Bug 611790 - fix coverity Defect Type: Null pointer dereferences issues 11940 - 12166
Summary: fix coverity Defect Type: Null pointer dereferences issues 11940 - 12166
Status: CLOSED CURRENTRELEASE
Alias: None
Product: 389
Classification: Retired
Component: Directory Server   
(Show other bugs)
Version: 1.2.7
Hardware: All
OS: All
low
low
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 389_1.2.7 639035
TreeView+ depends on / blocked
 
Reported: 2010-07-06 14:41 UTC by Endi Sukma Dewata
Modified: 2015-01-04 23:43 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-05-17 14:08:59 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
0001-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (2.88 KB, patch)
2010-07-06 21:18 UTC, Endi Sukma Dewata
rmeggins: review-
Details | Diff
0002-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (23.20 KB, patch)
2010-07-06 21:18 UTC, Endi Sukma Dewata
no flags Details | Diff
0003-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (1.40 KB, patch)
2010-07-06 21:19 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0004-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (1.22 KB, patch)
2010-07-06 21:19 UTC, Endi Sukma Dewata
rmeggins: review-
Details | Diff
0005-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (1.29 KB, patch)
2010-07-06 21:20 UTC, Endi Sukma Dewata
rmeggins: review-
Details | Diff
0006-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (1.43 KB, patch)
2010-07-06 21:21 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0007-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (4.79 KB, patch)
2010-07-06 21:21 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0008-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (4.78 KB, patch)
2010-07-06 21:22 UTC, Endi Sukma Dewata
no flags Details | Diff
0009-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (1.68 KB, patch)
2010-07-06 21:22 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0010-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (1.53 KB, patch)
2010-07-06 21:23 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0011-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (1.61 KB, patch)
2010-07-06 21:23 UTC, Endi Sukma Dewata
rmeggins: review-
Details | Diff
0012-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (2.04 KB, patch)
2010-07-06 21:24 UTC, Endi Sukma Dewata
rmeggins: review-
Details | Diff
0013-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (4.33 KB, patch)
2010-07-06 21:25 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0014-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (1.60 KB, patch)
2010-07-06 21:25 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0015-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (2.44 KB, patch)
2010-07-06 21:26 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0016-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (1.15 KB, patch)
2010-07-06 21:27 UTC, Endi Sukma Dewata
rmeggins: review+
Details | Diff
0017-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (2.88 KB, patch)
2010-07-06 21:27 UTC, Endi Sukma Dewata
nhosoi: review+
Details | Diff
0018-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (1.56 KB, patch)
2010-07-06 21:28 UTC, Endi Sukma Dewata
nhosoi: review+
Details | Diff
0019-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (939 bytes, patch)
2010-07-06 21:29 UTC, Endi Sukma Dewata
nhosoi: review+
Details | Diff
0020-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (1.16 KB, patch)
2010-07-06 21:29 UTC, Endi Sukma Dewata
nhosoi: review+
Details | Diff
0021-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (1.81 KB, patch)
2010-07-06 21:30 UTC, Endi Sukma Dewata
nhosoi: review+
Details | Diff
0004a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (1.27 KB, patch)
2010-07-07 16:18 UTC, Endi Sukma Dewata
no flags Details | Diff
0005a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (1.34 KB, patch)
2010-07-07 16:18 UTC, Endi Sukma Dewata
nhosoi: review+
Details | Diff
0008a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (4.67 KB, patch)
2010-07-07 19:58 UTC, Endi Sukma Dewata
nhosoi: review+
Details | Diff
0011a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (1.72 KB, patch)
2010-07-07 19:59 UTC, Endi Sukma Dewata
no flags Details | Diff
0012a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (1.53 KB, patch)
2010-07-07 20:00 UTC, Endi Sukma Dewata
nhosoi: review+
Details | Diff
0011b-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (1.65 KB, patch)
2010-07-12 19:37 UTC, Endi Sukma Dewata
nhosoi: review+
Details | Diff
0004b-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch (2.29 KB, patch)
2010-08-21 01:07 UTC, Noriko Hosoi
nhosoi: review?
nhosoi: review?
rmeggins: review+
Details | Diff

Description Endi Sukma Dewata 2010-07-06 14:41:36 UTC
fix coverity Defect Type: Null pointer dereferences issues 11940 - 12166

Comment 2 Endi Sukma Dewata 2010-07-06 21:18:06 UTC
Created attachment 429893 [details]
0001-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 3 Endi Sukma Dewata 2010-07-06 21:18:47 UTC
Created attachment 429894 [details]
0002-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 4 Endi Sukma Dewata 2010-07-06 21:19:15 UTC
Created attachment 429895 [details]
0003-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 5 Endi Sukma Dewata 2010-07-06 21:19:56 UTC
Created attachment 429896 [details]
0004-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 6 Endi Sukma Dewata 2010-07-06 21:20:30 UTC
Created attachment 429897 [details]
0005-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 7 Endi Sukma Dewata 2010-07-06 21:21:01 UTC
Created attachment 429898 [details]
0006-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 8 Endi Sukma Dewata 2010-07-06 21:21:33 UTC
Created attachment 429899 [details]
0007-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 9 Endi Sukma Dewata 2010-07-06 21:22:20 UTC
Created attachment 429900 [details]
0008-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 10 Endi Sukma Dewata 2010-07-06 21:22:54 UTC
Created attachment 429901 [details]
0009-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 11 Endi Sukma Dewata 2010-07-06 21:23:29 UTC
Created attachment 429902 [details]
0010-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 12 Endi Sukma Dewata 2010-07-06 21:23:56 UTC
Created attachment 429903 [details]
0011-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 13 Endi Sukma Dewata 2010-07-06 21:24:32 UTC
Created attachment 429904 [details]
0012-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 14 Endi Sukma Dewata 2010-07-06 21:25:01 UTC
Created attachment 429906 [details]
0013-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 15 Endi Sukma Dewata 2010-07-06 21:25:47 UTC
Created attachment 429907 [details]
0014-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 16 Endi Sukma Dewata 2010-07-06 21:26:24 UTC
Created attachment 429908 [details]
0015-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 17 Endi Sukma Dewata 2010-07-06 21:27:07 UTC
Created attachment 429909 [details]
0016-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 18 Endi Sukma Dewata 2010-07-06 21:27:43 UTC
Created attachment 429910 [details]
0017-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 19 Endi Sukma Dewata 2010-07-06 21:28:51 UTC
Created attachment 429911 [details]
0018-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 20 Endi Sukma Dewata 2010-07-06 21:29:31 UTC
Created attachment 429912 [details]
0019-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 21 Endi Sukma Dewata 2010-07-06 21:29:56 UTC
Created attachment 429913 [details]
0020-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 22 Endi Sukma Dewata 2010-07-06 21:30:55 UTC
Created attachment 429914 [details]
0021-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 23 Rich Megginson 2010-07-06 23:12:06 UTC
Comment on attachment 429893 [details]
0001-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

I just pushed a patch that removes lexer.h and lexer.cpp

commit 4a103859b7100bc30046ecba3efca2e8f0b09c7d
Author: Rich Megginson <rmeggins@redhat.com>
Date:   Thu Jul 1 11:39:02 2010 -0600

Comment 24 Rich Megginson 2010-07-06 23:13:19 UTC
Comment on attachment 429894 [details]
0002-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

I think noriko has a patch that conflicts with this one - you should coordinate with her

Comment 25 Rich Megginson 2010-07-06 23:17:01 UTC
Comment on attachment 429896 [details]
0004-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

I think this will leak macro_str and working_list

Comment 26 Rich Megginson 2010-07-06 23:18:17 UTC
Comment on attachment 429897 [details]
0005-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

This will leak macro_prefix

Comment 27 Rich Megginson 2010-07-06 23:25:08 UTC
Comment on attachment 429899 [details]
0007-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

in general, it's not a good idea to change the formatting - this one was ok, not too big, and easy to find the actual bug fix intermixed with the formatting changes - but for large patches, with many lines of formatting changes, it makes it difficult to read
I know the formatting is really bad in a lot of files - I have to resist the urge to reformat things constantly . . .

Comment 28 Rich Megginson 2010-07-06 23:37:24 UTC
Comment on attachment 429900 [details]
0008-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

This change:
@@ -4781,6 +4775,12 @@ static int _cl5GetRUV2Purge2 (Object *fileObj, RUV **ruv)
     
     rObj = replica_get_by_name (dbFile->replName);
     PR_ASSERT (rObj);
+
+    if (!rObj) {
+        rc = CL5_MEMORY_ERROR;
+        goto out;
+    }
+

skips line 4800
    object_release (supRUVObj);

is this ok to do?

Comment 29 Endi Sukma Dewata 2010-07-07 16:18:00 UTC
Created attachment 430107 [details]
0004a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 30 Endi Sukma Dewata 2010-07-07 16:18:46 UTC
Created attachment 430108 [details]
0005a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 31 Rich Megginson 2010-07-07 17:28:07 UTC
Comment on attachment 429903 [details]
0011-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

need to init value in my_ber_scanf_attr:
    Slapi_Value *value = NULL;

Comment 32 Rich Megginson 2010-07-07 17:32:35 UTC
Comment on attachment 429904 [details]
0012-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

The caller may expect *entry = NULL even if !windows_conn_connected(conn)

just do something like this at the beginning of the function:
if (!entry) {
    log error message
    return CONN_LOCAL_ERROR; /* entry should never == NULL here */
}

*entry = NULL;
....

Comment 33 Endi Sukma Dewata 2010-07-07 19:58:26 UTC
Created attachment 430165 [details]
0008a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 34 Endi Sukma Dewata 2010-07-07 19:59:50 UTC
Created attachment 430166 [details]
0011a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 35 Endi Sukma Dewata 2010-07-07 20:00:17 UTC
Created attachment 430167 [details]
0012a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Comment 37 Endi Sukma Dewata 2010-07-12 19:37:41 UTC
Created attachment 431250 [details]
0011b-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Fixed a problem during merging.

Comment 38 Noriko Hosoi 2010-08-21 01:07:37 UTC
Created attachment 440076 [details]
0004b-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=11961&streamDefectId=12147&defectInstanceId=14012&evidenceId=35035&fileInstanceId=49276

I propose a new patch for 0004a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Description: Caller aclutil_evaluate_macro was not checking the NULL return. Added the check to the patch.  Also, another error case could just return NULL.

Comment 39 Rich Megginson 2010-08-21 02:09:32 UTC
Comment on attachment 440076 [details]
0004b-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

You could use LDAPDebug1Arg here, and use slapi_ch_free_string(&macro_str);

Comment 49 Noriko Hosoi 2010-08-23 23:56:43 UTC
Comment on attachment 429894 [details]
0002-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch

Subset of this change.

    609255 - fix coverity Defect Type: Memory - illegal accesses issues
    
    https://bugzilla.redhat.com/show_bug.cgi?id=609255
    
    12241 Triaged Unassigned Bug Minor Fix Required
    delete_acl_from_file(char *, char *…) ds/lib/libaccess/acltools.cpp
    
    12242 UNINIT Triaged Unassigned Bug Minor Fix Required
    get_acl_from_file(char *, char *, ACLListHandle **…) ds/lib/libaccess/acltools.cpp
    
    12243 UNINIT Triaged Unassigned Bug Minor Fix Required
    ACL_FileGetNameList() ds/lib/libaccess/acltools.cpp
    
    12244 UNINIT Triaged Unassigned Bug Minor Fix Required
    ACL_FileGetNameList() ds/lib/libaccess/acltools.cpp
    
    12245 UNINIT Triaged Unassigned Bug Minor Fix Required
    rename_acl_in_file(char *, char *, char *…) ds/lib/libaccess/acltools.cpp
    
    12246 UNINIT Triaged Unassigned Bug Minor Fix Required
    append_acl_to_file(char *, char *, char *…) ds/lib/libaccess/acltools.cpp
    
    12247 UNINIT Triaged Unassigned Bug Minor Fix Required
    append_acl_to_file(char *, char *, char *…) ds/lib/libaccess/acltools.cpp
    
    Comment:
    ACL_FileRenameAcl, ACL_FileDeleteAcl, ACL_FileGetAcl, ACL_FileSetAcl,
    ACL_FileMergeAcl, ACL_FileMergeFile and their helper functions are
    not used.  These functions and their helper functions plus libaccess
    test programs under the directory ./utest are eliminated.

Comment 50 Noriko Hosoi 2010-08-24 00:24:25 UTC
On behalf of Endi (edewata@redhat.com), pushed to master.

$ git merge coverity
Updating e5fe26a..0712904
Fast-forward
 ldap/servers/plugins/acl/acl.c                     |    7 ++-
 ldap/servers/plugins/acl/acllas.c                  |   56 +++++++------
 ldap/servers/plugins/acl/aclutil.c                 |   29 +++++---
 ldap/servers/plugins/cos/cos_cache.c               |   12 +++-
 ldap/servers/plugins/http/http_impl.c              |   81 +++++++++++---------
 ldap/servers/plugins/replication/cl5_api.c         |   52 ++++++++-----
 ldap/servers/plugins/replication/repl5_replica.c   |   16 ++++
 ldap/servers/plugins/replication/repl5_ruv.c       |    8 ++-
 ldap/servers/plugins/replication/repl5_total.c     |   11 ++-
 .../plugins/replication/windows_connection.c       |    7 ++
 .../plugins/replication/windows_protocol_util.c    |   41 ++++++----
 ldap/servers/plugins/retrocl/retrocl_trim.c        |   15 +++-
 ldap/servers/plugins/roles/roles_cache.c           |   19 ++++-
 ldap/servers/slapd/back-ldbm/dblayer.c             |    2 +
 ldap/servers/slapd/plugin.c                        |   60 ++++++---------
 ldap/servers/slapd/result.c                        |    4 +-
 lib/ldaputil/certmap.c                             |    1 +
 lib/libaccess/lasip.cpp                            |   16 +++-
 lib/libsi18n/reshash.c                             |   21 +++++-
 19 files changed, 292 insertions(+), 166 deletions(-)

$ git push
Counting objects: 160, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (125/125), done.
Writing objects: 100% (125/125), 14.05 KiB, done.
Total 125 (delta 106), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   e5fe26a..0712904  master -> master


Note You need to log in before you can comment on or make changes to this bug.