[Gluster-devel] GlusterFS in Ubuntu issues (bug 1086460)
Joe Julian
joe at julianfamily.org
Fri Apr 25 16:14:48 UTC 2014
GlusterFS was rejected during the security analysis with these comments:
>
> here's just a list of what I found while reading the code:
>
> - cppcheck reports ~20 real coding mistakes, perhaps a few false positives
> - get_uuid_via_daemon() doesn't check fork() for error return
> - rdd_valid_config() buffer overflow rdd_config.out_file.path
> - gf_cli_print_limit_list() doesn't check sprintf(abspath) return value
> - rb_malloc() and rb_free() ignore their allocator argument
> Not a security problem, but might be very surprising
> - int_to_data() data_from_[u]int{64,32,16,8}() data_from_double()
> all re-calculate the length rather than use the return value from
> gf_asprintf(). (Not a security problem, just redundant.)
>
Should we add cppcheck to Jenkins?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://supercolony.gluster.org/pipermail/gluster-devel/attachments/20140425/93ac6845/attachment-0003.html>
More information about the Gluster-devel
mailing list