From be1e844778b3698c94fbab641c51c7f2fd1d8967 Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Wed, 27 Jul 2016 16:22:36 +1000 Subject: [PATCH 01/12] ctdb-common: Fix CID 1125553 Buffer not null terminated (BUFFER_SIZE_WARNING) BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit 763f9c13f2998a8858e8a3ec013d166a3d429835) --- ctdb/common/system_linux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ctdb/common/system_linux.c b/ctdb/common/system_linux.c index ef78df8..8bb18f8 100644 --- a/ctdb/common/system_linux.c +++ b/ctdb/common/system_linux.c @@ -202,7 +202,7 @@ int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface) } DEBUG(DEBUG_DEBUG, (__location__ " Created SOCKET FD:%d for sending arp\n", s)); - strncpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name)); + strlcpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name)); if (ioctl(s, SIOCGIFINDEX, &ifr) < 0) { DEBUG(DEBUG_CRIT,(__location__ " interface '%s' not found\n", iface)); close(s); -- 2.8.1 From cd4ff35e2837bc9097792c6cf6e88f3ceca25bb1 Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Mon, 1 Aug 2016 15:03:56 +1000 Subject: [PATCH 02/12] ctdb-common: Consistently use strlcpy() on interface names BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit aff33a59479cafcb1f24a07ff76383d47bb196b3) --- ctdb/common/system_linux.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ctdb/common/system_linux.c b/ctdb/common/system_linux.c index 8bb18f8..b66ce67 100644 --- a/ctdb/common/system_linux.c +++ b/ctdb/common/system_linux.c @@ -116,7 +116,7 @@ int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface) } /* get the mac address */ - strncpy(if_hwaddr.ifr_name, iface, sizeof(if_hwaddr.ifr_name)-1); + strlcpy(if_hwaddr.ifr_name, iface, sizeof(if_hwaddr.ifr_name)); ret = ioctl(s, SIOCGIFHWADDR, &if_hwaddr); if ( ret < 0 ) { close(s); @@ -210,7 +210,7 @@ int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface) } /* get the mac address */ - strncpy(if_hwaddr.ifr_name, iface, sizeof(if_hwaddr.ifr_name)-1); + strlcpy(if_hwaddr.ifr_name, iface, sizeof(if_hwaddr.ifr_name)); ret = ioctl(s, SIOCGIFHWADDR, &if_hwaddr); if ( ret < 0 ) { close(s); @@ -602,7 +602,7 @@ bool ctdb_sys_check_iface_exists(const char *iface) return true; } - strncpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name)-1); + strlcpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name)); if (ioctl(s, SIOCGIFINDEX, &ifr) < 0 && errno == ENODEV) { DEBUG(DEBUG_CRIT,(__location__ " interface '%s' not found\n", iface)); close(s); -- 2.8.1 From 56d32656314ef5d87a12f04235d079738ded3dbe Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Wed, 27 Jul 2016 17:43:34 +1000 Subject: [PATCH 03/12] ctdb-utils: Fix CID 1297451 Explicit null dereferenced (FORWARD_NULL) BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit d46960f20e795cd4abc1c727705f77b2f0e0e564) --- ctdb/utils/ping_pong/ping_pong.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ctdb/utils/ping_pong/ping_pong.c b/ctdb/utils/ping_pong/ping_pong.c index be43a1d..f7f2eb1 100644 --- a/ctdb/utils/ping_pong/ping_pong.c +++ b/ctdb/utils/ping_pong/ping_pong.c @@ -142,7 +142,9 @@ static void ping_pong(int fd, int num_locks) val = (unsigned char *)calloc(num_locks+1, sizeof(unsigned char)); if (val == NULL) { printf("calloc failed\n"); - munmap(p, num_locks+1); + if (use_mmap) { + munmap(p, num_locks+1); + } return; } -- 2.8.1 From 6e8c6acce8521fb20cab329123d8252d665c1c55 Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Thu, 28 Jul 2016 12:00:27 +1000 Subject: [PATCH 04/12] ctdb-daemon: Fix CID 1363233 Resource leak (RESOURCE_LEAK) BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit 74aca5f4c671d9f15ae6c3a901978a1cf247dd6f) --- ctdb/server/ctdb_recover.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ctdb/server/ctdb_recover.c b/ctdb/server/ctdb_recover.c index 48f822c..b42f001 100644 --- a/ctdb/server/ctdb_recover.c +++ b/ctdb/server/ctdb_recover.c @@ -1299,6 +1299,7 @@ int32_t ctdb_control_try_delete_records(struct ctdb_context *ctdb, TDB_DATA inda if (data.dsize < sizeof(struct ctdb_ltdb_header)) { DEBUG(DEBUG_CRIT,(__location__ " bad ltdb record in indata\n")); + talloc_free(records); return -1; } -- 2.8.1 From a47f8d14e8ee037e30451b24f115bc453f61972d Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Thu, 28 Jul 2016 12:06:23 +1000 Subject: [PATCH 05/12] ctdb-daemon: Fix CID 1363067 Resource leak (RESOURCE_LEAK) BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit c6a7f680ce74d4a630fa9305d0a926cc1a4b3d2c) --- ctdb/server/ctdb_recover.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ctdb/server/ctdb_recover.c b/ctdb/server/ctdb_recover.c index b42f001..6bed61c 100644 --- a/ctdb/server/ctdb_recover.c +++ b/ctdb/server/ctdb_recover.c @@ -1492,6 +1492,7 @@ int32_t ctdb_control_receive_records(struct ctdb_context *ctdb, if (data.dsize < sizeof(struct ctdb_ltdb_header)) { DEBUG(DEBUG_CRIT, (__location__ " bad ltdb record " "in indata\n")); + talloc_free(records); return -1; } -- 2.8.1 From 6f36c90c6538085b846ccc9db994a03ed13f4767 Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Thu, 28 Jul 2016 14:04:23 +1000 Subject: [PATCH 06/12] ctdb-mutex: Fix CID 1359217 Resource leak (RESOURCE_LEAK) BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs Autobuild-User(master): Amitay Isaacs Autobuild-Date(master): Wed Aug 3 09:13:55 CEST 2016 on sn-devel-144 (cherry picked from commit 24e28c0aa52399f03acf830a1ad72af0139b0606) --- ctdb/server/ctdb_mutex_fcntl_helper.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/ctdb/server/ctdb_mutex_fcntl_helper.c b/ctdb/server/ctdb_mutex_fcntl_helper.c index 93c7f62..06c2205 100644 --- a/ctdb/server/ctdb_mutex_fcntl_helper.c +++ b/ctdb/server/ctdb_mutex_fcntl_helper.c @@ -27,7 +27,7 @@ static char *progname = NULL; -static char fcntl_lock(const char *file) +static char fcntl_lock(const char *file, int *outfd) { int fd; struct flock lock; @@ -62,6 +62,8 @@ static char fcntl_lock(const char *file) return '3'; } + *outfd = fd; + return '0'; } @@ -70,6 +72,7 @@ int main(int argc, char *argv[]) char result; int ppid; const char *file = NULL; + int fd = -1; progname = argv[0]; @@ -81,10 +84,14 @@ int main(int argc, char *argv[]) ppid = getppid(); file = argv[1]; - result = fcntl_lock(file); + result = fcntl_lock(file, &fd); sys_write(STDOUT_FILENO, &result, 1); ctdb_wait_for_process_to_exit(ppid); + if (fd != -1) { + close(fd); + } + return 0; } -- 2.8.1 From 39b4110b290193917614fcacaf73b66eae06dbe7 Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Thu, 4 Aug 2016 15:50:12 +1000 Subject: [PATCH 07/12] ctdb-common: Fix CID 1363227 Resource leak (RESOURCE_LEAK) Occurs on an invalid line that isn't the first. Isn't really a leak because it is allocated off mem_ctx, which should be freed by the caller. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit 4541301d92e3c140adb6444143ad697d35926179) --- ctdb/common/system_util.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ctdb/common/system_util.c b/ctdb/common/system_util.c index ea53f5d..9fc6c44 100644 --- a/ctdb/common/system_util.c +++ b/ctdb/common/system_util.c @@ -420,6 +420,7 @@ int ctdb_parse_connections(FILE *fp, TALLOC_CTX *mem_ctx, if (ret != 2) { DEBUG(DEBUG_ERR, ("Bad line [%d]: %s\n", line_num, line)); + talloc_free(conn); return EINVAL; } -- 2.8.1 From 664e1f0ca9d6f9833afd4026c854e809f1d188f8 Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Thu, 4 Aug 2016 15:58:50 +1000 Subject: [PATCH 08/12] ctdb-tests: Fix CID 1361816 Buffer not null terminated (BUFFER_SIZE_WARNING) BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit f802a11d3ba808baba6cb2d31d706952df1e3159) --- ctdb/tests/src/fake_ctdbd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ctdb/tests/src/fake_ctdbd.c b/ctdb/tests/src/fake_ctdbd.c index 35bca88..c27af4a 100644 --- a/ctdb/tests/src/fake_ctdbd.c +++ b/ctdb/tests/src/fake_ctdbd.c @@ -2196,8 +2196,8 @@ static void control_get_ifaces(TALLOC_CTX *mem_ctx, .link_state = iface->link_up, .references = iface->references, }; - strncpy(iface_list->iface[i].name, iface->name, - CTDB_IFACE_SIZE+2); + strlcpy(iface_list->iface[i].name, iface->name, + sizeof(iface_list->iface[i].name)); } reply.rdata.data.iface_list = iface_list; -- 2.8.1 From 68e7ad3d54676780f94bc25da008d09fc24e98b0 Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Fri, 5 Aug 2016 16:37:00 +1000 Subject: [PATCH 09/12] ctdb-common: Fix CID 1125581 Dereference after null check (FORWARD_NULL) This also fixes CID 1125582. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit 7ae3699831427725f12e0a26a0681e59f2fbb2d9) --- ctdb/common/rb_tree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ctdb/common/rb_tree.c b/ctdb/common/rb_tree.c index 1c602a7..f4aee8b 100644 --- a/ctdb/common/rb_tree.c +++ b/ctdb/common/rb_tree.c @@ -230,7 +230,7 @@ static inline void trbt_set_color_left(trbt_node_t *node, int color) } static inline void trbt_set_color_right(trbt_node_t *node, int color) { - if ( ((node==NULL)||(node->right==NULL)) && (color==TRBT_BLACK) ) { + if (node == NULL || node->right == NULL) { return; } node->right->rb_color = color; -- 2.8.1 From 4378dc1bfb01c14daf330dd482ec0f5a27546afc Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Fri, 5 Aug 2016 16:38:45 +1000 Subject: [PATCH 10/12] ctdb-common: Fix CID 1125583 Dereference after null check (FORWARD_NULL) This also fixes CID 1125584. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit bbf0b907cb04184515d0f5f09f14824df1c2e59f) --- ctdb/common/rb_tree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ctdb/common/rb_tree.c b/ctdb/common/rb_tree.c index f4aee8b..c3b2b91 100644 --- a/ctdb/common/rb_tree.c +++ b/ctdb/common/rb_tree.c @@ -223,7 +223,7 @@ static inline void trbt_set_color(trbt_node_t *node, int color) } static inline void trbt_set_color_left(trbt_node_t *node, int color) { - if ( ((node==NULL)||(node->left==NULL)) && (color==TRBT_BLACK) ) { + if (node == NULL || node->left == NULL) { return; } node->left->rb_color = color; -- 2.8.1 From 046a49ecf7d4b23dfb5d3f78dc79ecaa46f728a4 Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Fri, 5 Aug 2016 16:39:50 +1000 Subject: [PATCH 11/12] ctdb-common: Fix CID 1125585 Dereference after null check (FORWARD_NULL) BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit b4f23a7e95cd9c8fc4a6324d4ec5a2881eaec207) --- ctdb/common/rb_tree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ctdb/common/rb_tree.c b/ctdb/common/rb_tree.c index c3b2b91..990ec61 100644 --- a/ctdb/common/rb_tree.c +++ b/ctdb/common/rb_tree.c @@ -216,7 +216,7 @@ static inline int trbt_get_color_right(trbt_node_t *node) /* setting a NULL node to black is a nop */ static inline void trbt_set_color(trbt_node_t *node, int color) { - if ( (node==NULL) && (color==TRBT_BLACK) ) { + if (node == NULL) { return; } node->rb_color = color; -- 2.8.1 From 2c98df3fc0e2bb2e80a6d0ae0596fe0dc252e5e4 Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Fri, 5 Aug 2016 16:50:58 +1000 Subject: [PATCH 12/12] ctdb-daemon: Fix CID 1125627 Resource leak (RESOURCE_LEAK) Also fixes CID 1125628. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit 940272d215049f5f5079aa926e69eae1985a4bfa) --- ctdb/server/ctdb_logging.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/ctdb/server/ctdb_logging.c b/ctdb/server/ctdb_logging.c index 168d3b5..692df73 100644 --- a/ctdb/server/ctdb_logging.c +++ b/ctdb/server/ctdb_logging.c @@ -282,9 +282,14 @@ int ctdb_set_child_logging(struct ctdb_context *ctdb) /* We'll fail if stderr/stdout not already open; it's simpler. */ old_stdout = dup(STDOUT_FILENO); + if (old_stdout < 0) { + DEBUG(DEBUG_ERR, ("Failed to dup stdout for child logging\n")); + return -1; + } old_stderr = dup(STDERR_FILENO); - if (old_stdout < 0 || old_stderr < 0) { - DEBUG(DEBUG_ERR, ("Failed to dup stdout/stderr for child logging\n")); + if (old_stderr < 0) { + DEBUG(DEBUG_ERR, ("Failed to dup stderr for child logging\n")); + close(old_stdout); return -1; } if (dup2(p[1], STDOUT_FILENO) < 0 || dup2(p[1], STDERR_FILENO) < 0) { -- 2.8.1