[Freeipa-devel] [PATCHES 0005-0011] Fix some of the defects reported by covscan on freeipa-master
Martin Babinsky
mbabinsk at redhat.com
Wed Jan 28 12:06:32 UTC 2015
On 01/28/2015 12:11 PM, Alexander Bokovoy wrote:
> On Wed, 28 Jan 2015, Martin Babinsky wrote:
>>>> can you pick this up as the way to fix this coverity issue ?
>>>>
>>>> Simo.
>>>>
>>> Yes I will try to implement it and post all the updates ASAP.
>>>
>>
>> I have tried to incorporate Alexander's patch to the
>> 'ipa_kdb_principals.c'. However covscan is still not happy about it
>> and reports FORWARD_NULL defect:
>>
>> """
>> Error: FORWARD_NULL (CWE-476):
>> freeipa-4.1.99.201501280935GITbeaceb7/daemons/ipa-kdb/ipa_kdb_principals.c:1926:
>> assign_zero: Assigning: "principal" = "NULL".
>> freeipa-4.1.99.201501280935GITbeaceb7/daemons/ipa-kdb/ipa_kdb_principals.c:1974:
>> var_deref_model: Passing null pointer "principal" to
>> "ipadb_entry_to_mods", which dereferences it.
>> freeipa-4.1.99.201501280935GITbeaceb7/daemons/ipa-kdb/ipa_kdb_principals.c:1525:9:
>> deref_parm_in_call: Function "ipadb_get_ldap_mod_str" dereferences
>> "principal".
>> freeipa-4.1.99.201501280935GITbeaceb7/daemons/ipa-kdb/ipa_kdb_principals.c:1174:5:
>> deref_parm_in_call: Function "strdup" dereferences "value".
>> """
>>
>> Should I keep the changes and add annotation marking it as false
>> positive?
> You actually missed part of my patch which removed 'principal' argument
> of ipadb_entry_to_mods(). When 'principal' processing is moved to a
> separate function, 'principal' is not needed anymore in the
> ipadb_entry_to_mods() and thus can be removed. I didn't finish removing
> the actual code for the KMASK_PRINCIPAL from the ipadb_entry_to_mods()
> and this is what Simo called is 'incomplete' in my patch.
>
> Removing it would remove errors reported by covscan.
>
>
Oh I'm sorry Alexander, looks like my ability to comprehend written text
"excels" today.
I'm attaching the updated patch. This one really fixes the defect. If
it's OK then I will once again send the whole series of patches
(including updated ones) for review.
--
Martin^3 Babinsky
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbabinsk-0007-4-proposed-fix-to-a-defect-reported-in-ipa_kdb_princip.patch
Type: text/x-patch
Size: 5376 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150128/2b88cadc/attachment.bin>
More information about the Freeipa-devel
mailing list