Bug 610119 - fix coverity Defect Type: Null pointer dereferences issues 12167 - 12199
Summary: fix coverity Defect Type: Null pointer dereferences issues 12167 - 12199
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: 389
Classification: Retired
Component: Directory Server
Version: 1.2.7
Hardware: All
OS: All
medium
low
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 389_1.2.7 639035
TreeView+ depends on / blocked
 
Reported: 2010-07-01 15:27 UTC by Endi Sukma Dewata
Modified: 2015-01-04 23:43 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2011-05-17 14:08:26 UTC
Embargoed:

Attachments (Terms of Use)
0001-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (2.16 KB, patch)
2010-07-02 15:04 UTC, Endi Sukma Dewata 		rmeggins: review+
Details | Diff
0002-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (3.21 KB, patch)
2010-07-02 15:05 UTC, Endi Sukma Dewata 		rmeggins: review+
Details | Diff
0003-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (2.50 KB, patch)
2010-07-02 15:05 UTC, Endi Sukma Dewata 		rmeggins: review+
Details | Diff
0004-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.60 KB, patch)
2010-07-02 15:06 UTC, Endi Sukma Dewata 		rmeggins: review+
Details | Diff
0005-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (2.35 KB, patch)
2010-07-02 15:06 UTC, Endi Sukma Dewata 		rmeggins: review+
Details | Diff
0006-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.77 KB, patch)
2010-07-02 15:06 UTC, Endi Sukma Dewata 		rmeggins: review-
Details | Diff
0007-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.37 KB, patch)
2010-07-02 15:07 UTC, Endi Sukma Dewata 		rmeggins: review+
Details | Diff
0008-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (4.21 KB, patch)
2010-07-02 15:07 UTC, Endi Sukma Dewata 		rmeggins: review+
Details | Diff
0009-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (2.92 KB, patch)
2010-07-02 15:08 UTC, Endi Sukma Dewata 		rmeggins: review+
Details | Diff
0010-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.76 KB, patch)
2010-07-02 15:08 UTC, Endi Sukma Dewata 		rmeggins: review+
Details | Diff
0011-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (4.13 KB, patch)
2010-07-02 15:08 UTC, Endi Sukma Dewata 		rmeggins: review+
Details | Diff
0012-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.84 KB, patch)
2010-07-02 15:09 UTC, Endi Sukma Dewata 		rmeggins: review+
Details | Diff
0013-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.44 KB, patch)
2010-07-02 15:10 UTC, Endi Sukma Dewata 		no flags Details | Diff
0014-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.18 KB, patch)
2010-07-02 15:10 UTC, Endi Sukma Dewata 		rmeggins: review+
Details | Diff
0015-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.94 KB, patch)
2010-07-02 15:11 UTC, Endi Sukma Dewata 		rmeggins: review+
Details | Diff
0016-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.82 KB, patch)
2010-07-02 15:11 UTC, Endi Sukma Dewata 		rmeggins: review+
Details | Diff
0017-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.42 KB, patch)
2010-07-02 15:12 UTC, Endi Sukma Dewata 		rmeggins: review+
Details | Diff
0018-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.44 KB, patch)
2010-07-02 15:12 UTC, Endi Sukma Dewata 		rmeggins: review+
Details | Diff
0019-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.79 KB, patch)
2010-07-02 15:13 UTC, Endi Sukma Dewata 		rmeggins: review+
Details | Diff
0020-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.06 KB, patch)
2010-07-02 15:13 UTC, Endi Sukma Dewata 		no flags Details | Diff
0021-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.66 KB, patch)
2010-07-02 15:14 UTC, Endi Sukma Dewata 		rmeggins: review+
Details | Diff
0006a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (4.89 KB, patch)
2010-07-06 21:39 UTC, Endi Sukma Dewata 		no flags Details | Diff
0013a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.49 KB, patch)
2010-07-06 23:16 UTC, Endi Sukma Dewata 		nhosoi: review+
Details | Diff
0020a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (2.79 KB, patch)
2010-07-06 23:57 UTC, Endi Sukma Dewata 		nhosoi: review+
Details | Diff
0011a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (4.11 KB, patch)
2010-07-12 19:10 UTC, Endi Sukma Dewata 		no flags Details | Diff
0006b-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.45 KB, patch)
2010-08-21 00:11 UTC, Noriko Hosoi 		nhosoi: review?
nhosoi: review?
rmeggins: review+
Details | Diff
0011b-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (4.78 KB, patch)
2010-08-21 00:19 UTC, Noriko Hosoi 		nhosoi: review?
nhosoi: review?
rmeggins: review+
Details | Diff
Show Obsolete (4) View All

Description Endi Sukma Dewata 2010-07-01 15:27:17 UTC 
fix coverity Defect Type: Null pointer dereferences issues 12167 - 12199
Comment 2 Endi Sukma Dewata 2010-07-02 15:04:37 UTC 
Created attachment 429071 [details]
0001-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 3 Endi Sukma Dewata 2010-07-02 15:05:16 UTC 
Created attachment 429073 [details]
0002-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 4 Endi Sukma Dewata 2010-07-02 15:05:38 UTC 
Created attachment 429074 [details]
0003-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 5 Endi Sukma Dewata 2010-07-02 15:06:05 UTC 
Created attachment 429075 [details]
0004-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 6 Endi Sukma Dewata 2010-07-02 15:06:28 UTC 
Created attachment 429076 [details]
0005-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 7 Endi Sukma Dewata 2010-07-02 15:06:59 UTC 
Created attachment 429077 [details]
0006-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 8 Endi Sukma Dewata 2010-07-02 15:07:20 UTC 
Created attachment 429078 [details]
0007-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 9 Endi Sukma Dewata 2010-07-02 15:07:48 UTC 
Created attachment 429079 [details]
0008-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 10 Endi Sukma Dewata 2010-07-02 15:08:10 UTC 
Created attachment 429080 [details]
0009-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 11 Endi Sukma Dewata 2010-07-02 15:08:35 UTC 
Created attachment 429081 [details]
0010-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 12 Endi Sukma Dewata 2010-07-02 15:08:57 UTC 
Created attachment 429082 [details]
0011-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 13 Endi Sukma Dewata 2010-07-02 15:09:21 UTC 
Created attachment 429083 [details]
0012-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 14 Endi Sukma Dewata 2010-07-02 15:10:21 UTC 
Created attachment 429084 [details]
0013-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 15 Endi Sukma Dewata 2010-07-02 15:10:54 UTC 
Created attachment 429085 [details]
0014-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 16 Endi Sukma Dewata 2010-07-02 15:11:25 UTC 
Created attachment 429086 [details]
0015-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 17 Endi Sukma Dewata 2010-07-02 15:11:52 UTC 
Created attachment 429087 [details]
0016-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 18 Endi Sukma Dewata 2010-07-02 15:12:15 UTC 
Created attachment 429088 [details]
0017-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 19 Endi Sukma Dewata 2010-07-02 15:12:40 UTC 
Created attachment 429090 [details]
0018-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 20 Endi Sukma Dewata 2010-07-02 15:13:04 UTC 
Created attachment 429091 [details]
0019-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 21 Endi Sukma Dewata 2010-07-02 15:13:32 UTC 
Created attachment 429092 [details]
0020-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 22 Endi Sukma Dewata 2010-07-02 15:14:05 UTC 
Created attachment 429093 [details]
0021-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 23 Rich Megginson 2010-07-02 21:44:26 UTC 
Comment on attachment 429077 [details]
0006-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

this will leak entry_string and wrapped_symmetric_key
Comment 24 Rich Megginson 2010-07-02 21:45:16 UTC 
Comment on attachment 429078 [details]
0007-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

this will leak dn
Comment 25 Rich Megginson 2010-07-02 21:52:33 UTC 
Comment on attachment 429078 [details]
0007-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

never mind - will not leak
Comment 26 Rich Megginson 2010-07-02 22:10:20 UTC 
Comment on attachment 429084 [details]
0013-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

looks like it may be possible for rc != 0 and values != NULL - so you may want to move the slapi_vattr_values_free after the close brace
Comment 27 Rich Megginson 2010-07-02 22:23:06 UTC 
Comment on attachment 429092 [details]
0020-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

is 0 return the correct thing here?  0 return means success

Can you move the if attr_pattern == NULL check before line 155?  That is, avoid allocating context->Table and context->pool if attr_pattern == NULL

Unless it is perfectly valid to have attr_pattern == NULL
Comment 28 Endi Sukma Dewata 2010-07-06 21:39:10 UTC 
Created attachment 429915 [details]
0006a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 29 Endi Sukma Dewata 2010-07-06 23:16:22 UTC 
Created attachment 429933 [details]
0013a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 30 Endi Sukma Dewata 2010-07-06 23:57:13 UTC 
Created attachment 429937 [details]
0020a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 32 Endi Sukma Dewata 2010-07-12 19:10:31 UTC 
Created attachment 431244 [details]
0011a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Fixed a problem during merging.
Comment 33 Noriko Hosoi 2010-08-20 23:08:04 UTC 
Comment on attachment 429937 [details]
0020a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=12196&streamDefectId=12382&defectInstanceId=14272&fileInstanceId=49195
Comment 34 Noriko Hosoi 2010-08-21 00:11:14 UTC 
Created attachment 440071 [details]
0006b-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=12168&streamDefectId=12354&defectInstanceId=14244&fileInstanceId=49322

I propose a new patch for 0006a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch.

Description: Since both pb and entry_string have no chance to be NULL (both memories are allocated using slapi_ch_*alloc functions), we don't need to check the NULL possibilities.
Comment 35 Noriko Hosoi 2010-08-21 00:19:17 UTC 
Created attachment 440073 [details]
0011b-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=12190&streamDefectId=12376&defectInstanceId=14266&fileInstanceId=49336

I propose a new patch for
0011a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch.

Description: Regarding upgradedb_copy_logfiles, check NULL or empty string for src and dest first.  Then, we can eliminate the broken "from" and "to" cases.  Both memories are allocated using slapi_ch_calloc, we don't have to check the NULL possibility of from and/or to.
I also replaced sprintf with PR_snprintf and added debug print for dblayer_copyfile.
Comment 36 Rich Megginson 2010-08-21 02:05:58 UTC 
Comment on attachment 440071 [details]
0006b-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

actually, would be better to use slapi_ch_free_string(&entry_string);
Comment 37 Noriko Hosoi 2010-08-23 18:43:58 UTC 
On behalf of Endi (edewata), pushed to master.

$ git merge coverity
Updating d7c4d9b..e5fe26a
Fast-forward
 include/libaccess/aclerror.h                       |    1 +
 include/libaccess/dbtlibaccess.h                   |    1 +
 ldap/servers/slapd/back-ldbm/dbhelp.c              |   12 +++-
 ldap/servers/slapd/back-ldbm/dblayer.c             |    2 +
 ldap/servers/slapd/back-ldbm/findentry.c           |   72 ++++++++++++--------
 ldap/servers/slapd/back-ldbm/import-threads.c      |   16 +++-
 ldap/servers/slapd/back-ldbm/import.c              |    7 ++-
 ldap/servers/slapd/back-ldbm/index.c               |   33 +++++----
 ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c      |    8 +--
 ldap/servers/slapd/back-ldbm/ldbm_config.c         |    9 +++
 ldap/servers/slapd/back-ldbm/ldbm_index_config.c   |   45 +++++++++----
 .../servers/slapd/back-ldbm/ldbm_instance_config.c |   27 ++++++--
 ldap/servers/slapd/back-ldbm/ldbm_modify.c         |   11 ++-
 ldap/servers/slapd/back-ldbm/ldif2ldbm.c           |   38 ++++++-----
 ldap/servers/slapd/back-ldbm/vlv.c                 |   16 +++-
 ldap/servers/slapd/plugin_syntax.c                 |   46 +++++++-----
 ldap/servers/slapd/pw.c                            |    9 ++-
 ldap/servers/slapd/regex.c                         |    3 +-
 ldap/servers/slapd/saslbind.c                      |   11 +--
 ldap/servers/slapd/schema.c                        |   16 ++++-
 ldap/servers/slapd/tools/ldclt/scalab01.c          |   10 +++-
 ldap/servers/snmp/ldap-agent.c                     |   21 ++++--
 lib/libaccess/lasdns.cpp                           |    6 ++
 lib/libaccess/usrcache.cpp                         |   14 ++--
 lib/libsi18n/getstrmem.h                           |    1 +
 25 files changed, 288 insertions(+), 147 deletions(-)

$ git push
Counting objects: 183, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (145/145), done.
Writing objects: 100% (145/145), 16.16 KiB, done.
Total 145 (delta 124), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   d7c4d9b..e5fe26a  master -> master
Note You need to log in before you can comment on or make changes to this bug.