Bug 717926

Summary: Using uninitialized value
Product: Red Hat Enterprise Linux 6 Reporter: Michal Luscon <mluscon>
Component: NetworkManagerAssignee: Dan Williams <dcbw>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.1CC: danw, ovasik, praiskup, tpelka
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-20 13:42:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
Proposed solution
none
New defects in NetworkManager none

Description Michal Luscon 2011-06-30 12:39:16 UTC 
Created attachment 510652 [details]
Proposed solution

Description of problem:

/network-manager-applet-0.8.1/src/applet-dialogs.c:546 - Potential uninitialized value using. 


Version-Release number of selected component (if applicable):
0.8.1-9.1

Additional info:
This defect was probably introduced by Red Hat patches.
Comment 2 RHEL Program Management 2011-10-07 16:00:00 UTC 
Since RHEL 6.2 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 3 Pavel Raiskup 2012-04-03 12:57:29 UTC 
Created attachment 574855 [details]
New defects in NetworkManager

Hello,

the new Coverity scan revealed some new potential bugs in
NetworkManager-0.8.1-27.el6 against NetworkManager-0.8.1-24 (list of added
defects is attached).  I have tried to filter out false positives and the
following bugs seems to be real:

    1. Unchecked return value (low prio)

       NetworkManager-0.8.1/src/nm-system.c:2009

       I'm really not sure here.  This potential bug is added by
       rh712302-vlan.patch and I don't know if it may cause real problems.

    2. Interchange of '~' and '!' operators!

       NetworkManager-0.8.1/libnm-util/nm-setting-vlan.c:486

    3. Missing else branch.

       NetworkManager-0.8.1/system-settings/plugins/ifcfg-rh/reader.c:3699

       If the call 'g_str_has_prefix (iface_name, "vlan")' returns false
       variable 'p' stays NULL and on line 3702 is assigned to 'w' which is
       immediately dereferenced.

    4. Signed / unsigned int problem.

       NetworkManager-0.8.1/src/nm-device-vlan.c:640

       .. on line 638 is done assignment from signed => unsigned -- that may
       cause problems when the variable 'vlan_id' was really negative.  The
       check for negative value on line 642 may be never satisfied..

    5. 'strcpy' from rtnl_link_get_name() return value into
       vlan_ioctl_args.device1.  I'm just not sure if this is completely safe..
       Could somebody more involved look at this bunch of warnings?

       Occurrences:
             NetworkManager-0.8.1/src/nm-netlink-compat.c:193
             NetworkManager-0.8.1/src/nm-netlink-compat.c:124
             NetworkManager-0.8.1/src/nm-netlink-compat.c:161
             NetworkManager-0.8.1/src/nm-netlink-compat.c:226
             NetworkManager-0.8.1/src/nm-system.c:1931
             NetworkManager-0.8.1/src/nm-system.c:1931
             NetworkManager-0.8.1/src/nm-system.c:1905

This report is related to Michal's warning -- this bug is still in
NetworkManager.

Devel:
 Those errors are mentioned just as a warning and it depends on you whether
 they will be fixed.  They may be not so dangerous and not so prioritized to
 fix in  6.3 so feel free to move it to 6.4 or close it as a NOTABUG if we
 don't need to fix these at all.

Quality engineering:
 This issues were found by static analysis tool and we can't provide any
 reproducer for these.  We will verify the fix once available.  Please check
 these tests as SanityOnly (just check that patches for the issues and nothing
 unexpected is added by the commit).  If you want to check the new package with
 Coverity yourself, feel free to use covscan tool
 (https://engineering.redhat.com/trac/CoverityScan/wiki/covscan).
Comment 4 Dan Winship 2012-04-05 14:18:11 UTC 
>     1. Unchecked return value (low prio)
> 
>        NetworkManager-0.8.1/src/nm-system.c:2009

I'm not sure what it's complaining about. Or maybe the patch has already been updated since the version you ran coverity against? Right now that line is:

    for (i = 0; i < num; i++) {
-->     if (nm_setting_vlan_get_priority (s_vlan, NM_VLAN_INGRESS_MAP, i, &from, &to))
            if (rtnl_link_vlan_set_ingress_map (new_link, from, to))
                goto err_out_delete_vlan_with_new_name;
    }

so I don't see what it thinks we're not checking...
Comment 5 Pavel Raiskup 2012-04-05 14:42:41 UTC 
>>     1. Unchecked return value (low prio)
>>
>>        NetworkManager-0.8.1/src/nm-system.c:2009
>
> I'm not sure what it's complaining about. Or maybe the patch has already been
> updated since the version you ran coverity against? Right now that line is:
>
>     for (i = 0; i < num; i++) {
> -->     if (nm_setting_vlan_get_priority (s_vlan, NM_VLAN_INGRESS_MAP, i,
>                   &from, &to))
>             if (rtnl_link_vlan_set_ingress_map (new_link, from, to))
>                 goto err_out_delete_vlan_with_new_name;
>     }
>
> so I don't see what it thinks we're not checking...

Hi Dan, I have accidentally copied&pasted bad source filename and the line -->
the correct one is this one:

    NetworkManager-0.8.1/cli/src/settings.c:572

Sorry for my mistake,
Pavel
Comment 6 Dan Winship 2012-04-05 17:37:08 UTC 
These are mostly pretty simple fixes, and clearly correct, and could easily be fixed in 6.3.

(In reply to comment #0)
> /network-manager-applet-0.8.1/src/applet-dialogs.c:546 - Potential
> uninitialized value using. 

was already fixed upstream

(In reply to comment #3)

>     1. Unchecked return value (low prio)
> 
>        NetworkManager-0.8.1/cli/src/settings.c:572

Now fixed upstream

>     2. Interchange of '~' and '!' operators!
> 
>        NetworkManager-0.8.1/libnm-util/nm-setting-vlan.c:486

Oof. Fixed upstream

>     3. Missing else branch.
> 
>        NetworkManager-0.8.1/system-settings/plugins/ifcfg-rh/reader.c:3699

There are a few other bugs nearby in this code (eg, "DEVICE=vlanx" will make it spin forever because it's not incrementing w). I'm not totally sure what sorts of inputs it intends to handle vs what it intends to consider errors, so I'll leave this until dcbw gets back.

>     4. Signed / unsigned int problem.
> 
>        NetworkManager-0.8.1/src/nm-device-vlan.c:640

Fixed upstream.

>     5. 'strcpy' from rtnl_link_get_name() return value into
>        vlan_ioctl_args.device1.  I'm just not sure if this is completely safe..

It is safe, although using strcpy() makes me uncomfortable anyway. But I'll leave these to dcbw too.
Comment 7 RHEL Program Management 2012-04-05 17:49:41 UTC 
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.
Comment 11 Dan Winship 2012-04-26 14:36:30 UTC 
I've got a patch for this, but we need exception+ now.

The patch is small, and fixes some clear bugs in the vlan code.
Comment 24 errata-xmlrpc 2012-06-20 13:42:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0832.html