[jss/f16] Bugzilla Bug #715621 - Defects revealed by Coverity scan
kwright
kwright at fedoraproject.org
Thu Oct 6 02:08:20 UTC 2011
commit 010df8673f4e60fc1091fb8a038d804a05bed115
Author: Kevin Wright <kwright at redhat.com>
Date: Wed Oct 5 19:08:19 2011 -0700
Bugzilla Bug #715621 - Defects revealed by Coverity scan
clog | 2 +-
jss-eliminate-native-coverity-defects.patch | 253 +++++++++++++++++++++++++++
jss.spec | 7 +-
3 files changed, 260 insertions(+), 2 deletions(-)
---
diff --git a/clog b/clog
index 39ce8b2..d2dcac7 100644
--- a/clog
+++ b/clog
@@ -1 +1 @@
-Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+Bugzilla Bug #715621 - Defects revealed by Coverity scan
diff --git a/jss-eliminate-native-coverity-defects.patch b/jss-eliminate-native-coverity-defects.patch
new file mode 100644
index 0000000..68e0fad
--- /dev/null
+++ b/jss-eliminate-native-coverity-defects.patch
@@ -0,0 +1,253 @@
+diff -rupN jss-4.2.6.orig/mozilla/security/coreconf/nsinstall/pathsub.c jss-4.2.6/mozilla/security/coreconf/nsinstall/pathsub.c
+--- jss-4.2.6.orig/mozilla/security/coreconf/nsinstall/pathsub.c 2004-04-25 08:02:18.000000000 -0700
++++ jss-4.2.6/mozilla/security/coreconf/nsinstall/pathsub.c 2011-09-17 18:37:39.875900000 -0700
+@@ -275,9 +275,11 @@ diagnosePath(const char * path)
+ rv = readlink(myPath, buf, sizeof buf);
+ if (rv < 0) {
+ perror("readlink");
+- buf[0] = 0;
+- } else {
++ buf[0] = 0;
++ } else if ( rv < BUFSIZ ) {
+ buf[rv] = 0;
++ } else {
++ buf[BUFSIZ-1] = 0;
+ }
+ fprintf(stderr, "%s is a link to %s\n", myPath, buf);
+ } else if (S_ISDIR(sb.st_mode)) {
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/CryptoManager.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/CryptoManager.c 2011-09-17 17:33:08.823975000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c 2011-09-17 20:09:35.446977000 -0700
+@@ -728,14 +728,14 @@ getPWFromCallback(PK11SlotInfo *slot, PR
+ }
+
+ finish:
+- if( (exception=(*env)->ExceptionOccurred(env)) != NULL) {
+ #ifdef DEBUG
++ if( (exception=(*env)->ExceptionOccurred(env)) != NULL) {
+ jclass giveupClass;
+ jmethodID printStackTrace;
+ jclass excepClass;
+-#endif
++
+ (*env)->ExceptionClear(env);
+-#ifdef DEBUG
++
+ giveupClass = (*env)->FindClass(env, GIVE_UP_EXCEPTION);
+ PR_ASSERT(giveupClass != NULL);
+ if( ! (*env)->IsInstanceOf(env, exception, giveupClass) ) {
+@@ -746,8 +746,12 @@ finish:
+ PR_ASSERT( PR_FALSE );
+ }
+ PR_ASSERT(returnchars==NULL);
+-#endif
+ }
++#else
++ if( ((*env)->ExceptionOccurred(env)) != NULL) {
++ (*env)->ExceptionClear(env);
++ }
++#endif
+ return returnchars;
+ }
+
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/PK11Finder.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/PK11Finder.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/PK11Finder.c 2011-09-17 17:33:08.834976000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/PK11Finder.c 2011-09-19 16:51:46.438021000 -0700
+@@ -768,6 +768,10 @@ static int find_leaf_cert(
+ int *linked = NULL;
+
+ linked = PR_Malloc( sizeof(int) * numCerts );
++ if (linked == NULL) {
++ status = 0;
++ goto finish;
++ }
+
+ /* initialize the bitmap */
+ for (i = 0; i < numCerts; i++) {
+@@ -1735,7 +1739,7 @@ Java_org_mozilla_jss_CryptoManager_verif
+ {
+ SECStatus rv = SECFailure;
+ SECCertUsage certUsage;
+- SECItem *derCerts[2];
++ SECItem *derCerts[2] = { NULL, NULL };
+ CERTCertificate **certArray = NULL;
+ CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
+
+@@ -1749,7 +1753,6 @@ Java_org_mozilla_jss_CryptoManager_verif
+ }
+ PR_ASSERT(certdb != NULL);
+
+- derCerts[0] = NULL;
+ derCerts[0] = JSS_ByteArrayToSECItem(env, packageArray);
+ derCerts[1] = NULL;
+
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c 2011-09-17 17:33:08.708976000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c 2011-09-17 19:37:52.834292000 -0700
+@@ -235,7 +235,7 @@ static PRStatus
+ getAlgInfo(JNIEnv *env, jobject alg, JSS_AlgInfo *info)
+ {
+ jint index;
+- PRStatus status;
++ PRStatus status = PR_FAILURE;
+
+ PR_ASSERT(env!=NULL && alg!=NULL && info!=NULL);
+
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c 2011-09-17 17:33:08.970975000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c 2011-09-17 19:47:21.850722000 -0700
+@@ -181,7 +181,7 @@ Java_org_mozilla_jss_pkcs11_PK11MessageD
+ PK11Context *context=NULL;
+ jbyte *bytes=NULL;
+ SECStatus status;
+- unsigned int outLen;
++ unsigned int outLen = 0;
+
+ if( JSS_PK11_getCipherContext(env, proxyObj, &context) != PR_SUCCESS) {
+ /* exception was thrown */
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c 2011-09-17 17:33:09.013977000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c 2011-09-17 18:16:40.231161000 -0700
+@@ -273,6 +273,7 @@ Java_org_mozilla_jss_pkcs11_PK11PubKey_g
+ break;
+ case keaKey:
+ keyTypeFieldName = KEA_KEYTYPE_FIELD;
++ break;
+ default:
+ PR_ASSERT(PR_FALSE);
+ keyTypeFieldName = NULL_KEYTYPE_FIELD;
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Store.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Store.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Store.c 2011-09-17 17:33:09.032977000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Store.c 2011-09-17 19:48:57.776628000 -0700
+@@ -390,12 +390,6 @@ importPrivateKey
+ SECStatus status;
+ SECItem nickname;
+
+- keyType = JSS_PK11_getKeyType(env, keyTypeObj);
+- if( keyType == nullKey ) {
+- /* exception was thrown */
+- goto finish;
+- }
+-
+ /*
+ * initialize so we can goto finish
+ */
+@@ -403,6 +397,12 @@ importPrivateKey
+ derPK.len = 0;
+
+
++ keyType = JSS_PK11_getKeyType(env, keyTypeObj);
++ if( keyType == nullKey ) {
++ /* exception was thrown */
++ goto finish;
++ }
++
+ PR_ASSERT(env!=NULL && this!=NULL);
+
+ if(keyArray == NULL) {
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.c 2011-09-17 17:33:09.050976000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.c 2011-09-17 19:53:46.184339000 -0700
+@@ -962,12 +962,12 @@ JNIEXPORT jstring JNICALL Java_org_mozil
+ {
+ PK11SlotInfo *slot;
+ const char* c_subject=NULL;
+- jboolean isCopy;
++ jboolean isCopy = JNI_FALSE;
+ unsigned char *b64request=NULL;
+ SECItem p, q, g;
+ PQGParams *dsaParams=NULL;
+ const char* c_keyType;
+- jboolean k_isCopy;
++ jboolean k_isCopy = JNI_FALSE;
+ SECOidTag signType = SEC_OID_UNKNOWN;
+ PK11RSAGenParams rsaParams;
+ void *params = NULL;
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c 2011-09-17 17:33:09.073977000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c 2011-09-17 19:56:20.428184000 -0700
+@@ -516,11 +516,6 @@ Java_org_mozilla_jss_ssl_SSLSocket_socke
+ goto finish;
+ }
+
+- if( addrBAelems == NULL ) {
+- ASSERT_OUTOFMEM(env);
+- goto finish;
+- }
+-
+ if(addrBALen != 4 && addrBALen != 16) {
+ JSSL_throwSSLSocketException(env, "Invalid address in connect!");
+ goto finish;
+@@ -720,7 +715,7 @@ Java_org_mozilla_jss_ssl_SSLSocket_getCi
+ {
+ JSSL_SocketData *sock=NULL;
+ SECStatus status;
+- PRBool enabled;
++ PRBool enabled = PR_FAILURE;
+
+ /* get the fd */
+ if( JSSL_getSockData(env, sockObj, &sock) != PR_SUCCESS) {
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/callbacks.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/callbacks.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/callbacks.c 2004-09-03 11:32:03.000000000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/callbacks.c 2011-09-17 18:15:07.825252000 -0700
+@@ -684,17 +684,13 @@ JSSL_ConfirmExpiredPeerCert(void *arg, P
+ * Now check the name field in the cert against the desired hostname.
+ * NB: This is our only defense against Man-In-The-Middle (MITM) attacks!
+ */
+- if( peerCert == NULL ) {
+- rv = SECFailure;
++ char* hostname = NULL;
++ hostname = SSL_RevealURL(fd); /* really is a hostname, not a URL */
++ if (hostname && hostname[0]) {
++ rv = CERT_VerifyCertName(peerCert, hostname);
++ PORT_Free(hostname);
+ } else {
+- char* hostname = NULL;
+- hostname = SSL_RevealURL(fd); /* really is a hostname, not a URL */
+- if (hostname && hostname[0]) {
+- rv = CERT_VerifyCertName(peerCert, hostname);
+- PORT_Free(hostname);
+- } else {
+- rv = SECFailure;
+- }
++ rv = SECFailure;
+ }
+ }
+
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c 2011-09-17 17:33:09.094977000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c 2011-09-17 19:16:38.546566000 -0700
+@@ -95,6 +95,10 @@ writebuf(JNIEnv *env, PRFileDesc *fd, jo
+ jint arrayLen=-1;
+ PRInt32 retval;
+
++ if( env == NULL ) {
++ goto finish;
++ }
++
+ /*
+ * get the OutputStream
+ */
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/util/NativeErrcodes.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/NativeErrcodes.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/util/NativeErrcodes.c 2002-07-03 17:25:46.000000000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/NativeErrcodes.c 2011-09-18 23:02:28.130883000 -0700
+@@ -427,6 +427,7 @@ JSS_ConvertNativeErrcodeToJava(PRErrorCo
+ #endif
+
+ key.native = nativeErrcode;
++ key.java = -1;
+ target = bsearch( &key, errcodeTable, numErrcodes, sizeof(Errcode),
+ errcodeCompare );
+
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/util/jssutil.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/jssutil.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/util/jssutil.c 2011-09-17 17:33:09.103977000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/jssutil.c 2011-09-19 16:38:19.428634000 -0700
+@@ -529,7 +529,7 @@ JSS_wipeCharArray(char* array)
+ */
+ static char* getPWFromConsole()
+ {
+- char c;
++ int c;
+ char *ret;
+ int i;
+ char buf[200]; /* no buffer overflow: we bail after 200 chars */
diff --git a/jss.spec b/jss.spec
index 13b29c0..5c49814 100644
--- a/jss.spec
+++ b/jss.spec
@@ -1,6 +1,6 @@
Name: jss
Version: 4.2.6
-Release: 19.1%{?dist}
+Release: 20%{?dist}
Summary: Java Security Services (JSS)
Group: System Environment/Libraries
@@ -37,6 +37,7 @@ Patch12: jss-ECC-HSM-FIPS.patch
Patch13: jss-eliminate-native-compiler-warnings.patch
Patch14: jss-eliminate-java-compiler-warnings.patch
Patch15: jss-PKCS12-FIPS.patch
+Patch16: jss-eliminate-native-coverity-defects.patch
%description
@@ -69,6 +70,7 @@ This package contains the API documentation for JSS.
%patch13 -p1
%patch14 -p1
%patch15 -p1
+%patch16 -p1
%build
[ -z "$JAVA_HOME" ] && export JAVA_HOME=%{_jvmdir}/java
@@ -162,6 +164,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Mon Sep 19 2011 Matthew Harmsen <mharmsen at redhat.com> - 4.2.6-20
+- Bugzilla Bug #715621 - Defects revealed by Coverity scan
+
* Wed Aug 31 2011 Matthew Harmsen <mharmsen at redhat.com> - 4.2.6-19.1
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
More information about the scm-commits
mailing list