[389-commits] 7 commits - admserv/cgi-ds admserv/cgi-src40 mod_admserv/mod_admserv.c

Nathan Kinder nkinder at fedoraproject.org
Wed May 4 18:24:07 UTC 2011 

 admserv/cgi-ds/ds_listdb.c         |   17 ++++++++---------
 admserv/cgi-src40/config.c         |    4 +++-
 admserv/cgi-src40/monreplication.c |    6 +++---
 admserv/cgi-src40/security.c       |    1 +
 admserv/cgi-src40/statpingserv.c   |   10 ++++++++--
 mod_admserv/mod_admserv.c          |    5 +++--
 6 files changed, 26 insertions(+), 17 deletions(-)

New commits:
commit 58f15dce78d6513a2920a4f66313643f913b1094
Author: Nathan Kinder <nkinder at redhat.com>
Date:   Wed May 4 10:24:51 2011 -0700

    Bug 700948 - (cov#10842) Use of unintialized variable in statusping
    
    We should lookup the host by address if it looks like we received an
    IP address as the host variable. This will ensure that hent is filled
    in properly without using an uninitialized value.

diff --git a/admserv/cgi-src40/statpingserv.c b/admserv/cgi-src40/statpingserv.c
index 87780b6..78f982b 100644
--- a/admserv/cgi-src40/statpingserv.c
+++ b/admserv/cgi-src40/statpingserv.c
@@ -110,12 +110,18 @@ int main(int argc, char *argv[])
 	}
     if(!isdigit(host[0]))  {
       err = PR_GetHostByName(host, buf, sizeof(buf), &hent);
-      if(err == PR_FAILURE)
+      if(err == PR_FAILURE) {
 	rpt_err(APP_ERROR, "Cannot resolve host name!", NULL, NULL);
+      }
+    } else {
+      err = PR_GetHostByAddr(host, buf, sizeof(buf), &hent);
+      if(err == PR_FAILURE) {
+        rpt_err(APP_ERROR, "Cannot lookup host address!", NULL, NULL);
+      }
     }
 
     PR_InitializeNetAddr(PR_IpAddrNull, (PRUint16)port, &netAddr);
-    memcpy((void *) &netAddr.inet.ip, (void const *) hent.h_addr_list[0], sizeof(netAddr.inet.ip));	
+    memcpy((void *) &netAddr.inet.ip, (void const *) hent.h_addr_list[0], sizeof(netAddr.inet.ip));
 
     req_socket = PR_NewTCPSocket();
       


commit 2d0836fa360aaf9bba91ae5848c3fa2b5ab29c76
Author: Nathan Kinder <nkinder at redhat.com>
Date:   Tue May 3 15:36:38 2011 -0700

    Bug 700948 - (cov#10813) dynamic overrun possibility in ds_listdb cgi
    
    Coverity shows that a dynamic overrun is possible in the ds_listdb cgi.
    This code is confusing the way it is written.  We should use a for
    loop to iterate through bak_dirs and get rid of the cur_file variable.

diff --git a/admserv/cgi-ds/ds_listdb.c b/admserv/cgi-ds/ds_listdb.c
index 77b3151..14afd82 100644
--- a/admserv/cgi-ds/ds_listdb.c
+++ b/admserv/cgi-ds/ds_listdb.c
@@ -34,18 +34,17 @@
 int main(int argc, char *argv[], char *envp[])
 {
     char **bak_dirs;
+    int i = 0;
 
     ds_become_localuser (ds_get_config (DS_REAL_CONFIG));
 
-	/* Tell the receiver we are about to start sending data */
-	fprintf(stdout, "\n");
-	bak_dirs = ds_get_bak_dirs();
-	if ( bak_dirs != NULL )	/* no error */ {
-		char **cur_file = bak_dirs;
-		while ( *cur_file != NULL ) {
-			fprintf(stdout, "%s\n", *cur_file);
-			cur_file++;
-		}
+    /* Tell the receiver we are about to start sending data */
+    fprintf(stdout, "\n");
+    bak_dirs = ds_get_bak_dirs();
+    if (bak_dirs != NULL )	/* no error */ {
+        for (i = 0; bak_dirs[i]; i++) {
+            fprintf(stdout, "%s\n", bak_dirs[i]);
+        }
     }
 
     ds_become_original();


commit f2a1359f6cb983bbaad67cd469cafceb44782581
Author: Nathan Kinder <nkinder at redhat.com>
Date:   Tue May 3 14:18:36 2011 -0700

    Bug 700948 - (cov#10835) Use of unitialized pointer in config cgi
    
    The config cgi code can use a few uninitialized pointers.  We should
    initialize these pointers to NULL.

diff --git a/admserv/cgi-src40/config.c b/admserv/cgi-src40/config.c
index 69e89f6..b068f60 100644
--- a/admserv/cgi-src40/config.c
+++ b/admserv/cgi-src40/config.c
@@ -160,7 +160,9 @@ int main(int argc, char *argv[])
   char           *valsbuf[2];
   int            setFlag = 0, getFlag = 0, forceSetFlag = 0;
   int            ignorePsetErrors = 0;
-  AttributeList  resultList, updateList, addList, nvl;
+  AttributeList  resultList, nvl;
+  AttributeList  updateList = NULL;
+  AttributeList  addList = NULL;
   AttrNameList   nl;
   AttributePtr   nv;
   char           *acceptLanguage = (char*)"en";


commit 967525d23ed5d307bbbe3062e9477b3231ddda3e
Author: Nathan Kinder <nkinder at redhat.com>
Date:   Mon May 2 15:15:00 2011 -0700

    Bug 700948 - (cov#10837) Use of uninitialized variable in monreplication
    
    There are a few chances where we can use uninitialized variables in the
    monreplication CGI.  We should initialize the host, port, and admurl
    poitners to NULL to prevent us from using these uninitialized variables.

diff --git a/admserv/cgi-src40/monreplication.c b/admserv/cgi-src40/monreplication.c
index 62c4add..253dcaf 100644
--- a/admserv/cgi-src40/monreplication.c
+++ b/admserv/cgi-src40/monreplication.c
@@ -77,9 +77,9 @@ int main(int argc, char *argv[])
 	char *qs = getenv("QUERY_STRING");
 	char line[BIG_LINE];
 	FILE *html = open_html_file(MY_PAGE);
-	char *host;
-	char *port;
-	char *admurl;
+	char *host = NULL;
+	char *port = NULL;
+	char *admurl = NULL;
 	char refreshurl[256] = {'\0'};
 	char refreshinterval[16];
 	char configfile[256] = {'\0'};


commit 3343a1b0d5e015969b13065766c1cabce81fab52
Author: Nathan Kinder <nkinder at redhat.com>
Date:   Mon May 2 15:06:40 2011 -0700

    Bug 700948 - (cov#10839) Use of uninitialized variable in security cgi
    
    When generating a CSR fails in the security CGI, it is possible for an
    uninitialized variable to be used.  We need to fetch the error string
    property when the CSR generation fails so it is reported as the error
    instead of using the uninitialized error.

diff --git a/admserv/cgi-src40/security.c b/admserv/cgi-src40/security.c
index 32933bb..b8808a1 100644
--- a/admserv/cgi-src40/security.c
+++ b/admserv/cgi-src40/security.c
@@ -1043,6 +1043,7 @@ generateCertificateRequest(SECKEYPrivateKey* privateKey, SECKEYPublicKey* pubKey
   /* Create certificate request blob */
   request = CERT_CreateCertificateRequest(certName, keyInfo, NULL);
   if (!request) {
+    line = getResourceString(DBT_CSR_GEN_FAIL);
     error = PR_TRUE;
     goto loser;
   }


commit e2161becf0fe3cb8d8e5057b98cf2c667eae79d6
Author: Nathan Kinder <nkinder at redhat.com>
Date:   Fri Apr 29 14:38:26 2011 -0700

    Bug 700948 - (cov#10845) Use of uninitialized variable in mod_admserv
    
    In task_update_registry_server_bindpw(), if ldapInfo is NULL and we bail
    out early, we attempt to free ld.  The problem is that ld is never
    initialized, so it could contain garbage.  We need to initialize ld to
    NULL.

diff --git a/mod_admserv/mod_admserv.c b/mod_admserv/mod_admserv.c
index 76bf586..e27a7a1 100644
--- a/mod_admserv/mod_admserv.c
+++ b/mod_admserv/mod_admserv.c
@@ -1223,7 +1223,7 @@ static int
 task_update_registry_server_bindpw(char *uid, char *password,
                                    const char* bindpw, request_rec *r)
 {
-   LDAP        *ld;
+   LDAP        *ld = NULL;
    AdmldapInfo ldapInfo;
    int         ldapError;
    char        *ldapURL = NULL;


commit a42dd968a82403bdc60205afa91f7b94daa3ce6b
Author: Nathan Kinder <nkinder at redhat.com>
Date:   Fri Apr 29 14:31:23 2011 -0700

    Bug 700948 - (cov#10846) - Use of uninitialized variable in mod_admserv
    
    There is a chance we can use a variable without initializing it in
    mod_admserv.  We should initialize execRefArgs to NULL.
    https://bugzilla.redhat.com/show_bug.cgi?id=700948

diff --git a/mod_admserv/mod_admserv.c b/mod_admserv/mod_admserv.c
index 3c3e9e0..76bf586 100644
--- a/mod_admserv/mod_admserv.c
+++ b/mod_admserv/mod_admserv.c
@@ -1496,7 +1496,8 @@ populate_tasks_from_server(char *serverid, const void *sieDN,  void *userdata)
    
     for (e = ldap_first_entry(server, result) ; e != NULL ;
          e = ldap_next_entry(data->server, e)) {
-        char *dn, *execRefArgs;
+        char *dn = NULL;
+        char *execRefArgs = NULL;
         struct berval **vals, **vals2;
         TaskCacheEntry *cache_entry;

More information about the 389-commits mailing list