Bug 611790

Summary: fix coverity Defect Type: Null pointer dereferences issues 11940 - 12166
Product: [Retired] 389 Reporter: Endi Sukma Dewata <edewata>
Component: Directory ServerAssignee: Rich Megginson <rmeggins>
Status: CLOSED CURRENTRELEASE QA Contact: Chandrasekar Kannan <ckannan>
Severity: low Docs Contact:
Priority: low    
Version: 1.2.7CC: benl, jgalipea, nhosoi
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-17 14:08:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 576869, 639035    
Attachments:
Description Flags
0001-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
rmeggins: review-
0002-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
none
0003-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
rmeggins: review+
0004-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
rmeggins: review-
0005-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
rmeggins: review-
0006-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
rmeggins: review+
0007-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
rmeggins: review+
0008-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
none
0009-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
rmeggins: review+
0010-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
rmeggins: review+
0011-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
rmeggins: review-
0012-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
rmeggins: review-
0013-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
rmeggins: review+
0014-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
rmeggins: review+
0015-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
rmeggins: review+
0016-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
rmeggins: review+
0017-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
nhosoi: review+
0018-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
nhosoi: review+
0019-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
nhosoi: review+
0020-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
nhosoi: review+
0021-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
nhosoi: review+
0004a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
none
0005a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
nhosoi: review+
0008a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
nhosoi: review+
0011a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
none
0012a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
nhosoi: review+
0011b-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
nhosoi: review+
0004b-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch nhosoi: review?, nhosoi: review?, rmeggins: review+

Description Endi Sukma Dewata 2010-07-06 14:41:36 UTC
fix coverity Defect Type: Null pointer dereferences issues 11940 - 12166

Comment 2 Endi Sukma Dewata 2010-07-06 21:18:06 UTC
Created attachment 429893 [details]
0001-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 3 Endi Sukma Dewata 2010-07-06 21:18:47 UTC
Created attachment 429894 [details]
0002-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 4 Endi Sukma Dewata 2010-07-06 21:19:15 UTC
Created attachment 429895 [details]
0003-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 5 Endi Sukma Dewata 2010-07-06 21:19:56 UTC
Created attachment 429896 [details]
0004-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 6 Endi Sukma Dewata 2010-07-06 21:20:30 UTC
Created attachment 429897 [details]
0005-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 7 Endi Sukma Dewata 2010-07-06 21:21:01 UTC
Created attachment 429898 [details]
0006-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 8 Endi Sukma Dewata 2010-07-06 21:21:33 UTC
Created attachment 429899 [details]
0007-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 9 Endi Sukma Dewata 2010-07-06 21:22:20 UTC
Created attachment 429900 [details]
0008-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 10 Endi Sukma Dewata 2010-07-06 21:22:54 UTC
Created attachment 429901 [details]
0009-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 11 Endi Sukma Dewata 2010-07-06 21:23:29 UTC
Created attachment 429902 [details]
0010-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 12 Endi Sukma Dewata 2010-07-06 21:23:56 UTC
Created attachment 429903 [details]
0011-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 13 Endi Sukma Dewata 2010-07-06 21:24:32 UTC
Created attachment 429904 [details]
0012-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 14 Endi Sukma Dewata 2010-07-06 21:25:01 UTC
Created attachment 429906 [details]
0013-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 15 Endi Sukma Dewata 2010-07-06 21:25:47 UTC
Created attachment 429907 [details]
0014-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 16 Endi Sukma Dewata 2010-07-06 21:26:24 UTC
Created attachment 429908 [details]
0015-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 17 Endi Sukma Dewata 2010-07-06 21:27:07 UTC
Created attachment 429909 [details]
0016-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 18 Endi Sukma Dewata 2010-07-06 21:27:43 UTC
Created attachment 429910 [details]
0017-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 19 Endi Sukma Dewata 2010-07-06 21:28:51 UTC
Created attachment 429911 [details]
0018-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 20 Endi Sukma Dewata 2010-07-06 21:29:31 UTC
Created attachment 429912 [details]
0019-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 21 Endi Sukma Dewata 2010-07-06 21:29:56 UTC
Created attachment 429913 [details]
0020-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 22 Endi Sukma Dewata 2010-07-06 21:30:55 UTC
Created attachment 429914 [details]
0021-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 23 Rich Megginson 2010-07-06 23:12:06 UTC
Comment on attachment 429893 [details]
0001-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

I just pushed a patch that removes lexer.h and lexer.cpp

commit 4a103859b7100bc30046ecba3efca2e8f0b09c7d
Author: Rich Megginson <rmeggins@redhat.com>
Date:   Thu Jul 1 11:39:02 2010 -0600

Comment 24 Rich Megginson 2010-07-06 23:13:19 UTC
Comment on attachment 429894 [details]
0002-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

I think noriko has a patch that conflicts with this one - you should coordinate with her

Comment 25 Rich Megginson 2010-07-06 23:17:01 UTC
Comment on attachment 429896 [details]
0004-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

I think this will leak macro_str and working_list

Comment 26 Rich Megginson 2010-07-06 23:18:17 UTC
Comment on attachment 429897 [details]
0005-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

This will leak macro_prefix

Comment 27 Rich Megginson 2010-07-06 23:25:08 UTC
Comment on attachment 429899 [details]
0007-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

in general, it's not a good idea to change the formatting - this one was ok, not too big, and easy to find the actual bug fix intermixed with the formatting changes - but for large patches, with many lines of formatting changes, it makes it difficult to read
I know the formatting is really bad in a lot of files - I have to resist the urge to reformat things constantly . . .

Comment 28 Rich Megginson 2010-07-06 23:37:24 UTC
Comment on attachment 429900 [details]
0008-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

This change:
@@ -4781,6 +4775,12 @@ static int _cl5GetRUV2Purge2 (Object *fileObj, RUV **ruv)
     
     rObj = replica_get_by_name (dbFile->replName);
     PR_ASSERT (rObj);
+
+    if (!rObj) {
+        rc = CL5_MEMORY_ERROR;
+        goto out;
+    }
+

skips line 4800
    object_release (supRUVObj);

is this ok to do?

Comment 29 Endi Sukma Dewata 2010-07-07 16:18:00 UTC
Created attachment 430107 [details]
0004a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 30 Endi Sukma Dewata 2010-07-07 16:18:46 UTC
Created attachment 430108 [details]
0005a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 31 Rich Megginson 2010-07-07 17:28:07 UTC
Comment on attachment 429903 [details]
0011-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

need to init value in my_ber_scanf_attr:
    Slapi_Value *value = NULL;

Comment 32 Rich Megginson 2010-07-07 17:32:35 UTC
Comment on attachment 429904 [details]
0012-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

The caller may expect *entry = NULL even if !windows_conn_connected(conn)

just do something like this at the beginning of the function:
if (!entry) {
    log error message
    return CONN_LOCAL_ERROR; /* entry should never == NULL here */
}

*entry = NULL;
....

Comment 33 Endi Sukma Dewata 2010-07-07 19:58:26 UTC
Created attachment 430165 [details]
0008a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 34 Endi Sukma Dewata 2010-07-07 19:59:50 UTC
Created attachment 430166 [details]
0011a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 35 Endi Sukma Dewata 2010-07-07 20:00:17 UTC
Created attachment 430167 [details]
0012a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 37 Endi Sukma Dewata 2010-07-12 19:37:41 UTC
Created attachment 431250 [details]
0011b-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Fixed a problem during merging.

Comment 38 Noriko Hosoi 2010-08-21 01:07:37 UTC
Created attachment 440076 [details]
0004b-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=11961&streamDefectId=12147&defectInstanceId=14012&evidenceId=35035&fileInstanceId=49276

I propose a new patch for 0004a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Description: Caller aclutil_evaluate_macro was not checking the NULL return. Added the check to the patch.  Also, another error case could just return NULL.

Comment 39 Rich Megginson 2010-08-21 02:09:32 UTC
Comment on attachment 440076 [details]
0004b-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

You could use LDAPDebug1Arg here, and use slapi_ch_free_string(&macro_str);

Comment 49 Noriko Hosoi 2010-08-23 23:56:43 UTC
Comment on attachment 429894 [details]
0002-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Subset of this change.

    609255 - fix coverity Defect Type: Memory - illegal accesses issues
    
    https://bugzilla.redhat.com/show_bug.cgi?id=609255
    
    12241 Triaged Unassigned Bug Minor Fix Required
    delete_acl_from_file(char *, char *…) ds/lib/libaccess/acltools.cpp
    
    12242 UNINIT Triaged Unassigned Bug Minor Fix Required
    get_acl_from_file(char *, char *, ACLListHandle **…) ds/lib/libaccess/acltools.cpp
    
    12243 UNINIT Triaged Unassigned Bug Minor Fix Required
    ACL_FileGetNameList() ds/lib/libaccess/acltools.cpp
    
    12244 UNINIT Triaged Unassigned Bug Minor Fix Required
    ACL_FileGetNameList() ds/lib/libaccess/acltools.cpp
    
    12245 UNINIT Triaged Unassigned Bug Minor Fix Required
    rename_acl_in_file(char *, char *, char *…) ds/lib/libaccess/acltools.cpp
    
    12246 UNINIT Triaged Unassigned Bug Minor Fix Required
    append_acl_to_file(char *, char *, char *…) ds/lib/libaccess/acltools.cpp
    
    12247 UNINIT Triaged Unassigned Bug Minor Fix Required
    append_acl_to_file(char *, char *, char *…) ds/lib/libaccess/acltools.cpp
    
    Comment:
    ACL_FileRenameAcl, ACL_FileDeleteAcl, ACL_FileGetAcl, ACL_FileSetAcl,
    ACL_FileMergeAcl, ACL_FileMergeFile and their helper functions are
    not used.  These functions and their helper functions plus libaccess
    test programs under the directory ./utest are eliminated.

Comment 50 Noriko Hosoi 2010-08-24 00:24:25 UTC
On behalf of Endi (edewata@redhat.com), pushed to master.

$ git merge coverity
Updating e5fe26a..0712904
Fast-forward
 ldap/servers/plugins/acl/acl.c                     |    7 ++-
 ldap/servers/plugins/acl/acllas.c                  |   56 +++++++------
 ldap/servers/plugins/acl/aclutil.c                 |   29 +++++---
 ldap/servers/plugins/cos/cos_cache.c               |   12 +++-
 ldap/servers/plugins/http/http_impl.c              |   81 +++++++++++---------
 ldap/servers/plugins/replication/cl5_api.c         |   52 ++++++++-----
 ldap/servers/plugins/replication/repl5_replica.c   |   16 ++++
 ldap/servers/plugins/replication/repl5_ruv.c       |    8 ++-
 ldap/servers/plugins/replication/repl5_total.c     |   11 ++-
 .../plugins/replication/windows_connection.c       |    7 ++
 .../plugins/replication/windows_protocol_util.c    |   41 ++++++----
 ldap/servers/plugins/retrocl/retrocl_trim.c        |   15 +++-
 ldap/servers/plugins/roles/roles_cache.c           |   19 ++++-
 ldap/servers/slapd/back-ldbm/dblayer.c             |    2 +
 ldap/servers/slapd/plugin.c                        |   60 ++++++---------
 ldap/servers/slapd/result.c                        |    4 +-
 lib/ldaputil/certmap.c                             |    1 +
 lib/libaccess/lasip.cpp                            |   16 +++-
 lib/libsi18n/reshash.c                             |   21 +++++-
 19 files changed, 292 insertions(+), 166 deletions(-)

$ git push
Counting objects: 160, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (125/125), done.
Writing objects: 100% (125/125), 14.05 KiB, done.
Total 125 (delta 106), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   e5fe26a..0712904  master -> master