<div dir="ltr"><a class="gmail_plusreply" id="plusReplyChip-0" href="mailto:nladha@redhat.com" tabindex="-1">+Nikhil Ladha</a> Can you resolve the same?<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Apr 28, 2021 at 12:10 PM Yaniv Kaul <<a href="mailto:ykaul@redhat.com">ykaul@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">2 new coverity issues after yesterday's merge.<div dir="auto">Y. </div><div dir="auto"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">---------- Forwarded message ---------<br>From: <span dir="auto"><<a href="mailto:scan-admin@coverity.com" target="_blank">scan-admin@coverity.com</a>></span><br>Date: Wed, 28 Apr 2021, 8:57<br>Subject: New Defects reported by Coverity Scan for gluster/glusterfs<br>To:  <<a href="mailto:ykaul@redhat.com" target="_blank">ykaul@redhat.com</a>><br></div><br><br>Hi,<br>
<br>
Please find the latest report on new defect(s) introduced to gluster/glusterfs found with Coverity Scan.<br>
<br>
2 new defect(s) introduced to gluster/glusterfs found with Coverity Scan.<br>
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.<br>
<br>
New defect(s) Reported-by: Coverity Scan<br>
Showing 2 of 2 defect(s)<br>
<br>
<br>
** CID 1452733:  Security best practices violations  (DC.WEAK_CRYPTO)<br>
/xlators/mgmt/glusterd/src/glusterd-pmap.c: 107 in pmap_port_alloc()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1452733:  Security best practices violations  (DC.WEAK_CRYPTO)<br>
/xlators/mgmt/glusterd/src/glusterd-pmap.c: 107 in pmap_port_alloc()<br>
101     <br>
102         GF_ASSERT(this);<br>
103     <br>
104         pmap = pmap_registry_get(this);<br>
105     <br>
106         while (true) {<br>
>>>     CID 1452733:  Security best practices violations  (DC.WEAK_CRYPTO)<br>
>>>     "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.<br>
107             p = (rand() % (pmap->max_port - pmap->base_port + 1)) + pmap->base_port;<br>
108             if (pmap_port_isfree(p)) {<br>
109                 break;<br>
110             }<br>
111         }<br>
112     <br>
<br>
** CID 1452732:    (RESOURCE_LEAK)<br>
/xlators/mgmt/glusterd/src/glusterd-pmap.c: 267 in port_brick_bind()<br>
/xlators/mgmt/glusterd/src/glusterd-pmap.c: 267 in port_brick_bind()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1452732:    (RESOURCE_LEAK)<br>
/xlators/mgmt/glusterd/src/glusterd-pmap.c: 267 in port_brick_bind()<br>
261                 ret = 0;<br>
262                 tmp_port->brickname = gf_strdup(new_brickname);<br>
263                 GF_FREE(tmp_brick);<br>
264             }<br>
265         }<br>
266     <br>
>>>     CID 1452732:    (RESOURCE_LEAK)<br>
>>>     Variable "new_brickname" going out of scope leaks the storage it points to.<br>
267         return ret;<br>
268     }<br>
269     <br>
270     /* Allocate memory to store details about the new port i.e, port number,<br>
271      * brickname associated with that port, etc */<br>
272     <br>
/xlators/mgmt/glusterd/src/glusterd-pmap.c: 267 in port_brick_bind()<br>
261                 ret = 0;<br>
262                 tmp_port->brickname = gf_strdup(new_brickname);<br>
263                 GF_FREE(tmp_brick);<br>
264             }<br>
265         }<br>
266     <br>
>>>     CID 1452732:    (RESOURCE_LEAK)<br>
>>>     Variable "new_brickname" going out of scope leaks the storage it points to.<br>
267         return ret;<br>
268     }<br>
269     <br>
270     /* Allocate memory to store details about the new port i.e, port number,<br>
271      * brickname associated with that port, etc */<br>
272     <br>
<br>
<br>
________________________________________________________________________________________________________<br>
To view the defects in Coverity Scan visit, <a href="https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoqyt9-2BNBJxRtOVYlWTKDxGfrdEBeUOMJK5CiYvKOgXK8IKD6iff9HkAMY-2ByeYjBB4-3DJ-yx_WtzmHOqHaIxwuIcdkb62qlaaWmTg34oOgORa3GkNo64DvoKg1N03JX3E-2FPYjWFbxbpUchpLNWtw7A7yY-2BondakC8Iz-2FxG59GC6r1EKnyy8CW44wgL6hb-2FZTz2bTbqQxkoIKXrC-2B-2BcP3PkpZII2wmEHo59l-2BAr-2FFguU4eSgD9Fcw43-2F182AdThvAOSDByZXMA56HbPFhcc3G7r-2FH0VKejBw-3D-3D" rel="noreferrer noreferrer" target="_blank">https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoqyt9-2BNBJxRtOVYlWTKDxGfrdEBeUOMJK5CiYvKOgXK8IKD6iff9HkAMY-2ByeYjBB4-3DJ-yx_WtzmHOqHaIxwuIcdkb62qlaaWmTg34oOgORa3GkNo64DvoKg1N03JX3E-2FPYjWFbxbpUchpLNWtw7A7yY-2BondakC8Iz-2FxG59GC6r1EKnyy8CW44wgL6hb-2FZTz2bTbqQxkoIKXrC-2B-2BcP3PkpZII2wmEHo59l-2BAr-2FFguU4eSgD9Fcw43-2F182AdThvAOSDByZXMA56HbPFhcc3G7r-2FH0VKejBw-3D-3D</a><br>
<br>
  To manage Coverity Scan email notifications for "<a href="mailto:ykaul@redhat.com" rel="noreferrer" target="_blank">ykaul@redhat.com</a>", click <a href="https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxPPWxGL8nGVezYmoV75FBWk8rSMFlO3LlvVXQEqQIf-2FEg6jjO7Cp1BiAVaPqUZ3EGb6GA08P9V4QgpkQlwHWjAGXHbtCmY2MGU1A4bmb-2FOck-3DxbAd_WtzmHOqHaIxwuIcdkb62qlaaWmTg34oOgORa3GkNo64DvoKg1N03JX3E-2FPYjWFbxCLDfClMkneDNyCG-2BmLX63k2nfNMR6v936I-2BN4-2FnkvtZw9-2BkS-2B9v237f0qiohnHEz4YIT2O1-2BQXcrbWxv40KoabwrLeo06k18V4ZgJZltOJTpG2cinOoadT-2FSF0oLLqAktXTBbX2wfTo5MgdwJZFTIA-3D-3D" rel="noreferrer noreferrer" target="_blank">https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxPPWxGL8nGVezYmoV75FBWk8rSMFlO3LlvVXQEqQIf-2FEg6jjO7Cp1BiAVaPqUZ3EGb6GA08P9V4QgpkQlwHWjAGXHbtCmY2MGU1A4bmb-2FOck-3DxbAd_WtzmHOqHaIxwuIcdkb62qlaaWmTg34oOgORa3GkNo64DvoKg1N03JX3E-2FPYjWFbxCLDfClMkneDNyCG-2BmLX63k2nfNMR6v936I-2BN4-2FnkvtZw9-2BkS-2B9v237f0qiohnHEz4YIT2O1-2BQXcrbWxv40KoabwrLeo06k18V4ZgJZltOJTpG2cinOoadT-2FSF0oLLqAktXTBbX2wfTo5MgdwJZFTIA-3D-3D</a><br>
<br>
</div>
-------<br>
<br>
Community Meeting Calendar:<br>
Schedule -<br>
Every 2nd and 4th Tuesday at 14:30 IST / 09:00 UTC<br>
Bridge: <a href="https://meet.google.com/cpu-eiue-hvk" rel="noreferrer" target="_blank">https://meet.google.com/cpu-eiue-hvk</a><br>
<br>
Gluster-devel mailing list<br>
<a href="mailto:Gluster-devel@gluster.org" target="_blank">Gluster-devel@gluster.org</a><br>
<a href="https://lists.gluster.org/mailman/listinfo/gluster-devel" rel="noreferrer" target="_blank">https://lists.gluster.org/mailman/listinfo/gluster-devel</a><br>
<br>
</blockquote></div>