Public bug reported:
In performing the MIR audit for cobbler-enlist (bug #860492), I
discovred:
- PROBLEM: most xmlrpc_* calls are not doing any error checking, but should be
based on looking at code of xmlrpc-c.
- RECOMMENDATION: create utility function wrappers for the common xmlrpc-c
comamnds, have the cobbler-enlist code use the wrappers, and have the wrappers
do all the error checking. Eg: all current uses of xmlrpc_array_new(...) should
be changed to use ce_xmlrpc_array_new(...), then ce_xmlrpc_array_new() calls
xmlrpc_array_new() and does the necessary error checking and fails. This should
be done everywhere that an xmlrpc function is used a lot, and for those things
that are used only once, simply do it inline (eg for xmlrpc_server_info_new()).
This needs to get fixed so that cobbler-enlist is defensively coded.
This must happen before 12.04 and I think it would also be good for SRU.
** Affects: cobbler-enlist (Ubuntu)
Importance: High
Assignee: Canonical Server Team (canonical-server)
Status: Triaged
** Affects: cobbler-enlist (Ubuntu Oneiric)
Importance: High
Assignee: Canonical Server Team (canonical-server)
Status: Triaged
** Affects: cobbler-enlist (Ubuntu P-series)
Importance: High
Assignee: Canonical Server Team (canonical-server)
Status: Triaged
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
** Changed in: cobbler-enlist (Ubuntu)
Importance: Undecided => High
** Changed in: cobbler-enlist (Ubuntu)
Status: New => Triaged
** Changed in: cobbler-enlist (Ubuntu)
Assignee: (unassigned) => Canonical Server Team (canonical-server)
** Also affects: cobbler-enlist (Ubuntu Oneiric)
Importance: High
Assignee: Canonical Server Team (canonical-server)
Status: Triaged
** Also affects: cobbler-enlist (Ubuntu P-series)
Importance: Undecided
Status: New
** Changed in: cobbler-enlist (Ubuntu P-series)
Status: New => Triaged
** Changed in: cobbler-enlist (Ubuntu P-series)
Importance: Undecided => High
** Changed in: cobbler-enlist (Ubuntu P-series)
Assignee: (unassigned) => Canonical Server Team (canonical-server)
** Changed in: cobbler-enlist (Ubuntu Oneiric)
Milestone: None => oneiric-updates
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cobbler-enlist in Ubuntu.
https://bugs.launchpad.net/bugs/862558
Title:
cobbler-enlist is not checking for return codes enough
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cobbler-enlist/+bug/862558/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
