RSS feed

A couple of issues found by the Coverity scanner fixed in SVN

[Date Prev][Date Next] [Thread Prev][Thread Next]

A couple of issues found by the Coverity scanner fixed in SVN


we have recently scanned the source of nss-pam-ldapd 0.7.14 (yeah, I
need to upgrade to .15) that we are using in Fedora with the Coverity
Static Analysis tool.

The good news is that the scanner did not find any severe bugs. I think
that is a nice testament to the overall code quality of nss-pam-ldapd.

There is a couple of smaller issues, mostly error handling, error reporting
or resource usage.
So far, I have commited these fixes:

r1589 - If myldap_get_values() called inside update_username() failed for
the attmap_passwd_uid, nss-pam-ldapd would dereference a NULL pointer.

r1590 - If myldap_escape() called in autzsearch_var_add() failed, the
memory pointed to by the escaped_value pointer would be leaked

r1591 - Check NULL return of myldap_get_values(CN) in write_netgroup.
Technically, the check could be reduced to "if (names==NULL)" and the
next for loop would just work itself out. Feel free to change the

r1592,r1593 - These just provide some extra error reporting. I think it
is nice to be alerted that an operation failed, even though there's no
cleanup or error handling involved.

r1594 - I hope I did not overlook anything :-) but mysnprintf() was
missing a matching va_end() call for the va_start() one it performs.
This would only be a problem if mysnprintf was called twice with the
same set of arguments, I think, but better be on the safe side.

I only commited the patches to the "master" branch. Let me know if you'd
like to have them present in other branches as well. I intend to
backport the patches to 0.7.15 and include them in Fedora, too.

To unsubscribe send an email to or see