Bug 715621

Summary: Defects revealed by Coverity scan
Product: Red Hat Enterprise Linux 6 Reporter: Michal Luscon <mluscon>
Component: jssAssignee: Matthew Harmsen <mharmsen>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.1CC: benl, dpal, jgalipea, ksiddiqu, ovasik, praiskup
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: jss-4.2.6-20.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 16:52:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
Patch for native coverity defects jmagne: review+

Description Michal Luscon 2011-06-23 14:21:24 UTC 
Description of problem:

1.
/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c:519 - Condition "addrBAelems == NULL" cannot be true as a result of line #502.


2.
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/common.c:152: Declaring variable "newFD" without initializer.

jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/common.c:160 - Goto finish statement

jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/common.c:281 - Using uninitialized value "newFD".

Version-Release number of selected component (if applicable):
4.2.6-15

These defects were probably introduced by Red Hat patches.
Comment 5 Matthew Harmsen 2011-08-09 22:33:32 UTC 
*** Bug 722182 has been marked as a duplicate of this bug. ***
Comment 7 Matthew Harmsen 2011-09-19 20:35:04 UTC 
Created attachment 523908 [details]
Patch for native coverity defects
Comment 8 Jack Magne 2011-09-20 00:20:00 UTC 
Comment on attachment 523908 [details]
Patch for native coverity defects

Caveats:

1.  Lines 1739-1744   Java_org_mozilla_jss_CryptoManager_verif

You might want to initialize the derCerts array at the top using the array initializer technique.

2.  Lines 564-570   static char* getPWFromConsole() 

What I believe they are complaining about is that you are assigning the output of "getchar", which returns an "int", into a variable of "char".  This could result in data loss if the getchar is returning -1 or EOR or some such value.
Comment 9 Matthew Harmsen 2011-09-20 01:04:03 UTC 
The following email was sent to Release Engineering:

Subject:  Request to build 'JSS 4.2.6' on RHEL6 . . .

Content:

We would like to request an official build of 'jss-4.2.6-20.1.el6' on RHEL6 in Brew to address the following bugs:

    * Bugzilla Bug #733551 - DRM failed to recovery keys when in FIPS mode (HSM + NSS)
    * Bugzilla Bug #715621 - Defects revealed by Coverity scan

The official spec files, source tarballs, other additional required sources, and all associated patches are located at:

    * http://pki.fedoraproject.org/pki/sources/jss/jss-4.2.6-20.el6/
Comment 10 Michal Luscon 2011-09-20 10:59:42 UTC 
New Coverity scan confirmed a fixation of mentioned defects in jss-4.2.6-20.el6.src.rpm.
Comment 14 errata-xmlrpc 2011-12-06 16:52:14 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1675.html