|
ba46c7 |
wrapper = wrapper->wrap_next;
|
|
|
ba46c7 |
}
|
|
|
ba46c7 |
|
|
|
ba46c7 |
if (absauthplist)
|
|
|
ba46c7 |
- PListDestroy(absauthplist);
|
|
|
ba46c7 |
+ PListDestroy(absauthplist);
|
|
|
ba46c7 |
|
|
|
ba46c7 |
/* This must be done last to avoid a race in initialization */
|
|
|
ba46c7 |
- acleval->acllist->cache = (void *)cache;
|
|
|
ba46c7 |
+ acleval->acllist->cache = (void *)cache;
|
|
|
ba46c7 |
|
|
|
ba46c7 |
return 0;
|
|
|
ba46c7 |
|
|
|
ba46c7 |
error:
|
|
|
ba46c7 |
if (curauthplist)
|
|
|
ba46c7 |
- PListDestroy(curauthplist);
|
|
|
ba46c7 |
+ PListDestroy(curauthplist);
|
|
|
ba46c7 |
if (absauthplist)
|
|
|
ba46c7 |
- PListDestroy(absauthplist);
|
|
|
ba46c7 |
+ PListDestroy(absauthplist);
|
|
|
ba46c7 |
if (cache) {
|
|
|
ba46c7 |
ACL_EvalDestroyContext(cache);
|
|
|
ba46c7 |
}
|
|
|
ba46c7 |
acleval->acllist->cache = NULL;
|
|
|
ba46c7 |
+
|
|
|
ba46c7 |
return ACL_RES_ERROR;
|
|
|
ba46c7 |
}
|
|
|
ba46c7 |
|
|
|
ba46c7 |
--
|
|
|
ba46c7 |
1.7.1
|
|
|
ba46c7 |
|