Bug 1777920

Summary: covscan memory leaks report
Product: Red Hat Enterprise Linux 8 Reporter: Florence Blanc-Renaud <frenaud>
Component: ipaAssignee: Thomas Woerner <twoerner>
Status: CLOSED ERRATA QA Contact: ipa-qe <ipa-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.0CC: abokovoy, cheimes, covscan-auto, ksiddiqu, pasik, pcech, rcritten, tscherf
Target Milestone: rc   
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1817922 (view as bug list) Environment:
Last Closed: 2020-04-28 15:44:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1817922    

Description Florence Blanc-Renaud 2019-11-28 16:38:47 UTC 
This bug is created as a clone of upstream ticket:
https://pagure.io/freeipa/issue/8131

After running Red Hat's covscan tool, following issues were found:

### Error: RESOURCE_LEAK (CWE-772):
```
freeipa-4.8.3/util/ipa_pwd_ntlm.c:63: alloc_fn: Storage is returned from allocation function "calloc".
freeipa-4.8.3/util/ipa_pwd_ntlm.c:63: var_assign: Assigning: "ucs2Passwd" = storage returned from "calloc(ol, 1UL)".
freeipa-4.8.3/util/ipa_pwd_ntlm.c:71: var_assign: Assigning: "outc" = "ucs2Passwd".
freeipa-4.8.3/util/ipa_pwd_ntlm.c:92: noescape: Resource "ucs2Passwd" is not freed or pointed-to in "MD4_Update".
freeipa-4.8.3/util/ipa_pwd_ntlm.c:108: leaked_storage: Variable "ucs2Passwd" going out of scope leaks the storage it points to.
freeipa-4.8.3/util/ipa_pwd_ntlm.c:108: leaked_storage: Variable "outc" going out of scope leaks the storage it points to.
#  106|   
#  107|   done:
#  108|->     return ret;
#  109|   }
```

### Error: RESOURCE_LEAK (CWE-772):
```
freeipa-4.8.3/client/ipa-getkeytab.c:513: alloc_arg: "ipa_string_to_enctypes" allocates memory that is stored into "es".
freeipa-4.8.3/client/ipa-getkeytab.c:515: leaked_storage: Variable "es" going out of scope leaks the storage it points to.
#  513|           ret = ipa_string_to_enctypes(enctypes, &es, &num_es, err_msg);
#  514|           if (ret || num_es == 0) {
#  515|->             return LDAP_OPERATIONS_ERROR;
#  516|           }
#  517|       }
```
Comment 1 Alexander Bokovoy 2019-11-28 16:42:45 UTC 
PR: https://github.com/freeipa/freeipa/pull/3956
Comment 3 Christian Heimes 2019-11-29 10:14:57 UTC 
master:

* e3ad78538e1dd2f63f171ef1c2b470a1a4f47a8c covscan: free encryption types in case there is an error
* e9dd757763c76402e07f533f19e269eeebc554fa covscan: free ucs2-encoded password copy when generating NTLM hash
Comment 4 Christian Heimes 2019-11-29 12:07:45 UTC 
Fixed upstream
master:
https://pagure.io/freeipa/c/e3ad78538e1dd2f63f171ef1c2b470a1a4f47a8c
https://pagure.io/freeipa/c/e9dd757763c76402e07f533f19e269eeebc554fa
ipa-4-8:
https://pagure.io/freeipa/c/84592e32c5b59b7b654a0a74b5cc8c1350af6451
https://pagure.io/freeipa/c/eebabb5c5fe7478b391770a857fb9be4f0d60a9c
ipa-4-7:
https://pagure.io/freeipa/c/212e86eee15e883bffd01f969219ce644c3e45c6
https://pagure.io/freeipa/c/c37081576d2f282e702b42652c04e053886c47cf
ipa-4-6:
https://pagure.io/freeipa/c/e8983f69ce1788144b2b348a65f709412c68e47e
https://pagure.io/freeipa/c/830466c0489466d385a333cb829fe8cd5e59644c
Comment 8 errata-xmlrpc 2020-04-28 15:44:12 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:1640
Comment 9 Alexander Bokovoy 2021-01-18 08:26:55 UTC 
*** Bug 1917258 has been marked as a duplicate of this bug. ***