https://vm-025.idm.lab.bos.redhat.com:8443/projects/show.htm?projectId=10010&useDefaultView=true
Currently 25 issues reported.
batch move to 1.2.10.rc1
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=781534
0001-Ticket-161-Review-and-address-latest-Coverity-issues.patch 0001-Ticket-161-Review-and-address-latest-Coverity-issues.patch
admin patches 0001-Ticket-161-Review-and-address-latest-Coverity-issues.2.patch
adminutil patches 0001-Ticket-161-Review-and-address-latest-Coverity-issues.3.patch
All 3 patches look good.
commit changeset:2eb198fae8532bad8c5dffbbf2fbf9bae78798e7/adminutil Author: Rich Megginson rmeggins@redhat.com Date: Fri Jan 27 08:17:30 2012 -0700 Reviewed by: nhosoi (Thanks!) Branch: master Fix Description: 11120 Dereference after null check don't access info if it is NULL Platforms tested: RHEL6 x86_64 Flag Day: no Doc impact: no commit changeset:cae399a681a6808fea9853c63431cf8bfaab3cbb/adminutil Author: Rich Megginson rmeggins@redhat.com Date: Thu Jan 26 14:50:59 2012 -0700 Branch: master Fix Description: 11120 Dereference after null check don't access info if it is NULL Platforms tested: RHEL6 x86_64 Flag Day: no Doc impact: no
commit changeset:fc8a615d66d526e25356cc0fbeed149ddd64f4a8/389-admin Author: Rich Megginson rmeggins@redhat.com Date: Thu Jan 26 14:24:55 2012 -0700 Branch: master Fix Description: 12456-12455 Time of check time of use get rid of unused code
12454 Time of check time of use In change_uid() open file first using open() and perform other operations using the fd 12452 Format string vulnerability get rid of unused code 12448 Time of check time of use get rid of unused code 11147-11146 Missing varargs init or cleanup be sure to call va_end() to cleanup 11145 Resource leak In cgid_server() close(sd) before leaving function 11144-11142 Resource leak get rid of unused code 11141 Resource leak In list_directory(): free ar 11140 Resource leak get rid of unused code 11121 Missing break in switch get rid of unused code Platforms tested: RHEL6 x86_64 Flag Day: no Doc impact: no
commit changeset:24731b3/389-ds-base Author: Rich Megginson rmeggins@redhat.com Date: Thu Jan 26 12:13:54 2012 -0700
Ticket #161 - Review and address latest Coverity issues https://fedorahosted.org/389/ticket/161 Resolves: Ticket #161 Bug Description: Review and address latest Coverity issues Reviewed by: nhosoi (Thanks!) Branch: master Fix Description: 12486 12485 12484 Resource leak In linked_attrs_add_backlinks_callback(): Leak of memory or pointers to system resources the return -1 left targetsdn, targets, and pb dangling allocate targetsdn after shutdown check - instead of return -1, goto done an 12481 Resource leak In config_set_default_naming_context(): Leak of memory or pointers to system resources free suffix before return 12477 Uninitialized pointer read In index_addordel_entry(): Reads an uninitialized pointer or its target use LDBM_PARENTID_STR instead of type 12476 Dereference after null check In string_assertion2keys_ava(): Pointer is checked against null but then dereferenced anyway check for NULL val 12475 Logically dead code In _entryrdn_insert_key(): Code can never be reached because of a logical contradiction get rid of dead code 12448 Time of check time of use In INTdir_create_all(): A check occurs on a file's attributes before the file is used in a privileged operation, but things may have changed get rid of unused code 12447-12444 Time of check time of use use open() to open the file, then use the functions that take an fd to further test or access the file - this prevents someone changing the file between functions that only use the filename 12434-12425 Copy into fixed size buffer use strncpy or snprintf and make sure the string is null terminated Platforms tested: RHEL6 x86_64, Fedora 16 Flag Day: no Doc impact: no
Added initial screened field value.
Metadata Update from @rmeggins: - Issue assigned to rmeggins - Issue set to the milestone: 1.2.10.rc1
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/161
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.