[PATCH] Some Coverity fixes
Michael Adam
obnox at samba.org
Thu Mar 26 07:27:14 MDT 2015
Reviewed-by: me.
Going to push with other coverity bt Anoop.
Michael
On 2015-03-26 at 13:28 +0100, Volker Lendecke wrote:
> On Thu, Mar 26, 2015 at 01:26:35PM +0100, Guenther Deschner wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > ENOPATCH
> >
> > On 26/03/15 13:19, Volker Lendecke wrote:
> > > Hi!
> > >
> > > Review&push appreciated!
> > >
> > > Thanks,
> > >
> > > Volker
>
> Gna. Thanks!
>
> Volker
>
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.sernet.de, mailto:kontakt at sernet.de
> From 9f8facce59de3fea118d20021340d4329e7ad485 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Thu, 26 Mar 2015 10:14:22 +0100
> Subject: [PATCH 1/4] loadparm: Fix CID 1273054 Improper use of negative value
>
> Probably a "can't happen", but formally lpcfg_map_parameter can return -1
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> lib/param/loadparm.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
> index e2b0ca2..ddb806a 100644
> --- a/lib/param/loadparm.c
> +++ b/lib/param/loadparm.c
> @@ -1338,6 +1338,9 @@ bool handle_smb_ports(struct loadparm_context *lp_ctx, struct loadparm_service *
>
> if (parm_num == -1) {
> parm_num = lpcfg_map_parameter("smb ports");
> + if (parm_num == -1) {
> + return false;
> + }
> }
>
> if(!set_variable_helper(lp_ctx->globals->ctx, parm_num, ptr, "smb ports",
> --
> 1.9.1
>
>
> From a4dd8d47a0ebd7342328c93c8cbfe70bf0352415 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Thu, 26 Mar 2015 10:21:20 +0100
> Subject: [PATCH 2/4] lib: Fix CID 1273009 Dereference after null check
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> source3/lib/messages.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/source3/lib/messages.c b/source3/lib/messages.c
> index aa67640..f0d2797 100644
> --- a/source3/lib/messages.c
> +++ b/source3/lib/messages.c
> @@ -1066,6 +1066,7 @@ static void mess_parent_dgm_cleanup_done(struct tevent_req *req)
> mess_parent_dgm_cleanup, msg);
> if (req == NULL) {
> DEBUG(1, ("background_job_send failed\n"));
> + return;
> }
> tevent_req_set_callback(req, mess_parent_dgm_cleanup_done, msg);
> }
> --
> 1.9.1
>
>
> From d8142cdaab4cf5ebfd13bd0cb0be505d49b86160 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Thu, 26 Mar 2015 13:06:26 +0100
> Subject: [PATCH 3/4] ctdb: Fix CID 1125634 Out-of-bounds write
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> ctdb/tests/src/ctdb_takeover_tests.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/ctdb/tests/src/ctdb_takeover_tests.c b/ctdb/tests/src/ctdb_takeover_tests.c
> index 8b07325..7ff8755 100644
> --- a/ctdb/tests/src/ctdb_takeover_tests.c
> +++ b/ctdb/tests/src/ctdb_takeover_tests.c
> @@ -431,7 +431,7 @@ static void ctdb_test_init(const char nodestates[],
> while (tok != NULL) {
> nodeflags[numnodes] = (uint32_t) strtol(tok, NULL, 0);
> numnodes++;
> - if (numnodes > CTDB_TEST_MAX_NODES) {
> + if (numnodes >= CTDB_TEST_MAX_NODES) {
> DEBUG(DEBUG_ERR, ("ERROR: Exceeding CTDB_TEST_MAX_NODES: %d\n", CTDB_TEST_MAX_NODES));
> exit(1);
> }
> --
> 1.9.1
>
>
> From c8a3ddc01aa92503904061929b04e5f8587f164d Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Thu, 26 Mar 2015 13:11:14 +0100
> Subject: [PATCH 4/4] ctdb: Fix CID 1125615 Copy into fixed size buffer
>
> Might be a "can't happen", but strcpy always looks fishy
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> ctdb/tests/src/ctdb_test_stubs.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/ctdb/tests/src/ctdb_test_stubs.c b/ctdb/tests/src/ctdb_test_stubs.c
> index 3ea508a..a9947b1 100644
> --- a/ctdb/tests/src/ctdb_test_stubs.c
> +++ b/ctdb/tests/src/ctdb_test_stubs.c
> @@ -597,7 +597,12 @@ int32_t ctdb_control_get_ifaces(struct ctdb_context *ctdb,
>
> i = 0;
> for (cur=ctdb->ifaces;cur;cur=cur->next) {
> - strcpy(ifaces->ifaces[i].name, cur->name);
> + size_t nlen = strlcpy(ifaces->ifaces[i].name, cur->name,
> + sizeof(ifaces->ifaces[i].name));
> + if (nlen >= sizeof(ifaces->ifaces[i].name)) {
> + /* Ignore invalid name */
> + continue;
> + }
> ifaces->ifaces[i].link_state = cur->link_up;
> ifaces->ifaces[i].references = cur->references;
> i++;
> --
> 1.9.1
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150326/a839929d/attachment.pgp>
More information about the samba-technical
mailing list