Bug 715621 - Defects revealed by Coverity scan
Summary: Defects revealed by Coverity scan
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: jss
Version: 6.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Matthew Harmsen
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
: 722182 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-06-23 14:21 UTC by Michal Luscon
Modified: 2015-01-04 23:49 UTC (History)
6 users (show)

Fixed In Version: jss-4.2.6-20.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-12-06 16:52:14 UTC
Target Upstream Version:

Attachments (Terms of Use)
Patch for native coverity defects (10.74 KB, patch)
2011-09-19 20:35 UTC, Matthew Harmsen 		jmagne: review+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1675 0 normal SHIPPED_LIVE jss bug fix update 2011-12-06 00:50:12 UTC

Description Michal Luscon 2011-06-23 14:21:24 UTC 
Description of problem:

1.
/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c:519 - Condition "addrBAelems == NULL" cannot be true as a result of line #502.


2.
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/common.c:152: Declaring variable "newFD" without initializer.

jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/common.c:160 - Goto finish statement

jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/common.c:281 - Using uninitialized value "newFD".

Version-Release number of selected component (if applicable):
4.2.6-15

These defects were probably introduced by Red Hat patches.
Comment 5 Matthew Harmsen 2011-08-09 22:33:32 UTC 
*** Bug 722182 has been marked as a duplicate of this bug. ***
Comment 7 Matthew Harmsen 2011-09-19 20:35:04 UTC 
Created attachment 523908 [details]
Patch for native coverity defects
Comment 8 Jack Magne 2011-09-20 00:20:00 UTC 
Comment on attachment 523908 [details]
Patch for native coverity defects

Caveats:

1.  Lines 1739-1744   Java_org_mozilla_jss_CryptoManager_verif

You might want to initialize the derCerts array at the top using the array initializer technique.

2.  Lines 564-570   static char* getPWFromConsole() 

What I believe they are complaining about is that you are assigning the output of "getchar", which returns an "int", into a variable of "char".  This could result in data loss if the getchar is returning -1 or EOR or some such value.
Comment 9 Matthew Harmsen 2011-09-20 01:04:03 UTC 
The following email was sent to Release Engineering:

Subject:  Request to build 'JSS 4.2.6' on RHEL6 . . .

Content:

We would like to request an official build of 'jss-4.2.6-20.1.el6' on RHEL6 in Brew to address the following bugs:

    * Bugzilla Bug #733551 - DRM failed to recovery keys when in FIPS mode (HSM + NSS)
    * Bugzilla Bug #715621 - Defects revealed by Coverity scan

The official spec files, source tarballs, other additional required sources, and all associated patches are located at:

    * http://pki.fedoraproject.org/pki/sources/jss/jss-4.2.6-20.el6/
Comment 10 Michal Luscon 2011-09-20 10:59:42 UTC 
New Coverity scan confirmed a fixation of mentioned defects in jss-4.2.6-20.el6.src.rpm.
Comment 14 errata-xmlrpc 2011-12-06 16:52:14 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1675.html
Note You need to log in before you can comment on or make changes to this bug.