Bug 728169 - Coverity scan revealed defects
Summary: Coverity scan revealed defects
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: lldpad
Version: 6.2
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: rc
: ---
Assignee: Petr Šabata
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-04 09:13 UTC by Michal Luscon
Modified: 2011-12-06 14:40 UTC (History)
5 users (show)

Fixed In Version: lldpad-0.9.43-3.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-12-06 14:40:22 UTC


Attachments (Terms of Use)
Prevent resource leaks in mand_clif_cmd() (810 bytes, patch)
2011-08-15 06:25 UTC, Petr Šabata
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1604 normal SHIPPED_LIVE lldpad bug fix and enhancement update 2011-12-06 00:51:11 UTC

Description Michal Luscon 2011-08-04 09:13:58 UTC
Description of problem:

/open-lldp/lldp_8021qaz.c:526 - Function "find_module_user_data_by_id" without NULL check (checked 4 out of 5 times).

/open-lldp/lldp_rtnl.c:335, 336 - Macro RTA_DATA expands to the pointer at the end of structure rta. 

/open-lldp/lldp_mand_cmds.c:496 - Function mand_clif_cmd returns without freeing variables args and argvals.

Version-Release number of selected component (if applicable):
0.9.43

Additional info:
These defects were added between RHEL-6.1 and RHEL-6.2 version of package.

Comment 1 Petr Šabata 2011-08-08 13:00:05 UTC
(In reply to comment #0)
> Description of problem:
> 
> /open-lldp/lldp_8021qaz.c:526 - Function "find_module_user_data_by_id" without
> NULL check (checked 4 out of 5 times).
> 
> /open-lldp/lldp_rtnl.c:335, 336 - Macro RTA_DATA expands to the pointer at the
> end of structure rta. 

Could you provide more info on this one?

> 
> /open-lldp/lldp_mand_cmds.c:496 - Function mand_clif_cmd returns without
> freeing variables args and argvals.

This seems to be bogus. both **args and **argvals are free()'d in every case.

> 
> Version-Release number of selected component (if applicable):
> 0.9.43
> 
> Additional info:
> These defects were added between RHEL-6.1 and RHEL-6.2 version of package.

Comment 6 Petr Šabata 2011-08-15 06:25:01 UTC
Created attachment 518224 [details]
Prevent resource leaks in mand_clif_cmd()

Comment 8 Petr Šabata 2011-08-15 07:19:36 UTC
Patch applied in CVS, lldpad-0.9.43-3.el6.

Comment 10 Petr Pisar 2011-08-15 15:07:52 UTC
I can't understand the nltest.c:get_bcn() perfectly, but I suspect the `nlh' structure is not freed at the end of the function.

Apparently a pointer to nlh space is saved as `d' that turns into `rta_parent' and this into `rta_child'. Then the rta_child iterates over rta_parent and data are copied from there into `bcn_data' structure in rest of the function. Finally the function returns 0, nlh data are carried out as copy by bcn_data argument, but the nlh itself is not not freed.

Comment 11 Kamil Dudka 2011-08-15 15:26:37 UTC
Coverity cannot analyze functions that walk dynamically linked data structures precisely enough to reveal non-trivial memory leaks introduced during the traversal.  The only thing that Coverity is trying to tell you here is that you leak the memory in case an error happens -- see the lines 784 and 790 (return -EIO).  Anyway this bug is about defects introduced in RHEL-6.2 while the defect you are talking about was in lldpad-0.9.41-4.el6 already.

Comment 13 Petr Pisar 2011-08-16 13:40:04 UTC
(In reply to comment #11)
> Anyway this bug is about defects introduced in RHEL-6.2 while the
> defect you are talking about was in lldpad-0.9.41-4.el6 already.

Ok. Copying as bug #730989.

Comment 17 errata-xmlrpc 2011-12-06 14:40:22 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1604.html


Note You need to log in before you can comment on or make changes to this bug.