November 2011 - 389-commits - Fedora Mailing-Lists

by Richard Allen Megginson

ldap/admin/src/scripts/DSUpdate.pm.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) New commits: commit 88450a966bbae99d6a7798d089ec3627e9bd3e5a Author: Rich Megginson <rmeggins(a)redhat.com> Date: Fri Nov 4 15:47:36 2011 -0600 Bug 751495 - 'setup-ds.pl -u' fails with undefined routine 'updateSystemD' https://bugzilla.redhat.com/show_bug.cgi?id=751495 Resolves: bug 751495 Bug Description: 'setup-ds.pl -u' fails with undefined routine 'updateSystemD' Reviewed by: nkinder (Thanks!) Branch: master Fix Description: needed to import that function from DSCreate Platforms tested: RHEL6 x86_64, Fedora 15 Flag Day: no Doc impact: no diff --git a/ldap/admin/src/scripts/DSUpdate.pm.in b/ldap/admin/src/scripts/DSUpdate.pm.in index db93c49..f1ab1b1 100644 --- a/ldap/admin/src/scripts/DSUpdate.pm.in +++ b/ldap/admin/src/scripts/DSUpdate.pm.in @@ -48,7 +48,7 @@ use DSUtil; use Inf; use FileConn; use DSCreate qw(setDefaults createInstanceScripts makeOtherConfigFiles - makeDSDirs updateSelinuxPolicy updateTmpfilesDotD); + makeDSDirs updateSelinuxPolicy updateTmpfilesDotD updateSystemD); use File::Basename qw(basename dirname);

12 years, 1 month

1
0
0 / 0

ldap/servers

by Noriko Hosoi

ldap/servers/slapd/opshared.c | 1 - 1 file changed, 1 deletion(-) New commits: commit 9b2d8f76e8d67c108cde54db46184901e76d6090 Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Fri Nov 4 09:54:17 2011 -0700 Bug 750625 - Fix Coverity (11066-3) Unused pointer value https://bugzilla.redhat.com/show_bug.cgi?id=750625 slapd/opshared.c (op_shared_search) Bug Description: A pointer "normbase" returned by "slapi_sdn_get_ dn(sdn)" is never used. Fix description: removing the line that normbase is set. diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c index f475b9d..ff17cd9 100644 --- a/ldap/servers/slapd/opshared.c +++ b/ldap/servers/slapd/opshared.c @@ -533,7 +533,6 @@ op_shared_search (Slapi_PBlock *pb, int send_result) basesdn = slapi_sdn_dup(sdn); operation_set_target_spec (pb->pb_op, basesdn); } - normbase = slapi_sdn_get_dn(sdn); break; case -1:

12 years, 1 month

1
0
0 / 0

5 commits - ldap/servers

by Noriko Hosoi

ldap/servers/plugins/automember/automember.c | 5 ++ ldap/servers/plugins/chainingdb/cb_bind.c | 64 ++++++++++++++------------- ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c | 38 ++++++++-------- ldap/servers/slapd/dn.c | 4 + ldap/servers/slapd/opshared.c | 1 5 files changed, 62 insertions(+), 50 deletions(-) New commits: commit 9a7c2da4a9117d0f03dbcfe2895961c80b99f4f6 Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Thu Nov 3 11:32:52 2011 -0700 Bug 750625 - Fix Coverity (12196) Dereference before null check https://bugzilla.redhat.com/show_bug.cgi?id=750625 slapd/back-ldbm/ldbm_entryrdn.c (entryrdn_lookup_dn) Bug Description: Dreferencing "db" before a null check. Fix Description: Adding a check if the variable "db" returned from _entryrdn_open_index is NULL or not. If NULL, it returns or goto bail there. diff --git a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c index 1573f1f..2b9115a 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c @@ -205,7 +205,7 @@ entryrdn_index_entry(backend *be, int flags, /* BE_INDEX_ADD or BE_INDEX_DEL */ back_txn *txn) { - int rc = 0; + int rc = -1; struct attrinfo *ai = NULL; DB *db = NULL; DBC *cursor = NULL; @@ -219,12 +219,11 @@ entryrdn_index_entry(backend *be, slapi_log_error(SLAPI_LOG_FATAL, ENTRYRDN_TAG, "entryrdn_index_entry: Param error: Empty %s\n", NULL==be?"backend":NULL==e?"entry":"unknown"); - rc = -1; - goto bail; + return rc; } /* Open the entryrdn index */ rc = _entryrdn_open_index(be, &ai, &db); - if (rc) { + if (rc || (NULL == db)) { slapi_log_error(SLAPI_LOG_FATAL, ENTRYRDN_TAG, "entryrdn_index_entry: Opening the index failed: " "%s(%d)\n", @@ -347,11 +346,12 @@ entryrdn_index_read(backend *be, /* Open the entryrdn index */ rc = _entryrdn_open_index(be, &ai, &db); - if (rc) { + if (rc || (NULL == db)) { slapi_log_error(SLAPI_LOG_FATAL, ENTRYRDN_TAG, "entryrdn_index_read: Opening the index failed: " "%s(%d)\n", rc<0?dblayer_strerror(rc):"Invalid parameter", rc); + db = NULL; goto bail; } @@ -508,11 +508,12 @@ entryrdn_rename_subtree(backend *be, /* Open the entryrdn index */ rc = _entryrdn_open_index(be, &ai, &db); - if (rc) { + if (rc || (NULL == db)) { slapi_log_error(SLAPI_LOG_FATAL, ENTRYRDN_TAG, "entryrdn_rename_subtree: Opening the index failed: " "%s(%d)\n", rc<0?dblayer_strerror(rc):"Invalid parameter", rc); + db = NULL; return rc; } @@ -915,11 +916,12 @@ entryrdn_get_subordinates(backend *be, /* Open the entryrdn index */ rc = _entryrdn_open_index(be, &ai, &db); - if (rc) { + if (rc || (NULL == db)) { slapi_log_error(SLAPI_LOG_FATAL, ENTRYRDN_TAG, "entryrdn_get_subordinates: Opening the index failed: " "%s(%d)\n", rc<0?dblayer_strerror(rc):"Invalid parameter", rc); + db = NULL; goto bail; } @@ -1003,7 +1005,7 @@ entryrdn_lookup_dn(backend *be, char **dn, back_txn *txn) { - int rc = 0; + int rc = -1; struct attrinfo *ai = NULL; DB *db = NULL; DBC *cursor = NULL; @@ -1032,7 +1034,7 @@ entryrdn_lookup_dn(backend *be, *dn = NULL; /* Open the entryrdn index */ rc = _entryrdn_open_index(be, &ai, &db); - if (rc) { + if (rc || (NULL == db)) { slapi_log_error(SLAPI_LOG_FATAL, ENTRYRDN_TAG, "entryrdn_lookup_dn: Opening the index failed: " "%s(%d)\n", @@ -1146,9 +1148,8 @@ bail: dblayer_strerror(myrc), myrc); } } - if (db) { - dblayer_release_index_file(be, ai, db); - } + /* it is guaranteed that db is not NULL. */ + dblayer_release_index_file(be, ai, db); slapi_rdn_free(&srdn); slapi_ch_free_string(&nrdn); slapi_ch_free_string(&keybuf); @@ -1173,7 +1174,7 @@ entryrdn_get_parent(backend *be, ID *pid, back_txn *txn) { - int rc = 0; + int rc = -1; struct attrinfo *ai = NULL; DB *db = NULL; DBC *cursor = NULL; @@ -1197,14 +1198,14 @@ entryrdn_get_parent(backend *be, NULL==be?"backend":NULL==rdn?"rdn":0==id?"id": NULL==rdn?"rdn container": NULL==pid?"pid":"unknown"); - goto bail; + return rc; } *prdn = NULL; *pid = 0; /* Open the entryrdn index */ rc = _entryrdn_open_index(be, &ai, &db); - if (rc) { + if (rc || (NULL == db)) { slapi_log_error(SLAPI_LOG_FATAL, ENTRYRDN_TAG, "entryrdn_get_parent: Opening the index failed: " "%s(%d)\n", @@ -1294,9 +1295,8 @@ bail: dblayer_strerror(rc), rc); } } - if (db) { - dblayer_release_index_file(be, ai, db); - } + /* it is guaranteed that db is not NULL. */ + dblayer_release_index_file(be, ai, db); slapi_log_error(SLAPI_LOG_TRACE, ENTRYRDN_TAG, "<-- entryrdn_get_parent\n"); return rc; @@ -1414,6 +1414,8 @@ _entryrdn_open_index(backend *be, struct attrinfo **ai, DB **dbp) NULL==dbp?"db container":"unknown"); goto bail; } + *ai = NULL; + *dbp = NULL; /* Open the entryrdn index */ ainfo_get(be, LDBM_ENTRYRDN_STR, ai); if (NULL == *ai) { commit 68abfd6d81e6f3dcf40409c528abe6791e8b82d9 Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Thu Nov 3 11:45:58 2011 -0700 Bug 750625 - Fix Coverity (12195) Dereference after null check https://bugzilla.redhat.com/show_bug.cgi?id=750625 slapd/dn.c (slapi_dn_normalize_ext) Bug Description: Dereferencing null variable "dest_len". Missed to check the NULL possibility of the argument "dest_len" to return the normalized dn size. Fix Description: Assinging 0 to "*dest_len" only when "dest_len" is not NULL. diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c index 2b0b338..ec92790 100644 --- a/ldap/servers/slapd/dn.c +++ b/ldap/servers/slapd/dn.c @@ -1080,7 +1080,9 @@ bail: *dest = NULL; } } - *dest_len = 0; + if (dest_len != NULL) { + *dest_len = 0; + } } else if (d && rc > 0) { /* We terminate the str with NULL only when we allocate the str */ *d = '\0'; commit dcb6ad7d9ca65a4e60ffd24d00287ca144ca6310 Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Thu Nov 3 10:01:32 2011 -0700 Bug 750625 - Fix Coverity (11066-2) Unused pointer value https://bugzilla.redhat.com/show_bug.cgi?id=750625 slapd/opshared.c (op_shared_search) Bug Description: A pointer "normbase" returned by "slapi_sdn_get_ dn(sdn)" is never used. Fix description: removing the line that normbase is set. diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c index bf6b016..f475b9d 100644 --- a/ldap/servers/slapd/opshared.c +++ b/ldap/servers/slapd/opshared.c @@ -679,7 +679,6 @@ op_shared_search (Slapi_PBlock *pb, int send_result) slapi_sdn_free(&sdn); sdn = slapi_sdn_dup(be_suffix); slapi_pblock_set(pb, SLAPI_SEARCH_TARGET_SDN, (void *)sdn); - normbase = slapi_sdn_get_dn(sdn); } else if (slapi_sdn_issuffix(basesdn, be_suffix)) { commit 92a3f9920211ec66bbe531cf3ba1d3e77abca34b Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Thu Nov 3 10:08:26 2011 -0700 Bug 750625 - Fix Coverity (11062) Resource leak https://bugzilla.redhat.com/show_bug.cgi?id=750625 plugins/chainingdb/cb_bind.c (chainingdb_bind) Bug Description: Variable "sdn" going out of scope leaks the storage it points to. If SLAPI_BIND_TARGET_SDN is not given (anonymous bind) to cb_bind, sizeof(Slapi_DN) leaks. Fix Description: Free sdn if the structure Slapi_DN is locally allocated. diff --git a/ldap/servers/plugins/chainingdb/cb_bind.c b/ldap/servers/plugins/chainingdb/cb_bind.c index edc45f3..18e526a 100644 --- a/ldap/servers/plugins/chainingdb/cb_bind.c +++ b/ldap/servers/plugins/chainingdb/cb_bind.c @@ -238,6 +238,7 @@ chainingdb_bind( Slapi_PBlock *pb ) Slapi_Backend *be; const char *dn = NULL; Slapi_DN *sdn = NULL; + Slapi_DN *mysdn = NULL; int method; struct berval *creds, **urls; char *matcheddn,*errmsg; @@ -246,20 +247,20 @@ chainingdb_bind( Slapi_PBlock *pb ) int freectrls=1; int bind_retry; - if ( LDAP_SUCCESS != (rc = cb_forward_operation(pb) )) { - cb_send_ldap_result( pb, rc, NULL, "Chaining forbidden", 0, NULL ); - return SLAPI_BIND_FAIL; - } + if ( LDAP_SUCCESS != (rc = cb_forward_operation(pb) )) { + cb_send_ldap_result( pb, rc, NULL, "Chaining forbidden", 0, NULL ); + return SLAPI_BIND_FAIL; + } ctrls=NULL; /* don't add proxy auth control. use this call to check for supported */ /* controls only. */ - if ( LDAP_SUCCESS != ( rc = cb_update_controls( pb, NULL, &ctrls, 0 )) ) { - cb_send_ldap_result( pb, rc, NULL, NULL, 0, NULL ); + if ( LDAP_SUCCESS != ( rc = cb_update_controls( pb, NULL, &ctrls, 0 )) ) { + cb_send_ldap_result( pb, rc, NULL, NULL, 0, NULL ); if (ctrls) ldap_controls_free(ctrls); - return SLAPI_BIND_FAIL; - } + return SLAPI_BIND_FAIL; + } if (ctrls) ldap_controls_free(ctrls); @@ -272,30 +273,32 @@ chainingdb_bind( Slapi_PBlock *pb ) cb = cb_get_instance(be); if ( NULL == sdn ) { - sdn = slapi_sdn_new_ndn_byval(""); + sdn = mysdn = slapi_sdn_new_ndn_byval(""); } dn = slapi_sdn_get_ndn(sdn); - /* always allow noauth simple binds */ - if (( method == LDAP_AUTH_SIMPLE) && creds->bv_len == 0 ) { - return( SLAPI_BIND_ANONYMOUS ); - } + /* always allow noauth simple binds */ + if (( method == LDAP_AUTH_SIMPLE) && creds->bv_len == 0 ) { + slapi_sdn_free(&mysdn); + return( SLAPI_BIND_ANONYMOUS ); + } - cb_update_monitor_info(pb,cb,SLAPI_OPERATION_BIND); + cb_update_monitor_info(pb,cb,SLAPI_OPERATION_BIND); matcheddn=errmsg=NULL; - allocated_errmsg = 0; + allocated_errmsg = 0; resctrls=NULL; urls=NULL; /* Check wether the chaining BE is available or not */ - if ( cb_check_availability( cb, pb ) == FARMSERVER_UNAVAILABLE ){ - return -1; - } + if ( cb_check_availability( cb, pb ) == FARMSERVER_UNAVAILABLE ){ + slapi_sdn_free(&mysdn); + return -1; + } - slapi_rwlock_rdlock(cb->rwl_config_lock); + slapi_rwlock_rdlock(cb->rwl_config_lock); bind_retry=cb->bind_retry; - slapi_rwlock_unlock(cb->rwl_config_lock); + slapi_rwlock_unlock(cb->rwl_config_lock); rc = cb_sasl_bind_s(pb, cb->bind_pool, bind_retry, dn, method, mechanism, creds, reqctrls, &matcheddn, &errmsg, @@ -322,17 +325,18 @@ chainingdb_bind( Slapi_PBlock *pb ) } } - if ( urls != NULL ) { - cb_free_bervals( urls ); - } - if ( freectrls && ( resctrls != NULL )) { - ldap_controls_free( resctrls ); - } - slapi_ch_free((void **)& matcheddn ); - if ( allocated_errmsg && errmsg != NULL ) { - slapi_ch_free((void **)& errmsg ); - } + if ( urls != NULL ) { + cb_free_bervals( urls ); + } + if ( freectrls && ( resctrls != NULL )) { + ldap_controls_free( resctrls ); + } + slapi_ch_free((void **)& matcheddn ); + if ( allocated_errmsg && errmsg != NULL ) { + slapi_ch_free((void **)& errmsg ); + } + slapi_sdn_free(&mysdn); return ((rc == LDAP_SUCCESS ) ? SLAPI_BIND_SUCCESS : SLAPI_BIND_FAIL ); } commit 777673ecf7bf4c6f0d41e18c550dc4d86f7e897b Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Thu Nov 3 09:50:55 2011 -0700 Bug 750625 - Fix Coverity (11055-2) Explicit null dereferenced https://bugzilla.redhat.com/show_bug.cgi?id=750625 plugins/automember/automember.c (automember_pre_op) Bug Description: Passing null variable "e" to function "automember_parse_config_entry", which dereferences it. Missing a check of the NULL possibility of target entry "e" when modop is not a supported op type. Fix Description: If modop is not a supported type, it bails there. diff --git a/ldap/servers/plugins/automember/automember.c b/ldap/servers/plugins/automember/automember.c index 010b5ac..1195a15 100644 --- a/ldap/servers/plugins/automember/automember.c +++ b/ldap/servers/plugins/automember/automember.c @@ -1623,6 +1623,11 @@ automember_pre_op(Slapi_PBlock * pb, int modop) * to let the main server handle it. */ goto bailmod; } + } else { + errstr = slapi_ch_smprintf("automember_pre_op: invalid op type %d", + modop); + ret = LDAP_PARAM_ERROR; + goto bail; } if (automember_parse_config_entry(e, 0) != 0) {

12 years, 1 month

1
0
0 / 0

21 commits - ldap/servers lib/libaccess

by Noriko Hosoi

ldap/servers/plugins/acl/acl.c | 18 +++--- ldap/servers/plugins/acl/aclutil.c | 7 ++ ldap/servers/plugins/automember/automember.c | 5 + ldap/servers/plugins/pam_passthru/pam_ptimpl.c | 1 ldap/servers/plugins/referint/referint.c | 30 +++++++++- ldap/servers/plugins/replication/cl5_config.c | 34 ++++++----- ldap/servers/plugins/replication/repl5_replica_config.c | 2 ldap/servers/slapd/auditlog.c | 46 ++++++++-------- ldap/servers/slapd/back-ldbm/ancestorid.c | 7 +- ldap/servers/slapd/back-ldbm/import-threads.c | 13 +++- ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c | 4 - ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 10 ++- ldap/servers/slapd/dse.c | 5 + ldap/servers/slapd/mapping_tree.c | 4 + ldap/servers/slapd/opshared.c | 1 ldap/servers/slapd/pw.c | 27 +++++---- ldap/servers/slapd/pw_retry.c | 8 ++ ldap/servers/slapd/tools/ldclt/ldapfct.c | 35 ++++++------ lib/libaccess/aclutil.cpp | 13 ++-- lib/libaccess/lasdns.cpp | 8 ++ lib/libaccess/lasgroup.cpp | 10 ++- lib/libaccess/oneeval.cpp | 2 22 files changed, 186 insertions(+), 104 deletions(-) New commits: commit 950712cfcc382fd5966a466d9d312942240aa4f7 Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Wed Nov 2 09:48:01 2011 -0700 Bug 750625 - Fix Coverity (11091) Unchecked return value https://bugzilla.redhat.com/show_bug.cgi?id=750625 slapd/back-ldbm/import-threads.c (index_producer) Bug Description: No check of the return value of "db_create". Fix Description: Adding a checking code for the return value from db_create. diff --git a/ldap/servers/slapd/back-ldbm/import-threads.c b/ldap/servers/slapd/back-ldbm/import-threads.c index e95d32f..eb2cc82 100644 --- a/ldap/servers/slapd/back-ldbm/import-threads.c +++ b/ldap/servers/slapd/back-ldbm/import-threads.c @@ -1148,9 +1148,8 @@ index_producer(void *param) tmp_db->close(tmp_db, 0); rc = db_create(&db, env, 0); if (rc) { - LDAPDebug2Args(LDAP_DEBUG_ANY, - "Creating db handle to rename %s to %s failed.\n", - tmpid2entry, id2entry); + LDAPDebug1Arg(LDAP_DEBUG_ANY, + "Creating db handle to remove %s failed.\n", id2entry); goto bail; } rc = db->remove(db, id2entry, NULL, 0); @@ -1158,7 +1157,13 @@ index_producer(void *param) LDAPDebug1Arg(LDAP_DEBUG_ANY, "Removing %s failed.\n", id2entry); goto bail; } - db_create(&db, env, 0); + rc = db_create(&db, env, 0); + if (rc) { + LDAPDebug2Args(LDAP_DEBUG_ANY, + "Creating db handle to rename %s to %s failed.\n", + tmpid2entry, id2entry); + goto bail; + } rc = db->rename(db, tmpid2entry, NULL, id2entry, 0); if (rc) { LDAPDebug2Args(LDAP_DEBUG_ANY, "Renaming %s to %s failed.\n", commit 1882249170ea2cf7ba683e214cd30a92fada7dfb Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Wed Nov 2 09:43:08 2011 -0700 Bug 750625 - Fix Coverity (11094) Dereference after null check https://bugzilla.redhat.com/show_bug.cgi?id=750625 slapd/dse.c (dse_callback_removefromlist) Bug Description: Passing null variable "filter" to function "strcmpi_fast", which dereferences it. If filter and t->filter have a chance to be NULL, the case should be avoided before passing them to strcasecmp. Fix Description: adding a check if "filter" and "t->filter" are NULL or not. If both are not NULL, they are passed to strcasecmp. If either is NULL and another is not, that is they did not match. diff --git a/ldap/servers/slapd/dse.c b/ldap/servers/slapd/dse.c index 727e999..c4fa333 100644 --- a/ldap/servers/slapd/dse.c +++ b/ldap/servers/slapd/dse.c @@ -334,8 +334,9 @@ dse_callback_removefromlist(struct dse_callback **pplist, int operation, int fla if ((t->operation == operation) && (t->flags == flags) && (t->fn == fn) && (scope == t->scope) && (slapi_sdn_compare(base,t->base) == 0) && - (( NULL == filter && NULL == t->filter ) || - (strcasecmp(filter, t->filter) == 0))) { + ((NULL == filter && NULL == t->filter) || /* both are NULL OR */ + ((filter && t->filter) && /* both are not NULL AND match. */ + (strcasecmp(filter, t->filter) == 0)))) { if (prev == NULL) { *pplist= t->next; } else { commit bc9d890f48c4515162e6fbdd4af485b8649b0035 Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Wed Nov 2 09:37:33 2011 -0700 Bug 750625 - Fix Coverity (11095) Explicit null dereferenced https://bugzilla.redhat.com/show_bug.cgi?id=750625 lib/libaccess/lasdns.cpp (LASDnsEval) Bug Description: LASDnsBuild could fail and context->Table could be left as NULL. Error checking for LASDnsBuild should be added. Fix Description: If LASDnsBuild returns LAS_EVAL_INVALID, return LAS_EVAL_FAIL there. diff --git a/lib/libaccess/lasdns.cpp b/lib/libaccess/lasdns.cpp index 6956878..e4032f1 100644 --- a/lib/libaccess/lasdns.cpp +++ b/lib/libaccess/lasdns.cpp @@ -389,7 +389,13 @@ int LASDnsEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator, return LAS_EVAL_FAIL; } context->Table = NULL; - LASDnsBuild(errp, attr_pattern, context, aliasflg); + if (LASDnsBuild(errp, attr_pattern, context, aliasflg) == + LAS_EVAL_INVALID) { + /* Error is already printed in LASDnsBuild */ + ACL_CritExit(); + return LAS_EVAL_FAIL; + } + /* After this line, it is assured context->Table is not NULL. */ } else { context = (LASDnsContext *) *LAS_cookie; } commit a578520d2c0deb4dc216282ebad29e7f00006d7b Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Wed Nov 2 09:31:30 2011 -0700 Bug 750625 - Fix Coverity (11096) Explicit null dereferenced https://bugzilla.redhat.com/show_bug.cgi?id=750625 lib/libaccess/aclutil.cpp (LASGroupEval) Bug Description: Dereferencing null variable "req_time". Fix Description: Check "req_time" when it's returned from acl_ get_req_time. If it is NULL, return LAS_EVAL_FAIL and it does not go further. Also, adding a check for the malloc failure to acl_get_req_time. diff --git a/lib/libaccess/aclutil.cpp b/lib/libaccess/aclutil.cpp index 77bdf60..baf58c8 100644 --- a/lib/libaccess/aclutil.cpp +++ b/lib/libaccess/aclutil.cpp @@ -247,13 +247,16 @@ time_t *acl_get_req_time (PList_t resource) { time_t *req_time = 0; int rv = PListGetValue(resource, ACL_ATTR_TIME_INDEX, (void **)&req_time, - NULL); + NULL); if (rv < 0) { - req_time = (time_t *)pool_malloc(PListGetPool(resource), sizeof(time_t)); - time(req_time); - PListInitProp(resource, ACL_ATTR_TIME_INDEX, ACL_ATTR_TIME, - (void *)req_time, NULL); + req_time = (time_t *)pool_malloc(PListGetPool(resource), sizeof(time_t)); + if (NULL == req_time) { + return NULL; + } + time(req_time); + PListInitProp(resource, ACL_ATTR_TIME_INDEX, ACL_ATTR_TIME, + (void *)req_time, NULL); } return req_time; diff --git a/lib/libaccess/lasgroup.cpp b/lib/libaccess/lasgroup.cpp index 6e6602a..8cc78cf 100644 --- a/lib/libaccess/lasgroup.cpp +++ b/lib/libaccess/lasgroup.cpp @@ -126,12 +126,14 @@ int LASGroupEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator, return LAS_EVAL_FAIL; } - rv = LAS_EVAL_FALSE; + /* Regardless of cache, req_time needs to be filled. */ + req_time = acl_get_req_time(resource); + if (NULL == req_time) { + return LAS_EVAL_FAIL; + } + rv = LAS_EVAL_FALSE; if (acl_usr_cache_enabled()) { - /* avoid unnecessary system call to get time if cache is disabled */ - req_time = acl_get_req_time(resource); - /* Loop through all the groups and check if any is in the cache */ group = groups; delim = ','; commit bc678280b2609a34800d85dcc6baba39bfb0c2bc Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Tue Nov 1 18:21:09 2011 -0700 Bug 750625 - Fix Coverity (11107) Dereference before null check https://bugzilla.redhat.com/show_bug.cgi?id=750625 plugins/acl/acl.c (acl__resource_match_aci) Bug Description: Dereferencing "aclpb" before a null check. Fix Description: Since there is a chance that passed "aclpb" is NULL, acl__resource_match_aci checks if "aclpb" is NULL or not at the top of the function and if it is, goto acl__resource_match_aci_EXIT. diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c index 0ae1a24..9c3db10 100644 --- a/ldap/servers/plugins/acl/acl.c +++ b/ldap/servers/plugins/acl/acl.c @@ -1985,7 +1985,8 @@ acl__resource_match_aci( Acl_PBlock *aclpb, aci_t *aci, int skip_attrEval, int * struct slapi_filter *f; /* filter */ int rv; /* return value */ - int matches; + /* Assume that resource matches */ + int matches = ACL_TRUE; int attr_matched; int attr_matched_in_targetattrfilters = 0; int dn_matched; @@ -2003,10 +2004,10 @@ acl__resource_match_aci( Acl_PBlock *aclpb, aci_t *aci, int skip_attrEval, int * TNF_PROBE_0_DEBUG(acl__resource_match_aci_start,"ACL",""); - aclpb->aclpb_stat_aclres_matched++; - - /* Assume that resource matches */ - matches = ACL_TRUE; + if (NULL == aclpb) { + matches = ACL_FALSE; + goto acl__resource_match_aci_EXIT; + } /* Figure out if the acl has the correct rights or not */ aci_right = aci->aci_access; @@ -2634,7 +2635,7 @@ acl__resource_match_aci( Acl_PBlock *aclpb, aci_t *aci, int skip_attrEval, int * ** be rare). In that case, just remember it. An entry test rule ** doesn't have "(targetattr)". */ - if (aclpb && (aclpb->aclpb_state & ACLPB_EVALUATING_FIRST_ATTR) && + if ((aclpb->aclpb_state & ACLPB_EVALUATING_FIRST_ATTR) && (!(aci->aci_type & ACI_TARGET_ATTR))) { aclpb->aclpb_state |= ACLPB_FOUND_A_ENTRY_TEST_RULE; } @@ -2653,7 +2654,10 @@ acl__resource_match_aci_EXIT: * even if the aci did not finally match. * All the partial strings will be freed at aclpb * cleanup time. - */ + */ + if (ACL_TRUE == matches) { + aclpb->aclpb_stat_aclres_matched++; + } TNF_PROBE_0_DEBUG(acl__resource_match_aci_end,"ACL",""); commit 4272e8f59c0fc5fb9d6edb4f7af1d9fa348620c4 Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Tue Nov 1 18:14:59 2011 -0700 Bug 750625 - Fix Coverity (11108) Sizeof not portable https://bugzilla.redhat.com/show_bug.cgi?id=750625 lib/libaccess/oneeval.cpp (ACLEvalBuildContext) Bug Description: Passing argument "8UL /* sizeof (PList_t *) */ * ace->expr_term_index" to function "INTsystem_calloc_perm" and then casting the return value to "PList_t *" is suspicious. Did you intend to use "sizeof(PList_t)" instead of "sizeof (PList_t *)"? In this particular case sizeof(PList_t *) happens to be equal to sizeof(PList_t), but this is not a portable assumption. Fix Description: replace sizeof(PList_t *) with sizesof(PList_t). Note: PList_t is typedef of (PListStruct_t *). I.e., sizeof(PList_t) and sizeof(PList_t *) are identical. Therefore, this is not a major problem at all. diff --git a/lib/libaccess/oneeval.cpp b/lib/libaccess/oneeval.cpp index f3283b6..eff4e10 100644 --- a/lib/libaccess/oneeval.cpp +++ b/lib/libaccess/oneeval.cpp @@ -463,7 +463,7 @@ ACLEvalBuildContext( if (rv > 0) { /* First one for this ACE? */ if (!new_ace->autharray) { - new_ace->autharray = (PList_t *)PERM_CALLOC(sizeof(PList_t *) * ace->expr_term_index); + new_ace->autharray = (PList_t *)PERM_CALLOC(sizeof(PList_t) * ace->expr_term_index); if (!new_ace->autharray) { nserrGenerate(errp, ACLERRNOMEM, ACLERR4040, ACL_Program, 1, XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAuthPointerArray)); goto error; commit 9265113fa31adfc13cf2e30d4f362e25ada15582 Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Tue Nov 1 18:12:50 2011 -0700 Bug 750625 - Fix Coverity (11109, 11110, 11111) Uninitialized pointer read https://bugzilla.redhat.com/show_bug.cgi?id=750625 plugins/replication/cl5_config.c (changelog5_read_config) Bug Description: Using uninitialized value "config.dir". changelog config is set with the changelog config entry in changelog5_read_config. If the search for the config entry succeeds but there's no entry returned (actually, there is no such case, though), the config structure is not initialized. Fix Description: if changelog config entry search is success and no entry is returned, initialize the config structure with NULLs. diff --git a/ldap/servers/plugins/replication/cl5_config.c b/ldap/servers/plugins/replication/cl5_config.c index 09c5eca..980cb7f 100644 --- a/ldap/servers/plugins/replication/cl5_config.c +++ b/ldap/servers/plugins/replication/cl5_config.c @@ -125,29 +125,35 @@ int changelog5_read_config (changelog5Config *config) int rc = LDAP_SUCCESS; Slapi_PBlock *pb; - pb = slapi_pblock_new (); - slapi_search_internal_set_pb (pb, CONFIG_BASE, LDAP_SCOPE_BASE, CONFIG_FILTER, NULL, 0, NULL, - NULL, repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0); + pb = slapi_pblock_new (); + slapi_search_internal_set_pb (pb, CONFIG_BASE, LDAP_SCOPE_BASE, + CONFIG_FILTER, NULL, 0, NULL, NULL, + repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0); slapi_search_internal_pb (pb); - slapi_pblock_get( pb, SLAPI_PLUGIN_INTOP_RESULT, &rc ); - if ( LDAP_SUCCESS == rc ) + slapi_pblock_get( pb, SLAPI_PLUGIN_INTOP_RESULT, &rc ); + if ( LDAP_SUCCESS == rc ) { - Slapi_Entry **entries = NULL; - slapi_pblock_get( pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries ); - if ( NULL != entries && NULL != entries[0]) + Slapi_Entry **entries = NULL; + slapi_pblock_get( pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries ); + if ( NULL != entries && NULL != entries[0]) { - /* Extract the config info from the changelog entry */ + /* Extract the config info from the changelog entry */ changelog5_extract_config(entries[0], config); - } - } + } + else + { + memset (config, 0, sizeof (*config)); + rc = LDAP_SUCCESS; + } + } else { memset (config, 0, sizeof (*config)); - rc = LDAP_SUCCESS; + rc = LDAP_SUCCESS; } - slapi_free_search_results_internal(pb); - slapi_pblock_destroy(pb); + slapi_free_search_results_internal(pb); + slapi_pblock_destroy(pb); return rc; } commit 46d55a49e4137cbbf430246046f816aa957049ed Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Tue Nov 1 18:09:37 2011 -0700 Bug 750625 - Fix Coverity (11112) Uninitialized pointer read https://bugzilla.redhat.com/show_bug.cgi?id=750625 plugins/replication/repl5_replica_config.c (replica_execute_ldif2cl_task) Bug Description: Using uninitialized "config.dir" when calling "cl5Open". config.dir is set in changelog5_extract_config. If any error such as fail to read changelog config entry, NULL is set and following cl5Open fails. Fix Description: check if config.dir is NULL or not in error logging. diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c index eb23c21..e0e11e9 100644 --- a/ldap/servers/plugins/replication/repl5_replica_config.c +++ b/ldap/servers/plugins/replication/repl5_replica_config.c @@ -1052,7 +1052,7 @@ static int replica_execute_ldif2cl_task (Object *r, char *returntext) { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "replica_execute_ldif2cl_task: failed to start changelog at %s\n", - config.dir); + config.dir?config.dir:"null config dir"); rc = LDAP_OPERATIONS_ERROR; } bail: commit 3b58c25ccfb4de60ca9c928874e0d68418011524 Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Tue Nov 1 18:06:54 2011 -0700 Bug 750625 - Fix Coverity (11113) Uninitialized pointer read https://bugzilla.redhat.com/show_bug.cgi?id=750625 slapd/auditlog.c (write_audit_log_entry) Bug Description: Using uninitialized value "change" when calling "write_audit_file". If it is not a supported operation type, no need to log it in the audit log. Fix Description: Once it's determined as an unsupported operation type, return without calling write_audit_file. diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c index d000550..0128f2f 100644 --- a/ldap/servers/slapd/auditlog.c +++ b/ldap/servers/slapd/auditlog.c @@ -66,37 +66,39 @@ write_audit_log_entry( Slapi_PBlock *pb ) Slapi_DN *sdn; const char *dn; void *change; - int flag = 0; - Operation *op; + int flag = 0; + Operation *op; - /* if the audit log is not enabled, just skip all of - this stuff */ - if (!config_get_auditlog_logging_enabled()) { - return; - } + /* if the audit log is not enabled, just skip all of + this stuff */ + if (!config_get_auditlog_logging_enabled()) { + return; + } - slapi_pblock_get( pb, SLAPI_OPERATION, &op ); + slapi_pblock_get( pb, SLAPI_OPERATION, &op ); slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn ); - dn = slapi_sdn_get_dn(sdn); switch ( operation_get_type(op) ) - { + { case SLAPI_OPERATION_MODIFY: - slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &change ); - break; + slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &change ); + break; case SLAPI_OPERATION_DELETE: - { - char * deleterDN = NULL; - slapi_pblock_get(pb, SLAPI_REQUESTOR_DN, &deleterDN); - change = deleterDN; - } - break; - + { + char * deleterDN = NULL; + slapi_pblock_get(pb, SLAPI_REQUESTOR_DN, &deleterDN); + change = deleterDN; + } + break; + case SLAPI_OPERATION_MODDN: - slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &change ); - slapi_pblock_get( pb, SLAPI_MODRDN_DELOLDRDN, &flag ); - break; + slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &change ); + slapi_pblock_get( pb, SLAPI_MODRDN_DELOLDRDN, &flag ); + break; + default: + return; /* Unsupported operation type. */ } curtime = current_time(); + dn = slapi_sdn_get_dn(sdn); write_audit_file( operation_get_type(op), dn, change, flag, curtime ); } commit 558cc6e401055c24edb2d375726c9338c6d15b8a Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Tue Nov 1 18:04:21 2011 -0700 Bug 750625 - Fix Coverity (11114, 11115) Uninitialized value use https://bugzilla.redhat.com/show_bug.cgi?id=750625 slapd/back-ldbm/ancestorid.c (ldbm_ancestorid_index_update) Bug Description: Uninitialized "sdn" and "nextsdn" when calling "slapi_sdn_done". Variable "sdn" and "nextsdn" should have been initialized before any chances to goto "out". Fix Description: initialize "sdn" and "nextsdn" before the first "goto out". diff --git a/ldap/servers/slapd/back-ldbm/ancestorid.c b/ldap/servers/slapd/back-ldbm/ancestorid.c index 15fb7e0..2f32f8f 100644 --- a/ldap/servers/slapd/back-ldbm/ancestorid.c +++ b/ldap/servers/slapd/back-ldbm/ancestorid.c @@ -725,6 +725,9 @@ static int ldbm_ancestorid_index_update( int err = 0, ret = 0; DB_TXN *db_txn = txn != NULL ? txn->back_txn_txn : NULL; + slapi_sdn_init(&sdn); + slapi_sdn_init(&nextsdn); + /* Open the ancestorid index */ ainfo_get(be, LDBM_ANCESTORID_STR, &ai); ret = dblayer_get_index_file(be, ai, &db, DBOPEN_CREATE); @@ -733,8 +736,6 @@ static int ldbm_ancestorid_index_update( goto out; } - slapi_sdn_init(&sdn); - slapi_sdn_init(&nextsdn); slapi_sdn_copy(low, &sdn); if (include_low == 0) { @@ -819,7 +820,7 @@ static int ldbm_ancestorid_index_update( } while (ret == 0); - out: +out: slapi_sdn_done(&sdn); slapi_sdn_done(&nextsdn); commit c92ba0b22a1b6d0f468a12ff4cf045c7e313dc3a Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Tue Nov 1 18:02:09 2011 -0700 Bug 750625 - Fix Coverity (11116) Uninitialized pointer read https://bugzilla.redhat.com/show_bug.cgi?id=750625 slapd/back-ldbm/ldbm_entryrdn.c (entryrdn_lookup_dn) Bug Description: Using uninitialized "data.data" when calling "slapi_ch_free". If invalid NULL arguments or invalid DN is passed or opening cursor failed, uninitialized data.data is freed. Fix Description: initialize data if there is a chance to call slapi_ch_free. diff --git a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c index 54f22a3..1573f1f 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c @@ -1026,7 +1026,7 @@ entryrdn_lookup_dn(backend *be, "entryrdn_lookup_dn: Param error: Empty %s\n", NULL==be?"backend":NULL==rdn?"rdn":0==id?"id": NULL==dn?"dn container":"unknown"); - goto bail; + return rc; } *dn = NULL; @@ -1040,6 +1040,7 @@ entryrdn_lookup_dn(backend *be, return rc; } + memset(&data, 0, sizeof(data)); /* Make a cursor */ rc = db->cursor(db, db_txn, &cursor, 0); if (rc) { @@ -1064,7 +1065,6 @@ entryrdn_lookup_dn(backend *be, } /* Setting the bulk fetch buffer */ - memset(&data, 0, sizeof(data)); data.flags = DB_DBT_MALLOC; do { commit 3ee18083403cc8307ddecbb4abba48c62dad8475 Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Tue Nov 1 18:00:13 2011 -0700 Bug 750625 - Fix Coverity (11117) Uninitialized pointer read https://bugzilla.redhat.com/show_bug.cgi?id=750625 slapd/tools/ldclt/ldapfct.c (getPending) Bug Description: Using uninitialized value "verb" when calling "printf". Fix Description: If the mode is not the supported operations, getPending immediately return instead of going forward. diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c index 4d58d88..fd291bb 100644 --- a/ldap/servers/slapd/tools/ldclt/ldapfct.c +++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c @@ -2348,24 +2348,25 @@ getPending ( expected = LDAP_RES_ADD; verb = "ldap_add"; } + else if (tttctx->mode & DELETE_ENTRIES) + { + expected = LDAP_RES_DELETE; + verb = "ldap_delete"; + } + else if (tttctx->mode & RENAME_ENTRIES) + { + expected = LDAP_RES_MODRDN; + verb = "ldap_rename"; + } + else if (tttctx->mode & ATTR_REPLACE) /*JLS 21-11-00*/ + { + expected = LDAP_RES_MODIFY; /*JLS 21-11-00*/ + verb = "ldap_modify"; /*JLS 21-11-00*/ + } else - if (tttctx->mode & DELETE_ENTRIES) - { - expected = LDAP_RES_DELETE; - verb = "ldap_delete"; - } - else - if (tttctx->mode & RENAME_ENTRIES) - { - expected = LDAP_RES_MODRDN; - verb = "ldap_rename"; - } - else /*JLS 21-11-00*/ - if (tttctx->mode & ATTR_REPLACE) /*JLS 21-11-00*/ - { /*JLS 21-11-00*/ - expected = LDAP_RES_MODIFY; /*JLS 21-11-00*/ - verb = "ldap_modify"; /*JLS 21-11-00*/ - } /*JLS 21-11-00*/ + { + return (-1); + } /* * Here, we are in asynchronous mode... commit 003812911f56619f0db58ba627037644fb0f68fb Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Tue Nov 1 17:52:03 2011 -0700 Bug 750625 - Fix Coverity (11054) Dereference after null check https://bugzilla.redhat.com/show_bug.cgi?id=750625 slapd/pw.c (new_passwdPolicy) Bug Description: Passing null variable "pb" to function "get_entry", which dereferences it. Fix Description: if NULL pblock is passed, new_passworPolicy does not go forward, but returns immediately. diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c index 8138d05..ed8d2c8 100644 --- a/ldap/servers/slapd/pw.c +++ b/ldap/servers/slapd/pw.c @@ -343,20 +343,21 @@ pw_encodevals_ext( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals ) passwdPolicy *pwpolicy=NULL; char *(*pws_enc) ( char *pwd ) = NULL; - if ( vals == NULL ) { + if ( (NULL == pb) || (NULL == vals) ) { return( 0 ); } /* new_passwdPolicy gives us a local policy if sdn and pb are set and can be used to find a local policy, else we get the global policy */ - pwpolicy = new_passwdPolicy(pb, sdn ? (char*)slapi_sdn_get_ndn(sdn) : NULL ); + pwpolicy = new_passwdPolicy(pb, sdn ? (char*)slapi_sdn_get_ndn(sdn) : NULL); + if (pwpolicy) { + if (pwpolicy->pw_storagescheme) { + pws_enc = pwpolicy->pw_storagescheme->pws_enc; + } - if (pwpolicy->pw_storagescheme) { - pws_enc = pwpolicy->pw_storagescheme->pws_enc; + delete_passwdPolicy(&pwpolicy); } - delete_passwdPolicy(&pwpolicy); - /* Password scheme encryption function was not found */ if ( pws_enc == NULL ) { return( 0 ); @@ -1527,19 +1528,23 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn) char ebuf[ BUFSIZ ]; int optype = -1; + /* RFE - is there a way to make this work for non-existent entries + * when we don't pass in pb? We'll need to do this if we add support + * for password policy plug-ins. */ + if (NULL == pb) { + LDAPDebug0Args(LDAP_DEBUG_ANY, + "new_passwdPolicy: NULL pblock was passed.\n"); + return NULL; + } slapdFrontendConfig = getFrontendConfig(); pwdpolicy = (passwdPolicy *)slapi_ch_calloc(1, sizeof(passwdPolicy)); - if (pb) { - slapi_pblock_get( pb, SLAPI_OPERATION_TYPE, &optype ); - } + slapi_pblock_get( pb, SLAPI_OPERATION_TYPE, &optype ); if (dn && (slapdFrontendConfig->pwpolicy_local == 1)) { /* If we're doing an add, COS does not apply yet so we check parents for the pwdpolicysubentry. We look only for virtual attributes, because real ones are for single-target policy. */ - /* NGK - is there a way to make this work for non-existent entries when we don't pass in pb? We'll - * need to do this if we add support for password policy plug-ins. */ if (optype == SLAPI_OPERATION_ADD) { char *parentdn = slapi_ch_strdup(dn); char *nextdn = NULL; commit 0ae39ce5b3050d49005d632ed420d8c80e834b7e Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Tue Nov 1 17:49:39 2011 -0700 Bug 750625 - Fix Coverity (11055) Explicit null dereferenced https://bugzilla.redhat.com/show_bug.cgi?id=750625 plugins/automember/automember.c (automember_pre_op) Bug Description: Passing null variable "e" to function "automember_parse_config_entry", which dereferences it. Missing a check of the NULL possibility of target entry "e". Fix Description: Check if "e" is NULL or not. If it is, goto "bail". diff --git a/ldap/servers/plugins/automember/automember.c b/ldap/servers/plugins/automember/automember.c index 89ed1da..010b5ac 100644 --- a/ldap/servers/plugins/automember/automember.c +++ b/ldap/servers/plugins/automember/automember.c @@ -1593,6 +1593,11 @@ automember_pre_op(Slapi_PBlock * pb, int modop) if (LDAP_CHANGETYPE_ADD == modop) { slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &e); + /* If the entry doesn't exist, just bail and + * let the server handle it. */ + if (e == NULL) { + goto bail; + } } else if (LDAP_CHANGETYPE_MODIFY == modop) { /* Fetch the entry being modified so we can * create the resulting entry for validation. */ commit e8a685f2c4f0227cf96e246799ed14ec6d71b30f Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Tue Nov 1 17:45:35 2011 -0700 Bug 750625 - Fix Coverity (11057) Dereference null return value https://bugzilla.redhat.com/show_bug.cgi?id=750625 plugins/acl/aclutil.c (aclutil_expand_paramString) Bug Description: Dereferencing a null pointer "a_dns". Missing a check of the NULL possibilities for slapi_entry_get_ndn(e), str and their exploded results. Fix Description: check if slapi_entry_get_ndn(e), str and their exploded values are NULL or not. If any of the values are NULL, it does not go further, but returns. diff --git a/ldap/servers/plugins/acl/aclutil.c b/ldap/servers/plugins/acl/aclutil.c index d572911..2f24da3 100644 --- a/ldap/servers/plugins/acl/aclutil.c +++ b/ldap/servers/plugins/acl/aclutil.c @@ -555,9 +555,14 @@ aclutil_expand_paramString ( char *str, Slapi_Entry *e ) int rc = -1; char *buf = NULL; - + if ((NULL == slapi_entry_get_ndn ( e )) || (NULL == str)) { + return NULL; + } e_dns = slapi_ldap_explode_dn ( slapi_entry_get_ndn ( e ), 0 ); a_dns = slapi_ldap_explode_dn ( str, 0 ); + if ((NULL == e_dns) || (NULL == a_dns)) { + goto cleanup; + } i = 0; ncomponents = 0; commit 4cb3e1d280133d47919b11e52d33b8d375f2d459 Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Tue Nov 1 17:00:15 2011 -0700 Bug 750625 - Fix Coverity (11058, 11059) Dereference null return value https://bugzilla.redhat.com/show_bug.cgi?id=750625 plugins/referint/referint.c (_update_one_per_mod, _update_all_per_mod) Bug Description: Dereferencing a null pointer "dnParts". Missing a check of the NULL possibilities for origDN and exploded origDN. Fix Description: check if origDN and dnParts are NULL or not. If NULL, it does not go forward, but goto bail. diff --git a/ldap/servers/plugins/referint/referint.c b/ldap/servers/plugins/referint/referint.c index 57ee6df..9c655ca 100644 --- a/ldap/servers/plugins/referint/referint.c +++ b/ldap/servers/plugins/referint/referint.c @@ -394,8 +394,19 @@ _update_one_per_mod(Slapi_DN *entrySDN, /* DN of the searched entry */ int nval = 0; Slapi_Value *v = NULL; + if (NULL == origDN) { + slapi_log_error(SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM, + "_update_one_value: NULL dn was passed\n"); + goto bail; + } /* need to put together rdn into a dn */ dnParts = slapi_ldap_explode_dn( origDN, 0 ); + if (NULL == dnParts) { + slapi_log_error(SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM, + "_update_one_value: failed to explode dn %s\n", + origDN); + goto bail; + } if (NULL == newRDN) { newRDN = dnParts[0]; } @@ -510,7 +521,7 @@ _update_one_per_mod(Slapi_DN *entrySDN, /* DN of the searched entry */ } slapi_ch_free_string(&newDN); } - +bail: return rc; } @@ -554,7 +565,7 @@ _update_all_per_mod(Slapi_DN *entrySDN, /* DN of the searched entry */ rc = _do_modify(mod_pb, entrySDN, mods, txn); if (rc) { slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM, - "_update_one_value: entry %s: deleting \"%s: %s\" failed (%d)" + "_update_all_per_mod: entry %s: deleting \"%s: %s\" failed (%d)" "\n", slapi_sdn_get_dn(entrySDN), attrName, origDN, rc); } } else { @@ -563,8 +574,19 @@ _update_all_per_mod(Slapi_DN *entrySDN, /* DN of the searched entry */ int nval = 0; Slapi_Value *v = NULL; + if (NULL == origDN) { + slapi_log_error(SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM, + "_update_all_per_mod: NULL dn was passed\n"); + goto bail; + } /* need to put together rdn into a dn */ dnParts = slapi_ldap_explode_dn( origDN, 0 ); + if (NULL == dnParts) { + slapi_log_error(SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM, + "_update_all_per_mod: failed to explode dn %s\n", + origDN); + goto bail; + } if (NULL == newRDN) { newRDN = dnParts[0]; } @@ -635,7 +657,7 @@ _update_all_per_mod(Slapi_DN *entrySDN, /* DN of the searched entry */ rc = _do_modify(mod_pb, entrySDN, slapi_mods_get_ldapmods_byref(smods), txn); if (rc) { slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM, - "_update_all_value: entry %s failed (%d)\n", + "_update_all_per_mod: entry %s failed (%d)\n", slapi_sdn_get_dn(entrySDN), rc); } @@ -647,7 +669,7 @@ _update_all_per_mod(Slapi_DN *entrySDN, /* DN of the searched entry */ slapi_ch_free_string(&newDN); slapi_mods_free(&smods); } - +bail: return rc; } commit bf22994835706ff2287673bcb52c29447acba88d Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Tue Nov 1 16:54:55 2011 -0700 Bug 750625 - Fix Coverity (11060) Dereference null return value https://bugzilla.redhat.com/show_bug.cgi?id=750625 slapd/back-ldbm/ldbm_modrdn.c (moddn_rename_child_entry) Bug Description: Dereferencing a null pointer "olddns". Missing a check of the NULL possibilities for olddns and olddn. Fix Description: check if olddn and olddns are NULL or not. If NULL, it does not go forward, but returns. diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c index 493e476..ac5c775 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c @@ -409,7 +409,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb ) int err = 0; Slapi_DN ancestorsdn; struct backentry *ancestorentry; - slapi_sdn_init(&ancestorsdn); + slapi_sdn_init(&ancestorsdn); ancestorentry= dn2ancestor(be,&dn_newdn,&ancestorsdn,&txn,&err); CACHE_RETURN( &inst->inst_cache, &ancestorentry ); ldap_result_matcheddn= slapi_ch_strdup((char *) slapi_sdn_get_dn(&ancestorsdn)); @@ -1534,7 +1534,7 @@ moddn_rename_child_entry( * * JCM - This was written before Slapi_RDN... so this could be made much neater. */ - int retval; + int retval = 0; char *olddn; char *newdn; char **olddns; @@ -1543,7 +1543,13 @@ moddn_rename_child_entry( int i; olddn = slapi_entry_get_dn(ec->ep_entry); + if (NULL == olddn) { + return retval; + } olddns = slapi_ldap_explode_dn( olddn, 0 ); + if (NULL == olddns) { + return retval; + } for(;olddns[olddncomps]!=NULL;olddncomps++); for(i=0;i<olddncomps-parentdncomps;i++) { commit 63daf8e367997db2380e3a0c5e8935f38cf0c10c Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Tue Nov 1 16:50:12 2011 -0700 Bug 750625 - Fix Coverity (11061) Resource leak https://bugzilla.redhat.com/show_bug.cgi?id=750625 slapd/mapping_tree.c (mapping_tree_entry_add) Bug Description: Variable "subtree" going out of scope leaks the storage it points to. Slapi_DN subtree leaks when defbackend_get_backend returns NULL. Fix Description: Free "subtree" before returning. diff --git a/ldap/servers/slapd/mapping_tree.c b/ldap/servers/slapd/mapping_tree.c index 64a00bf..935e34a 100644 --- a/ldap/servers/slapd/mapping_tree.c +++ b/ldap/servers/slapd/mapping_tree.c @@ -753,6 +753,7 @@ mapping_tree_entry_add(Slapi_Entry *entry, mapping_tree_node **newnodep ) LDAPDebug(LDAP_DEBUG_ANY, "ERROR: default container has not been created for the NULL SUFFIX node.\n", 0, 0, 0); + slapi_sdn_free(&subtree); return -1; } @@ -810,7 +811,7 @@ mapping_tree_entry_add(Slapi_Entry *entry, mapping_tree_node **newnodep ) "ERROR: node %s cannot find distribution plugin. " SLAPI_COMPONENT_NAME_NSPR " %d (%s)\n", slapi_entry_get_dn(entry), PR_GetError(), slapd_pr_strerror(PR_GetError())); - slapi_sdn_free(&subtree); + slapi_sdn_free(&subtree); slapi_ch_free((void **) &plugin_funct); slapi_ch_free((void **) &plugin_lib); free_mapping_tree_node_arrays(&be_list, &be_names, &be_states, &be_list_count); @@ -837,6 +838,7 @@ mapping_tree_entry_add(Slapi_Entry *entry, mapping_tree_node **newnodep ) } /* Now we can create the node for this mapping tree entry. */ + /* subtree is consumed. */ node= mapping_tree_node_new(subtree, be_list, be_names, be_states, be_list_count, be_list_size, referral, parent_node, state, 0 /* Normal node. People can see and change it. */, commit 938046cc40ac35abc0d6fb83a7af67eda3196c03 Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Tue Nov 1 16:46:45 2011 -0700 Bug 750625 - Fix Coverity (11064) Dereference before null check https://bugzilla.redhat.com/show_bug.cgi?id=750625 slapd/pw_retry.c (get_entry) Bug Description: Dereferencing pointer "pb" before a null check. Fix Description: Check if "pb" is NULL or not first. If NULL, goto bail. diff --git a/ldap/servers/slapd/pw_retry.c b/ldap/servers/slapd/pw_retry.c index 9c801ad..5244622 100644 --- a/ldap/servers/slapd/pw_retry.c +++ b/ldap/servers/slapd/pw_retry.c @@ -209,9 +209,15 @@ Slapi_Entry *get_entry ( Slapi_PBlock *pb, const char *dn) Slapi_DN *target_sdn = NULL; Slapi_DN sdn; + if (NULL == pb) { + LDAPDebug(LDAP_DEBUG_ANY, "get_entry - no pblock specified.\n", + 0, 0, 0); + goto bail; + } + slapi_pblock_get( pb, SLAPI_TARGET_SDN, &target_sdn ); - if ((dn == NULL) && pb) { + if (dn == NULL) { dn = slapi_sdn_get_dn(target_sdn); } commit f67d3ba0e58ce4f36947871ad2ace39e57f1b949 Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Tue Nov 1 16:43:56 2011 -0700 Bug 750625 - Fix Coverity (11065) Uninitialized pointer read https://bugzilla.redhat.com/show_bug.cgi?id=750625 plugins/pam_passthru/pam_ptimpl.c (do_one_pam_auth) Bug Description: Using uninitialized value "pam_id.str" when calling "delete_my_str_buf". Fix Description: Initialize pam_id.str with NULL in case bindsdn is NULL. diff --git a/ldap/servers/plugins/pam_passthru/pam_ptimpl.c b/ldap/servers/plugins/pam_passthru/pam_ptimpl.c index 2aedec7..c0f03be 100644 --- a/ldap/servers/plugins/pam_passthru/pam_ptimpl.c +++ b/ldap/servers/plugins/pam_passthru/pam_ptimpl.c @@ -280,6 +280,7 @@ do_one_pam_auth( if (NULL == bindsdn) { errmsg = PR_smprintf("Null bind dn"); retcode = LDAP_OPERATIONS_ERROR; + pam_id.str = NULL; /* initialize pam_id.str */ goto done; /* skip the pam stuff */ } binddn = slapi_sdn_get_dn(bindsdn); commit 601cba05de70076d33a0d6b2032ab85c0d490ba6 Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Tue Nov 1 16:40:32 2011 -0700 Bug 750625 - Fix Coverity (11066) Unused pointer value https://bugzilla.redhat.com/show_bug.cgi?id=750625 slapd/opshared.c (op_shared_search) Bug Description: A pointer "normbase" returned by "slapi_sdn_get_ dn(sdn)" is never used. Fix description: removing the line that normbase is set. diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c index f2ef9cc..bf6b016 100644 --- a/ldap/servers/slapd/opshared.c +++ b/ldap/servers/slapd/opshared.c @@ -704,7 +704,6 @@ op_shared_search (Slapi_PBlock *pb, int send_result) slapi_sdn_free(&sdn); sdn = slapi_sdn_dup(be_suffix); slapi_pblock_set(pb, SLAPI_SEARCH_TARGET_SDN, (void *)sdn); - normbase = slapi_sdn_get_dn(sdn); } } }

12 years, 1 month

1
0
0 / 0

ldap/servers

by Noriko Hosoi

ldap/servers/slapd/dn.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) New commits: commit 54a3d99a96d84b42f680da43c7f638009c0f64d4 Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Tue Nov 1 16:05:12 2011 -0700 Bug 750624 - Fix Coverity (11053) Explicit null dereferenced: slapi_dn_normalize_ext (slapd/dn.c) https://bugzilla.redhat.com/show_bug.cgi?id=750624 Bug Description: Dereferencing null variable "d". There is no possibility that (rc > 0) && (d == NULL), but it's safe to check if d is not NULL before assigning '\0' to *d. Fix Description: add checking if "d" is NULL or not before assigning '\0' to *d. diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c index e5b9db9..2b0b338 100644 --- a/ldap/servers/slapd/dn.c +++ b/ldap/servers/slapd/dn.c @@ -515,7 +515,7 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len) int chkblank = 0; int is_dn_syntax = 0; - if (NULL == dest) { + if ((NULL == dest) || (NULL == dest_len)) { goto bail; } if (NULL == src) { @@ -544,7 +544,7 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len) } } if (0 == src_len) { /* src == "" */ - goto bail; + goto bail; /* need to bail after setting up *dest and rc */ } ends = src + src_len; @@ -1081,7 +1081,7 @@ bail: } } *dest_len = 0; - } else if (rc > 0) { + } else if (d && rc > 0) { /* We terminate the str with NULL only when we allocate the str */ *d = '\0'; }

12 years, 1 month

1
0
0 / 0

ldap/servers

by Noriko Hosoi

ldap/servers/slapd/sasl_map.c | 4 ++++ 1 file changed, 4 insertions(+) New commits: commit 6af5ece3ca029271f2b2180c24bad546e2d64c45 Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Tue Nov 1 16:03:57 2011 -0700 Bug 750622 - Fix Coverity (11104) Resource leak: ids_sasl_user_to_entry (slapd/saslbind.c) https://bugzilla.redhat.com/show_bug.cgi?id=750622 Bug Description: sasl_map_domap allocates strings for "base" and "filter" in it; the caller ids_sasl_user_to_entry releases them only when the function returns non-0 regexmatch (matched), but even if the return value is 0 (did not match), the strings are allocated. Fix Description: underlying function sasl_map_check frees "base" and "filter" if mapping did not match. diff --git a/ldap/servers/slapd/sasl_map.c b/ldap/servers/slapd/sasl_map.c index e934b11..1bdaa20 100644 --- a/ldap/servers/slapd/sasl_map.c +++ b/ldap/servers/slapd/sasl_map.c @@ -558,6 +558,8 @@ sasl_map_check(sasl_map_data *dp, char *sasl_user_and_realm, char **ldap_search_ "sasl_map_check: slapi_re_subs failed: " "subject: %s, subst str: %s (%d)\n", sasl_user_and_realm, dp->template_base_dn, rc); + slapi_ch_free_string(ldap_search_base); + slapi_ch_free_string(ldap_search_filter); } else { /* Substitutes '&' and/or "\#" in template_search_filter */ rc = slapi_re_subs(re, sasl_user_and_realm, @@ -568,6 +570,8 @@ sasl_map_check(sasl_map_data *dp, char *sasl_user_and_realm, char **ldap_search_ "sasl_map_check: slapi_re_subs failed: " "subject: %s, subst str: %s (%d)\n", sasl_user_and_realm, dp->template_search_filter, rc); + slapi_ch_free_string(ldap_search_base); + slapi_ch_free_string(ldap_search_filter); } else { /* these values are internal regex representations with * lots of unprintable control chars - escape for logging */

12 years, 1 month

1
0
0 / 0

2 commits - ldap/servers

by Richard Allen Megginson

ldap/servers/slapd/csnset.c | 4 +++- ldap/servers/slapd/entrywsi.c | 18 +++--------------- 2 files changed, 6 insertions(+), 16 deletions(-) New commits: commit c07717326879119f321512d87e558b69045a86fd Author: Rich Megginson <rmeggins(a)redhat.com> Date: Fri Oct 28 12:51:08 2011 -0600 Bug 748575 - part 2 - rhds81 modrdn operation and 100% cpu use in replication https://bugzilla.redhat.com/show_bug.cgi?id=748575 Resolves: bug 748575 Bug Description: rhds81 modrdn operation and 100% cpu use in replication Reviewed by: ??? Branch: master Fix Description: The entry code takes great pains to add or insert in ascending order the dncsn to the e_dncsnset. But the only place this is ever used is in the call to entry_get_dncsn, which just calls csnset_get_last_csn, which just gets the last one in the list. Since the last one in the list is the one with the greatest csn, and the function csnset_update_csn already stores the greatest csn, we can just use that function, rather than using csnset_add and insert and building a potentially very large list. This should also have the effect of making importing a replica init LDIF faster. Platforms tested: RHEL6 x86_64 Flag Day: no Doc impact: no diff --git a/ldap/servers/slapd/entrywsi.c b/ldap/servers/slapd/entrywsi.c index dc038ba..506a1f9 100644 --- a/ldap/servers/slapd/entrywsi.c +++ b/ldap/servers/slapd/entrywsi.c @@ -184,10 +184,7 @@ int entry_add_dncsn(Slapi_Entry *entry, const CSN *csn) { PR_ASSERT(entry!=NULL); - if(!csnset_contains(entry->e_dncsnset,csn)) - { - csnset_add_csn(&entry->e_dncsnset, CSN_TYPE_VALUE_DISTINGUISHED, csn); - } + csnset_update_csn(&entry->e_dncsnset, CSN_TYPE_VALUE_DISTINGUISHED, csn); return 0; } @@ -204,17 +201,7 @@ int entry_add_dncsn_ext(Slapi_Entry *entry, const CSN *csn, PRUint32 flags) { PR_ASSERT(entry!=NULL); - if(!csnset_contains(entry->e_dncsnset,csn)) - { - if (flags & ENTRY_DNCSN_INCREASING) - { - csnset_insert_csn(&entry->e_dncsnset, CSN_TYPE_VALUE_DISTINGUISHED, csn); - } - else - { - csnset_add_csn(&entry->e_dncsnset, CSN_TYPE_VALUE_DISTINGUISHED, csn); - } - } + csnset_update_csn(&entry->e_dncsnset, CSN_TYPE_VALUE_DISTINGUISHED, csn); return 0; } commit 23467126c33a1f6004bb8357d87bc355a53eb25d Author: Rich Megginson <rmeggins(a)redhat.com> Date: Wed Oct 26 17:13:28 2011 -0600 Bug 748575 - rhds81 modrn operation and 100% cpu use in replication https://bugzilla.redhat.com/show_bug.cgi?id=748575 Resolves: bug 748575 Bug Description: rhds81 modrn operation and 100% cpu use in replication Reviewed by: ??? Branch: master Fix Description: The modrdn operation causes the entry to be copied multiple times by calling slapi_entry_dup. This in turn does a csnset_dup of the e_dncsnset in the entry. This function was very inefficient. It would simply call csnset_add_csn, which would iterate to the end of the linked list for every addition. Once you get several thousand items in the list, it has to iterate to the end of several thousand items each time. I changed it to keep track of the last item in the list, and just add the new item to the end of the list. This improves the performance quite a bit, but the cpu still gets pegged at a high percentage eventually, it just takes longer to reach that point. Platforms tested: RHEL6 x86_64 Flag Day: no Doc impact: no diff --git a/ldap/servers/slapd/csnset.c b/ldap/servers/slapd/csnset.c index 645c17e..d98cecf 100644 --- a/ldap/servers/slapd/csnset.c +++ b/ldap/servers/slapd/csnset.c @@ -374,11 +374,13 @@ CSNSet * csnset_dup(const CSNSet *csnset) { CSNSet *newcsnset= NULL; + CSNSet **curnode = &newcsnset; const CSNSet *n= csnset; while(n!=NULL) { - csnset_add_csn(&newcsnset,n->type,&n->csn); + csnset_add_csn(curnode,n->type,&n->csn); n= n->next; + curnode = &((*curnode)->next); } return newcsnset; } diff --git a/ldap/servers/slapd/entrywsi.c b/ldap/servers/slapd/entrywsi.c index 9087651..dc038ba 100644 --- a/ldap/servers/slapd/entrywsi.c +++ b/ldap/servers/slapd/entrywsi.c @@ -358,6 +358,7 @@ entry_purge_state_information(Slapi_Entry *e, const CSN *csnUpTo) */ attr_purge_state_information(e, a, csnUpTo); } + csnset_purge(&e->e_dncsnset, csnUpTo); } /*

12 years, 1 month

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-commits November 2011