[PATCH] Some Coverity fixes
Volker Lendecke
Volker.Lendecke at SerNet.DE
Thu Mar 26 06:28:04 MDT 2015
On Thu, Mar 26, 2015 at 01:26:35PM +0100, Guenther Deschner wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ENOPATCH
>
> On 26/03/15 13:19, Volker Lendecke wrote:
> > Hi!
> >
> > Review&push appreciated!
> >
> > Thanks,
> >
> > Volker
Gna. Thanks!
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 9f8facce59de3fea118d20021340d4329e7ad485 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 26 Mar 2015 10:14:22 +0100
Subject: [PATCH 1/4] loadparm: Fix CID 1273054 Improper use of negative value
Probably a "can't happen", but formally lpcfg_map_parameter can return -1
Signed-off-by: Volker Lendecke <vl at samba.org>
---
lib/param/loadparm.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index e2b0ca2..ddb806a 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -1338,6 +1338,9 @@ bool handle_smb_ports(struct loadparm_context *lp_ctx, struct loadparm_service *
if (parm_num == -1) {
parm_num = lpcfg_map_parameter("smb ports");
+ if (parm_num == -1) {
+ return false;
+ }
}
if(!set_variable_helper(lp_ctx->globals->ctx, parm_num, ptr, "smb ports",
--
1.9.1
From a4dd8d47a0ebd7342328c93c8cbfe70bf0352415 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 26 Mar 2015 10:21:20 +0100
Subject: [PATCH 2/4] lib: Fix CID 1273009 Dereference after null check
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/lib/messages.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/source3/lib/messages.c b/source3/lib/messages.c
index aa67640..f0d2797 100644
--- a/source3/lib/messages.c
+++ b/source3/lib/messages.c
@@ -1066,6 +1066,7 @@ static void mess_parent_dgm_cleanup_done(struct tevent_req *req)
mess_parent_dgm_cleanup, msg);
if (req == NULL) {
DEBUG(1, ("background_job_send failed\n"));
+ return;
}
tevent_req_set_callback(req, mess_parent_dgm_cleanup_done, msg);
}
--
1.9.1
From d8142cdaab4cf5ebfd13bd0cb0be505d49b86160 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 26 Mar 2015 13:06:26 +0100
Subject: [PATCH 3/4] ctdb: Fix CID 1125634 Out-of-bounds write
Signed-off-by: Volker Lendecke <vl at samba.org>
---
ctdb/tests/src/ctdb_takeover_tests.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ctdb/tests/src/ctdb_takeover_tests.c b/ctdb/tests/src/ctdb_takeover_tests.c
index 8b07325..7ff8755 100644
--- a/ctdb/tests/src/ctdb_takeover_tests.c
+++ b/ctdb/tests/src/ctdb_takeover_tests.c
@@ -431,7 +431,7 @@ static void ctdb_test_init(const char nodestates[],
while (tok != NULL) {
nodeflags[numnodes] = (uint32_t) strtol(tok, NULL, 0);
numnodes++;
- if (numnodes > CTDB_TEST_MAX_NODES) {
+ if (numnodes >= CTDB_TEST_MAX_NODES) {
DEBUG(DEBUG_ERR, ("ERROR: Exceeding CTDB_TEST_MAX_NODES: %d\n", CTDB_TEST_MAX_NODES));
exit(1);
}
--
1.9.1
From c8a3ddc01aa92503904061929b04e5f8587f164d Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 26 Mar 2015 13:11:14 +0100
Subject: [PATCH 4/4] ctdb: Fix CID 1125615 Copy into fixed size buffer
Might be a "can't happen", but strcpy always looks fishy
Signed-off-by: Volker Lendecke <vl at samba.org>
---
ctdb/tests/src/ctdb_test_stubs.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/ctdb/tests/src/ctdb_test_stubs.c b/ctdb/tests/src/ctdb_test_stubs.c
index 3ea508a..a9947b1 100644
--- a/ctdb/tests/src/ctdb_test_stubs.c
+++ b/ctdb/tests/src/ctdb_test_stubs.c
@@ -597,7 +597,12 @@ int32_t ctdb_control_get_ifaces(struct ctdb_context *ctdb,
i = 0;
for (cur=ctdb->ifaces;cur;cur=cur->next) {
- strcpy(ifaces->ifaces[i].name, cur->name);
+ size_t nlen = strlcpy(ifaces->ifaces[i].name, cur->name,
+ sizeof(ifaces->ifaces[i].name));
+ if (nlen >= sizeof(ifaces->ifaces[i].name)) {
+ /* Ignore invalid name */
+ continue;
+ }
ifaces->ifaces[i].link_state = cur->link_up;
ifaces->ifaces[i].references = cur->references;
i++;
--
1.9.1
More information about the samba-technical
mailing list