Bug 750625
Description
Noriko Hosoi
2011-11-01 19:33:52 UTC
Created attachment 531392 [details]
Fix Coverity (11066) Unused pointer value; git patch file (master)
Fix Coverity (11066) Unused pointer value
slapd/opshared.c (op_shared_search)
Bug Description: A pointer "normbase" returned by "slapi_sdn_get_
dn(sdn)" is never used.
Fix description: removing the line that normbase is set.
Created attachment 531393 [details]
Fix Coverity (11065) Uninitialized pointer read; git patch file (master)
Fix Coverity (11065) Uninitialized pointer read
plugins/pam_passthru/pam_ptimpl.c (do_one_pam_auth)
Bug Description: Using uninitialized value "pam_id.str" when
calling "delete_my_str_buf".
Fix Description: Initialize pam_id.str with NULL in case bindsdn
is NULL.
Created attachment 531394 [details]
Fix Coverity (11064) Dereference before null check; git patch file (master)
Fix Coverity (11064) Dereference before null check
slapd/pw_retry.c (get_entry)
Bug Description: Dereferencing pointer "pb" before a null check.
Fix Description: Check if "pb" is NULL or not first. If NULL,
goto bail.
Created attachment 531395 [details]
Fix Coverity (11061) Resource leak; git patch file (master)
Fix Coverity (11061) Resource leak
slapd/mapping_tree.c (mapping_tree_entry_add)
Bug Description: Variable "subtree" going out of scope leaks
the storage it points to.
Slapi_DN subtree leaks when defbackend_get_backend returns NULL.
Fix Description: Free "subtree" before returning.
Created attachment 531396 [details]
Fix Coverity (11060) Dereference null return value; git patch file (master)
Fix Coverity (11060) Dereference null return value
slapd/back-ldbm/ldbm_modrdn.c (moddn_rename_child_entry)
Bug Description: Dereferencing a null pointer "olddns".
Missing a check of the NULL possibilities for olddns and olddn.
Fix Description: check if olddn and olddns are NULL or not.
If NULL, it does not go forward, but returns.
Created attachment 531397 [details]
Fix Coverity (11058, 11059) Dereference null return value; git patch file (master)
Fix Coverity (11058, 11059) Dereference null return value
plugins/referint/referint.c (_update_one_per_mod, _update_all_per_mod)
Bug Description: Dereferencing a null pointer "dnParts".
Missing a check of the NULL possibilities for origDN and exploded origDN.
Fix Description: check if origDN and dnParts are NULL or not.
If NULL, it does not go forward, but goto bail.
Created attachment 531398 [details]
Fix Coverity (11057) Dereference null return value; git patch file (master)
Fix Coverity (11057) Dereference null return value
plugins/acl/aclutil.c (aclutil_expand_paramString)
Bug Description: Dereferencing a null pointer "a_dns".
Missing a check of the NULL possibilities for slapi_entry_get_ndn(e),
str and their exploded results.
Fix Description: check if slapi_entry_get_ndn(e), str and their
exploded values are NULL or not. If any of the values are NULL,
it does not go further, but returns.
Created attachment 531399 [details]
Fix Coverity (11055) Explicit null dereferenced; git patch file (master)
Fix Coverity (11055) Explicit null dereferenced
plugins/automember/automember.c (automember_pre_op)
Bug Description: Passing null variable "e" to function
"automember_parse_config_entry", which dereferences it.
Missing a check of the NULL possibility of target entry "e".
Fix Description: Check if "e" is NULL or not. If it is, goto "bail".
Created attachment 531400 [details]
Fix Coverity (11054) Dereference after null check; git patch file (master)
Fix Coverity (11054) Dereference after null check
slapd/pw.c (new_passwdPolicy)
Bug Description: Passing null variable "pb" to function "get_entry",
which dereferences it.
Fix Description: if NULL pblock is passed, new_passworPolicy does not
go forward, but returns immediately.
Created attachment 531401 [details]
Fix Coverity (11117) Uninitialized pointer read; git patch file (master)
Fix Coverity (11117) Uninitialized pointer read
slapd/tools/ldclt/ldapfct.c (getPending)
Bug Description: Using uninitialized value "verb" when calling
"printf".
Fix Description: If the mode is not the supported operations,
getPending immediately return instead of going forward.
Created attachment 531403 [details]
Fix Coverity (11116) Uninitialized pointer read; git patch file (master)
Fix Coverity (11116) Uninitialized pointer read
slapd/back-ldbm/ldbm_entryrdn.c (entryrdn_lookup_dn)
Bug Description: Using uninitialized "data.data" when calling
"slapi_ch_free". If invalid NULL arguments or invalid DN is
passed or opening cursor failed, uninitialized data.data is freed.
Fix Description: initialize data if there is a chance to call
slapi_ch_free.
Created attachment 531404 [details]
Fix Coverity (11114, 11115) Uninitialized value use; git patch file (master)
Fix Coverity (11114, 11115) Uninitialized value use
slapd/back-ldbm/ancestorid.c (ldbm_ancestorid_index_update)
Bug Description: Uninitialized "sdn" and "nextsdn" when calling
"slapi_sdn_done".
Variable "sdn" and "nextsdn" should have been initialized before
any chances to goto "out".
Fix Description: initialize "sdn" and "nextsdn" before the first
"goto out".
Created attachment 531405 [details] Fix Coverity (11113) Uninitialized pointer read; git patch file (master) Bug 750625 - Fix Coverity (11113) Uninitialized pointer read slapd/auditlog.c (write_audit_log_entry) Bug Description: Using uninitialized value "change" when calling "write_audit_file". If it is not a supported operation type, no need to log it in the audit log. Fix Description: Once it's determined as an unsupported operation type, return without calling write_audit_file. Created attachment 531406 [details]
Fix Coverity (11112) Uninitialized pointer read; git patch file (master)
Fix Coverity (11112) Uninitialized pointer read
plugins/replication/repl5_replica_config.c (replica_execute_ldif2cl_task)
Bug Description: Using uninitialized "config.dir" when calling
"cl5Open".
config.dir is set in changelog5_extract_config. If any error
such as fail to read changelog config entry, NULL is set and
following cl5Open fails.
Fix Description: check if config.dir is NULL or not in error logging.
Created attachment 531407 [details]
Fix Coverity (11109, 11110, 11111) Uninitialized pointer read; git patch file (master)
Fix Coverity (11109, 11110, 11111) Uninitialized pointer read
plugins/replication/cl5_config.c (changelog5_read_config)
Bug Description: Using uninitialized value "config.dir".
changelog config is set with the changelog config entry in
changelog5_read_config. If the search for the config entry
succeeds but there's no entry returned (actually, there is
no such case, though), the config structure is not initialized.
Fix Description: if changelog config entry search is success and
no entry is returned, initialize the config structure with NULLs.
Created attachment 531408 [details]
Fix Coverity (11108) Sizeof not portable; git patch file (master)
Fix Coverity (11108) Sizeof not portable
lib/libaccess/oneeval.cpp (ACLEvalBuildContext)
Bug Description: Passing argument "8UL /* sizeof (PList_t *) */
* ace->expr_term_index" to function "INTsystem_calloc_perm" and
then casting the return value to "PList_t *" is suspicious. Did
you intend to use "sizeof(PList_t)" instead of "sizeof (PList_t *)"?
In this particular case sizeof(PList_t *) happens to be equal to
sizeof(PList_t), but this is not a portable assumption.
Fix Description: replace sizeof(PList_t *) with sizesof(PList_t).
Note: PList_t is typedef of (PListStruct_t *). I.e., sizeof(PList_t)
and sizeof(PList_t *) are identical. Therefore, this is not a major
problem at all.
Created attachment 531409 [details]
Fix Coverity (11107) Dereference before null check; git patch file (master)
Fix Coverity (11107) Dereference before null check
plugins/acl/acl.c (acl__resource_match_aci)
Bug Description: Dereferencing "aclpb" before a null check.
Fix Description: Since there is a chance that passed "aclpb" is NULL,
acl__resource_match_aci checks if "aclpb" is NULL or not at the top
of the function and if it is, goto acl__resource_match_aci_EXIT.
Created attachment 531410 [details]
Fix Coverity (11096) Explicit null dereferenced; git patch file (master)
Fix Coverity (11096) Explicit null dereferenced
lib/libaccess/aclutil.cpp (LASGroupEval)
Bug Description: Dereferencing null variable "req_time".
Fix Description: Check "req_time" when it's returned from acl_
get_req_time. If it is NULL, return LAS_EVAL_FAIL and it does
not go further. Also, adding a check for the malloc failure to
acl_get_req_time.
Created attachment 531411 [details]
Fix Coverity (11095) Explicit null dereferenced; git patch file (master)
Fix Coverity (11095) Explicit null dereferenced
lib/libaccess/lasdns.cpp (LASDnsEval)
Bug Description: LASDnsBuild could fail and context->Table could
be left as NULL. Error checking for LASDnsBuild should be added.
Fix Description: If LASDnsBuild returns LAS_EVAL_INVALID, return
LAS_EVAL_FAIL there.
Created attachment 531412 [details]
Fix Coverity (11094) Dereference after null check; git patch file (master)
Fix Coverity (11094) Dereference after null check
slapd/dse.c (dse_callback_removefromlist)
Bug Description: Passing null variable "filter" to function
"strcmpi_fast", which dereferences it.
If filter and t->filter have a chance to be NULL, the case
should be avoided before passing them to strcasecmp.
Fix Description: adding a check if "filter" and "t->filter"
are NULL or not. If both are not NULL, they are passed to
strcasecmp. If either is NULL and another is not, that is
they did not match.
Created attachment 531413 [details]
Fix Coverity (11091) Unchecked return value; git patch file (master)
Fix Coverity (11091) Unchecked return value
slapd/back-ldbm/import-threads.c (index_producer)
Bug Description: No check of the return value of "db_create".
Fix Description: Adding a checking code for the return value
from db_create.
Reviewed by Nathan (Thank you sooooo much!!) Pushed to master. $ git merge coverity Updating 54a3d99..950712c Fast-forward ldap/servers/plugins/acl/acl.c | 18 +++++--- ldap/servers/plugins/acl/aclutil.c | 7 +++- ldap/servers/plugins/automember/automember.c | 5 ++ ldap/servers/plugins/pam_passthru/pam_ptimpl.c | 1 + ldap/servers/plugins/referint/referint.c | 30 +++++++++++-- ldap/servers/plugins/replication/cl5_config.c | 34 +++++++++------ .../plugins/replication/repl5_replica_config.c | 2 +- ldap/servers/slapd/auditlog.c | 46 ++++++++++--------- ldap/servers/slapd/back-ldbm/ancestorid.c | 7 ++- ldap/servers/slapd/back-ldbm/import-threads.c | 13 ++++-- ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c | 4 +- ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 10 +++- ldap/servers/slapd/dse.c | 5 +- ldap/servers/slapd/mapping_tree.c | 4 +- ldap/servers/slapd/opshared.c | 1 - ldap/servers/slapd/pw.c | 27 +++++++----- ldap/servers/slapd/pw_retry.c | 8 +++- ldap/servers/slapd/tools/ldclt/ldapfct.c | 35 ++++++++------- lib/libaccess/aclutil.cpp | 13 +++-- lib/libaccess/lasdns.cpp | 8 +++- lib/libaccess/lasgroup.cpp | 10 +++-- lib/libaccess/oneeval.cpp | 2 +- 22 files changed, 186 insertions(+), 104 deletions(-) $ git push Counting objects: 174, done. Delta compression using up to 2 threads. Compressing objects: 100% (137/137), done. Writing objects: 100% (137/137), 17.37 KiB, done. Total 137 (delta 97), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 54a3d99..950712c master -> master Created attachment 531631 [details]
Fix Coverity (11055-2) Explicit null dereferenced; git patch file (master)
plugins/automember/automember.c (automember_pre_op)
Bug Description: Passing null variable "e" to function
"automember_parse_config_entry", which dereferences it.
Missing a check of the NULL possibility of target entry "e" when
modop is not a supported op type.
Fix Description: If modop is not a supported type, it bails there.
Created attachment 531632 [details]
Fix Coverity (11062) Resource leak; git patch file (master)
plugins/chainingdb/cb_bind.c (chainingdb_bind)
Bug Description: Variable "sdn" going out of scope leaks
the storage it points to. If SLAPI_BIND_TARGET_SDN is not
given (anonymous bind) to cb_bind, sizeof(Slapi_DN) leaks.
Fix Description: Free sdn if the structure Slapi_DN is locally
allocated.
Created attachment 531634 [details]
Fix Coverity (11066-2) Unused pointer value; git patch file (master)
slapd/opshared.c (op_shared_search)
Bug Description: A pointer "normbase" returned by "slapi_sdn_get_
dn(sdn)" is never used.
Fix description: removing the line that normbase is set.
Created attachment 531635 [details]
Fix Coverity (12195) Dereference after null check; git patch file (master)
slapd/dn.c (slapi_dn_normalize_ext)
Bug Description: Dereferencing null variable "dest_len".
Missed to check the NULL possibility of the argument "dest_len"
to return the normalized dn size.
Fix Description: Assinging 0 to "*dest_len" only when "dest_len"
is not NULL.
Created attachment 531636 [details]
Fix Coverity (12196) Dereference before null check; git patch file (master)
slapd/back-ldbm/ldbm_entryrdn.c (entryrdn_lookup_dn)
Bug Description: Dreferencing "db" before a null check.
Fix Description: Adding a check if the variable "db" returned
from _entryrdn_open_index is NULL or not. If NULL, it returns
or goto bail there.
Reviewed by Rich (Thank you!!!) Pushed to master. $ git merge coverity Updating 950712c..9a7c2da Fast-forward ldap/servers/plugins/automember/automember.c | 5 ++ ldap/servers/plugins/chainingdb/cb_bind.c | 64 ++++++++++++++------------ ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c | 38 ++++++++------- ldap/servers/slapd/dn.c | 4 +- ldap/servers/slapd/opshared.c | 1 - 5 files changed, 62 insertions(+), 50 deletions(-) $ git push Counting objects: 46, done. Delta compression using up to 2 threads. Compressing objects: 100% (33/33), done. Writing objects: 100% (33/33), 4.46 KiB, done. Total 33 (delta 22), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 950712c..9a7c2da master -> master Created attachment 531810 [details]
Fix Coverity (11066-3) Unused pointer value; git patch file (master)
slapd/opshared.c (op_shared_search)
Bug Description: A pointer "normbase" returned by "slapi_sdn_get_
dn(sdn)" is never used.
Fix description: removing the line that normbase is set.
Reviewed by Rich (Thanks ^ 3!!!) Pushed to master. $ git merge 9b2d8f76e8d67c108cde54db46184901e76d6090 Updating 9a7c2da..9b2d8f7 Fast-forward ldap/servers/slapd/opshared.c | 1 - 1 files changed, 0 insertions(+), 1 deletions(-) $ git push Counting objects: 11, done. Delta compression using up to 2 threads. Compressing objects: 100% (6/6), done. Writing objects: 100% (6/6), 716 bytes, done. Total 6 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 9a7c2da..9b2d8f7 master -> master Upstream ticket: https://fedorahosted.org/389/ticket/240 |