ldap/servers/plugins/acl/acl.c | 18 +++---
ldap/servers/plugins/acl/aclutil.c | 7 ++
ldap/servers/plugins/automember/automember.c | 5 +
ldap/servers/plugins/pam_passthru/pam_ptimpl.c | 1
ldap/servers/plugins/referint/referint.c | 30 +++++++++-
ldap/servers/plugins/replication/cl5_config.c | 34 ++++++-----
ldap/servers/plugins/replication/repl5_replica_config.c | 2
ldap/servers/slapd/auditlog.c | 46 ++++++++--------
ldap/servers/slapd/back-ldbm/ancestorid.c | 7 +-
ldap/servers/slapd/back-ldbm/import-threads.c | 13 +++-
ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c | 4 -
ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 10 ++-
ldap/servers/slapd/dse.c | 5 +
ldap/servers/slapd/mapping_tree.c | 4 +
ldap/servers/slapd/opshared.c | 1
ldap/servers/slapd/pw.c | 27 +++++----
ldap/servers/slapd/pw_retry.c | 8 ++
ldap/servers/slapd/tools/ldclt/ldapfct.c | 35 ++++++------
lib/libaccess/aclutil.cpp | 13 ++--
lib/libaccess/lasdns.cpp | 8 ++
lib/libaccess/lasgroup.cpp | 10 ++-
lib/libaccess/oneeval.cpp | 2
22 files changed, 186 insertions(+), 104 deletions(-)
New commits:
commit 950712cfcc382fd5966a466d9d312942240aa4f7
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Wed Nov 2 09:48:01 2011 -0700
Bug 750625 - Fix Coverity (11091) Unchecked return value
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/back-ldbm/import-threads.c (index_producer)
Bug Description: No check of the return value of "db_create".
Fix Description: Adding a checking code for the return value
from db_create.
diff --git a/ldap/servers/slapd/back-ldbm/import-threads.c
b/ldap/servers/slapd/back-ldbm/import-threads.c
index e95d32f..eb2cc82 100644
--- a/ldap/servers/slapd/back-ldbm/import-threads.c
+++ b/ldap/servers/slapd/back-ldbm/import-threads.c
@@ -1148,9 +1148,8 @@ index_producer(void *param)
tmp_db->close(tmp_db, 0);
rc = db_create(&db, env, 0);
if (rc) {
- LDAPDebug2Args(LDAP_DEBUG_ANY,
- "Creating db handle to rename %s to %s failed.\n",
- tmpid2entry, id2entry);
+ LDAPDebug1Arg(LDAP_DEBUG_ANY,
+ "Creating db handle to remove %s failed.\n",
id2entry);
goto bail;
}
rc = db->remove(db, id2entry, NULL, 0);
@@ -1158,7 +1157,13 @@ index_producer(void *param)
LDAPDebug1Arg(LDAP_DEBUG_ANY, "Removing %s failed.\n", id2entry);
goto bail;
}
- db_create(&db, env, 0);
+ rc = db_create(&db, env, 0);
+ if (rc) {
+ LDAPDebug2Args(LDAP_DEBUG_ANY,
+ "Creating db handle to rename %s to %s failed.\n",
+ tmpid2entry, id2entry);
+ goto bail;
+ }
rc = db->rename(db, tmpid2entry, NULL, id2entry, 0);
if (rc) {
LDAPDebug2Args(LDAP_DEBUG_ANY, "Renaming %s to %s failed.\n",
commit 1882249170ea2cf7ba683e214cd30a92fada7dfb
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Wed Nov 2 09:43:08 2011 -0700
Bug 750625 - Fix Coverity (11094) Dereference after null check
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/dse.c (dse_callback_removefromlist)
Bug Description: Passing null variable "filter" to function
"strcmpi_fast", which dereferences it.
If filter and t->filter have a chance to be NULL, the case
should be avoided before passing them to strcasecmp.
Fix Description: adding a check if "filter" and "t->filter"
are NULL or not. If both are not NULL, they are passed to
strcasecmp. If either is NULL and another is not, that is
they did not match.
diff --git a/ldap/servers/slapd/dse.c b/ldap/servers/slapd/dse.c
index 727e999..c4fa333 100644
--- a/ldap/servers/slapd/dse.c
+++ b/ldap/servers/slapd/dse.c
@@ -334,8 +334,9 @@ dse_callback_removefromlist(struct dse_callback **pplist, int
operation, int fla
if ((t->operation == operation) && (t->flags == flags)
&&
(t->fn == fn) && (scope == t->scope) &&
(slapi_sdn_compare(base,t->base) == 0) &&
- (( NULL == filter && NULL == t->filter ) ||
- (strcasecmp(filter, t->filter) == 0))) {
+ ((NULL == filter && NULL == t->filter) || /* both are NULL OR
*/
+ ((filter && t->filter) && /* both are not NULL AND
match. */
+ (strcasecmp(filter, t->filter) == 0)))) {
if (prev == NULL) {
*pplist= t->next;
} else {
commit bc9d890f48c4515162e6fbdd4af485b8649b0035
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Wed Nov 2 09:37:33 2011 -0700
Bug 750625 - Fix Coverity (11095) Explicit null dereferenced
https://bugzilla.redhat.com/show_bug.cgi?id=750625
lib/libaccess/lasdns.cpp (LASDnsEval)
Bug Description: LASDnsBuild could fail and context->Table could
be left as NULL. Error checking for LASDnsBuild should be added.
Fix Description: If LASDnsBuild returns LAS_EVAL_INVALID, return
LAS_EVAL_FAIL there.
diff --git a/lib/libaccess/lasdns.cpp b/lib/libaccess/lasdns.cpp
index 6956878..e4032f1 100644
--- a/lib/libaccess/lasdns.cpp
+++ b/lib/libaccess/lasdns.cpp
@@ -389,7 +389,13 @@ int LASDnsEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator,
return LAS_EVAL_FAIL;
}
context->Table = NULL;
- LASDnsBuild(errp, attr_pattern, context, aliasflg);
+ if (LASDnsBuild(errp, attr_pattern, context, aliasflg) ==
+ LAS_EVAL_INVALID) {
+ /* Error is already printed in LASDnsBuild */
+ ACL_CritExit();
+ return LAS_EVAL_FAIL;
+ }
+ /* After this line, it is assured context->Table is not NULL. */
} else {
context = (LASDnsContext *) *LAS_cookie;
}
commit a578520d2c0deb4dc216282ebad29e7f00006d7b
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Wed Nov 2 09:31:30 2011 -0700
Bug 750625 - Fix Coverity (11096) Explicit null dereferenced
https://bugzilla.redhat.com/show_bug.cgi?id=750625
lib/libaccess/aclutil.cpp (LASGroupEval)
Bug Description: Dereferencing null variable "req_time".
Fix Description: Check "req_time" when it's returned from acl_
get_req_time. If it is NULL, return LAS_EVAL_FAIL and it does
not go further. Also, adding a check for the malloc failure to
acl_get_req_time.
diff --git a/lib/libaccess/aclutil.cpp b/lib/libaccess/aclutil.cpp
index 77bdf60..baf58c8 100644
--- a/lib/libaccess/aclutil.cpp
+++ b/lib/libaccess/aclutil.cpp
@@ -247,13 +247,16 @@ time_t *acl_get_req_time (PList_t resource)
{
time_t *req_time = 0;
int rv = PListGetValue(resource, ACL_ATTR_TIME_INDEX, (void **)&req_time,
- NULL);
+ NULL);
if (rv < 0) {
- req_time = (time_t *)pool_malloc(PListGetPool(resource), sizeof(time_t));
- time(req_time);
- PListInitProp(resource, ACL_ATTR_TIME_INDEX, ACL_ATTR_TIME,
- (void *)req_time, NULL);
+ req_time = (time_t *)pool_malloc(PListGetPool(resource), sizeof(time_t));
+ if (NULL == req_time) {
+ return NULL;
+ }
+ time(req_time);
+ PListInitProp(resource, ACL_ATTR_TIME_INDEX, ACL_ATTR_TIME,
+ (void *)req_time, NULL);
}
return req_time;
diff --git a/lib/libaccess/lasgroup.cpp b/lib/libaccess/lasgroup.cpp
index 6e6602a..8cc78cf 100644
--- a/lib/libaccess/lasgroup.cpp
+++ b/lib/libaccess/lasgroup.cpp
@@ -126,12 +126,14 @@ int LASGroupEval(NSErr_t *errp, char *attr_name, CmpOp_t
comparator,
return LAS_EVAL_FAIL;
}
- rv = LAS_EVAL_FALSE;
+ /* Regardless of cache, req_time needs to be filled. */
+ req_time = acl_get_req_time(resource);
+ if (NULL == req_time) {
+ return LAS_EVAL_FAIL;
+ }
+ rv = LAS_EVAL_FALSE;
if (acl_usr_cache_enabled()) {
- /* avoid unnecessary system call to get time if cache is disabled */
- req_time = acl_get_req_time(resource);
-
/* Loop through all the groups and check if any is in the cache */
group = groups;
delim = ',';
commit bc678280b2609a34800d85dcc6baba39bfb0c2bc
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 18:21:09 2011 -0700
Bug 750625 - Fix Coverity (11107) Dereference before null check
https://bugzilla.redhat.com/show_bug.cgi?id=750625
plugins/acl/acl.c (acl__resource_match_aci)
Bug Description: Dereferencing "aclpb" before a null check.
Fix Description: Since there is a chance that passed "aclpb" is NULL,
acl__resource_match_aci checks if "aclpb" is NULL or not at the top
of the function and if it is, goto acl__resource_match_aci_EXIT.
diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
index 0ae1a24..9c3db10 100644
--- a/ldap/servers/plugins/acl/acl.c
+++ b/ldap/servers/plugins/acl/acl.c
@@ -1985,7 +1985,8 @@ acl__resource_match_aci( Acl_PBlock *aclpb, aci_t *aci, int
skip_attrEval, int *
struct slapi_filter *f; /* filter */
int rv; /* return value */
- int matches;
+ /* Assume that resource matches */
+ int matches = ACL_TRUE;
int attr_matched;
int attr_matched_in_targetattrfilters = 0;
int dn_matched;
@@ -2003,10 +2004,10 @@ acl__resource_match_aci( Acl_PBlock *aclpb, aci_t *aci, int
skip_attrEval, int *
TNF_PROBE_0_DEBUG(acl__resource_match_aci_start,"ACL","");
- aclpb->aclpb_stat_aclres_matched++;
-
- /* Assume that resource matches */
- matches = ACL_TRUE;
+ if (NULL == aclpb) {
+ matches = ACL_FALSE;
+ goto acl__resource_match_aci_EXIT;
+ }
/* Figure out if the acl has the correct rights or not */
aci_right = aci->aci_access;
@@ -2634,7 +2635,7 @@ acl__resource_match_aci( Acl_PBlock *aclpb, aci_t *aci, int
skip_attrEval, int *
** be rare). In that case, just remember it. An entry test rule
** doesn't have "(targetattr)".
*/
- if (aclpb && (aclpb->aclpb_state & ACLPB_EVALUATING_FIRST_ATTR)
&&
+ if ((aclpb->aclpb_state & ACLPB_EVALUATING_FIRST_ATTR) &&
(!(aci->aci_type & ACI_TARGET_ATTR))) {
aclpb->aclpb_state |= ACLPB_FOUND_A_ENTRY_TEST_RULE;
}
@@ -2653,7 +2654,10 @@ acl__resource_match_aci_EXIT:
* even if the aci did not finally match.
* All the partial strings will be freed at aclpb
* cleanup time.
- */
+ */
+ if (ACL_TRUE == matches) {
+ aclpb->aclpb_stat_aclres_matched++;
+ }
TNF_PROBE_0_DEBUG(acl__resource_match_aci_end,"ACL","");
commit 4272e8f59c0fc5fb9d6edb4f7af1d9fa348620c4
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 18:14:59 2011 -0700
Bug 750625 - Fix Coverity (11108) Sizeof not portable
https://bugzilla.redhat.com/show_bug.cgi?id=750625
lib/libaccess/oneeval.cpp (ACLEvalBuildContext)
Bug Description: Passing argument "8UL /* sizeof (PList_t *) */
* ace->expr_term_index" to function "INTsystem_calloc_perm" and
then casting the return value to "PList_t *" is suspicious. Did
you intend to use "sizeof(PList_t)" instead of "sizeof (PList_t
*)"?
In this particular case sizeof(PList_t *) happens to be equal to
sizeof(PList_t), but this is not a portable assumption.
Fix Description: replace sizeof(PList_t *) with sizesof(PList_t).
Note: PList_t is typedef of (PListStruct_t *). I.e., sizeof(PList_t)
and sizeof(PList_t *) are identical. Therefore, this is not a major
problem at all.
diff --git a/lib/libaccess/oneeval.cpp b/lib/libaccess/oneeval.cpp
index f3283b6..eff4e10 100644
--- a/lib/libaccess/oneeval.cpp
+++ b/lib/libaccess/oneeval.cpp
@@ -463,7 +463,7 @@ ACLEvalBuildContext(
if (rv > 0) {
/* First one for this ACE? */
if (!new_ace->autharray) {
- new_ace->autharray = (PList_t
*)PERM_CALLOC(sizeof(PList_t *) * ace->expr_term_index);
+ new_ace->autharray = (PList_t
*)PERM_CALLOC(sizeof(PList_t) * ace->expr_term_index);
if (!new_ace->autharray) {
nserrGenerate(errp, ACLERRNOMEM, ACLERR4040, ACL_Program, 1,
XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAuthPointerArray));
goto error;
commit 9265113fa31adfc13cf2e30d4f362e25ada15582
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 18:12:50 2011 -0700
Bug 750625 - Fix Coverity (11109, 11110, 11111) Uninitialized pointer read
https://bugzilla.redhat.com/show_bug.cgi?id=750625
plugins/replication/cl5_config.c (changelog5_read_config)
Bug Description: Using uninitialized value "config.dir".
changelog config is set with the changelog config entry in
changelog5_read_config. If the search for the config entry
succeeds but there's no entry returned (actually, there is
no such case, though), the config structure is not initialized.
Fix Description: if changelog config entry search is success and
no entry is returned, initialize the config structure with NULLs.
diff --git a/ldap/servers/plugins/replication/cl5_config.c
b/ldap/servers/plugins/replication/cl5_config.c
index 09c5eca..980cb7f 100644
--- a/ldap/servers/plugins/replication/cl5_config.c
+++ b/ldap/servers/plugins/replication/cl5_config.c
@@ -125,29 +125,35 @@ int changelog5_read_config (changelog5Config *config)
int rc = LDAP_SUCCESS;
Slapi_PBlock *pb;
- pb = slapi_pblock_new ();
- slapi_search_internal_set_pb (pb, CONFIG_BASE, LDAP_SCOPE_BASE, CONFIG_FILTER, NULL, 0,
NULL,
- NULL, repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0);
+ pb = slapi_pblock_new ();
+ slapi_search_internal_set_pb (pb, CONFIG_BASE, LDAP_SCOPE_BASE,
+ CONFIG_FILTER, NULL, 0, NULL, NULL,
+ repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0);
slapi_search_internal_pb (pb);
- slapi_pblock_get( pb, SLAPI_PLUGIN_INTOP_RESULT, &rc );
- if ( LDAP_SUCCESS == rc )
+ slapi_pblock_get( pb, SLAPI_PLUGIN_INTOP_RESULT, &rc );
+ if ( LDAP_SUCCESS == rc )
{
- Slapi_Entry **entries = NULL;
- slapi_pblock_get( pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries );
- if ( NULL != entries && NULL != entries[0])
+ Slapi_Entry **entries = NULL;
+ slapi_pblock_get( pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries );
+ if ( NULL != entries && NULL != entries[0])
{
- /* Extract the config info from the changelog entry */
+ /* Extract the config info from the changelog entry */
changelog5_extract_config(entries[0], config);
- }
- }
+ }
+ else
+ {
+ memset (config, 0, sizeof (*config));
+ rc = LDAP_SUCCESS;
+ }
+ }
else
{
memset (config, 0, sizeof (*config));
- rc = LDAP_SUCCESS;
+ rc = LDAP_SUCCESS;
}
- slapi_free_search_results_internal(pb);
- slapi_pblock_destroy(pb);
+ slapi_free_search_results_internal(pb);
+ slapi_pblock_destroy(pb);
return rc;
}
commit 46d55a49e4137cbbf430246046f816aa957049ed
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 18:09:37 2011 -0700
Bug 750625 - Fix Coverity (11112) Uninitialized pointer read
https://bugzilla.redhat.com/show_bug.cgi?id=750625
plugins/replication/repl5_replica_config.c (replica_execute_ldif2cl_task)
Bug Description: Using uninitialized "config.dir" when calling
"cl5Open".
config.dir is set in changelog5_extract_config. If any error
such as fail to read changelog config entry, NULL is set and
following cl5Open fails.
Fix Description: check if config.dir is NULL or not in error logging.
diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c
b/ldap/servers/plugins/replication/repl5_replica_config.c
index eb23c21..e0e11e9 100644
--- a/ldap/servers/plugins/replication/repl5_replica_config.c
+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
@@ -1052,7 +1052,7 @@ static int replica_execute_ldif2cl_task (Object *r, char
*returntext)
{
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
"replica_execute_ldif2cl_task: failed to start changelog at %s\n",
- config.dir);
+ config.dir?config.dir:"null config dir");
rc = LDAP_OPERATIONS_ERROR;
}
bail:
commit 3b58c25ccfb4de60ca9c928874e0d68418011524
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 18:06:54 2011 -0700
Bug 750625 - Fix Coverity (11113) Uninitialized pointer read
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/auditlog.c (write_audit_log_entry)
Bug Description: Using uninitialized value "change" when
calling "write_audit_file".
If it is not a supported operation type, no need to log it
in the audit log.
Fix Description: Once it's determined as an unsupported
operation type, return without calling write_audit_file.
diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c
index d000550..0128f2f 100644
--- a/ldap/servers/slapd/auditlog.c
+++ b/ldap/servers/slapd/auditlog.c
@@ -66,37 +66,39 @@ write_audit_log_entry( Slapi_PBlock *pb )
Slapi_DN *sdn;
const char *dn;
void *change;
- int flag = 0;
- Operation *op;
+ int flag = 0;
+ Operation *op;
- /* if the audit log is not enabled, just skip all of
- this stuff */
- if (!config_get_auditlog_logging_enabled()) {
- return;
- }
+ /* if the audit log is not enabled, just skip all of
+ this stuff */
+ if (!config_get_auditlog_logging_enabled()) {
+ return;
+ }
- slapi_pblock_get( pb, SLAPI_OPERATION, &op );
+ slapi_pblock_get( pb, SLAPI_OPERATION, &op );
slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn );
- dn = slapi_sdn_get_dn(sdn);
switch ( operation_get_type(op) )
- {
+ {
case SLAPI_OPERATION_MODIFY:
- slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &change );
- break;
+ slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &change );
+ break;
case SLAPI_OPERATION_DELETE:
- {
- char * deleterDN = NULL;
- slapi_pblock_get(pb, SLAPI_REQUESTOR_DN, &deleterDN);
- change = deleterDN;
- }
- break;
-
+ {
+ char * deleterDN = NULL;
+ slapi_pblock_get(pb, SLAPI_REQUESTOR_DN, &deleterDN);
+ change = deleterDN;
+ }
+ break;
+
case SLAPI_OPERATION_MODDN:
- slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &change );
- slapi_pblock_get( pb, SLAPI_MODRDN_DELOLDRDN, &flag );
- break;
+ slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &change );
+ slapi_pblock_get( pb, SLAPI_MODRDN_DELOLDRDN, &flag );
+ break;
+ default:
+ return; /* Unsupported operation type. */
}
curtime = current_time();
+ dn = slapi_sdn_get_dn(sdn);
write_audit_file( operation_get_type(op), dn, change, flag, curtime );
}
commit 558cc6e401055c24edb2d375726c9338c6d15b8a
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 18:04:21 2011 -0700
Bug 750625 - Fix Coverity (11114, 11115) Uninitialized value use
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/back-ldbm/ancestorid.c (ldbm_ancestorid_index_update)
Bug Description: Uninitialized "sdn" and "nextsdn" when calling
"slapi_sdn_done".
Variable "sdn" and "nextsdn" should have been initialized before
any chances to goto "out".
Fix Description: initialize "sdn" and "nextsdn" before the first
"goto out".
diff --git a/ldap/servers/slapd/back-ldbm/ancestorid.c
b/ldap/servers/slapd/back-ldbm/ancestorid.c
index 15fb7e0..2f32f8f 100644
--- a/ldap/servers/slapd/back-ldbm/ancestorid.c
+++ b/ldap/servers/slapd/back-ldbm/ancestorid.c
@@ -725,6 +725,9 @@ static int ldbm_ancestorid_index_update(
int err = 0, ret = 0;
DB_TXN *db_txn = txn != NULL ? txn->back_txn_txn : NULL;
+ slapi_sdn_init(&sdn);
+ slapi_sdn_init(&nextsdn);
+
/* Open the ancestorid index */
ainfo_get(be, LDBM_ANCESTORID_STR, &ai);
ret = dblayer_get_index_file(be, ai, &db, DBOPEN_CREATE);
@@ -733,8 +736,6 @@ static int ldbm_ancestorid_index_update(
goto out;
}
- slapi_sdn_init(&sdn);
- slapi_sdn_init(&nextsdn);
slapi_sdn_copy(low, &sdn);
if (include_low == 0) {
@@ -819,7 +820,7 @@ static int ldbm_ancestorid_index_update(
} while (ret == 0);
- out:
+out:
slapi_sdn_done(&sdn);
slapi_sdn_done(&nextsdn);
commit c92ba0b22a1b6d0f468a12ff4cf045c7e313dc3a
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 18:02:09 2011 -0700
Bug 750625 - Fix Coverity (11116) Uninitialized pointer read
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/back-ldbm/ldbm_entryrdn.c (entryrdn_lookup_dn)
Bug Description: Using uninitialized "data.data" when calling
"slapi_ch_free". If invalid NULL arguments or invalid DN is
passed or opening cursor failed, uninitialized data.data is freed.
Fix Description: initialize data if there is a chance to call
slapi_ch_free.
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
index 54f22a3..1573f1f 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
@@ -1026,7 +1026,7 @@ entryrdn_lookup_dn(backend *be,
"entryrdn_lookup_dn: Param error: Empty %s\n",
NULL==be?"backend":NULL==rdn?"rdn":0==id?"id":
NULL==dn?"dn container":"unknown");
- goto bail;
+ return rc;
}
*dn = NULL;
@@ -1040,6 +1040,7 @@ entryrdn_lookup_dn(backend *be,
return rc;
}
+ memset(&data, 0, sizeof(data));
/* Make a cursor */
rc = db->cursor(db, db_txn, &cursor, 0);
if (rc) {
@@ -1064,7 +1065,6 @@ entryrdn_lookup_dn(backend *be,
}
/* Setting the bulk fetch buffer */
- memset(&data, 0, sizeof(data));
data.flags = DB_DBT_MALLOC;
do {
commit 3ee18083403cc8307ddecbb4abba48c62dad8475
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 18:00:13 2011 -0700
Bug 750625 - Fix Coverity (11117) Uninitialized pointer read
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/tools/ldclt/ldapfct.c (getPending)
Bug Description: Using uninitialized value "verb" when calling
"printf".
Fix Description: If the mode is not the supported operations,
getPending immediately return instead of going forward.
diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c
b/ldap/servers/slapd/tools/ldclt/ldapfct.c
index 4d58d88..fd291bb 100644
--- a/ldap/servers/slapd/tools/ldclt/ldapfct.c
+++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c
@@ -2348,24 +2348,25 @@ getPending (
expected = LDAP_RES_ADD;
verb = "ldap_add";
}
+ else if (tttctx->mode & DELETE_ENTRIES)
+ {
+ expected = LDAP_RES_DELETE;
+ verb = "ldap_delete";
+ }
+ else if (tttctx->mode & RENAME_ENTRIES)
+ {
+ expected = LDAP_RES_MODRDN;
+ verb = "ldap_rename";
+ }
+ else if (tttctx->mode & ATTR_REPLACE) /*JLS 21-11-00*/
+ {
+ expected = LDAP_RES_MODIFY; /*JLS 21-11-00*/
+ verb = "ldap_modify"; /*JLS 21-11-00*/
+ }
else
- if (tttctx->mode & DELETE_ENTRIES)
- {
- expected = LDAP_RES_DELETE;
- verb = "ldap_delete";
- }
- else
- if (tttctx->mode & RENAME_ENTRIES)
- {
- expected = LDAP_RES_MODRDN;
- verb = "ldap_rename";
- }
- else /*JLS 21-11-00*/
- if (tttctx->mode & ATTR_REPLACE) /*JLS 21-11-00*/
- { /*JLS 21-11-00*/
- expected = LDAP_RES_MODIFY; /*JLS 21-11-00*/
- verb = "ldap_modify"; /*JLS 21-11-00*/
- } /*JLS 21-11-00*/
+ {
+ return (-1);
+ }
/*
* Here, we are in asynchronous mode...
commit 003812911f56619f0db58ba627037644fb0f68fb
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 17:52:03 2011 -0700
Bug 750625 - Fix Coverity (11054) Dereference after null check
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/pw.c (new_passwdPolicy)
Bug Description: Passing null variable "pb" to function
"get_entry",
which dereferences it.
Fix Description: if NULL pblock is passed, new_passworPolicy does not
go forward, but returns immediately.
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
index 8138d05..ed8d2c8 100644
--- a/ldap/servers/slapd/pw.c
+++ b/ldap/servers/slapd/pw.c
@@ -343,20 +343,21 @@ pw_encodevals_ext( Slapi_PBlock *pb, const Slapi_DN *sdn,
Slapi_Value **vals )
passwdPolicy *pwpolicy=NULL;
char *(*pws_enc) ( char *pwd ) = NULL;
- if ( vals == NULL ) {
+ if ( (NULL == pb) || (NULL == vals) ) {
return( 0 );
}
/* new_passwdPolicy gives us a local policy if sdn and pb are set and
can be used to find a local policy, else we get the global policy */
- pwpolicy = new_passwdPolicy(pb, sdn ? (char*)slapi_sdn_get_ndn(sdn) : NULL );
+ pwpolicy = new_passwdPolicy(pb, sdn ? (char*)slapi_sdn_get_ndn(sdn) : NULL);
+ if (pwpolicy) {
+ if (pwpolicy->pw_storagescheme) {
+ pws_enc = pwpolicy->pw_storagescheme->pws_enc;
+ }
- if (pwpolicy->pw_storagescheme) {
- pws_enc = pwpolicy->pw_storagescheme->pws_enc;
+ delete_passwdPolicy(&pwpolicy);
}
- delete_passwdPolicy(&pwpolicy);
-
/* Password scheme encryption function was not found */
if ( pws_enc == NULL ) {
return( 0 );
@@ -1527,19 +1528,23 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn)
char ebuf[ BUFSIZ ];
int optype = -1;
+ /* RFE - is there a way to make this work for non-existent entries
+ * when we don't pass in pb? We'll need to do this if we add support
+ * for password policy plug-ins. */
+ if (NULL == pb) {
+ LDAPDebug0Args(LDAP_DEBUG_ANY,
+ "new_passwdPolicy: NULL pblock was passed.\n");
+ return NULL;
+ }
slapdFrontendConfig = getFrontendConfig();
pwdpolicy = (passwdPolicy *)slapi_ch_calloc(1, sizeof(passwdPolicy));
- if (pb) {
- slapi_pblock_get( pb, SLAPI_OPERATION_TYPE, &optype );
- }
+ slapi_pblock_get( pb, SLAPI_OPERATION_TYPE, &optype );
if (dn && (slapdFrontendConfig->pwpolicy_local == 1)) {
/* If we're doing an add, COS does not apply yet so we check
parents for the pwdpolicysubentry. We look only for virtual
attributes, because real ones are for single-target policy. */
- /* NGK - is there a way to make this work for non-existent entries when we don't
pass in pb? We'll
- * need to do this if we add support for password policy plug-ins. */
if (optype == SLAPI_OPERATION_ADD) {
char *parentdn = slapi_ch_strdup(dn);
char *nextdn = NULL;
commit 0ae39ce5b3050d49005d632ed420d8c80e834b7e
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 17:49:39 2011 -0700
Bug 750625 - Fix Coverity (11055) Explicit null dereferenced
https://bugzilla.redhat.com/show_bug.cgi?id=750625
plugins/automember/automember.c (automember_pre_op)
Bug Description: Passing null variable "e" to function
"automember_parse_config_entry", which dereferences it.
Missing a check of the NULL possibility of target entry "e".
Fix Description: Check if "e" is NULL or not. If it is, goto
"bail".
diff --git a/ldap/servers/plugins/automember/automember.c
b/ldap/servers/plugins/automember/automember.c
index 89ed1da..010b5ac 100644
--- a/ldap/servers/plugins/automember/automember.c
+++ b/ldap/servers/plugins/automember/automember.c
@@ -1593,6 +1593,11 @@ automember_pre_op(Slapi_PBlock * pb, int modop)
if (LDAP_CHANGETYPE_ADD == modop) {
slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &e);
+ /* If the entry doesn't exist, just bail and
+ * let the server handle it. */
+ if (e == NULL) {
+ goto bail;
+ }
} else if (LDAP_CHANGETYPE_MODIFY == modop) {
/* Fetch the entry being modified so we can
* create the resulting entry for validation. */
commit e8a685f2c4f0227cf96e246799ed14ec6d71b30f
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 17:45:35 2011 -0700
Bug 750625 - Fix Coverity (11057) Dereference null return value
https://bugzilla.redhat.com/show_bug.cgi?id=750625
plugins/acl/aclutil.c (aclutil_expand_paramString)
Bug Description: Dereferencing a null pointer "a_dns".
Missing a check of the NULL possibilities for slapi_entry_get_ndn(e),
str and their exploded results.
Fix Description: check if slapi_entry_get_ndn(e), str and their
exploded values are NULL or not. If any of the values are NULL,
it does not go further, but returns.
diff --git a/ldap/servers/plugins/acl/aclutil.c b/ldap/servers/plugins/acl/aclutil.c
index d572911..2f24da3 100644
--- a/ldap/servers/plugins/acl/aclutil.c
+++ b/ldap/servers/plugins/acl/aclutil.c
@@ -555,9 +555,14 @@ aclutil_expand_paramString ( char *str, Slapi_Entry *e )
int rc = -1;
char *buf = NULL;
-
+ if ((NULL == slapi_entry_get_ndn ( e )) || (NULL == str)) {
+ return NULL;
+ }
e_dns = slapi_ldap_explode_dn ( slapi_entry_get_ndn ( e ), 0 );
a_dns = slapi_ldap_explode_dn ( str, 0 );
+ if ((NULL == e_dns) || (NULL == a_dns)) {
+ goto cleanup;
+ }
i = 0;
ncomponents = 0;
commit 4cb3e1d280133d47919b11e52d33b8d375f2d459
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 17:00:15 2011 -0700
Bug 750625 - Fix Coverity (11058, 11059) Dereference null return value
https://bugzilla.redhat.com/show_bug.cgi?id=750625
plugins/referint/referint.c (_update_one_per_mod, _update_all_per_mod)
Bug Description: Dereferencing a null pointer "dnParts".
Missing a check of the NULL possibilities for origDN and exploded origDN.
Fix Description: check if origDN and dnParts are NULL or not.
If NULL, it does not go forward, but goto bail.
diff --git a/ldap/servers/plugins/referint/referint.c
b/ldap/servers/plugins/referint/referint.c
index 57ee6df..9c655ca 100644
--- a/ldap/servers/plugins/referint/referint.c
+++ b/ldap/servers/plugins/referint/referint.c
@@ -394,8 +394,19 @@ _update_one_per_mod(Slapi_DN *entrySDN, /* DN of the searched
entry */
int nval = 0;
Slapi_Value *v = NULL;
+ if (NULL == origDN) {
+ slapi_log_error(SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
+ "_update_one_value: NULL dn was passed\n");
+ goto bail;
+ }
/* need to put together rdn into a dn */
dnParts = slapi_ldap_explode_dn( origDN, 0 );
+ if (NULL == dnParts) {
+ slapi_log_error(SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
+ "_update_one_value: failed to explode dn %s\n",
+ origDN);
+ goto bail;
+ }
if (NULL == newRDN) {
newRDN = dnParts[0];
}
@@ -510,7 +521,7 @@ _update_one_per_mod(Slapi_DN *entrySDN, /* DN of the searched
entry */
}
slapi_ch_free_string(&newDN);
}
-
+bail:
return rc;
}
@@ -554,7 +565,7 @@ _update_all_per_mod(Slapi_DN *entrySDN, /* DN of the searched
entry */
rc = _do_modify(mod_pb, entrySDN, mods, txn);
if (rc) {
slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
- "_update_one_value: entry %s: deleting \"%s: %s\" failed
(%d)"
+ "_update_all_per_mod: entry %s: deleting \"%s: %s\" failed
(%d)"
"\n", slapi_sdn_get_dn(entrySDN), attrName, origDN, rc);
}
} else {
@@ -563,8 +574,19 @@ _update_all_per_mod(Slapi_DN *entrySDN, /* DN of the searched
entry */
int nval = 0;
Slapi_Value *v = NULL;
+ if (NULL == origDN) {
+ slapi_log_error(SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
+ "_update_all_per_mod: NULL dn was passed\n");
+ goto bail;
+ }
/* need to put together rdn into a dn */
dnParts = slapi_ldap_explode_dn( origDN, 0 );
+ if (NULL == dnParts) {
+ slapi_log_error(SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
+ "_update_all_per_mod: failed to explode dn %s\n",
+ origDN);
+ goto bail;
+ }
if (NULL == newRDN) {
newRDN = dnParts[0];
}
@@ -635,7 +657,7 @@ _update_all_per_mod(Slapi_DN *entrySDN, /* DN of the searched
entry */
rc = _do_modify(mod_pb, entrySDN, slapi_mods_get_ldapmods_byref(smods), txn);
if (rc) {
slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
- "_update_all_value: entry %s failed (%d)\n",
+ "_update_all_per_mod: entry %s failed (%d)\n",
slapi_sdn_get_dn(entrySDN), rc);
}
@@ -647,7 +669,7 @@ _update_all_per_mod(Slapi_DN *entrySDN, /* DN of the searched
entry */
slapi_ch_free_string(&newDN);
slapi_mods_free(&smods);
}
-
+bail:
return rc;
}
commit bf22994835706ff2287673bcb52c29447acba88d
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 16:54:55 2011 -0700
Bug 750625 - Fix Coverity (11060) Dereference null return value
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/back-ldbm/ldbm_modrdn.c (moddn_rename_child_entry)
Bug Description: Dereferencing a null pointer "olddns".
Missing a check of the NULL possibilities for olddns and olddn.
Fix Description: check if olddn and olddns are NULL or not.
If NULL, it does not go forward, but returns.
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
index 493e476..ac5c775 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
@@ -409,7 +409,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
int err = 0;
Slapi_DN ancestorsdn;
struct backentry *ancestorentry;
- slapi_sdn_init(&ancestorsdn);
+ slapi_sdn_init(&ancestorsdn);
ancestorentry=
dn2ancestor(be,&dn_newdn,&ancestorsdn,&txn,&err);
CACHE_RETURN( &inst->inst_cache, &ancestorentry );
ldap_result_matcheddn= slapi_ch_strdup((char *)
slapi_sdn_get_dn(&ancestorsdn));
@@ -1534,7 +1534,7 @@ moddn_rename_child_entry(
*
* JCM - This was written before Slapi_RDN... so this could be made much neater.
*/
- int retval;
+ int retval = 0;
char *olddn;
char *newdn;
char **olddns;
@@ -1543,7 +1543,13 @@ moddn_rename_child_entry(
int i;
olddn = slapi_entry_get_dn(ec->ep_entry);
+ if (NULL == olddn) {
+ return retval;
+ }
olddns = slapi_ldap_explode_dn( olddn, 0 );
+ if (NULL == olddns) {
+ return retval;
+ }
for(;olddns[olddncomps]!=NULL;olddncomps++);
for(i=0;i<olddncomps-parentdncomps;i++)
{
commit 63daf8e367997db2380e3a0c5e8935f38cf0c10c
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 16:50:12 2011 -0700
Bug 750625 - Fix Coverity (11061) Resource leak
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/mapping_tree.c (mapping_tree_entry_add)
Bug Description: Variable "subtree" going out of scope leaks
the storage it points to.
Slapi_DN subtree leaks when defbackend_get_backend returns NULL.
Fix Description: Free "subtree" before returning.
diff --git a/ldap/servers/slapd/mapping_tree.c b/ldap/servers/slapd/mapping_tree.c
index 64a00bf..935e34a 100644
--- a/ldap/servers/slapd/mapping_tree.c
+++ b/ldap/servers/slapd/mapping_tree.c
@@ -753,6 +753,7 @@ mapping_tree_entry_add(Slapi_Entry *entry, mapping_tree_node
**newnodep )
LDAPDebug(LDAP_DEBUG_ANY,
"ERROR: default container has not been created for the NULL
SUFFIX node.\n",
0, 0, 0);
+ slapi_sdn_free(&subtree);
return -1;
}
@@ -810,7 +811,7 @@ mapping_tree_entry_add(Slapi_Entry *entry, mapping_tree_node
**newnodep )
"ERROR: node %s cannot find distribution plugin. "
SLAPI_COMPONENT_NAME_NSPR " %d (%s)\n",
slapi_entry_get_dn(entry), PR_GetError(),
slapd_pr_strerror(PR_GetError()));
- slapi_sdn_free(&subtree);
+ slapi_sdn_free(&subtree);
slapi_ch_free((void **) &plugin_funct);
slapi_ch_free((void **) &plugin_lib);
free_mapping_tree_node_arrays(&be_list, &be_names, &be_states,
&be_list_count);
@@ -837,6 +838,7 @@ mapping_tree_entry_add(Slapi_Entry *entry, mapping_tree_node
**newnodep )
}
/* Now we can create the node for this mapping tree entry. */
+ /* subtree is consumed. */
node= mapping_tree_node_new(subtree, be_list, be_names, be_states, be_list_count,
be_list_size, referral, parent_node, state,
0 /* Normal node. People can see and change it. */,
commit 938046cc40ac35abc0d6fb83a7af67eda3196c03
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 16:46:45 2011 -0700
Bug 750625 - Fix Coverity (11064) Dereference before null check
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/pw_retry.c (get_entry)
Bug Description: Dereferencing pointer "pb" before a null check.
Fix Description: Check if "pb" is NULL or not first. If NULL,
goto bail.
diff --git a/ldap/servers/slapd/pw_retry.c b/ldap/servers/slapd/pw_retry.c
index 9c801ad..5244622 100644
--- a/ldap/servers/slapd/pw_retry.c
+++ b/ldap/servers/slapd/pw_retry.c
@@ -209,9 +209,15 @@ Slapi_Entry *get_entry ( Slapi_PBlock *pb, const char *dn)
Slapi_DN *target_sdn = NULL;
Slapi_DN sdn;
+ if (NULL == pb) {
+ LDAPDebug(LDAP_DEBUG_ANY, "get_entry - no pblock specified.\n",
+ 0, 0, 0);
+ goto bail;
+ }
+
slapi_pblock_get( pb, SLAPI_TARGET_SDN, &target_sdn );
- if ((dn == NULL) && pb) {
+ if (dn == NULL) {
dn = slapi_sdn_get_dn(target_sdn);
}
commit f67d3ba0e58ce4f36947871ad2ace39e57f1b949
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 16:43:56 2011 -0700
Bug 750625 - Fix Coverity (11065) Uninitialized pointer read
https://bugzilla.redhat.com/show_bug.cgi?id=750625
plugins/pam_passthru/pam_ptimpl.c (do_one_pam_auth)
Bug Description: Using uninitialized value "pam_id.str" when
calling "delete_my_str_buf".
Fix Description: Initialize pam_id.str with NULL in case bindsdn
is NULL.
diff --git a/ldap/servers/plugins/pam_passthru/pam_ptimpl.c
b/ldap/servers/plugins/pam_passthru/pam_ptimpl.c
index 2aedec7..c0f03be 100644
--- a/ldap/servers/plugins/pam_passthru/pam_ptimpl.c
+++ b/ldap/servers/plugins/pam_passthru/pam_ptimpl.c
@@ -280,6 +280,7 @@ do_one_pam_auth(
if (NULL == bindsdn) {
errmsg = PR_smprintf("Null bind dn");
retcode = LDAP_OPERATIONS_ERROR;
+ pam_id.str = NULL; /* initialize pam_id.str */
goto done; /* skip the pam stuff */
}
binddn = slapi_sdn_get_dn(bindsdn);
commit 601cba05de70076d33a0d6b2032ab85c0d490ba6
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 16:40:32 2011 -0700
Bug 750625 - Fix Coverity (11066) Unused pointer value
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/opshared.c (op_shared_search)
Bug Description: A pointer "normbase" returned by "slapi_sdn_get_
dn(sdn)" is never used.
Fix description: removing the line that normbase is set.
diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
index f2ef9cc..bf6b016 100644
--- a/ldap/servers/slapd/opshared.c
+++ b/ldap/servers/slapd/opshared.c
@@ -704,7 +704,6 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
slapi_sdn_free(&sdn);
sdn = slapi_sdn_dup(be_suffix);
slapi_pblock_set(pb, SLAPI_SEARCH_TARGET_SDN, (void *)sdn);
- normbase = slapi_sdn_get_dn(sdn);
}
}
}