Bug 1329002 - SVRCORE - Fixing coverity issues.
Summary: SVRCORE - Fixing coverity issues.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: svrcore
Version: 7.3
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Noriko Hosoi
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-04-20 21:19 UTC by Noriko Hosoi
Modified: 2016-11-04 02:47 UTC (History)
0 users

Fixed In Version: svrcore-4.1.2-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-04 02:47:53 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2285 0 normal SHIPPED_LIVE svrcore bug fix update 2016-11-03 13:36:45 UTC

Description Noriko Hosoi 2016-04-20 21:19:58 UTC 
Description of problem:

Ticket 9 - Coverity deadcode
Bug Description:  Coverity detected deadcode in the systemd handling of pins

Ticket 8 - Coverity compiler warnings
Bug Description:  Coverity detected a number of compiler warnings.

Ticket 6 - Resource leak in systemd ask pass
Bug Description:  In an error case, systemd would set the pin to "", 
which would leak the token memory.

Ticket 7 - Incorrect result check
Bug Description:  Coverity detected an issue where tmp_fd was not checked 
for null with fopen.

Ticket 10 - Use after free
Bug Description:  Coverity and ASAN detected use after frees related to
the reuse of the pin object.

Ticket 5 - Integrate asan support for code quality checking
Bug Description:  Coverity found a number of defects that could have been
detected with asan use during testing.
Comment 2 Noriko Hosoi 2016-04-21 19:58:51 UTC 
3 Covscan failures.

1. Defect type: UNINIT
1. svrcore-4.1.1/src/systemd-ask-pass.c:182: var_decl: Declaring variable "tmp_path".
2. svrcore-4.1.1/src/systemd-ask-pass.c:182: alloc_fn: Calling allocator "malloc".
3. svrcore-4.1.1/src/systemd-ask-pass.c:182: assign: Assigning: "tmp_path" = "malloc(50UL)", which is allocated but not initialized.
17. svrcore-4.1.1/src/systemd-ask-pass.c:418: uninit_use_in_call: Using uninitialized value "*tmp_path" when calling "unlink".
#   416|   
#   417|       if (tmp_path) {
#   418|->         unlink(tmp_path);
#   419|           free(tmp_path);
#   420|       }


2. Defect type: UNINIT
1. svrcore-4.1.1/src/systemd-ask-pass.c:181: var_decl: Declaring variable "ask_path".
2. svrcore-4.1.1/src/systemd-ask-pass.c:181: alloc_fn: Calling allocator "malloc".
3. svrcore-4.1.1/src/systemd-ask-pass.c:181: assign: Assigning: "ask_path" = "malloc(50UL)", which is allocated but not initialized.
16. svrcore-4.1.1/src/systemd-ask-pass.c:413: uninit_use_in_call: Using uninitialized value "*ask_path" when calling "unlink".
#   411|       }
#   412|       if (ask_path) {
#   413|->         unlink(ask_path);
#   414|           free(ask_path);
#   415|       }


3. Defect type: UNINIT
1. svrcore-4.1.1/src/systemd-ask-pass.c:180: var_decl: Declaring variable "socket_path".
2. svrcore-4.1.1/src/systemd-ask-pass.c:180: alloc_fn: Calling allocator "malloc".
3. svrcore-4.1.1/src/systemd-ask-pass.c:180: assign: Assigning: "socket_path" = "malloc(50UL)", which is allocated but not initialized.
15. svrcore-4.1.1/src/systemd-ask-pass.c:409: uninit_use_in_call: Using uninitialized value "*socket_path" when calling "unlink".
#   407|   
#   408|       if (socket_path) {
#   409|->         unlink(socket_path);
#   410|           free(socket_path);
#   411|       }
Comment 5 errata-xmlrpc 2016-11-04 02:47:53 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2285.html
Note You need to log in before you can comment on or make changes to this bug.