On Wed, 28 Jan 2015, Martin Babinsky wrote:
can you pick this up as the way to fix this coverity issue ?


Yes I will try to implement it and post all the updates ASAP.

I have tried to incorporate Alexander's patch to the 'ipa_kdb_principals.c'. However covscan is still not happy about it and reports FORWARD_NULL defect:

Error: FORWARD_NULL (CWE-476):
freeipa- assign_zero: Assigning: "principal" = "NULL". freeipa- var_deref_model: Passing null pointer "principal" to "ipadb_entry_to_mods", which dereferences it. freeipa- deref_parm_in_call: Function "ipadb_get_ldap_mod_str" dereferences "principal". freeipa- deref_parm_in_call: Function "strdup" dereferences "value".

Should I keep the changes and add annotation marking it as false positive?
You actually missed part of my patch which removed 'principal' argument
of ipadb_entry_to_mods(). When 'principal' processing is moved to a
separate function, 'principal' is not needed anymore in the
ipadb_entry_to_mods() and thus can be removed. I didn't finish removing
the actual code for the KMASK_PRINCIPAL from the ipadb_entry_to_mods()
and this is what Simo called is 'incomplete' in my patch.

Removing it would remove errors reported by covscan.

/ Alexander Bokovoy

Freeipa-devel mailing list

Reply via email to