Bug 728169
Summary: | Coverity scan revealed defects | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Michal Luscon <mluscon> | ||||
Component: | lldpad | Assignee: | Petr Šabata <psabata> | ||||
Status: | CLOSED ERRATA | QA Contact: | qe-baseos-daemons | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 6.2 | CC: | azelinka, kdudka, ppisar, praiskup, psklenar | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | lldpad-0.9.43-3.el6 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2011-12-06 14:40:22 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Michal Luscon
2011-08-04 09:13:58 UTC
(In reply to comment #0) > Description of problem: > > /open-lldp/lldp_8021qaz.c:526 - Function "find_module_user_data_by_id" without > NULL check (checked 4 out of 5 times). > > /open-lldp/lldp_rtnl.c:335, 336 - Macro RTA_DATA expands to the pointer at the > end of structure rta. Could you provide more info on this one? > > /open-lldp/lldp_mand_cmds.c:496 - Function mand_clif_cmd returns without > freeing variables args and argvals. This seems to be bogus. both **args and **argvals are free()'d in every case. > > Version-Release number of selected component (if applicable): > 0.9.43 > > Additional info: > These defects were added between RHEL-6.1 and RHEL-6.2 version of package. Created attachment 518224 [details]
Prevent resource leaks in mand_clif_cmd()
Patch applied in CVS, lldpad-0.9.43-3.el6. I can't understand the nltest.c:get_bcn() perfectly, but I suspect the `nlh' structure is not freed at the end of the function. Apparently a pointer to nlh space is saved as `d' that turns into `rta_parent' and this into `rta_child'. Then the rta_child iterates over rta_parent and data are copied from there into `bcn_data' structure in rest of the function. Finally the function returns 0, nlh data are carried out as copy by bcn_data argument, but the nlh itself is not not freed. Coverity cannot analyze functions that walk dynamically linked data structures precisely enough to reveal non-trivial memory leaks introduced during the traversal. The only thing that Coverity is trying to tell you here is that you leak the memory in case an error happens -- see the lines 784 and 790 (return -EIO). Anyway this bug is about defects introduced in RHEL-6.2 while the defect you are talking about was in lldpad-0.9.41-4.el6 already. (In reply to comment #11) > Anyway this bug is about defects introduced in RHEL-6.2 while the > defect you are talking about was in lldpad-0.9.41-4.el6 already. Ok. Copying as bug #730989. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1604.html |