From faf736cb3043ade5b2ad3267c45d2ba0bce53b52 Mon Sep 17 00:00:00 2001 From: ShyamsundarR Date: Tue, 21 Aug 2018 21:53:35 -0400 Subject: coverity: Multiple coverity fixes for issues with HIGH severity glfs-fops.c 1391414 Uninitialized pointer read List head needed initialization glusterfsd-mgmt.c graph.c 1382431 Buffer not null terminated 1382417 Dereference before null check 1382347 Buffer not null terminated Cleaned usage of volfile_checksum member of gf_volfile_t struct across the code base. glusterd-tier.c 1382426 Resource leak 1370955 Dereference before null check The function fixed needs more work, but with tier almost being deprecated, addressed some parts of the reported coverity issues as appropriate. Tested using the following test cases: ./tests/basic/tier/new-tier-cmds.t ./tests/basic/tier/tier.t ./tests/basic/tier/bug-1214222-directories_missing_after_attach_tier.t ./tests/basic/tier/tier_lookup_heal.t ./tests/basic/tier/tier-heald.t ./tests/basic/tier/tier-snapshot.t ./tests/features/glfs-lease.t Change-Id: I396f1c34bb112bb22d2745ed279e1a4850cac4af Updates: bz#789278 Signed-off-by: ShyamsundarR --- api/src/glfs-fops.c | 4 ++- glusterfsd/src/glusterfsd-mgmt.c | 18 +++++------ libglusterfs/src/graph.c | 2 +- xlators/mgmt/glusterd/src/glusterd-tier.c | 52 ++++++++++++++++--------------- 4 files changed, 39 insertions(+), 37 deletions(-) diff --git a/api/src/glfs-fops.c b/api/src/glfs-fops.c index cb6dffc9335..ee4271fb4dc 100644 --- a/api/src/glfs-fops.c +++ b/api/src/glfs-fops.c @@ -5095,7 +5095,7 @@ glfs_recall_lease_fd (struct glfs *fs, inode_t *inode = NULL; struct glfs_fd *glfd = NULL; struct glfs_fd *tmp = NULL; - struct list_head glfd_list; + struct list_head glfd_list = { 0, }; fd_t *fd = NULL; uint64_t value = 0; struct glfs_lease lease = {0, }; @@ -5106,6 +5106,8 @@ glfs_recall_lease_fd (struct glfs *fs, recall_lease = up_data->data; GF_VALIDATE_OR_GOTO ("gfapi", recall_lease, out); + INIT_LIST_HEAD(&glfd_list); + subvol = glfs_active_subvol (fs); if (!subvol) { ret = -1; diff --git a/glusterfsd/src/glusterfsd-mgmt.c b/glusterfsd/src/glusterfsd-mgmt.c index df9a05c75f0..3228c27c6aa 100644 --- a/glusterfsd/src/glusterfsd-mgmt.c +++ b/glusterfsd/src/glusterfsd-mgmt.c @@ -1979,7 +1979,7 @@ volfile: list_for_each_entry (volfile_obj, &ctx->volfile_list, volfile_list) { if (!strcmp (volfile_id, volfile_obj->vol_id)) { - if (!strncmp (sha256_hash, + if (!memcmp (sha256_hash, volfile_obj->volfile_checksum, sizeof (volfile_obj->volfile_checksum))) { gf_log (frame->this->name, GF_LOG_INFO, @@ -2047,8 +2047,8 @@ volfile: "checksum."); goto out; } - strncpy (volfile_tmp->volfile_checksum, sha256_hash, - sizeof (volfile_tmp->volfile_checksum)); + memcpy (volfile_tmp->volfile_checksum, sha256_hash, + sizeof (volfile_tmp->volfile_checksum)); goto out; } @@ -2080,8 +2080,8 @@ volfile: sizeof (volfile_tmp->vol_id), "%s", volfile_id); } - strncpy (volfile_tmp->volfile_checksum, sha256_hash, - sizeof (volfile_tmp->volfile_checksum)); + memcpy (volfile_tmp->volfile_checksum, sha256_hash, + sizeof (volfile_tmp->volfile_checksum)); } UNLOCK (&ctx->volfile_lock); @@ -2098,11 +2098,9 @@ out: if (locked) UNLOCK (&ctx->volfile_lock); - if (frame) { - GF_FREE (frame->local); - frame->local = NULL; - STACK_DESTROY (frame->root); - } + GF_FREE (frame->local); + frame->local = NULL; + STACK_DESTROY (frame->root); free (rsp.spec); diff --git a/libglusterfs/src/graph.c b/libglusterfs/src/graph.c index 26dfc4e6b81..03ef55c5892 100644 --- a/libglusterfs/src/graph.c +++ b/libglusterfs/src/graph.c @@ -1264,7 +1264,7 @@ glusterfs_graph_attach (glusterfs_graph_t *orig_graph, char *path, INIT_LIST_HEAD (&volfile_obj->volfile_list); snprintf (volfile_obj->vol_id, sizeof (volfile_obj->vol_id), "%s", xl->volfile_id); - strncpy (volfile_obj->volfile_checksum, sha256_hash, + memcpy (volfile_obj->volfile_checksum, sha256_hash, sizeof (volfile_obj->volfile_checksum)); list_add (&volfile_obj->volfile_list, &this->ctx->volfile_list); diff --git a/xlators/mgmt/glusterd/src/glusterd-tier.c b/xlators/mgmt/glusterd/src/glusterd-tier.c index 608b035fa16..d20f6900b21 100644 --- a/xlators/mgmt/glusterd/src/glusterd-tier.c +++ b/xlators/mgmt/glusterd/src/glusterd-tier.c @@ -1245,18 +1245,17 @@ int glusterd_op_tier_status (dict_t *dict, char **op_errstr, dict_t *rsp_dict, glusterd_op_t op) { - int ret = -1; + int ret = -1; xlator_t *this = NULL; - struct syncargs args = {0, }; - glusterd_req_ctx_t *data = NULL; + struct syncargs args = {0, }; gd1_mgmt_brick_op_req *req = NULL; glusterd_conf_t *priv = NULL; - int pending_bricks = 0; + int pending_bricks = 0; glusterd_pending_node_t *pending_node; glusterd_req_ctx_t *req_ctx = NULL; struct rpc_clnt *rpc = NULL; uuid_t *txn_id = NULL; - extern glusterd_op_info_t opinfo; + extern glusterd_op_info_t opinfo; this = THIS; GF_VALIDATE_OR_GOTO (THIS->name, this, out); @@ -1267,10 +1266,15 @@ glusterd_op_tier_status (dict_t *dict, char **op_errstr, dict_t *rsp_dict, GF_VALIDATE_OR_GOTO (this->name, priv, out); args.op_ret = -1; args.op_errno = ENOTCONN; - data = GF_CALLOC (1, sizeof (*data), - gf_gld_mt_op_allack_ctx_t); - gf_uuid_copy (data->uuid, MY_UUID); + req_ctx = GF_MALLOC (sizeof (*req_ctx), gf_gld_mt_op_allack_ctx_t); + if (!req_ctx) { + gf_msg (this->name, GF_LOG_ERROR, ENOMEM, + GD_MSG_NO_MEMORY, "Allocation failed"); + goto out; + } + + gf_uuid_copy (req_ctx->uuid, MY_UUID); /* we are printing the detach status for issue of detach start * by then we need the op to be GD_OP_DETACH_TIER_STATUS for it to @@ -1278,15 +1282,12 @@ glusterd_op_tier_status (dict_t *dict, char **op_errstr, dict_t *rsp_dict, */ if (op == GD_OP_REMOVE_TIER_BRICK) - data->op = GD_OP_DETACH_TIER_STATUS; + req_ctx->op = GD_OP_DETACH_TIER_STATUS; else - data->op = op; - data->dict = dict; + req_ctx->op = op; + req_ctx->dict = dict; txn_id = &priv->global_txn_id; - - req_ctx = data; - GF_VALIDATE_OR_GOTO (this->name, req_ctx, out); CDS_INIT_LIST_HEAD (&opinfo.pending_bricks); ret = dict_get_bin (req_ctx->dict, "transaction_id", (void **)&txn_id); @@ -1309,7 +1310,7 @@ glusterd_op_tier_status (dict_t *dict, char **op_errstr, dict_t *rsp_dict, (gd1_mgmt_brick_op_req **)&req, req_ctx->dict); - if (ret) { + if (ret || !req) { gf_msg (this->name, GF_LOG_ERROR, 0, GD_MSG_BRICK_OP_PAYLOAD_BUILD_FAIL, "Failed to build brick op payload during " @@ -1334,15 +1335,15 @@ glusterd_op_tier_status (dict_t *dict, char **op_errstr, dict_t *rsp_dict, goto out; } - GD_SYNCOP (rpc, (&args), NULL, glusterd_tier_status_cbk, req, - &gd_brick_prog, req->op, xdr_gd1_mgmt_brick_op_req); + GD_SYNCOP (rpc, (&args), NULL, glusterd_tier_status_cbk, + req, &gd_brick_prog, req->op, + xdr_gd1_mgmt_brick_op_req); + + if (req->input.input_val) + GF_FREE (req->input.input_val); + GF_FREE (req); + req = NULL; - if (req != NULL) { - if (req->input.input_val) - GF_FREE (req->input.input_val); - GF_FREE (req); - req = NULL; - } if (!ret) pending_bricks++; @@ -1355,9 +1356,7 @@ glusterd_op_tier_status (dict_t *dict, char **op_errstr, dict_t *rsp_dict, "'Volume %s' to %d bricks", gd_op_list[req_ctx->op], pending_bricks); opinfo.brick_pending_count = pending_bricks; - out: - if (ret) opinfo.op_ret = ret; @@ -1371,6 +1370,9 @@ out: if (args.errstr) GF_FREE (args.errstr); + if (req_ctx) + GF_FREE (req_ctx); + gf_msg_debug (this ? this->name : "glusterd", 0, "Returning %d. Failed to get tier status", ret); return ret; -- cgit