On Wed, 28 Jan 2015, Martin Babinsky wrote:
can you pick this up as the way to fix this coverity issue ?
Simo.
Yes I will try to implement it and post all the updates ASAP.
I have tried to incorporate Alexander's patch to the 'ipa_kdb_principals.c'.
However covscan is still not happy about it and reports FORWARD_NULL defect:
"""
Error: FORWARD_NULL (CWE-476):
freeipa-4.1.99.201501280935GITbeaceb7/daemons/ipa-kdb/ipa_kdb_principals.c:1926:
assign_zero: Assigning: "principal" = "NULL".
freeipa-4.1.99.201501280935GITbeaceb7/daemons/ipa-kdb/ipa_kdb_principals.c:1974:
var_deref_model: Passing null pointer "principal" to "ipadb_entry_to_mods",
which dereferences it.
freeipa-4.1.99.201501280935GITbeaceb7/daemons/ipa-kdb/ipa_kdb_principals.c:1525:9:
deref_parm_in_call: Function "ipadb_get_ldap_mod_str" dereferences
"principal".
freeipa-4.1.99.201501280935GITbeaceb7/daemons/ipa-kdb/ipa_kdb_principals.c:1174:5:
deref_parm_in_call: Function "strdup" dereferences "value".
"""
Should I keep the changes and add annotation marking it as false positive?
You actually missed part of my patch which removed 'principal' argument
of ipadb_entry_to_mods(). When 'principal' processing is moved to a
separate function, 'principal' is not needed anymore in the
ipadb_entry_to_mods() and thus can be removed. I didn't finish removing
the actual code for the KMASK_PRINCIPAL from the ipadb_entry_to_mods()
and this is what Simo called is 'incomplete' in my patch.
Removing it would remove errors reported by covscan.
--
/ Alexander Bokovoy
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
