[Gluster-devel] Fwd: New Defects reported by Coverity Scan for gluster/glusterfs

Mohit Agrawal moagrawa at redhat.com
Wed Apr 28 06:51:57 UTC 2021


+Nikhil Ladha <nladha at redhat.com> Can you resolve the same?

On Wed, Apr 28, 2021 at 12:10 PM Yaniv Kaul <ykaul at redhat.com> wrote:

> 2 new coverity issues after yesterday's merge.
> Y.
>
>
> ---------- Forwarded message ---------
> From: <scan-admin at coverity.com>
> Date: Wed, 28 Apr 2021, 8:57
> Subject: New Defects reported by Coverity Scan for gluster/glusterfs
> To: <ykaul at redhat.com>
>
>
> Hi,
>
> Please find the latest report on new defect(s) introduced to
> gluster/glusterfs found with Coverity Scan.
>
> 2 new defect(s) introduced to gluster/glusterfs found with Coverity Scan.
> 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the
> recent build analyzed by Coverity Scan.
>
> New defect(s) Reported-by: Coverity Scan
> Showing 2 of 2 defect(s)
>
>
> ** CID 1452733:  Security best practices violations  (DC.WEAK_CRYPTO)
> /xlators/mgmt/glusterd/src/glusterd-pmap.c: 107 in pmap_port_alloc()
>
>
>
> ________________________________________________________________________________________________________
> *** CID 1452733:  Security best practices violations  (DC.WEAK_CRYPTO)
> /xlators/mgmt/glusterd/src/glusterd-pmap.c: 107 in pmap_port_alloc()
> 101
> 102         GF_ASSERT(this);
> 103
> 104         pmap = pmap_registry_get(this);
> 105
> 106         while (true) {
> >>>     CID 1452733:  Security best practices violations  (DC.WEAK_CRYPTO)
> >>>     "rand" should not be used for security-related applications,
> because linear congruential algorithms are too easy to break.
> 107             p = (rand() % (pmap->max_port - pmap->base_port + 1)) +
> pmap->base_port;
> 108             if (pmap_port_isfree(p)) {
> 109                 break;
> 110             }
> 111         }
> 112
>
> ** CID 1452732:    (RESOURCE_LEAK)
> /xlators/mgmt/glusterd/src/glusterd-pmap.c: 267 in port_brick_bind()
> /xlators/mgmt/glusterd/src/glusterd-pmap.c: 267 in port_brick_bind()
>
>
>
> ________________________________________________________________________________________________________
> *** CID 1452732:    (RESOURCE_LEAK)
> /xlators/mgmt/glusterd/src/glusterd-pmap.c: 267 in port_brick_bind()
> 261                 ret = 0;
> 262                 tmp_port->brickname = gf_strdup(new_brickname);
> 263                 GF_FREE(tmp_brick);
> 264             }
> 265         }
> 266
> >>>     CID 1452732:    (RESOURCE_LEAK)
> >>>     Variable "new_brickname" going out of scope leaks the storage it
> points to.
> 267         return ret;
> 268     }
> 269
> 270     /* Allocate memory to store details about the new port i.e, port
> number,
> 271      * brickname associated with that port, etc */
> 272
> /xlators/mgmt/glusterd/src/glusterd-pmap.c: 267 in port_brick_bind()
> 261                 ret = 0;
> 262                 tmp_port->brickname = gf_strdup(new_brickname);
> 263                 GF_FREE(tmp_brick);
> 264             }
> 265         }
> 266
> >>>     CID 1452732:    (RESOURCE_LEAK)
> >>>     Variable "new_brickname" going out of scope leaks the storage it
> points to.
> 267         return ret;
> 268     }
> 269
> 270     /* Allocate memory to store details about the new port i.e, port
> number,
> 271      * brickname associated with that port, etc */
> 272
>
>
>
> ________________________________________________________________________________________________________
> To view the defects in Coverity Scan visit,
> https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoqyt9-2BNBJxRtOVYlWTKDxGfrdEBeUOMJK5CiYvKOgXK8IKD6iff9HkAMY-2ByeYjBB4-3DJ-yx_WtzmHOqHaIxwuIcdkb62qlaaWmTg34oOgORa3GkNo64DvoKg1N03JX3E-2FPYjWFbxbpUchpLNWtw7A7yY-2BondakC8Iz-2FxG59GC6r1EKnyy8CW44wgL6hb-2FZTz2bTbqQxkoIKXrC-2B-2BcP3PkpZII2wmEHo59l-2BAr-2FFguU4eSgD9Fcw43-2F182AdThvAOSDByZXMA56HbPFhcc3G7r-2FH0VKejBw-3D-3D
>
>   To manage Coverity Scan email notifications for "ykaul at redhat.com",
> click
> https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxPPWxGL8nGVezYmoV75FBWk8rSMFlO3LlvVXQEqQIf-2FEg6jjO7Cp1BiAVaPqUZ3EGb6GA08P9V4QgpkQlwHWjAGXHbtCmY2MGU1A4bmb-2FOck-3DxbAd_WtzmHOqHaIxwuIcdkb62qlaaWmTg34oOgORa3GkNo64DvoKg1N03JX3E-2FPYjWFbxCLDfClMkneDNyCG-2BmLX63k2nfNMR6v936I-2BN4-2FnkvtZw9-2BkS-2B9v237f0qiohnHEz4YIT2O1-2BQXcrbWxv40KoabwrLeo06k18V4ZgJZltOJTpG2cinOoadT-2FSF0oLLqAktXTBbX2wfTo5MgdwJZFTIA-3D-3D
>
> -------
>
> Community Meeting Calendar:
> Schedule -
> Every 2nd and 4th Tuesday at 14:30 IST / 09:00 UTC
> Bridge: https://meet.google.com/cpu-eiue-hvk
>
> Gluster-devel mailing list
> Gluster-devel at gluster.org
> https://lists.gluster.org/mailman/listinfo/gluster-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gluster.org/pipermail/gluster-devel/attachments/20210428/6831b290/attachment-0001.html>


More information about the Gluster-devel mailing list