3:30 a.m.
A recent Coverity version update discovered some existing issues (and some
benign cases). This patch set cleans them all up.
John Ferlan (6):
VSMS: Coverity cleanups
libxkutil:pool_parsing: Coverity cleanups
libxkutil:device_parsing: Coverity cleanups
libxkutil/xml_parse_test: Coverity cleanup
RAFP: Coverity cleanup
EAFP: Coverity cleanup
libxkutil/device_parsing.c | 41 +++++++++++++++++--------------
libxkutil/pool_parsing.c | 39 +++++++++++++++--------------
libxkutil/xml_parse_test.c | 1 +
src/Virt_ElementAllocatedFromPool.c | 6 ++++-
src/Virt_ResourceAllocationFromPool.c | 7 ++++--
src/Virt_SettingsDefineCapabilities.c | 2 +-
src/Virt_VirtualSystemManagementService.c | 11 ++++++---
7 files changed, 63 insertions(+), 44 deletions(-)
--
1.8.4.2
3:30 a.m.
New subject: [PATCH 1/6] VSMS: Coverity cleanups
A new version of Coverity found a number of issues:
parse_ip_address(): FORWARD_NULL
- Benign issue regarding how 'tmp_ip' was compared against NULL for
the IPv6 processing and then used blindly later when strdup()'ing
into *ip. Rather than use NULL check, compare against return of 1
or more which indicates that something is there
update_system_settings(): RESOURCE_LEAK
- The 'uuid' value was being leaked if strdup()'d. Also rather than
strdup()'g and strdup()'d value and risking failure, just assign the
initially strdup()'d value and reinitialize uuid to NULL
fv_vssd_to_domain(): USE_AFTER_FREE
- The domain->os_info.fv.arch is free()'d only to be potentially
strdup()'d after processing the 'cu_get_str_prop()' for "Arch".
The complaint was that it was possible to not strdup() a new value
and thus possible to pass a free()'d value to get_default_machine().
Passing a NULL is not an issue as that is checked.
Additionally found by inspection, 'val' was not initialized to NULL,
so the setting of os_info.fv.arch may not be what was expected. Also,
after processing "Arch" it was not reinitialized to NULL so its
contents could potentially have been saved in os_info.fv.machine.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/Virt_VirtualSystemManagementService.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/Virt_VirtualSystemManagementService.c
b/src/Virt_VirtualSystemManagementService.c
index 5c7238f..b624d8c 100644
--- a/src/Virt_VirtualSystemManagementService.c
+++ b/src/Virt_VirtualSystemManagementService.c
@@ -464,7 +464,7 @@ static int fv_vssd_to_domain(CMPIInstance *inst,
{
int ret = 1;
int retr;
- const char *val;
+ const char *val = NULL;
const char *domtype = NULL;
const char *ostype = "hvm";
struct capabilities *capsinfo = NULL;
@@ -494,6 +494,7 @@ static int fv_vssd_to_domain(CMPIInstance *inst,
}
free(domain->os_info.fv.arch);
+ domain->os_info.fv.arch = NULL;
retr = cu_get_str_prop(inst, "Arch", &val);
if (retr != CMPI_RC_OK) {
if (capsinfo != NULL) { /* set default */
@@ -506,6 +507,8 @@ static int fv_vssd_to_domain(CMPIInstance *inst,
domain->os_info.fv.arch = strdup(val);
free(domain->os_info.fv.machine);
+ domain->os_info.fv.machine = NULL;
+ val = NULL;
retr = cu_get_str_prop(inst, "Machine", &val);
if (retr != CMPI_RC_OK) {
if (capsinfo != NULL && domtype != NULL) { /* set default */
@@ -1415,7 +1418,7 @@ static int parse_ip_address(const char *id,
if (strstr(id, "[") != NULL) {
/* its an ipv6 address */
ret = sscanf(id, "%a[^]]]:%as", &tmp_ip, &tmp_port);
- if (tmp_ip != NULL) {
+ if (ret >= 1) {
tmp_ip = realloc(tmp_ip, strlen(tmp_ip) + 2);
if (tmp_ip == NULL) {
ret = 0;
@@ -2798,7 +2801,8 @@ static CMPIStatus update_system_settings(const CMPIContext
*context,
}
if ((dominfo->uuid == NULL) || (STREQ(dominfo->uuid, ""))) {
- dominfo->uuid = strdup(uuid);
+ dominfo->uuid = uuid;
+ uuid = NULL;
} else if (!STREQ(uuid, dominfo->uuid)) {
cu_statusf(_BROKER, &s,
CMPI_RC_ERR_FAILED,
@@ -2829,6 +2833,7 @@ static CMPIStatus update_system_settings(const CMPIContext
*context,
}
out:
+ free(uuid);
free(xml);
virDomainFree(dom);
virConnectClose(conn);
--
1.8.4.2
11:24 p.m.
New subject: [PATCH 1/6] VSMS: Coverity cleanups
On 01/22/2014 08:30 PM, John Ferlan wrote:
A new version of Coverity found a number of issues:
parse_ip_address(): FORWARD_NULL
- Benign issue regarding how 'tmp_ip' was compared against NULL for
the IPv6 processing and then used blindly later when strdup()'ing
into *ip. Rather than use NULL check, compare against return of 1
or more which indicates that something is there
update_system_settings(): RESOURCE_LEAK
- The 'uuid' value was being leaked if strdup()'d. Also rather than
strdup()'g and strdup()'d value and risking failure, just assign the
initially strdup()'d value and reinitialize uuid to NULL
fv_vssd_to_domain(): USE_AFTER_FREE
- The domain->os_info.fv.arch is free()'d only to be potentially
strdup()'d after processing the 'cu_get_str_prop()' for
"Arch".
The complaint was that it was possible to not strdup() a new value
and thus possible to pass a free()'d value to get_default_machine().
Passing a NULL is not an issue as that is checked.
Additionally found by inspection, 'val' was not initialized to NULL,
so the setting of os_info.fv.arch may not be what was expected. Also,
after processing "Arch" it was not reinitialized to NULL so its
contents could potentially have been saved in os_info.fv.machine.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/Virt_VirtualSystemManagementService.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/Virt_VirtualSystemManagementService.c
b/src/Virt_VirtualSystemManagementService.c
index 5c7238f..b624d8c 100644
--- a/src/Virt_VirtualSystemManagementService.c
+++ b/src/Virt_VirtualSystemManagementService.c
@@ -464,7 +464,7 @@ static int fv_vssd_to_domain(CMPIInstance *inst,
{
int ret = 1;
int retr;
- const char *val;
+ const char *val = NULL;
const char *domtype = NULL;
const char *ostype = "hvm";
struct capabilities *capsinfo = NULL;
@@ -494,6 +494,7 @@ static int fv_vssd_to_domain(CMPIInstance *inst,
}
free(domain->os_info.fv.arch);
+ domain->os_info.fv.arch = NULL;
retr = cu_get_str_prop(inst, "Arch", &val);
if (retr != CMPI_RC_OK) {
if (capsinfo != NULL) { /* set default */
@@ -506,6 +507,8 @@ static int fv_vssd_to_domain(CMPIInstance *inst,
domain->os_info.fv.arch = strdup(val);
free(domain->os_info.fv.machine);
+ domain->os_info.fv.machine = NULL;
+ val = NULL;
retr = cu_get_str_prop(inst, "Machine", &val);
if (retr != CMPI_RC_OK) {
if (capsinfo != NULL && domtype != NULL) { /* set default */
@@ -1415,7 +1418,7 @@ static int parse_ip_address(const char *id,
if (strstr(id, "[") != NULL) {
/* its an ipv6 address */
ret = sscanf(id, "%a[^]]]:%as", &tmp_ip,
&tmp_port);
- if (tmp_ip != NULL) {
+ if (ret >= 1) {
tmp_ip = realloc(tmp_ip, strlen(tmp_ip) + 2);
if (tmp_ip == NULL) {
ret = 0;
@@ -2798,7 +2801,8 @@ static CMPIStatus update_system_settings(const CMPIContext
*context,
}
if ((dominfo->uuid == NULL) || (STREQ(dominfo->uuid, ""))) {
- dominfo->uuid = strdup(uuid);
+ dominfo->uuid = uuid;
+ uuid = NULL;
I am getting a compile error here and below for the
free of uuid.
error: assignment discards 'const' qualifier from pointer target type
[-Werror]
error: passing argument 1 of 'free' discards 'const' qualifier from
pointer target type [-Werror]
Removing the const in the declaration works... for me.
} else if (!STREQ(uuid, dominfo->uuid)) {
cu_statusf(_BROKER, &s,
CMPI_RC_ERR_FAILED,
@@ -2829,6 +2833,7 @@ static CMPIStatus update_system_settings(const CMPIContext
*context,
}
out:
+ free(uuid);
free(xml);
virDomainFree(dom);
virConnectClose(conn);
--
Mit freundlichen Grüßen/Kind regards
Boris Fiuczynski
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martina Köderitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
9:14 p.m.
New subject: [PATCH 1/6] VSMS: Coverity cleanups
On 02/04/2014 10:24 AM, Boris Fiuczynski wrote:
On 01/22/2014 08:30 PM, John Ferlan wrote:
<...snip...>
> @@ -2798,7 +2801,8 @@ static CMPIStatus
update_system_settings(const CMPIContext *context,
> }
>
> if ((dominfo->uuid == NULL) || (STREQ(dominfo->uuid, "")))
{
> - dominfo->uuid = strdup(uuid);
> + dominfo->uuid = uuid;
> + uuid = NULL;
I am getting a compile error here and below for the free of uuid.
error: assignment discards 'const' qualifier from pointer target type
[-Werror]
error: passing argument 1 of 'free' discards 'const' qualifier from
pointer target type [-Werror]
Removing the const in the declaration works... for me.
Strange - mine didn't complain, but one would also think that the prior
code doing a uuid = strdup(dominfo->uuid); would elicit the same issue!
Anyway, adjusted the definition from "const char *uuid" to just "char
*uuid".
In actually reading and thinking about the code, do you think a
"free(dominfo->uuid);" prior to the setting should be added too? In the
event it was the empty string? Not sure how it gets set that way, but
since cleanup_dominfo() would free() it if it was "" or whatever real
value is, then I suppose better safe than sorry.
Tks,
John
> } else if (!STREQ(uuid, dominfo->uuid)) {
> cu_statusf(_BROKER, &s,
> CMPI_RC_ERR_FAILED,
> @@ -2829,6 +2833,7 @@ static CMPIStatus update_system_settings(const CMPIContext
*context,
> }
>
> out:
> + free(uuid);
> free(xml);
> virDomainFree(dom);
> virConnectClose(conn);
>
11:43 p.m.
New subject: [PATCH 1/6] VSMS: Coverity cleanups
On 02/05/2014 02:14 PM, John Ferlan wrote:
On 02/04/2014 10:24 AM, Boris Fiuczynski wrote:
> On 01/22/2014 08:30 PM, John Ferlan wrote:
<...snip...>
>> @@ -2798,7 +2801,8 @@ static CMPIStatus update_system_settings(const CMPIContext
*context,
>> }
>>
>> if ((dominfo->uuid == NULL) || (STREQ(dominfo->uuid,
""))) {
>> - dominfo->uuid = strdup(uuid);
>> + dominfo->uuid = uuid;
>> + uuid = NULL;
> I am getting a compile error here and below for the free of uuid.
> error: assignment discards 'const' qualifier from pointer target type
> [-Werror]
> error: passing argument 1 of 'free' discards 'const' qualifier from
> pointer target type [-Werror]
>
> Removing the const in the declaration works... for me.
>
Strange - mine didn't complain, but one would also think that the prior
code doing a uuid = strdup(dominfo->uuid); would elicit the same issue!
Anyway, adjusted the definition from "const char *uuid" to just "char
*uuid".
In actually reading and thinking about the code, do you think a
"free(dominfo->uuid);" prior to the setting should be added too? In the
event it was the empty string? Not sure how it gets set that way, but
since cleanup_dominfo() would free() it if it was "" or whatever real
value is, then I suppose better safe than sorry.
Yeah, to be 100% sure I guess just
freeing it is ok... :-)
Tks,
John
>> } else if (!STREQ(uuid, dominfo->uuid)) {
>> cu_statusf(_BROKER, &s,
>> CMPI_RC_ERR_FAILED,
>> @@ -2829,6 +2833,7 @@ static CMPIStatus update_system_settings(const CMPIContext
*context,
>> }
>>
>> out:
>> + free(uuid);
>> free(xml);
>> virDomainFree(dom);
>> virConnectClose(conn);
>>
>
>
_______________________________________________
Libvirt-cim mailing list
Libvirt-cim(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-cim
--
Mit freundlichen Grüßen/Kind regards
Boris Fiuczynski
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martina Köderitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
3:30 a.m.
New subject: [PATCH 2/6] libxkutil:pool_parsing: Coverity cleanups
A new version of Coverity found a number of issues:
get_pool_from_xml(): FORWARD_NULL
parse_disk_pool(): RESOURCE_LEAK
- If parse_disk_pool() returned name == NULL, then the strdup() of
name into pool->id would dereference the NULL pointer leading to
a segfault.
Furthermore parse_disk_pool() had a few issues. First the 'type_str'
could be NULL, so that needs to be checked. Second, 'type_str' was
never free()'d (the get_attr_value returns a strdup()'d value).
Realizing all that resulted in a few extra changes to not strdup()
a value that we strdup()'d
Eventually get_pool_from_xml() will return to get_disk_pool() which
returns to diskpool_set_capacity() or _new_volume_template() which
both error out when return value != 0 (although, I did change the
latter to be more explicit and match the former).
Finally, even though the parsing of the element will only ever have
one "name" value - Coverity doesn't know that, so as a benign fix be
sure to not overwrite 'name' if "name" isn't already set.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
libxkutil/pool_parsing.c | 39 ++++++++++++++++++-----------------
src/Virt_SettingsDefineCapabilities.c | 2 +-
2 files changed, 21 insertions(+), 20 deletions(-)
diff --git a/libxkutil/pool_parsing.c b/libxkutil/pool_parsing.c
index 922ff32..80bd4ca 100644
--- a/libxkutil/pool_parsing.c
+++ b/libxkutil/pool_parsing.c
@@ -194,15 +194,17 @@ char *get_disk_pool_type(uint16_t type)
}
-static const char *parse_disk_pool(xmlNodeSet *nsv, struct disk_pool *pool)
+static char *parse_disk_pool(xmlNodeSet *nsv, struct disk_pool *pool)
{
xmlNode **nodes = nsv->nodeTab;
xmlNode *child;
- const char *type_str = NULL;
- const char *name = NULL;
+ char *type_str = NULL;
+ char *name = NULL;
int type = 0;
type_str = get_attr_value(nodes[0], "type");
+ if (type_str == NULL)
+ return NULL;
if (STREQC(type_str, "dir"))
type = DISK_POOL_DIR;
@@ -220,12 +222,15 @@ static const char *parse_disk_pool(xmlNodeSet *nsv, struct disk_pool
*pool)
type = DISK_POOL_SCSI;
else
type = DISK_POOL_UNKNOWN;
+ free(type_str);
pool->pool_type = type;
-
+
for (child = nodes[0]->children; child != NULL; child = child->next) {
- if (XSTREQ(child->name, "name")) {
+ if (XSTREQ(child->name, "name") && name == NULL) {
name = get_node_content(child);
+ if (name == NULL)
+ return NULL;
} else if (XSTREQ(child->name, "target"))
parse_disk_target(child, pool);
else if (XSTREQ(child->name, "source"))
@@ -238,14 +243,18 @@ static const char *parse_disk_pool(xmlNodeSet *nsv, struct disk_pool
*pool)
int get_pool_from_xml(const char *xml, struct virt_pool *pool, int type)
{
int len;
- int ret = 0;
+ int ret = 1;
xmlDoc *xmldoc;
xmlXPathContext *xpathctx;
xmlXPathObject *xpathobj;
const xmlChar *xpathstr = (xmlChar *)"/pool";
- const char *name;
CU_DEBUG("Pool XML : %s", xml);
+
+ /* FIXME: Add support for parsing network pools */
+ if (type == CIM_RES_TYPE_NET)
+ return 0;
+
len = strlen(xml) + 1;
if ((xmldoc = xmlParseMemory(xml, len)) == NULL)
@@ -257,22 +266,14 @@ int get_pool_from_xml(const char *xml, struct virt_pool *pool, int
type)
if ((xpathobj = xmlXPathEvalExpression(xpathstr, xpathctx)) == NULL)
goto err3;
- /* FIXME: Add support for parsing network pools */
- if (type == CIM_RES_TYPE_NET) {
- ret = 0;
- goto err1;
- }
-
memset(pool, 0, sizeof(*pool));
- pool->type = CIM_RES_TYPE_DISK;
- name = parse_disk_pool(xpathobj->nodesetval,
- &(pool)->pool_info.disk);
- if (name == NULL)
+ pool->type = CIM_RES_TYPE_DISK;
+ pool->id = parse_disk_pool(xpathobj->nodesetval,
+ &(pool)->pool_info.disk);
+ if (pool->id != NULL)
ret = 0;
- pool->id = strdup(name);
-
xmlXPathFreeObject(xpathobj);
err3:
xmlXPathFreeContext(xpathctx);
diff --git a/src/Virt_SettingsDefineCapabilities.c
b/src/Virt_SettingsDefineCapabilities.c
index fe16e3f..756e46b 100644
--- a/src/Virt_SettingsDefineCapabilities.c
+++ b/src/Virt_SettingsDefineCapabilities.c
@@ -1376,7 +1376,7 @@ static CMPIStatus _new_volume_template(const CMPIObjectPath *ref,
}
ret = get_disk_pool(poolptr, &pool);
- if (ret == 1) {
+ if (ret != 0) {
virt_set_status(_BROKER, &s,
CMPI_RC_ERR_FAILED,
virStoragePoolGetConnect(poolptr),
--
1.8.4.2
8:31 p.m.
New subject: [PATCH 2/6] libxkutil:pool_parsing: Coverity cleanups
On 01/22/2014 08:30 PM, John Ferlan wrote:
A new version of Coverity found a number of issues:
get_pool_from_xml(): FORWARD_NULL
parse_disk_pool(): RESOURCE_LEAK
- If parse_disk_pool() returned name == NULL, then the strdup() of
name into pool->id would dereference the NULL pointer leading to
a segfault.
Furthermore parse_disk_pool() had a few issues. First the 'type_str'
could be NULL, so that needs to be checked. Second, 'type_str' was
never free()'d (the get_attr_value returns a strdup()'d value).
Realizing all that resulted in a few extra changes to not strdup()
a value that we strdup()'d
Eventually get_pool_from_xml() will return to get_disk_pool() which
returns to diskpool_set_capacity() or _new_volume_template() which
both error out when return value != 0 (although, I did change the
latter to be more explicit and match the former).
Finally, even though the parsing of the element will only ever have
one "name" value - Coverity doesn't know that, so as a benign fix be
sure to not overwrite 'name' if "name" isn't already set.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
libxkutil/pool_parsing.c | 39 ++++++++++++++++++-----------------
src/Virt_SettingsDefineCapabilities.c | 2 +-
2 files changed, 21 insertions(+), 20 deletions(-)
diff --git a/libxkutil/pool_parsing.c b/libxkutil/pool_parsing.c
index 922ff32..80bd4ca 100644
--- a/libxkutil/pool_parsing.c
+++ b/libxkutil/pool_parsing.c
@@ -194,15 +194,17 @@ char *get_disk_pool_type(uint16_t type)
}
-static const char *parse_disk_pool(xmlNodeSet *nsv, struct disk_pool *pool)
+static char *parse_disk_pool(xmlNodeSet *nsv, struct disk_pool *pool)
{
xmlNode **nodes = nsv->nodeTab;
xmlNode *child;
- const char *type_str = NULL;
- const char *name = NULL;
+ char *type_str = NULL;
+ char *name = NULL;
int type = 0;
type_str = get_attr_value(nodes[0], "type");
+ if (type_str == NULL)
+ return NULL;
if (STREQC(type_str, "dir"))
type = DISK_POOL_DIR;
@@ -220,12 +222,15 @@ static const char *parse_disk_pool(xmlNodeSet *nsv, struct
disk_pool *pool)
type = DISK_POOL_SCSI;
else
type = DISK_POOL_UNKNOWN;
+ free(type_str);
pool->pool_type = type;
-
+
for (child = nodes[0]->children; child != NULL; child = child->next) {
- if (XSTREQ(child->name, "name")) {
+ if (XSTREQ(child->name, "name") && name == NULL) {
name = get_node_content(child);
+ if (name == NULL)
+ return NULL;
} else if (XSTREQ(child->name, "target"))
parse_disk_target(child, pool);
else if (XSTREQ(child->name, "source"))
@@ -238,14 +243,18 @@ static const char *parse_disk_pool(xmlNodeSet *nsv, struct
disk_pool *pool)
int get_pool_from_xml(const char *xml, struct virt_pool *pool, int type)
{
int len;
- int ret = 0;
+ int ret = 1;
Isn't this a bug fix... beside a cleanup? Before the
return value was
always 0! It also changes the method get_disk_pool in Virt_DevicePool.c
in its return value behavior in the same way.
The usage of get_disk_pool in the method diskpool_set_capacity checks
for the return value and being !=0 it is considered an error
(Virt_DevicePool.c line 324). Doesn't that need to get changed in this
patch?
Even so you mention above in your description the two chained
exploitation code pieces it seems that you fixed just one ... or did I
miss something?
xmlDoc *xmldoc;
xmlXPathContext *xpathctx;
xmlXPathObject *xpathobj;
const xmlChar *xpathstr = (xmlChar *)"/pool";
- const char *name;
CU_DEBUG("Pool XML : %s", xml);
+
+ /* FIXME: Add support for parsing network pools */
+ if (type == CIM_RES_TYPE_NET)
+ return 0;
+
len = strlen(xml) + 1;
if ((xmldoc = xmlParseMemory(xml, len)) == NULL)
@@ -257,22 +266,14 @@ int get_pool_from_xml(const char *xml, struct virt_pool *pool, int
type)
if ((xpathobj = xmlXPathEvalExpression(xpathstr, xpathctx)) == NULL)
goto err3;
- /* FIXME: Add support for parsing network pools */
- if (type == CIM_RES_TYPE_NET) {
- ret = 0;
- goto err1;
- }
-
memset(pool, 0, sizeof(*pool));
- pool->type = CIM_RES_TYPE_DISK;
- name = parse_disk_pool(xpathobj->nodesetval,
- &(pool)->pool_info.disk);
- if (name == NULL)
+ pool->type = CIM_RES_TYPE_DISK;
+ pool->id = parse_disk_pool(xpathobj->nodesetval,
+ &(pool)->pool_info.disk);
+ if (pool->id != NULL)
ret = 0;
- pool->id = strdup(name);
-
xmlXPathFreeObject(xpathobj);
err3:
xmlXPathFreeContext(xpathctx);
diff --git a/src/Virt_SettingsDefineCapabilities.c
b/src/Virt_SettingsDefineCapabilities.c
index fe16e3f..756e46b 100644
--- a/src/Virt_SettingsDefineCapabilities.c
+++ b/src/Virt_SettingsDefineCapabilities.c
@@ -1376,7 +1376,7 @@ static CMPIStatus _new_volume_template(const CMPIObjectPath *ref,
}
ret = get_disk_pool(poolptr, &pool);
- if (ret == 1) {
+ if (ret != 0) {
virt_set_status(_BROKER, &s,
CMPI_RC_ERR_FAILED,
virStoragePoolGetConnect(poolptr),
src/Virt_DevicePool.c line 324 =! change seems to be missing.
--
Mit freundlichen Grüßen/Kind regards
Boris Fiuczynski
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martina Köderitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
10:08 p.m.
New subject: [PATCH 2/6] libxkutil:pool_parsing: Coverity cleanups
On 02/04/2014 07:31 AM, Boris Fiuczynski wrote:
On 01/22/2014 08:30 PM, John Ferlan wrote:
> A new version of Coverity found a number of issues:
>
> get_pool_from_xml(): FORWARD_NULL
> parse_disk_pool(): RESOURCE_LEAK
> - If parse_disk_pool() returned name == NULL, then the strdup() of
> name into pool->id would dereference the NULL pointer leading to
> a segfault.
>
> Furthermore parse_disk_pool() had a few issues. First the 'type_str'
> could be NULL, so that needs to be checked. Second, 'type_str' was
> never free()'d (the get_attr_value returns a strdup()'d value).
>
> Realizing all that resulted in a few extra changes to not strdup()
> a value that we strdup()'d
>
> Eventually get_pool_from_xml() will return to get_disk_pool() which
> returns to diskpool_set_capacity() or _new_volume_template() which
> both error out when return value != 0 (although, I did change the
> latter to be more explicit and match the former).
>
> Finally, even though the parsing of the element will only ever have
> one "name" value - Coverity doesn't know that, so as a benign fix
be
> sure to not overwrite 'name' if "name" isn't already set.
>
> Signed-off-by: John Ferlan <jferlan(a)redhat.com>
> ---
> libxkutil/pool_parsing.c | 39 ++++++++++++++++++-----------------
> src/Virt_SettingsDefineCapabilities.c | 2 +-
> 2 files changed, 21 insertions(+), 20 deletions(-)
>
> diff --git a/libxkutil/pool_parsing.c b/libxkutil/pool_parsing.c
> index 922ff32..80bd4ca 100644
> --- a/libxkutil/pool_parsing.c
> +++ b/libxkutil/pool_parsing.c
> @@ -194,15 +194,17 @@ char *get_disk_pool_type(uint16_t type)
>
> }
>
> -static const char *parse_disk_pool(xmlNodeSet *nsv, struct disk_pool *pool)
> +static char *parse_disk_pool(xmlNodeSet *nsv, struct disk_pool *pool)
> {
> xmlNode **nodes = nsv->nodeTab;
> xmlNode *child;
> - const char *type_str = NULL;
> - const char *name = NULL;
> + char *type_str = NULL;
> + char *name = NULL;
> int type = 0;
>
> type_str = get_attr_value(nodes[0], "type");
> + if (type_str == NULL)
> + return NULL;
>
> if (STREQC(type_str, "dir"))
> type = DISK_POOL_DIR;
> @@ -220,12 +222,15 @@ static const char *parse_disk_pool(xmlNodeSet *nsv, struct
disk_pool *pool)
> type = DISK_POOL_SCSI;
> else
> type = DISK_POOL_UNKNOWN;
> + free(type_str);
>
> pool->pool_type = type;
> -
> +
> for (child = nodes[0]->children; child != NULL; child = child->next)
{
> - if (XSTREQ(child->name, "name")) {
> + if (XSTREQ(child->name, "name") && name ==
NULL) {
> name = get_node_content(child);
> + if (name == NULL)
> + return NULL;
> } else if (XSTREQ(child->name, "target"))
> parse_disk_target(child, pool);
> else if (XSTREQ(child->name, "source"))
> @@ -238,14 +243,18 @@ static const char *parse_disk_pool(xmlNodeSet *nsv, struct
disk_pool *pool)
> int get_pool_from_xml(const char *xml, struct virt_pool *pool, int type)
> {
> int len;
> - int ret = 0;
> + int ret = 1;
Isn't this a bug fix... beside a cleanup? Before the return value was
always 0! It also changes the method get_disk_pool in Virt_DevicePool.c
in its return value behavior in the same way.
True - a bug fix insomuch as either caller is concerned, but yet still
found by Coverity as a RESOURCE_LEAK initially and then me as I was
reading the code... I think the primary way to hit the bug would have
been through a *alloc()/strdup() failure though.
The usage of get_disk_pool in the method diskpool_set_capacity checks
for the return value and being !=0 it is considered an error
(Virt_DevicePool.c line 324). Doesn't that need to get changed in this
patch?
I don't think so. Prior to my change/cleanup if anything failed in
get_pool_from_xml(), then diskpool_set_capacity() could wrongly or even
partially set the properties for "Path", "Host",
"SourceDirectory", and
"OtherResourceType". Although perhaps only the type would be wrong,
since all others actually check for non NULL fields before strdup() and
CMSetProperty() calls. Thus perhaps "path" could be set, but host and
source directory not due to memory constraints, or some combination of
the 3. Probably not a good thing to be happening. Of course there are
those that contend that if you're that memory constrained, the code
isn't going much further anyway...
In any case, all my change does is acknowledge and return the failure
which the caller already handled properly.
FWIW: For context
Line 324 in diskpool_set_capacity():
if (get_disk_pool(pool, &pool_vals) != 0) {
CU_DEBUG("Error getting pool path for: %s", _pool->tag);
} else {
if (pool_vals->pool_info.disk.path != NULL) {
pool_str = strdup(pool_vals->pool_info.disk.path);
CMSetProperty(inst, "Path",
(CMPIValue *)pool_str, CMPI_chars);
}
...
Even so you mention above in your description the two chained
exploitation code pieces it seems that you fixed just one ... or did I
miss something?
The reason for the change in _new_volume_template() was to match the
return comparison from diskpool_set_capacity()... It's unnecessary
technically. One used to fail on "ret == 1" and the other when "ret !=
0". Now both fail in the ret != 0 case. It's the "Type A personality"
in me that does that.
John
> xmlDoc *xmldoc;
> xmlXPathContext *xpathctx;
> xmlXPathObject *xpathobj;
> const xmlChar *xpathstr = (xmlChar *)"/pool";
> - const char *name;
>
> CU_DEBUG("Pool XML : %s", xml);
> +
> + /* FIXME: Add support for parsing network pools */
> + if (type == CIM_RES_TYPE_NET)
> + return 0;
> +
> len = strlen(xml) + 1;
>
> if ((xmldoc = xmlParseMemory(xml, len)) == NULL)
> @@ -257,22 +266,14 @@ int get_pool_from_xml(const char *xml, struct virt_pool *pool,
int type)
> if ((xpathobj = xmlXPathEvalExpression(xpathstr, xpathctx)) == NULL)
> goto err3;
>
> - /* FIXME: Add support for parsing network pools */
> - if (type == CIM_RES_TYPE_NET) {
> - ret = 0;
> - goto err1;
> - }
> -
> memset(pool, 0, sizeof(*pool));
>
> - pool->type = CIM_RES_TYPE_DISK;
> - name = parse_disk_pool(xpathobj->nodesetval,
> - &(pool)->pool_info.disk);
> - if (name == NULL)
> + pool->type = CIM_RES_TYPE_DISK;
> + pool->id = parse_disk_pool(xpathobj->nodesetval,
> + &(pool)->pool_info.disk);
> + if (pool->id != NULL)
> ret = 0;
>
> - pool->id = strdup(name);
> -
> xmlXPathFreeObject(xpathobj);
> err3:
> xmlXPathFreeContext(xpathctx);
> diff --git a/src/Virt_SettingsDefineCapabilities.c
b/src/Virt_SettingsDefineCapabilities.c
> index fe16e3f..756e46b 100644
> --- a/src/Virt_SettingsDefineCapabilities.c
> +++ b/src/Virt_SettingsDefineCapabilities.c
> @@ -1376,7 +1376,7 @@ static CMPIStatus _new_volume_template(const CMPIObjectPath
*ref,
> }
>
> ret = get_disk_pool(poolptr, &pool);
> - if (ret == 1) {
> + if (ret != 0) {
> virt_set_status(_BROKER, &s,
> CMPI_RC_ERR_FAILED,
> virStoragePoolGetConnect(poolptr),
>
src/Virt_DevicePool.c line 324 =! change seems to be missing.
12:04 a.m.
New subject: [PATCH 2/6] libxkutil:pool_parsing: Coverity cleanups
On 02/05/2014 03:08 PM, John Ferlan wrote:
On 02/04/2014 07:31 AM, Boris Fiuczynski wrote:
> On 01/22/2014 08:30 PM, John Ferlan wrote:
>> A new version of Coverity found a number of issues:
>>
>> get_pool_from_xml(): FORWARD_NULL
>> parse_disk_pool(): RESOURCE_LEAK
>> - If parse_disk_pool() returned name == NULL, then the strdup() of
>> name into pool->id would dereference the NULL pointer leading to
>> a segfault.
>>
>> Furthermore parse_disk_pool() had a few issues. First the
'type_str'
>> could be NULL, so that needs to be checked. Second, 'type_str'
was
>> never free()'d (the get_attr_value returns a strdup()'d value).
>>
>> Realizing all that resulted in a few extra changes to not strdup()
>> a value that we strdup()'d
>>
>> Eventually get_pool_from_xml() will return to get_disk_pool() which
>> returns to diskpool_set_capacity() or _new_volume_template() which
>> both error out when return value != 0 (although, I did change the
>> latter to be more explicit and match the former).
>>
>> Finally, even though the parsing of the element will only ever have
>> one "name" value - Coverity doesn't know that, so as a benign
fix be
>> sure to not overwrite 'name' if "name" isn't already
set.
>>
>> Signed-off-by: John Ferlan <jferlan(a)redhat.com>
>> ---
>> libxkutil/pool_parsing.c | 39
++++++++++++++++++-----------------
>> src/Virt_SettingsDefineCapabilities.c | 2 +-
>> 2 files changed, 21 insertions(+), 20 deletions(-)
>>
>> diff --git a/libxkutil/pool_parsing.c b/libxkutil/pool_parsing.c
>> index 922ff32..80bd4ca 100644
>> --- a/libxkutil/pool_parsing.c
>> +++ b/libxkutil/pool_parsing.c
>> @@ -194,15 +194,17 @@ char *get_disk_pool_type(uint16_t type)
>>
>> }
>>
>> -static const char *parse_disk_pool(xmlNodeSet *nsv, struct disk_pool *pool)
>> +static char *parse_disk_pool(xmlNodeSet *nsv, struct disk_pool *pool)
>> {
>> xmlNode **nodes = nsv->nodeTab;
>> xmlNode *child;
>> - const char *type_str = NULL;
>> - const char *name = NULL;
>> + char *type_str = NULL;
>> + char *name = NULL;
>> int type = 0;
>>
>> type_str = get_attr_value(nodes[0], "type");
>> + if (type_str == NULL)
>> + return NULL;
>>
>> if (STREQC(type_str, "dir"))
>> type = DISK_POOL_DIR;
>> @@ -220,12 +222,15 @@ static const char *parse_disk_pool(xmlNodeSet *nsv, struct
disk_pool *pool)
>> type = DISK_POOL_SCSI;
>> else
>> type = DISK_POOL_UNKNOWN;
>> + free(type_str);
>>
>> pool->pool_type = type;
>> -
>> +
>> for (child = nodes[0]->children; child != NULL; child =
child->next) {
>> - if (XSTREQ(child->name, "name")) {
>> + if (XSTREQ(child->name, "name") && name ==
NULL) {
>> name = get_node_content(child);
>> + if (name == NULL)
>> + return NULL;
>> } else if (XSTREQ(child->name, "target"))
>> parse_disk_target(child, pool);
>> else if (XSTREQ(child->name, "source"))
>> @@ -238,14 +243,18 @@ static const char *parse_disk_pool(xmlNodeSet *nsv, struct
disk_pool *pool)
>> int get_pool_from_xml(const char *xml, struct virt_pool *pool, int type)
>> {
>> int len;
>> - int ret = 0;
>> + int ret = 1;
> Isn't this a bug fix... beside a cleanup? Before the return value was
> always 0! It also changes the method get_disk_pool in Virt_DevicePool.c
> in its return value behavior in the same way.
True - a bug fix insomuch as either caller is concerned, but yet still
found by Coverity as a RESOURCE_LEAK initially and then me as I was
reading the code... I think the primary way to hit the bug would have
been through a *alloc()/strdup() failure though.
> The usage of get_disk_pool in the method diskpool_set_capacity checks
> for the return value and being !=0 it is considered an error
> (Virt_DevicePool.c line 324). Doesn't that need to get changed in this
> patch?
I don't think so. Prior to my change/cleanup if anything failed in
get_pool_from_xml(), then diskpool_set_capacity() could wrongly or even
partially set the properties for "Path", "Host",
"SourceDirectory", and
"OtherResourceType". Although perhaps only the type would be wrong,
since all others actually check for non NULL fields before strdup() and
CMSetProperty() calls. Thus perhaps "path" could be set, but host and
source directory not due to memory constraints, or some combination of
the 3. Probably not a good thing to be happening. Of course there are
those that contend that if you're that memory constrained, the code
isn't going much further anyway...
In any case, all my change does is acknowledge and return the failure
which the caller already handled properly.
FWIW: For context
Line 324 in diskpool_set_capacity():
if (get_disk_pool(pool, &pool_vals) != 0) {
CU_DEBUG("Error getting pool path for: %s", _pool->tag);
} else {
if (pool_vals->pool_info.disk.path != NULL) {
pool_str = strdup(pool_vals->pool_info.disk.path);
CMSetProperty(inst, "Path",
(CMPIValue *)pool_str, CMPI_chars);
}
...
Sorry, but you are right. I missed one line in get_pool_from_xml that
screwed up my logic. Works fine.
I also did run cimtest on my system and it remained the same.
> Even so you mention above in your description the two chained
> exploitation code pieces it seems that you fixed just one ... or did I
> miss something?
>
The reason for the change in _new_volume_template() was to match the
return comparison from diskpool_set_capacity()... It's unnecessary
technically. One used to fail on "ret == 1" and the other when "ret !=
0". Now both fail in the ret != 0 case. It's the "Type A
personality"
in me that does that.
John
>> xmlDoc *xmldoc;
>> xmlXPathContext *xpathctx;
>> xmlXPathObject *xpathobj;
>> const xmlChar *xpathstr = (xmlChar *)"/pool";
>> - const char *name;
>>
>> CU_DEBUG("Pool XML : %s", xml);
>> +
>> + /* FIXME: Add support for parsing network pools */
>> + if (type == CIM_RES_TYPE_NET)
>> + return 0;
>> +
>> len = strlen(xml) + 1;
>>
>> if ((xmldoc = xmlParseMemory(xml, len)) == NULL)
>> @@ -257,22 +266,14 @@ int get_pool_from_xml(const char *xml, struct virt_pool
*pool, int type)
>> if ((xpathobj = xmlXPathEvalExpression(xpathstr, xpathctx)) == NULL)
>> goto err3;
>>
>> - /* FIXME: Add support for parsing network pools */
>> - if (type == CIM_RES_TYPE_NET) {
>> - ret = 0;
>> - goto err1;
>> - }
>> -
>> memset(pool, 0, sizeof(*pool));
>>
>> - pool->type = CIM_RES_TYPE_DISK;
>> - name = parse_disk_pool(xpathobj->nodesetval,
>> - &(pool)->pool_info.disk);
>> - if (name == NULL)
>> + pool->type = CIM_RES_TYPE_DISK;
>> + pool->id = parse_disk_pool(xpathobj->nodesetval,
>> + &(pool)->pool_info.disk);
>> + if (pool->id != NULL)
>> ret = 0;
>>
>> - pool->id = strdup(name);
>> -
>> xmlXPathFreeObject(xpathobj);
>> err3:
>> xmlXPathFreeContext(xpathctx);
>> diff --git a/src/Virt_SettingsDefineCapabilities.c
b/src/Virt_SettingsDefineCapabilities.c
>> index fe16e3f..756e46b 100644
>> --- a/src/Virt_SettingsDefineCapabilities.c
>> +++ b/src/Virt_SettingsDefineCapabilities.c
>> @@ -1376,7 +1376,7 @@ static CMPIStatus _new_volume_template(const CMPIObjectPath
*ref,
>> }
>>
>> ret = get_disk_pool(poolptr, &pool);
>> - if (ret == 1) {
>> + if (ret != 0) {
>> virt_set_status(_BROKER, &s,
>> CMPI_RC_ERR_FAILED,
>> virStoragePoolGetConnect(poolptr),
>>
> src/Virt_DevicePool.c line 324 =! change seems to be missing.
>
>
_______________________________________________
Libvirt-cim mailing list
Libvirt-cim(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-cim
--
Mit freundlichen Grüßen/Kind regards
Boris Fiuczynski
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martina Köderitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
3:30 a.m.
New subject: [PATCH 3/6] libxkutil:device_parsing: Coverity cleanups
A new version of Coverity found a number of issues:
parse_os(): RESOURCE_LEAK
- A benign issue due to using a for() loop in order to process the
XML fields. Although it's not possible to have a second entry with
the same text, Coverity doesn't know that so flagged each of the
get_attr_value() calls with a possible overwrite of allocated memory.
In order to "fix' that - just check for each being NULL prior to
the setting - a benign fix that shuts Coverity up
- A real issue was found - the 'loader' variable wasn't free()'d
parse_console_device(): RESOURCE_LEAK
- A benign issue due to using a for() loop in order to process the
XML fields results in 'target_port_ID' and 'udp_source_mode' being
flagged for possible overwrites. For the 'udp_source_mode' changed
the code to declare, use, free only within the scope of the case.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
libxkutil/device_parsing.c | 41 +++++++++++++++++++++++------------------
1 file changed, 23 insertions(+), 18 deletions(-)
diff --git a/libxkutil/device_parsing.c b/libxkutil/device_parsing.c
index 56e39c7..4dd9e58 100644
--- a/libxkutil/device_parsing.c
+++ b/libxkutil/device_parsing.c
@@ -853,7 +853,6 @@ static int parse_console_device(xmlNode *node, struct virt_device
**vdevs)
struct console_device *cdev = NULL;
char *source_type_str = NULL;
char *target_port_ID = NULL;
- char *udp_source_mode = NULL;
xmlNode *child = NULL;
@@ -875,7 +874,7 @@ static int parse_console_device(xmlNode *node, struct virt_device
**vdevs)
CU_DEBUG("console device type ID = %d", cdev->source_type);
for (child = node->children; child != NULL; child = child->next) {
- if (XSTREQ(child->name, "target")) {
+ if (XSTREQ(child->name, "target") && target_port_ID
== NULL) {
cdev->target_type = get_attr_value(child, "type");
CU_DEBUG("Console device target type = '%s'",
cdev->target_type ? : "NULL");
@@ -910,7 +909,9 @@ static int parse_console_device(xmlNode *node, struct virt_device
**vdevs)
get_attr_value(child, "path");
break;
case CIM_CHARDEV_SOURCE_TYPE_UDP:
- udp_source_mode = get_attr_value(child,
"mode");
+ {
+ char *udp_source_mode = get_attr_value(child,
+
"mode");
if (udp_source_mode == NULL)
goto err;
if (STREQC(udp_source_mode, "bind")) {
@@ -925,10 +926,13 @@ static int parse_console_device(xmlNode *node, struct virt_device
**vdevs)
get_attr_value(child,
"service");
} else {
CU_DEBUG("unknown udp mode: %s",
- udp_source_mode ? : "NULL");
+ udp_source_mode);
+ free(udp_source_mode);
goto err;
}
+ free(udp_source_mode);
break;
+ }
case CIM_CHARDEV_SOURCE_TYPE_TCP:
cdev->source_dev.tcp.mode =
get_attr_value(child, "mode");
@@ -965,14 +969,12 @@ static int parse_console_device(xmlNode *node, struct virt_device
**vdevs)
*vdevs = vdev;
free(source_type_str);
free(target_port_ID);
- free(udp_source_mode);
return 1;
err:
free(source_type_str);
free(target_port_ID);
- free(udp_source_mode);
cleanup_console_device(cdev);
free(vdev);
@@ -1500,33 +1502,35 @@ static int parse_os(struct domain *dominfo, xmlNode *os)
for (child = os->children; child != NULL; child = child->next) {
if (XSTREQ(child->name, "type")) {
STRPROP(dominfo, os_info.pv.type, child);
- arch = get_attr_value(child, "arch");
- machine = get_attr_value(child, "machine");
- } else if (XSTREQ(child->name, "kernel"))
+ if (arch == NULL)
+ arch = get_attr_value(child, "arch");
+ if (machine == NULL)
+ machine = get_attr_value(child, "machine");
+ } else if (XSTREQ(child->name, "kernel") && kernel
== NULL)
kernel = get_node_content(child);
- else if (XSTREQ(child->name, "initrd"))
+ else if (XSTREQ(child->name, "initrd") && initrd ==
NULL)
initrd = get_node_content(child);
- else if (XSTREQ(child->name, "cmdline"))
+ else if (XSTREQ(child->name, "cmdline") && cmdline
== NULL)
cmdline = get_node_content(child);
- else if (XSTREQ(child->name, "loader"))
+ else if (XSTREQ(child->name, "loader") && loader ==
NULL)
loader = get_node_content(child);
- else if (XSTREQ(child->name, "boot")) {
+ else if (XSTREQ(child->name, "boot") && boot ==
NULL) {
char **tmp_list = NULL;
- tmp_list = (char **)realloc(blist,
- (bl_size + 1) *
+ tmp_list = (char **)realloc(blist,
+ (bl_size + 1) *
sizeof(char *));
if (tmp_list == NULL) {
// Nothing you can do. Just go on.
CU_DEBUG("Could not alloc space for "
"boot device");
- continue;
+ continue;
}
blist = tmp_list;
-
+
blist[bl_size] = get_attr_value(child, "dev");
bl_size++;
- } else if (XSTREQ(child->name, "init"))
+ } else if (XSTREQ(child->name, "init") && init ==
NULL)
init = get_node_content(child);
}
@@ -1580,6 +1584,7 @@ static int parse_os(struct domain *dominfo, xmlNode *os)
free(kernel);
free(initrd);
free(cmdline);
+ free(loader);
free(boot);
free(init);
cleanup_bootlist(blist, bl_size);
--
1.8.4.2
3:30 a.m.
New subject: [PATCH 4/6] libxkutil/xml_parse_test: Coverity cleanup
A new version of Coverity found:
print_domxml(): RESOURCE_LEAK
- The 'xml' variable needs to be free()'d
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
libxkutil/xml_parse_test.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libxkutil/xml_parse_test.c b/libxkutil/xml_parse_test.c
index 374bcf6..303880d 100644
--- a/libxkutil/xml_parse_test.c
+++ b/libxkutil/xml_parse_test.c
@@ -192,6 +192,7 @@ static void print_domxml(struct domain *dominfo,
printf("Failed to create system XML\n");
else
printf("%s\n", xml);
+ free(xml);
}
static char *read_from_file(FILE *file)
--
1.8.4.2
3:30 a.m.
New subject: [PATCH 5/6] RAFP: Coverity cleanup
A new version of Coverity found:
filter_by_pool(): RESOURCE_LEAK
- Because the code is run within a for() loop Coverity complains
that the returned 'poolid' is not free'd during each pass through
the loop. So even though it may not be fetched again, just free()
and reinitialize 'poolid' after usage
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/Virt_ResourceAllocationFromPool.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/Virt_ResourceAllocationFromPool.c
b/src/Virt_ResourceAllocationFromPool.c
index 7088900..7bee729 100644
--- a/src/Virt_ResourceAllocationFromPool.c
+++ b/src/Virt_ResourceAllocationFromPool.c
@@ -120,9 +120,12 @@ static int filter_by_pool(struct inst_list *dest,
poolid = pool_member_of(_BROKER, CLASSNAME(op), type, rasd_id);
if ((poolid != NULL) && STREQ(poolid, _poolid))
inst_list_add(dest, inst);
- }
- free(poolid);
+ if (poolid != NULL) {
+ free(poolid);
+ poolid = NULL;
+ }
+ }
return dest->cur;
}
--
1.8.4.2
3:30 a.m.
New subject: [PATCH 6/6] EAFP: Coverity cleanup
A new version of Coverity found:
get_dev_from_pool(): RESOURCE_LEAK
- Because the code is run within a for() loop Coverity complains
that the returned 'poolid' is not free'd during each pass through
the loop. So even though it may not be fetched again, just free()
and reinitialize 'poolid' after usage
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/Virt_ElementAllocatedFromPool.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/Virt_ElementAllocatedFromPool.c b/src/Virt_ElementAllocatedFromPool.c
index 03d856a..2c2f2d1 100644
--- a/src/Virt_ElementAllocatedFromPool.c
+++ b/src/Virt_ElementAllocatedFromPool.c
@@ -124,10 +124,14 @@ static CMPIStatus get_dev_from_pool(const CMPIObjectPath *ref,
poolid = pool_member_of(_BROKER, cn, type, dev_id);
if (poolid && STREQ(poolid, _poolid))
inst_list_add(list, inst);
+
+ if (poolid) {
+ free(poolid);
+ poolid = NULL;
+ }
}
out:
- free(poolid);
inst_list_free(&tmp);
return s;
--
1.8.4.2
5:21 a.m.
New subject: [PATCH 7/6] Adjust sscanf format string
Currently the sscanf() calls use "%as" or "%a[" in order to allocate
and
return strings for read fields. It was pointed out to me that this is an
older and non-portable method. Instead the "%ms" or "%m[" should be
used.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
libxkutil/acl_parsing.c | 2 +-
libxkutil/device_parsing.c | 2 +-
libxkutil/misc_util.c | 2 +-
src/Virt_ComputerSystemIndication.c | 2 +-
src/Virt_Device.c | 6 +++---
src/Virt_DevicePool.c | 8 ++++----
src/Virt_SettingsDefineState.c | 2 +-
src/Virt_VirtualSystemManagementService.c | 12 ++++++------
8 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/libxkutil/acl_parsing.c b/libxkutil/acl_parsing.c
index 3de6a65..c368b99 100644
--- a/libxkutil/acl_parsing.c
+++ b/libxkutil/acl_parsing.c
@@ -666,7 +666,7 @@ int parse_rule_id(const char *rule_id, char **filter, int *index)
if ((filter == NULL) || (index == NULL))
return 0;
- ret = sscanf(rule_id, "%as[^:]:%u", filter, index);
+ ret = sscanf(rule_id, "%ms[^:]:%u", filter, index);
if (ret != 2) {
free(*filter);
*filter = NULL;
diff --git a/libxkutil/device_parsing.c b/libxkutil/device_parsing.c
index 4dd9e58..c9ae886 100644
--- a/libxkutil/device_parsing.c
+++ b/libxkutil/device_parsing.c
@@ -1463,7 +1463,7 @@ int parse_fq_devid(const char *devid, char **host, char **device)
{
int ret;
- ret = sscanf(devid, "%a[^/]/%a[^\n]", host, device);
+ ret = sscanf(devid, "%m[^/]/%m[^\n]", host, device);
if (ret != 2) {
free(*host);
free(*device);
diff --git a/libxkutil/misc_util.c b/libxkutil/misc_util.c
index 2164dd0..6a54815 100644
--- a/libxkutil/misc_util.c
+++ b/libxkutil/misc_util.c
@@ -671,7 +671,7 @@ int parse_id(const char *id,
char *tmp_pfx = NULL;
char *tmp_name = NULL;
- ret = sscanf(id, "%a[^:]:%a[^\n]", &tmp_pfx, &tmp_name);
+ ret = sscanf(id, "%m[^:]:%m[^\n]", &tmp_pfx, &tmp_name);
if (ret != 2) {
ret = 0;
goto out;
diff --git a/src/Virt_ComputerSystemIndication.c b/src/Virt_ComputerSystemIndication.c
index 20c60bc..32bee97 100644
--- a/src/Virt_ComputerSystemIndication.c
+++ b/src/Virt_ComputerSystemIndication.c
@@ -382,7 +382,7 @@ static char *sys_name_from_xml(char *xml)
goto out;
}
- rc = sscanf(tmp, "<name>%a[^<]s</name>", &name);
+ rc = sscanf(tmp, "<name>%m[^<]s</name>", &name);
if (rc != 1) {
name = NULL;
}
diff --git a/src/Virt_Device.c b/src/Virt_Device.c
index b93e592..12ae6bd 100644
--- a/src/Virt_Device.c
+++ b/src/Virt_Device.c
@@ -675,7 +675,7 @@ static CMPIStatus return_enum_devices(const CMPIObjectPath
*reference,
s = enum_devices(_BROKER,
reference,
- NULL,
+ NULL,
res_type_from_device_classname(CLASSNAME(reference)),
&list);
if (s.rc != CMPI_RC_OK)
@@ -696,7 +696,7 @@ static int parse_devid(const char *devid, char **dom, char **dev)
{
int ret;
- ret = sscanf(devid, "%a[^/]/%as", dom, dev);
+ ret = sscanf(devid, "%m[^/]/%ms", dom, dev);
if (ret != 2) {
free(*dom);
free(*dev);
@@ -711,7 +711,7 @@ static int proc_dev_list(uint64_t quantity,
{
int i;
- *list = (struct virt_device *)calloc(quantity,
+ *list = (struct virt_device *)calloc(quantity,
sizeof(struct virt_device));
for (i = 0; i < quantity; i++) {
diff --git a/src/Virt_DevicePool.c b/src/Virt_DevicePool.c
index d6e51ba..aae7ed4 100644
--- a/src/Virt_DevicePool.c
+++ b/src/Virt_DevicePool.c
@@ -383,11 +383,11 @@ static bool _diskpool_is_member(virConnectPtr conn,
pool_vol = virStoragePoolLookupByVolume(vol);
if (vol != NULL) {
- pool_name = virStoragePoolGetName(pool_vol);
+ pool_name = virStoragePoolGetName(pool_vol);
if ((pool_name != NULL) && (STREQC(pool_name, pool->tag)))
result = true;
}
-
+
out:
CU_DEBUG("Image %s in pool %s: %s",
file,
@@ -405,7 +405,7 @@ static bool parse_diskpool_line(struct tmp_disk_pool *pool,
{
int ret;
- ret = sscanf(line, "%as %as", &pool->tag, &pool->path);
+ ret = sscanf(line, "%ms %ms", &pool->tag, &pool->path);
if (ret != 2) {
free(pool->tag);
free(pool->path);
@@ -1610,7 +1610,7 @@ CMPIStatus get_pool_by_name(const CMPIBroker *broker,
goto out;
}
- ret = sscanf(id, "%*[^/]/%a[^\n]", &poolid);
+ ret = sscanf(id, "%*[^/]/%m[^\n]", &poolid);
if (ret != 1) {
cu_statusf(broker, &s,
CMPI_RC_ERR_NOT_FOUND,
diff --git a/src/Virt_SettingsDefineState.c b/src/Virt_SettingsDefineState.c
index be2ded5..c8cda97 100644
--- a/src/Virt_SettingsDefineState.c
+++ b/src/Virt_SettingsDefineState.c
@@ -298,7 +298,7 @@ static CMPIStatus vssd_to_vs(const CMPIObjectPath *ref,
goto out;
}
- ret = sscanf(id, "%a[^:]:%as", &pfx, &name);
+ ret = sscanf(id, "%m[^:]:%ms", &pfx, &name);
if (ret != 2) {
cu_statusf(_BROKER, &s,
CMPI_RC_ERR_FAILED,
diff --git a/src/Virt_VirtualSystemManagementService.c
b/src/Virt_VirtualSystemManagementService.c
index b624d8c..d31e477 100644
--- a/src/Virt_VirtualSystemManagementService.c
+++ b/src/Virt_VirtualSystemManagementService.c
@@ -1330,7 +1330,7 @@ static int parse_console_address(const char *id,
CU_DEBUG("Entering parse_console_address, address is %s", id);
- ret = sscanf(id, "%a[^:]:%as", &tmp_path, &tmp_port);
+ ret = sscanf(id, "%m[^:]:%ms", &tmp_path, &tmp_port);
if (ret != 2) {
ret = 0;
@@ -1366,10 +1366,10 @@ static int parse_sdl_address(const char *id,
CU_DEBUG("Entering parse_sdl_address, address is %s", id);
- ret = sscanf(id, "%a[^:]:%as", &tmp_xauth, &tmp_display);
+ ret = sscanf(id, "%m[^:]:%ms", &tmp_xauth, &tmp_display);
if (ret <= 0) {
- ret = sscanf(id, ":%as", &tmp_display);
+ ret = sscanf(id, ":%ms", &tmp_display);
if (ret <= 0) {
if (STREQC(id, ":")) {
/* do nothing, it is empty */
@@ -1417,7 +1417,7 @@ static int parse_ip_address(const char *id,
CU_DEBUG("Entering parse_ip_address, address is %s", id);
if (strstr(id, "[") != NULL) {
/* its an ipv6 address */
- ret = sscanf(id, "%a[^]]]:%as", &tmp_ip, &tmp_port);
+ ret = sscanf(id, "%m[^]]]:%ms", &tmp_ip, &tmp_port);
if (ret >= 1) {
tmp_ip = realloc(tmp_ip, strlen(tmp_ip) + 2);
if (tmp_ip == NULL) {
@@ -1427,7 +1427,7 @@ static int parse_ip_address(const char *id,
strcat(tmp_ip, "]");
}
} else {
- ret = sscanf(id, "%a[^:]:%as", &tmp_ip, &tmp_port);
+ ret = sscanf(id, "%m[^:]:%ms", &tmp_ip, &tmp_port);
}
/* ret == 2: address and port, ret == 1: address only */
@@ -1464,7 +1464,7 @@ static bool parse_console_url(const char *url,
CU_DEBUG("Entering parse_console_url:'%s'", url);
- if (sscanf(url,"%a[^:]://%as", &tmp_protocol, &tmp_address) !=
2)
+ if (sscanf(url,"%m[^:]://%ms", &tmp_protocol, &tmp_address) !=
2)
goto out;
if (parse_ip_address(tmp_address, host, port) < 1)
--
1.8.4.2
4 p.m.
New subject: errors when compilling libvirt-cim
Hello,
I have compile errors when installing libvirt-cim from sources on UBUNTU
13.10 (amd-64 plateform)
I am using openpegasus as cimom, and i installed libcmpiutil successfully
Bellow are the erros i get after make command (i followed instructions on
the website http://wiki.libvirt.org/page/Libvirt-cim_setup)
.....
make[2]: Entering directory
`/usr/local/src/libvirt-cim/libvirt-cim-0.6.3/src'
CC Virt_VirtualSystemManagementService.lo
Virt_VirtualSystemManagementService.c: In function '_update_resources_for':
Virt_VirtualSystemManagementService.c:2936:17: warning: implicit
declaration of function 'cu_merge_instances'
[-Wimplicit-function-declaration]
s = cu_merge_instances(rasd, orig_inst);
^
Virt_VirtualSystemManagementService.c:2936:19: error: incompatible types
when assigning to type 'CMPIStatus' from type 'int'
s = cu_merge_instances(rasd, orig_inst);
^
make[2]: *** [Virt_VirtualSystemManagementService.lo] Error 1
make[2]: Leaving directory `/usr/local/src/libvirt-cim/libvirt-cim-0.6.3/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/local/src/libvirt-cim/libvirt-cim-0.6.3'
make: *** [all] Error 2
...
PS:
the following commands do not working:
$ hg clone http://libvirt.org/hg/libcmpiutil/
$ hg clone http://libvirt.org/hg/libvirt-cim/
the server says :
abort: HTTP Error 404: Not Found
Best Regards
Amine Bouabid
2:20 a.m.
On 01/22/2014 02:30 PM, John Ferlan wrote:
A recent Coverity version update discovered some existing issues (and
some
benign cases). This patch set cleans them all up.
John Ferlan (6):
VSMS: Coverity cleanups
libxkutil:pool_parsing: Coverity cleanups
libxkutil:device_parsing: Coverity cleanups
libxkutil/xml_parse_test: Coverity cleanup
RAFP: Coverity cleanup
EAFP: Coverity cleanup
libxkutil/device_parsing.c | 41 +++++++++++++++++--------------
libxkutil/pool_parsing.c | 39 +++++++++++++++--------------
libxkutil/xml_parse_test.c | 1 +
src/Virt_ElementAllocatedFromPool.c | 6 ++++-
src/Virt_ResourceAllocationFromPool.c | 7 ++++--
src/Virt_SettingsDefineCapabilities.c | 2 +-
src/Virt_VirtualSystemManagementService.c | 11 ++++++---
7 files changed, 63 insertions(+), 44 deletions(-)
Patch 1 & 2 are now pushed.
Tks,
John
3:40 a.m.
On 01/22/2014 02:30 PM, John Ferlan wrote:
A recent Coverity version update discovered some existing issues (and
some
benign cases). This patch set cleans them all up.
John Ferlan (6):
VSMS: Coverity cleanups
libxkutil:pool_parsing: Coverity cleanups
libxkutil:device_parsing: Coverity cleanups
libxkutil/xml_parse_test: Coverity cleanup
RAFP: Coverity cleanup
EAFP: Coverity cleanup
libxkutil/device_parsing.c | 41 +++++++++++++++++--------------
libxkutil/pool_parsing.c | 39 +++++++++++++++--------------
libxkutil/xml_parse_test.c | 1 +
src/Virt_ElementAllocatedFromPool.c | 6 ++++-
src/Virt_ResourceAllocationFromPool.c | 7 ++++--
src/Virt_SettingsDefineCapabilities.c | 2 +-
src/Virt_VirtualSystemManagementService.c | 11 ++++++---
7 files changed, 63 insertions(+), 44 deletions(-)
Ping? Any thoughts/comments on patches 3 -> 7?
Tks,
John
9:56 p.m.
On 02/17/2014 08:40 PM, John Ferlan wrote:
On 01/22/2014 02:30 PM, John Ferlan wrote:
> A recent Coverity version update discovered some existing issues (and some
> benign cases). This patch set cleans them all up.
>
> John Ferlan (6):
> VSMS: Coverity cleanups
> libxkutil:pool_parsing: Coverity cleanups
> libxkutil:device_parsing: Coverity cleanups
> libxkutil/xml_parse_test: Coverity cleanup
> RAFP: Coverity cleanup
> EAFP: Coverity cleanup
>
> libxkutil/device_parsing.c | 41 +++++++++++++++++--------------
> libxkutil/pool_parsing.c | 39 +++++++++++++++--------------
> libxkutil/xml_parse_test.c | 1 +
> src/Virt_ElementAllocatedFromPool.c | 6 ++++-
> src/Virt_ResourceAllocationFromPool.c | 7 ++++--
> src/Virt_SettingsDefineCapabilities.c | 2 +-
> src/Virt_VirtualSystemManagementService.c | 11 ++++++---
> 7 files changed, 63 insertions(+), 44 deletions(-)
>
Ping? Any thoughts/comments on patches 3 -> 7?
Look OK to me. Sorry, for the
late answer. Distraction made me forget to
send you a response on these.
--
Mit freundlichen Grüßen/Kind regards
Boris Fiuczynski
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martina Köderitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
2:16 a.m.
On 02/18/2014 08:56 AM, Boris Fiuczynski wrote:
On 02/17/2014 08:40 PM, John Ferlan wrote:
>
>
> On 01/22/2014 02:30 PM, John Ferlan wrote:
>> A recent Coverity version update discovered some existing issues (and some
>> benign cases). This patch set cleans them all up.
>>
>> John Ferlan (6):
>> VSMS: Coverity cleanups
>> libxkutil:pool_parsing: Coverity cleanups
>> libxkutil:device_parsing: Coverity cleanups
>> libxkutil/xml_parse_test: Coverity cleanup
>> RAFP: Coverity cleanup
>> EAFP: Coverity cleanup
>>
>> libxkutil/device_parsing.c | 41 +++++++++++++++++--------------
>> libxkutil/pool_parsing.c | 39 +++++++++++++++--------------
>> libxkutil/xml_parse_test.c | 1 +
>> src/Virt_ElementAllocatedFromPool.c | 6 ++++-
>> src/Virt_ResourceAllocationFromPool.c | 7 ++++--
>> src/Virt_SettingsDefineCapabilities.c | 2 +-
>> src/Virt_VirtualSystemManagementService.c | 11 ++++++---
>> 7 files changed, 63 insertions(+), 44 deletions(-)
>>
>
> Ping? Any thoughts/comments on patches 3 -> 7?
Look OK to me. Sorry, for the late answer. Distraction made me forget to
send you a response on these.
Great - thanks.
These are now pushed.
John
3854
days inactive
3881
days old
18 comments
3 participants
participants (3)
-
Boris Fiuczynski -
bouabid@dtri.cerist.dz -
John Ferlan