| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
When going through the exceptions table in libaccess, we don't
check if we are at the last pair of elements in the array before
incrementing to the next pair. This patch adds checks to see if
we are at the last pair of elements and avoids the increment if
necessary.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The acl_Parse() has been modified to release newacls and newaclv
when an error occurs.
|
| |
|
|
|
|
|
| |
It looks like aclpvt is only initialized before use if __cplusplus
or lint are defined. I see no harm in always initializing aclpvt
to NULL, which will guarantee that we don't use an uninitialized
pointer.
|
| |
|
|
|
|
|
|
| |
The libaccess library has some dead functions it it. One of these
functions was flagged as having a NULL pointer dereference issue
by Coverity. The problem function is unused, so it should be removed.
There are also a number of other unused functions in the same source
file that should be removed.
|
| |
|
|
|
|
| |
There are a few more unused ACL functions to remove. One of these
unused functions is causing coverity to report an error about
memory corruption.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Coverity flagged a memory corruption issue in an old unused
ACL function. It is best to just remove these unused functions.
The functions removed are:
ACL_ParseFile
ACL_WriteFile
ACL_WriteString
ACL_Decompose
acl_to_str_*
acl_decompose_*
|
| |
|
|
|
|
|
|
|
| |
This commit fixes many compiler warnings, mostly for things like unused
variables, functions, goto labels.
One place was using csngen_free instead of csn_free. A couple of places
were using casts incorrectly, and several places needed some casts added.
Tested on: RHEL5 x86_64, Fedora 14 x86_64
Reviewed by: nkinder (Thanks!)
|
| |
|
|
|
|
|
|
|
|
| |
11940 - 12166
https://bugzilla.redhat.com/show_bug.cgi?id=611790
Resolves: bug 611790
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Fix description: Use the right pointer in LASIpAddPattern().
coverity ID: 11945
|
| |
|
|
|
|
|
|
|
| |
12167 - 12199
https://bugzilla.redhat.com/show_bug.cgi?id=610119
Resolves: bug 610119
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Fix description: Catch possible NULL pointer in acl_usr_cache_insert().
|
| |
|
|
|
|
|
|
|
| |
12167 - 12199
https://bugzilla.redhat.com/show_bug.cgi?id=610119
Resolves: bug 610119
Bug description: Fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Fix description: Catch possible NULL pointer in LASDnsBuild().
|
| |
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=616500
coverity ID 12131
Comment: ACL_AuthInfoSetDbname(lib/libaccess/register.cpp) --
free dbtype in the error cases.
|
| |
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=619122
Resolves: bug 619122
Bug description: fix coverify Defect Type: Resource leaks issues CID 11976.
description: The ACLEvalBuildContext() has been modified to release curauthplist when an error occurs.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=622903
Comment:
The result of PR_HashTableAdd() should be checked for NULL value.
Applied the change to all the PR_HashTableAdd calls in this file
lib/libaccess/register.cpp.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12241 Triaged Unassigned Bug Minor Fix Required
delete_acl_from_file(char *, char *…) ds/lib/libaccess/acltools.cpp
12242 UNINIT Triaged Unassigned Bug Minor Fix Required
get_acl_from_file(char *, char *, ACLListHandle **…) ds/lib/libaccess/acltools.cpp
12243 UNINIT Triaged Unassigned Bug Minor Fix Required
ACL_FileGetNameList() ds/lib/libaccess/acltools.cpp
12244 UNINIT Triaged Unassigned Bug Minor Fix Required
ACL_FileGetNameList() ds/lib/libaccess/acltools.cpp
12245 UNINIT Triaged Unassigned Bug Minor Fix Required
rename_acl_in_file(char *, char *, char *…) ds/lib/libaccess/acltools.cpp
12246 UNINIT Triaged Unassigned Bug Minor Fix Required
append_acl_to_file(char *, char *, char *…) ds/lib/libaccess/acltools.cpp
12247 UNINIT Triaged Unassigned Bug Minor Fix Required
append_acl_to_file(char *, char *, char *…) ds/lib/libaccess/acltools.cpp
Comment:
ACL_FileRenameAcl, ACL_FileDeleteAcl, ACL_FileGetAcl, ACL_FileSetAcl,
ACL_FileMergeAcl, ACL_FileMergeFile and their helper functions are
not used. These functions and their helper functions plus libaccess
test programs under the directory ./utest are eliminated.
|
| |
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12300 USE_AFTER_FREE Triaged Unassigned Bug Minor Fix Required
append_acl_to_file(char *, char *, char *…) ds/lib/libaccess/acltools.cpp
Comment:
this code is not used any more. The fix is to have open_file_buf set
*buf to NULL after freeing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=611850
Resolves: bug 611850
Bug Description: fix coverity Defect Type: Error handling issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Check the error return from the functions. In some cases,
I was able to figure out that the calling function should perform additional
error handling (return early, goto error label), but in general the code
just logs an appropriate error message and continues. I was able to get
rid of some more libacl code. I removed an unused variable from modify.c
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=610276
Resolves: bug 610276
Bug Description: fix coverity Defect Type: API usage errors issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Must call va_end after calling va_start.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: To avoid a potential double free, set ipaddrs to NULL
after freeing it.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixing the contention over LAS_cookie.
Considering the case 2 threads try to evaluate the IP/DNS aci almost at the
same time, one comes in first and creates context in the critical section
(between ACL_CritEnter and ACL_CritExit); another thread sees *LAS_cookie
is non NULL and assumes the context is already made. But it could be half
baked then since the second thread does not respect the critical section.
This patch is putting the line assigning *LAS_cookie to context into the
critical section, which prevents for the second thread to pick up the half
baked *LAS_cookie.
Fix proposed in the comment#19 by Rich Megginson is included, as well:
Because what if *LAS_cookie is set to a valid value after the first if() test
and before the call to ACL_CritEnter(); ? There is similar code in LASIpEval()
too.
|
| |
|
|
|
|
|
|
|
|
| |
These changes allow the server to be built with OpenLDAP (2.4.17+). A brief summary of the changes:
* #defines not provided by OpenLDAP were copied into slapi-plugin.h and protected with #ifndef blocks
* where it made sense, I created slapi wrapper functions for things like URL and LDIF processing to abstract way the differences in the APIs
* I created a new file utf8.c which contains the UTF8 functions from MozLDAP - this is only compiled when using OpenLDAP
* I tried to clean up the code - use the _ext versions of LDAP functions everywhere since the older versions should be considered deprecated
* I removed some unused code
NOTE that this should still be considered a work in progress since it depends on functionality not yet present in a released version of OpenLDAP, for NSS crypto and for the LDIF public API.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reviewed by: nhosoi (Thanks!)
Fix Description: The intptr_t and uintptr_t are types which are defined as integer types that are the same size as the pointer (void *) type. On the platforms we currently support, this is the same as long and unsigned long, respectively (ILP32 and LP64). However, intptr_t and uintptr_t are more portable. These can be used to assign a value passed as a void * to get an integer value, then "cast down" to an int or PRBool, and vice versa. This seems to be a common idiom in other applications where values must be passed as void *.
For the printf/scanf formats, there is a standard header called inttypes.h which defines formats to use for various 64 bit quantities, so that you don't need to figure out if you have to use %lld or %ld for a 64-bit value - you just use PRId64 which is set to the correct value. I also assumed that size_t is defined as the same size as a pointer so I used the PRIuPTR format macro for size_t.
I removed many unused variables and some unused functions.
I put parentheses around assignments in conditional expressions to tell the compiler not to complain about them.
I cleaned up some #defines that were defined more than once.
I commented out some unused goto labels.
Some of our header files shared among several source files define static variables. I made it so that those variables are not defined unless a macro is set in the source file. This avoids a lot of unused variable warnings.
I added some return values to functions that were declared as returning a value but did not return a value. In all of these cases no one was checking the return value anyway.
I put explicit parentheses around cases like this: expr || expr && expr - the && has greater precedence than the ||. The compiler complains because it wants you to make sure you mean expr || (expr && expr), not (expr || expr) && expr.
I cleaned up several places where the compiler was complaining about possible use of uninitialized variables. There are still a lot of these cases remaining.
There are a lot of warnings like this:
lib/ldaputil/certmap.c:1279: warning: dereferencing type-punned pointer will break strict-aliasing rules
These are due to our use of void ** to pass in addresses of addresses of structures. Many of these are calls to slapi_ch_free, but many are not - they are cases where we do not know what the type is going to be and may have to cast and modify the structure or pointer. I started replacing the calls to slapi_ch_free with slapi_ch_free_string, but there are many many more that need to be fixed.
The dblayer code also contains a fix for https://bugzilla.redhat.com/show_bug.cgi?id=463991 - instead of checking for dbenv->foo_handle to see if a db "feature" is enabled, instead check the flags passed to open the dbenv. This works for bdb 4.2 through bdb 4.7 and probably other releases as well.
Platforms tested: RHEL5 x86_64, Fedora 8 i386
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
| |
Summary: Remove obsolete makefiles
Description: removing leftover makefiles in the lib directory
./lib/base/Makefile ./lib/libaccess/Makefile
./lib/libadmin/Makefile ./lib/libsi18n/Makefile
|
| |
|
|
| |
Summary: HP-UX: warnings reported by the HP-UX compiler
|
| |
|
|
|
|
|
|
|
|
| |
Summary: configure needs to support --with-fhs (Comment #6)
Changes: Added the following include next to the end of the copyright block.
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
|
| |
|
|
|
| |
Summary: Cleaning up obsolete macros in the build
Changes: eliminated macro NSPR20 (Comment #8)
|
| |
|
|
| |
Summary: Fixed usage of PL_strncpyz that was causing DNS-based ACIs to behave incorrectly.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Enable core DS build
Reviewed by: nkinder, nhosoi (Thanks!)
Fix Description: I turned off all of the other components in the build,
such as adminserver, setuputil, clients, etc. and enabled the packaging
step when building just the core DS. Now, when you build just the core
DS, you get a slapd.tar.gz which you unpack in the server root you
create e.g. mkdir /opt/rhds ; cd /opt/rhds ; tar xfz slapd.tar.gz
In order to create an instance, you have to use the ds_newinst.pl script
as described here -
http://directory.fedora.redhat.com/wiki/Install_Guide#Installing_just_the_core_directory_server
I also got rid of several references to adminutil that are not needed
anymore.
Platforms tested: RHEL4 64
Flag Day: Yes. In order to build the full setuputil/adminserver
package, you must specify USE_SETUPUTIL=1 USE_ADMINSERVER=1 etc. on the
make/gmake command line.
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: I need to change the acceptance tests to
be able to test just the core DS package.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: ldapserver: Close potential security vulnerabilities in CGI code
Reviewed by: Nathan, Noriko, and Pete (Thanks!)
Fix Description: Clean up usage of sprintf, strcpy, fgets instead of
gets, fixed buffer usage, etc., mostly in the CGI code and other user
facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick
to force it to check printf style varargs functions, to check the format
string against the argument string, for type mismatches, missing
arguments, and too many arguments.
In the CGI form argument parsing code, we needed to be more careful
about checking for bad input - good input is supposed to look like this:
name=value&name=value&.....
&name=value. I don't think the original code
was checking properly for something like name&name=value.
There was another place where we were not checking to see if a buffer
had enough room before appending a string to it.
I had to change a couple of functions to allow passing in the size of
the buffer.
Fixed some issues raised by Noriko and Nathan.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| | |
|
| | |
|
| |
|
|
| |
Fix ACL unit test compile errors and warnings. All tests pass 100% now.
|
| |
|
|
| |
Remove files that aren't needed.
|
| |
|
|
|
| |
More ACL system code cleanup. Fix several compiler warnings, simplify
some includes.
|
| |
|
|
| |
warnings on Linux; remove pam_passthru from DS 7.1
|
| | |
|
| |
|
|
| |
Strip down ACL code and support libraries to the bare minimum.
|
| | |
|
| |
|
|
| |
MCOM_ROOT and NSROOT; BUILD_ROOT is now the ldapserver directory rather than its parent
|
|
|
(foxworth)
|
