[PATCH] Coverity fixes

Volker Lendecke Volker.Lendecke at SerNet.DE
Sat Mar 7 06:00:45 MST 2015


Hi!

Attached find a few Coverity fixes. The last patch was
triggered by a Coverity false positive that I still try to
understand.

Review&push appreciated!

Thanks,

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 0ea1c62413dbe14dd9a077b8f5e315c7888d0c7a Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 6 Mar 2015 11:02:49 +0000
Subject: [PATCH 1/5] registry: Fix CID 241075 Unchecked return value

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source4/lib/registry/ldb.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source4/lib/registry/ldb.c b/source4/lib/registry/ldb.c
index d1a8963..1dfffdb 100644
--- a/source4/lib/registry/ldb.c
+++ b/source4/lib/registry/ldb.c
@@ -650,7 +650,8 @@ static WERROR ldb_del_value(TALLOC_CTX *mem_ctx, struct hive_key *key,
 		if (ret != LDB_SUCCESS) {
 			return WERR_FOOBAR;
 		}
-		ldb_msg_add_empty(msg, "type", LDB_FLAG_MOD_DELETE, NULL);
+		ret = ldb_msg_add_empty(msg, "type", LDB_FLAG_MOD_DELETE,
+					NULL);
 		if (ret != LDB_SUCCESS) {
 			return WERR_FOOBAR;
 		}
-- 
1.9.1


From d3827df42aba83545df100f44e08ec9861ab2696 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 7 Mar 2015 10:24:18 +0000
Subject: [PATCH 2/5] registry: Fix CID 240989 Buffer not null terminated

This makes it clearer that we don't really have a string in .hdr

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source4/lib/registry/patchfile_preg.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source4/lib/registry/patchfile_preg.c b/source4/lib/registry/patchfile_preg.c
index 28b56dd..8017b58 100644
--- a/source4/lib/registry/patchfile_preg.c
+++ b/source4/lib/registry/patchfile_preg.c
@@ -187,7 +187,7 @@ _PUBLIC_ WERROR reg_preg_diff_save(TALLOC_CTX *ctx, const char *filename,
 		data->fd = STDOUT_FILENO;
 	}
 
-	strncpy(preg_header.hdr, "PReg", 4);
+	memcpy(preg_header.hdr, "PReg", sizeof(preg_header.hdr));
 	SIVAL(&preg_header.version, 0, 1);
 	write(data->fd, (uint8_t *)&preg_header, sizeof(preg_header));
 
-- 
1.9.1


From 6bbf0b05878bb11be271f16260f81fb6e83f3ae7 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 7 Mar 2015 10:29:21 +0000
Subject: [PATCH 3/5] ctdb: Fix 1125553 Buffer not null terminated

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 ctdb/common/system_linux.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ctdb/common/system_linux.c b/ctdb/common/system_linux.c
index 97a57ac..fdb8d12 100644
--- a/ctdb/common/system_linux.c
+++ b/ctdb/common/system_linux.c
@@ -100,7 +100,7 @@ int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface)
 		}
 
 		DEBUG(DEBUG_DEBUG, (__location__ " Created SOCKET FD:%d for sending arp\n", s));
-		strncpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name)-1);
+		strlcpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name));
 		if (ioctl(s, SIOCGIFINDEX, &ifr) < 0) {
 			DEBUG(DEBUG_CRIT,(__location__ " interface '%s' not found\n", iface));
 			close(s);
-- 
1.9.1


From 3c051efab4d55576865c0b69e4da096c3aac94d7 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 7 Mar 2015 11:24:33 +0000
Subject: [PATCH 4/5] libreplace: Fix CID 1034926 Destination buffer too small

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 lib/replace/test/os2_delete.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/replace/test/os2_delete.c b/lib/replace/test/os2_delete.c
index 9e2115b..0816f61 100644
--- a/lib/replace/test/os2_delete.c
+++ b/lib/replace/test/os2_delete.c
@@ -70,7 +70,8 @@ static int os2_delete(DIR *d)
 	     de && i < READDIR_SIZE; 
 	     de=readdir(d), i++) {
 		offsets[i] = telldir(d);
-		strcpy(names[i], de->d_name);
+		/* strlcpy not available here */
+		snprintf(names[i], sizeof(names[i]), "%s", de->d_name);
 	}
 
 	if (i == 0) {
-- 
1.9.1


From 503ab3877dcb7bfc5fde146f9d83a8552cc1500b Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 7 Mar 2015 11:39:05 +0000
Subject: [PATCH 5/5] smbcontrol: Simplify do_winbind_offline

This saves 128 bytes of .text on x86-64 with -O3. No idea why...

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source3/utils/smbcontrol.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/source3/utils/smbcontrol.c b/source3/utils/smbcontrol.c
index 9af0f3e..3946c08 100644
--- a/source3/utils/smbcontrol.c
+++ b/source3/utils/smbcontrol.c
@@ -1093,14 +1093,10 @@ static bool do_winbind_offline(struct tevent_context *ev_ctx,
 	   5 times. */
 
 	for (retry = 0; retry < 5; retry++) {
-		TDB_DATA d;
 		uint8 buf[4];
-
-		ZERO_STRUCT(d);
+		TDB_DATA d = { .dptr = buf, .dsize = sizeof(buf) };
 
 		SIVAL(buf, 0, time(NULL));
-		d.dptr = buf;
-		d.dsize = 4;
 
 		tdb_store_bystring(tdb, "WINBINDD_OFFLINE", d, TDB_INSERT);
 
-- 
1.9.1



More information about the samba-technical mailing list