[Gluster-devel] Fwd: New Defects reported by Coverity Scan for gluster/glusterfs

Nikhil Ladha nladha at redhat.com
Wed Apr 28 06:54:40 UTC 2021 

Yes, already looking into it.

On Wed, Apr 28, 2021 at 12:22 PM Mohit Agrawal <moagrawa at redhat.com> wrote:

> +Nikhil Ladha <nladha at redhat.com> Can you resolve the same?
>
> On Wed, Apr 28, 2021 at 12:10 PM Yaniv Kaul <ykaul at redhat.com> wrote:
>
>> 2 new coverity issues after yesterday's merge.
>> Y.
>>
>>
>> ---------- Forwarded message ---------
>> From: <scan-admin at coverity.com>
>> Date: Wed, 28 Apr 2021, 8:57
>> Subject: New Defects reported by Coverity Scan for gluster/glusterfs
>> To: <ykaul at redhat.com>
>>
>>
>> Hi,
>>
>> Please find the latest report on new defect(s) introduced to
>> gluster/glusterfs found with Coverity Scan.
>>
>> 2 new defect(s) introduced to gluster/glusterfs found with Coverity Scan.
>> 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the
>> recent build analyzed by Coverity Scan.
>>
>> New defect(s) Reported-by: Coverity Scan
>> Showing 2 of 2 defect(s)
>>
>>
>> ** CID 1452733:  Security best practices violations  (DC.WEAK_CRYPTO)
>> /xlators/mgmt/glusterd/src/glusterd-pmap.c: 107 in pmap_port_alloc()
>>
>>
>>
>> ________________________________________________________________________________________________________
>> *** CID 1452733:  Security best practices violations  (DC.WEAK_CRYPTO)
>> /xlators/mgmt/glusterd/src/glusterd-pmap.c: 107 in pmap_port_alloc()
>> 101
>> 102         GF_ASSERT(this);
>> 103
>> 104         pmap = pmap_registry_get(this);
>> 105
>> 106         while (true) {
>> >>>     CID 1452733:  Security best practices violations  (DC.WEAK_CRYPTO)
>> >>>     "rand" should not be used for security-related applications,
>> because linear congruential algorithms are too easy to break.
>> 107             p = (rand() % (pmap->max_port - pmap->base_port + 1)) +
>> pmap->base_port;
>> 108             if (pmap_port_isfree(p)) {
>> 109                 break;
>> 110             }
>> 111         }
>> 112
>>
>> ** CID 1452732:    (RESOURCE_LEAK)
>> /xlators/mgmt/glusterd/src/glusterd-pmap.c: 267 in port_brick_bind()
>> /xlators/mgmt/glusterd/src/glusterd-pmap.c: 267 in port_brick_bind()
>>
>>
>>
>> ________________________________________________________________________________________________________
>> *** CID 1452732:    (RESOURCE_LEAK)
>> /xlators/mgmt/glusterd/src/glusterd-pmap.c: 267 in port_brick_bind()
>> 261                 ret = 0;
>> 262                 tmp_port->brickname = gf_strdup(new_brickname);
>> 263                 GF_FREE(tmp_brick);
>> 264             }
>> 265         }
>> 266
>> >>>     CID 1452732:    (RESOURCE_LEAK)
>> >>>     Variable "new_brickname" going out of scope leaks the storage it
>> points to.
>> 267         return ret;
>> 268     }
>> 269
>> 270     /* Allocate memory to store details about the new port i.e, port
>> number,
>> 271      * brickname associated with that port, etc */
>> 272
>> /xlators/mgmt/glusterd/src/glusterd-pmap.c: 267 in port_brick_bind()
>> 261                 ret = 0;
>> 262                 tmp_port->brickname = gf_strdup(new_brickname);
>> 263                 GF_FREE(tmp_brick);
>> 264             }
>> 265         }
>> 266
>> >>>     CID 1452732:    (RESOURCE_LEAK)
>> >>>     Variable "new_brickname" going out of scope leaks the storage it
>> points to.
>> 267         return ret;
>> 268     }
>> 269
>> 270     /* Allocate memory to store details about the new port i.e, port
>> number,
>> 271      * brickname associated with that port, etc */
>> 272
>>
>>
>>
>> ________________________________________________________________________________________________________
>> To view the defects in Coverity Scan visit,
>> https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoqyt9-2BNBJxRtOVYlWTKDxGfrdEBeUOMJK5CiYvKOgXK8IKD6iff9HkAMY-2ByeYjBB4-3DJ-yx_WtzmHOqHaIxwuIcdkb62qlaaWmTg34oOgORa3GkNo64DvoKg1N03JX3E-2FPYjWFbxbpUchpLNWtw7A7yY-2BondakC8Iz-2FxG59GC6r1EKnyy8CW44wgL6hb-2FZTz2bTbqQxkoIKXrC-2B-2BcP3PkpZII2wmEHo59l-2BAr-2FFguU4eSgD9Fcw43-2F182AdThvAOSDByZXMA56HbPFhcc3G7r-2FH0VKejBw-3D-3D
>>
>>   To manage Coverity Scan email notifications for "ykaul at redhat.com",
>> click
>> https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxPPWxGL8nGVezYmoV75FBWk8rSMFlO3LlvVXQEqQIf-2FEg6jjO7Cp1BiAVaPqUZ3EGb6GA08P9V4QgpkQlwHWjAGXHbtCmY2MGU1A4bmb-2FOck-3DxbAd_WtzmHOqHaIxwuIcdkb62qlaaWmTg34oOgORa3GkNo64DvoKg1N03JX3E-2FPYjWFbxCLDfClMkneDNyCG-2BmLX63k2nfNMR6v936I-2BN4-2FnkvtZw9-2BkS-2B9v237f0qiohnHEz4YIT2O1-2BQXcrbWxv40KoabwrLeo06k18V4ZgJZltOJTpG2cinOoadT-2FSF0oLLqAktXTBbX2wfTo5MgdwJZFTIA-3D-3D
>>
>> -------
>>
>> Community Meeting Calendar:
>> Schedule -
>> Every 2nd and 4th Tuesday at 14:30 IST / 09:00 UTC
>> Bridge: https://meet.google.com/cpu-eiue-hvk
>>
>> Gluster-devel mailing list
>> Gluster-devel at gluster.org
>> https://lists.gluster.org/mailman/listinfo/gluster-devel
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gluster.org/pipermail/gluster-devel/attachments/20210428/ab7362c3/attachment.html>

More information about the Gluster-devel mailing list