Bug 610119 - fix coverity Defect Type: Null pointer dereferences issues 12167 - 12199
Summary: fix coverity Defect Type: Null pointer dereferences issues 12167 - 12199
Status: CLOSED CURRENTRELEASE
Alias: None
Product: 389
Classification: Retired
Component: Directory Server   
(Show other bugs)
Version: 1.2.7
Hardware: All
OS: All
medium
low
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 389_1.2.7 639035
TreeView+ depends on / blocked
 
Reported: 2010-07-01 15:27 UTC by Endi Sukma Dewata
Modified: 2015-01-04 23:43 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-05-17 14:08:26 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
0001-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (2.16 KB, patch)
2010-07-02 15:04 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0002-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (3.21 KB, patch)
2010-07-02 15:05 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0003-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (2.50 KB, patch)
2010-07-02 15:05 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0004-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.60 KB, patch)
2010-07-02 15:06 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0005-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (2.35 KB, patch)
2010-07-02 15:06 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0006-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.77 KB, patch)
2010-07-02 15:06 UTC, Endi Sukma Dewata
rmeggins: review-
Details | Diff
0007-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.37 KB, patch)
2010-07-02 15:07 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0008-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (4.21 KB, patch)
2010-07-02 15:07 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0009-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (2.92 KB, patch)
2010-07-02 15:08 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0010-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.76 KB, patch)
2010-07-02 15:08 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0011-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (4.13 KB, patch)
2010-07-02 15:08 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0012-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.84 KB, patch)
2010-07-02 15:09 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0013-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.44 KB, patch)
2010-07-02 15:10 UTC, Endi Sukma Dewata
no flags Details | Diff
0014-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.18 KB, patch)
2010-07-02 15:10 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0015-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.94 KB, patch)
2010-07-02 15:11 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0016-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.82 KB, patch)
2010-07-02 15:11 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0017-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.42 KB, patch)
2010-07-02 15:12 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0018-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.44 KB, patch)
2010-07-02 15:12 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0019-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.79 KB, patch)
2010-07-02 15:13 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0020-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.06 KB, patch)
2010-07-02 15:13 UTC, Endi Sukma Dewata
no flags Details | Diff
0021-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.66 KB, patch)
2010-07-02 15:14 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0006a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (4.89 KB, patch)
2010-07-06 21:39 UTC, Endi Sukma Dewata
no flags Details | Diff
0013a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.49 KB, patch)
2010-07-06 23:16 UTC, Endi Sukma Dewata
nhosoi: review+
Details | Diff
0020a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (2.79 KB, patch)
2010-07-06 23:57 UTC, Endi Sukma Dewata
nhosoi: review+
Details | Diff
0011a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (4.11 KB, patch)
2010-07-12 19:10 UTC, Endi Sukma Dewata
no flags Details | Diff
0006b-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (1.45 KB, patch)
2010-08-21 00:11 UTC, Noriko Hosoi
nhosoi: review?
nhosoi: review?
rmeggins: review+
Details | Diff
0011b-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch (4.78 KB, patch)
2010-08-21 00:19 UTC, Noriko Hosoi
nhosoi: review?
nhosoi: review?
rmeggins: review+
Details | Diff

Description Endi Sukma Dewata 2010-07-01 15:27:17 UTC
fix coverity Defect Type: Null pointer dereferences issues 12167 - 12199

Comment 2 Endi Sukma Dewata 2010-07-02 15:04:37 UTC
Created attachment 429071 [details]
0001-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 3 Endi Sukma Dewata 2010-07-02 15:05:16 UTC
Created attachment 429073 [details]
0002-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 4 Endi Sukma Dewata 2010-07-02 15:05:38 UTC
Created attachment 429074 [details]
0003-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 5 Endi Sukma Dewata 2010-07-02 15:06:05 UTC
Created attachment 429075 [details]
0004-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 6 Endi Sukma Dewata 2010-07-02 15:06:28 UTC
Created attachment 429076 [details]
0005-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 7 Endi Sukma Dewata 2010-07-02 15:06:59 UTC
Created attachment 429077 [details]
0006-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 8 Endi Sukma Dewata 2010-07-02 15:07:20 UTC
Created attachment 429078 [details]
0007-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 9 Endi Sukma Dewata 2010-07-02 15:07:48 UTC
Created attachment 429079 [details]
0008-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 10 Endi Sukma Dewata 2010-07-02 15:08:10 UTC
Created attachment 429080 [details]
0009-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 11 Endi Sukma Dewata 2010-07-02 15:08:35 UTC
Created attachment 429081 [details]
0010-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 12 Endi Sukma Dewata 2010-07-02 15:08:57 UTC
Created attachment 429082 [details]
0011-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 13 Endi Sukma Dewata 2010-07-02 15:09:21 UTC
Created attachment 429083 [details]
0012-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 14 Endi Sukma Dewata 2010-07-02 15:10:21 UTC
Created attachment 429084 [details]
0013-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 15 Endi Sukma Dewata 2010-07-02 15:10:54 UTC
Created attachment 429085 [details]
0014-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 16 Endi Sukma Dewata 2010-07-02 15:11:25 UTC
Created attachment 429086 [details]
0015-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 17 Endi Sukma Dewata 2010-07-02 15:11:52 UTC
Created attachment 429087 [details]
0016-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 18 Endi Sukma Dewata 2010-07-02 15:12:15 UTC
Created attachment 429088 [details]
0017-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 19 Endi Sukma Dewata 2010-07-02 15:12:40 UTC
Created attachment 429090 [details]
0018-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 20 Endi Sukma Dewata 2010-07-02 15:13:04 UTC
Created attachment 429091 [details]
0019-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 21 Endi Sukma Dewata 2010-07-02 15:13:32 UTC
Created attachment 429092 [details]
0020-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 22 Endi Sukma Dewata 2010-07-02 15:14:05 UTC
Created attachment 429093 [details]
0021-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 23 Rich Megginson 2010-07-02 21:44:26 UTC
Comment on attachment 429077 [details]
0006-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

this will leak entry_string and wrapped_symmetric_key

Comment 24 Rich Megginson 2010-07-02 21:45:16 UTC
Comment on attachment 429078 [details]
0007-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

this will leak dn

Comment 25 Rich Megginson 2010-07-02 21:52:33 UTC
Comment on attachment 429078 [details]
0007-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

never mind - will not leak

Comment 26 Rich Megginson 2010-07-02 22:10:20 UTC
Comment on attachment 429084 [details]
0013-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

looks like it may be possible for rc != 0 and values != NULL - so you may want to move the slapi_vattr_values_free after the close brace

Comment 27 Rich Megginson 2010-07-02 22:23:06 UTC
Comment on attachment 429092 [details]
0020-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

is 0 return the correct thing here?  0 return means success

Can you move the if attr_pattern == NULL check before line 155?  That is, avoid allocating context->Table and context->pool if attr_pattern == NULL

Unless it is perfectly valid to have attr_pattern == NULL

Comment 28 Endi Sukma Dewata 2010-07-06 21:39:10 UTC
Created attachment 429915 [details]
0006a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 29 Endi Sukma Dewata 2010-07-06 23:16:22 UTC
Created attachment 429933 [details]
0013a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 30 Endi Sukma Dewata 2010-07-06 23:57:13 UTC
Created attachment 429937 [details]
0020a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 32 Endi Sukma Dewata 2010-07-12 19:10:31 UTC
Created attachment 431244 [details]
0011a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

Fixed a problem during merging.

Comment 34 Noriko Hosoi 2010-08-21 00:11:14 UTC
Created attachment 440071 [details]
0006b-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=12168&streamDefectId=12354&defectInstanceId=14244&fileInstanceId=49322

I propose a new patch for 0006a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch.

Description: Since both pb and entry_string have no chance to be NULL (both memories are allocated using slapi_ch_*alloc functions), we don't need to check the NULL possibilities.

Comment 35 Noriko Hosoi 2010-08-21 00:19:17 UTC
Created attachment 440073 [details]
0011b-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=12190&streamDefectId=12376&defectInstanceId=14266&fileInstanceId=49336

I propose a new patch for
0011a-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch.

Description: Regarding upgradedb_copy_logfiles, check NULL or empty string for src and dest first.  Then, we can eliminate the broken "from" and "to" cases.  Both memories are allocated using slapi_ch_calloc, we don't have to check the NULL possibility of from and/or to.
I also replaced sprintf with PR_snprintf and added debug print for dblayer_copyfile.

Comment 36 Rich Megginson 2010-08-21 02:05:58 UTC
Comment on attachment 440071 [details]
0006b-Bug-610119-fix-coverify-Defect-Type-Null-pointer-der.patch

actually, would be better to use slapi_ch_free_string(&entry_string);

Comment 37 Noriko Hosoi 2010-08-23 18:43:58 UTC
On behalf of Endi (edewata@redhat.com), pushed to master.

$ git merge coverity
Updating d7c4d9b..e5fe26a
Fast-forward
 include/libaccess/aclerror.h                       |    1 +
 include/libaccess/dbtlibaccess.h                   |    1 +
 ldap/servers/slapd/back-ldbm/dbhelp.c              |   12 +++-
 ldap/servers/slapd/back-ldbm/dblayer.c             |    2 +
 ldap/servers/slapd/back-ldbm/findentry.c           |   72 ++++++++++++--------
 ldap/servers/slapd/back-ldbm/import-threads.c      |   16 +++-
 ldap/servers/slapd/back-ldbm/import.c              |    7 ++-
 ldap/servers/slapd/back-ldbm/index.c               |   33 +++++----
 ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c      |    8 +--
 ldap/servers/slapd/back-ldbm/ldbm_config.c         |    9 +++
 ldap/servers/slapd/back-ldbm/ldbm_index_config.c   |   45 +++++++++----
 .../servers/slapd/back-ldbm/ldbm_instance_config.c |   27 ++++++--
 ldap/servers/slapd/back-ldbm/ldbm_modify.c         |   11 ++-
 ldap/servers/slapd/back-ldbm/ldif2ldbm.c           |   38 ++++++-----
 ldap/servers/slapd/back-ldbm/vlv.c                 |   16 +++-
 ldap/servers/slapd/plugin_syntax.c                 |   46 +++++++-----
 ldap/servers/slapd/pw.c                            |    9 ++-
 ldap/servers/slapd/regex.c                         |    3 +-
 ldap/servers/slapd/saslbind.c                      |   11 +--
 ldap/servers/slapd/schema.c                        |   16 ++++-
 ldap/servers/slapd/tools/ldclt/scalab01.c          |   10 +++-
 ldap/servers/snmp/ldap-agent.c                     |   21 ++++--
 lib/libaccess/lasdns.cpp                           |    6 ++
 lib/libaccess/usrcache.cpp                         |   14 ++--
 lib/libsi18n/getstrmem.h                           |    1 +
 25 files changed, 288 insertions(+), 147 deletions(-)

$ git push
Counting objects: 183, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (145/145), done.
Writing objects: 100% (145/145), 16.16 KiB, done.
Total 145 (delta 124), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   d7c4d9b..e5fe26a  master -> master


Note You need to log in before you can comment on or make changes to this bug.