On Wed, 28 Jan 2015, Martin Babinsky wrote:
can you pick this up as the way to fix this coverity issue ?
Yes I will try to implement it and post all the updates ASAP.
I have tried to incorporate Alexander's patch to the 'ipa_kdb_principals.c'.
However covscan is still not happy about it and reports FORWARD_NULL defect:
Error: FORWARD_NULL (CWE-476):
assign_zero: Assigning: "principal" = "NULL".
var_deref_model: Passing null pointer "principal" to "ipadb_entry_to_mods",
which dereferences it.
deref_parm_in_call: Function "ipadb_get_ldap_mod_str" dereferences
deref_parm_in_call: Function "strdup" dereferences "value".
Should I keep the changes and add annotation marking it as false positive?
You actually missed part of my patch which removed 'principal' argument
of ipadb_entry_to_mods(). When 'principal' processing is moved to a
separate function, 'principal' is not needed anymore in the
ipadb_entry_to_mods() and thus can be removed. I didn't finish removing
the actual code for the KMASK_PRINCIPAL from the ipadb_entry_to_mods()
and this is what Simo called is 'incomplete' in my patch.
Removing it would remove errors reported by covscan.
/ Alexander Bokovoy
Freeipa-devel mailing list