Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 610119 - fix coverity Defect Type: Null pointer dereferences issues 12167 - 12199
fix coverity Defect Type: Null pointer dereferences issues 12167 - 12199
Status: CLOSED CURRENTRELEASE
Product: 389
Classification: Retired
Component: Directory Server (Show other bugs)
1.2.7
All All
medium Severity low
: ---
: ---
Assigned To: Rich Megginson
Chandrasekar Kannan
:
Depends On:
Blocks: 389_1.2.7 639035
  Show dependency treegraph
 
Reported: 2010-07-01 11:27 EDT by Endi Sukma Dewata
Modified: 2015-01-04 18:43 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-05-17 10:08:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
0001-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (2.16 KB, patch)
2010-07-02 11:04 EDT, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0002-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (3.21 KB, patch)
2010-07-02 11:05 EDT, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0003-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (2.50 KB, patch)
2010-07-02 11:05 EDT, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0004-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.60 KB, patch)
2010-07-02 11:06 EDT, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0005-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (2.35 KB, patch)
2010-07-02 11:06 EDT, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0006-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.77 KB, patch)
2010-07-02 11:06 EDT, Endi Sukma Dewata
rmeggins: review-
Details | Diff
0007-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.37 KB, patch)
2010-07-02 11:07 EDT, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0008-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (4.21 KB, patch)
2010-07-02 11:07 EDT, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0009-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (2.92 KB, patch)
2010-07-02 11:08 EDT, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0010-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.76 KB, patch)
2010-07-02 11:08 EDT, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0011-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (4.13 KB, patch)
2010-07-02 11:08 EDT, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0012-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.84 KB, patch)
2010-07-02 11:09 EDT, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0013-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.44 KB, patch)
2010-07-02 11:10 EDT, Endi Sukma Dewata
no flags Details | Diff
0014-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.18 KB, patch)
2010-07-02 11:10 EDT, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0015-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.94 KB, patch)
2010-07-02 11:11 EDT, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0016-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.82 KB, patch)
2010-07-02 11:11 EDT, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0017-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.42 KB, patch)
2010-07-02 11:12 EDT, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0018-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.44 KB, patch)
2010-07-02 11:12 EDT, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0019-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.79 KB, patch)
2010-07-02 11:13 EDT, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0020-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.06 KB, patch)
2010-07-02 11:13 EDT, Endi Sukma Dewata
no flags Details | Diff
0021-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.66 KB, patch)
2010-07-02 11:14 EDT, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0006a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (4.89 KB, patch)
2010-07-06 17:39 EDT, Endi Sukma Dewata
no flags Details | Diff
0013a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.49 KB, patch)
2010-07-06 19:16 EDT, Endi Sukma Dewata
nhosoi: review+
Details | Diff
0020a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (2.79 KB, patch)
2010-07-06 19:57 EDT, Endi Sukma Dewata
nhosoi: review+
Details | Diff
0011a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (4.11 KB, patch)
2010-07-12 15:10 EDT, Endi Sukma Dewata
no flags Details | Diff
0006b-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.45 KB, patch)
2010-08-20 20:11 EDT, Noriko Hosoi
nhosoi: review?
nhosoi: review?
rmeggins: review+
Details | Diff
0011b-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (4.78 KB, patch)
2010-08-20 20:19 EDT, Noriko Hosoi
nhosoi: review?
nhosoi: review?
rmeggins: review+
Details | Diff

  None (edit)
Description Endi Sukma Dewata 2010-07-01 11:27:17 EDT
fix coverity Defect Type: Null pointer dereferences issues 12167 - 12199
Comment 2 Endi Sukma Dewata 2010-07-02 11:04:37 EDT
Created attachment 429071 [details]
0001-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 3 Endi Sukma Dewata 2010-07-02 11:05:16 EDT
Created attachment 429073 [details]
0002-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 4 Endi Sukma Dewata 2010-07-02 11:05:38 EDT
Created attachment 429074 [details]
0003-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 5 Endi Sukma Dewata 2010-07-02 11:06:05 EDT
Created attachment 429075 [details]
0004-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 6 Endi Sukma Dewata 2010-07-02 11:06:28 EDT
Created attachment 429076 [details]
0005-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 7 Endi Sukma Dewata 2010-07-02 11:06:59 EDT
Created attachment 429077 [details]
0006-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 8 Endi Sukma Dewata 2010-07-02 11:07:20 EDT
Created attachment 429078 [details]
0007-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 9 Endi Sukma Dewata 2010-07-02 11:07:48 EDT
Created attachment 429079 [details]
0008-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 10 Endi Sukma Dewata 2010-07-02 11:08:10 EDT
Created attachment 429080 [details]
0009-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 11 Endi Sukma Dewata 2010-07-02 11:08:35 EDT
Created attachment 429081 [details]
0010-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 12 Endi Sukma Dewata 2010-07-02 11:08:57 EDT
Created attachment 429082 [details]
0011-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 13 Endi Sukma Dewata 2010-07-02 11:09:21 EDT
Created attachment 429083 [details]
0012-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 14 Endi Sukma Dewata 2010-07-02 11:10:21 EDT
Created attachment 429084 [details]
0013-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 15 Endi Sukma Dewata 2010-07-02 11:10:54 EDT
Created attachment 429085 [details]
0014-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 16 Endi Sukma Dewata 2010-07-02 11:11:25 EDT
Created attachment 429086 [details]
0015-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 17 Endi Sukma Dewata 2010-07-02 11:11:52 EDT
Created attachment 429087 [details]
0016-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 18 Endi Sukma Dewata 2010-07-02 11:12:15 EDT
Created attachment 429088 [details]
0017-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 19 Endi Sukma Dewata 2010-07-02 11:12:40 EDT
Created attachment 429090 [details]
0018-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 20 Endi Sukma Dewata 2010-07-02 11:13:04 EDT
Created attachment 429091 [details]
0019-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 21 Endi Sukma Dewata 2010-07-02 11:13:32 EDT
Created attachment 429092 [details]
0020-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 22 Endi Sukma Dewata 2010-07-02 11:14:05 EDT
Created attachment 429093 [details]
0021-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 23 Rich Megginson 2010-07-02 17:44:26 EDT
Comment on attachment 429077 [details]
0006-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

this will leak entry_string and wrapped_symmetric_key
Comment 24 Rich Megginson 2010-07-02 17:45:16 EDT
Comment on attachment 429078 [details]
0007-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

this will leak dn
Comment 25 Rich Megginson 2010-07-02 17:52:33 EDT
Comment on attachment 429078 [details]
0007-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

never mind - will not leak
Comment 26 Rich Megginson 2010-07-02 18:10:20 EDT
Comment on attachment 429084 [details]
0013-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

looks like it may be possible for rc != 0 and values != NULL - so you may want to move the slapi_vattr_values_free after the close brace
Comment 27 Rich Megginson 2010-07-02 18:23:06 EDT
Comment on attachment 429092 [details]
0020-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

is 0 return the correct thing here?  0 return means success

Can you move the if attr_pattern == NULL check before line 155?  That is, avoid allocating context->Table and context->pool if attr_pattern == NULL

Unless it is perfectly valid to have attr_pattern == NULL
Comment 28 Endi Sukma Dewata 2010-07-06 17:39:10 EDT
Created attachment 429915 [details]
0006a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 29 Endi Sukma Dewata 2010-07-06 19:16:22 EDT
Created attachment 429933 [details]
0013a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 30 Endi Sukma Dewata 2010-07-06 19:57:13 EDT
Created attachment 429937 [details]
0020a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment 32 Endi Sukma Dewata 2010-07-12 15:10:31 EDT
Created attachment 431244 [details]
0011a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Fixed a problem during merging.
Comment 34 Noriko Hosoi 2010-08-20 20:11:14 EDT
Created attachment 440071 [details]
0006b-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=12168&streamDefectId=12354&defectInstanceId=14244&fileInstanceId=49322

I propose a new patch for 0006a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch.

Description: Since both pb and entry_string have no chance to be NULL (both memories are allocated using slapi_ch_*alloc functions), we don't need to check the NULL possibilities.
Comment 35 Noriko Hosoi 2010-08-20 20:19:17 EDT
Created attachment 440073 [details]
0011b-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=12190&streamDefectId=12376&defectInstanceId=14266&fileInstanceId=49336

I propose a new patch for
0011a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch.

Description: Regarding upgradedb_copy_logfiles, check NULL or empty string for src and dest first.  Then, we can eliminate the broken "from" and "to" cases.  Both memories are allocated using slapi_ch_calloc, we don't have to check the NULL possibility of from and/or to.
I also replaced sprintf with PR_snprintf and added debug print for dblayer_copyfile.
Comment 36 Rich Megginson 2010-08-20 22:05:58 EDT
Comment on attachment 440071 [details]
0006b-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

actually, would be better to use slapi_ch_free_string(&entry_string);
Comment 37 Noriko Hosoi 2010-08-23 14:43:58 EDT
On behalf of Endi (edewata@redhat.com), pushed to master.

$ git merge coverity
Updating d7c4d9b..e5fe26a
Fast-forward
 include/libaccess/aclerror.h                       |    1 +
 include/libaccess/dbtlibaccess.h                   |    1 +
 ldap/servers/slapd/back-ldbm/dbhelp.c              |   12 +++-
 ldap/servers/slapd/back-ldbm/dblayer.c             |    2 +
 ldap/servers/slapd/back-ldbm/findentry.c           |   72 ++++++++++++--------
 ldap/servers/slapd/back-ldbm/import-threads.c      |   16 +++-
 ldap/servers/slapd/back-ldbm/import.c              |    7 ++-
 ldap/servers/slapd/back-ldbm/index.c               |   33 +++++----
 ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c      |    8 +--
 ldap/servers/slapd/back-ldbm/ldbm_config.c         |    9 +++
 ldap/servers/slapd/back-ldbm/ldbm_index_config.c   |   45 +++++++++----
 .../servers/slapd/back-ldbm/ldbm_instance_config.c |   27 ++++++--
 ldap/servers/slapd/back-ldbm/ldbm_modify.c         |   11 ++-
 ldap/servers/slapd/back-ldbm/ldif2ldbm.c           |   38 ++++++-----
 ldap/servers/slapd/back-ldbm/vlv.c                 |   16 +++-
 ldap/servers/slapd/plugin_syntax.c                 |   46 +++++++-----
 ldap/servers/slapd/pw.c                            |    9 ++-
 ldap/servers/slapd/regex.c                         |    3 +-
 ldap/servers/slapd/saslbind.c                      |   11 +--
 ldap/servers/slapd/schema.c                        |   16 ++++-
 ldap/servers/slapd/tools/ldclt/scalab01.c          |   10 +++-
 ldap/servers/snmp/ldap-agent.c                     |   21 ++++--
 lib/libaccess/lasdns.cpp                           |    6 ++
 lib/libaccess/usrcache.cpp                         |   14 ++--
 lib/libsi18n/getstrmem.h                           |    1 +
 25 files changed, 288 insertions(+), 147 deletions(-)

$ git push
Counting objects: 183, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (145/145), done.
Writing objects: 100% (145/145), 16.16 KiB, done.
Total 145 (delta 124), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   d7c4d9b..e5fe26a  master -> master

Note You need to log in before you can comment on or make changes to this bug.