[PATCH] Some Coverity fixes

Michael Adam obnox at samba.org
Thu Mar 26 07:27:14 MDT 2015 

Reviewed-by: me.

Going to push with other coverity bt Anoop.

Michael

On 2015-03-26 at 13:28 +0100, Volker Lendecke wrote:
> On Thu, Mar 26, 2015 at 01:26:35PM +0100, Guenther Deschner wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > ENOPATCH
> > 
> > On 26/03/15 13:19, Volker Lendecke wrote:
> > > Hi!
> > > 
> > > Review&push appreciated!
> > > 
> > > Thanks,
> > > 
> > > Volker
> 
> Gna. Thanks!
> 
> Volker
> 
> -- 
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.sernet.de, mailto:kontakt at sernet.de

> From 9f8facce59de3fea118d20021340d4329e7ad485 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Thu, 26 Mar 2015 10:14:22 +0100
> Subject: [PATCH 1/4] loadparm: Fix CID 1273054 Improper use of negative value
> 
> Probably a "can't happen", but formally lpcfg_map_parameter can return -1
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
>  lib/param/loadparm.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
> index e2b0ca2..ddb806a 100644
> --- a/lib/param/loadparm.c
> +++ b/lib/param/loadparm.c
> @@ -1338,6 +1338,9 @@ bool handle_smb_ports(struct loadparm_context *lp_ctx, struct loadparm_service *
>  
>  	if (parm_num == -1) {
>  		parm_num = lpcfg_map_parameter("smb ports");
> +		if (parm_num == -1) {
> +			return false;
> +		}
>  	}
>  
>  	if(!set_variable_helper(lp_ctx->globals->ctx, parm_num, ptr, "smb ports",
> -- 
> 1.9.1
> 
> 
> From a4dd8d47a0ebd7342328c93c8cbfe70bf0352415 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Thu, 26 Mar 2015 10:21:20 +0100
> Subject: [PATCH 2/4] lib: Fix CID 1273009 Dereference after null check
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
>  source3/lib/messages.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/source3/lib/messages.c b/source3/lib/messages.c
> index aa67640..f0d2797 100644
> --- a/source3/lib/messages.c
> +++ b/source3/lib/messages.c
> @@ -1066,6 +1066,7 @@ static void mess_parent_dgm_cleanup_done(struct tevent_req *req)
>  		mess_parent_dgm_cleanup, msg);
>  	if (req == NULL) {
>  		DEBUG(1, ("background_job_send failed\n"));
> +		return;
>  	}
>  	tevent_req_set_callback(req, mess_parent_dgm_cleanup_done, msg);
>  }
> -- 
> 1.9.1
> 
> 
> From d8142cdaab4cf5ebfd13bd0cb0be505d49b86160 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Thu, 26 Mar 2015 13:06:26 +0100
> Subject: [PATCH 3/4] ctdb: Fix CID 1125634 Out-of-bounds write
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
>  ctdb/tests/src/ctdb_takeover_tests.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/ctdb/tests/src/ctdb_takeover_tests.c b/ctdb/tests/src/ctdb_takeover_tests.c
> index 8b07325..7ff8755 100644
> --- a/ctdb/tests/src/ctdb_takeover_tests.c
> +++ b/ctdb/tests/src/ctdb_takeover_tests.c
> @@ -431,7 +431,7 @@ static void ctdb_test_init(const char nodestates[],
>  	while (tok != NULL) {
>  		nodeflags[numnodes] = (uint32_t) strtol(tok, NULL, 0);
>  		numnodes++;
> -		if (numnodes > CTDB_TEST_MAX_NODES) {
> +		if (numnodes >= CTDB_TEST_MAX_NODES) {
>  			DEBUG(DEBUG_ERR, ("ERROR: Exceeding CTDB_TEST_MAX_NODES: %d\n", CTDB_TEST_MAX_NODES));
>  			exit(1);
>  		}
> -- 
> 1.9.1
> 
> 
> From c8a3ddc01aa92503904061929b04e5f8587f164d Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Thu, 26 Mar 2015 13:11:14 +0100
> Subject: [PATCH 4/4] ctdb: Fix CID 1125615 Copy into fixed size buffer
> 
> Might be a "can't happen", but strcpy always looks fishy
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
>  ctdb/tests/src/ctdb_test_stubs.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/ctdb/tests/src/ctdb_test_stubs.c b/ctdb/tests/src/ctdb_test_stubs.c
> index 3ea508a..a9947b1 100644
> --- a/ctdb/tests/src/ctdb_test_stubs.c
> +++ b/ctdb/tests/src/ctdb_test_stubs.c
> @@ -597,7 +597,12 @@ int32_t ctdb_control_get_ifaces(struct ctdb_context *ctdb,
>  
>  	i = 0;
>  	for (cur=ctdb->ifaces;cur;cur=cur->next) {
> -		strcpy(ifaces->ifaces[i].name, cur->name);
> +		size_t nlen = strlcpy(ifaces->ifaces[i].name, cur->name,
> +				      sizeof(ifaces->ifaces[i].name));
> +		if (nlen >= sizeof(ifaces->ifaces[i].name)) {
> +			/* Ignore invalid name */
> +			continue;
> +		}
>  		ifaces->ifaces[i].link_state = cur->link_up;
>  		ifaces->ifaces[i].references = cur->references;
>  		i++;
> -- 
> 1.9.1
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150326/a839929d/attachment.pgp>

More information about the samba-technical mailing list