After running Covscan the following issues were found:
2. freeipa-4.9.11/util/ipa_krb5.c:890: alloc_arg: "krb5_get_permitted_enctypes" allocates memory that is stored into "ktypes". 10. freeipa-4.9.11/util/ipa_krb5.c:901: leaked_storage: Variable "ktypes" going out of scope leaks the storage it points to. # 899| if (NULL == ksdata) { # 900| *err_msg = _("Out of memory!?\n"); # 901|-> return 0; # 902| } # 903|
9. freeipa-4.9.11/daemons/ipa-otpd/forward.c:121: alloc_fn: Storage is returned from allocation function "krb5_get_error_message". 10. freeipa-4.9.11/daemons/ipa-otpd/forward.c:121: noescape: Resource "krb5_get_error_message(ctx.kctx, retval)" is not freed or pointed-to in "otpd_log_req_". 11. freeipa-4.9.11/daemons/ipa-otpd/forward.c:121: leaked_storage: Failing to save or free storage allocated by "krb5_get_error_message(ctx.kctx, retval)" leaks it. # 119| error: # 120| if (retval != 0) # 121|-> otpd_log_req((*item)->req, "forward end: %s", # 122| krb5_get_error_message(ctx.kctx, retval)); # 123| return retval;
4. freeipa-4.9.11/daemons/ipa-otpd/forward.c:46: alloc_fn: Storage is returned from allocation function "krb5_get_error_message". 5. freeipa-4.9.11/daemons/ipa-otpd/forward.c:46: noescape: Resource "(retval == 0) ? krad_code_num2name(code) : krb5_get_error_message(ctx.kctx, retval)" is not freed or pointed-to in "otpd_log_req_". 6. freeipa-4.9.11/daemons/ipa-otpd/forward.c:46: leaked_storage: Failing to save or free storage allocated by "krb5_get_error_message(ctx.kctx, retval)" leaks it. # 44| } # 45| # 46|-> otpd_log_req(item->req, "forward end: %s", # 47| retval == 0 # 48| ? krad_code_num2name(code)
6. freeipa-4.9.11/daemons/ipa-otpd/bind.c:121: alloc_fn: Storage is returned from allocation function "krb5_get_error_message". 7. freeipa-4.9.11/daemons/ipa-otpd/bind.c:121: var_assign: Assigning: "errstr" = storage returned from "krb5_get_error_message(ctx.kctx, i)". 11. freeipa-4.9.11/daemons/ipa-otpd/bind.c:136: leaked_storage: Variable "errstr" going out of scope leaks the storage it points to. # 134| VERTO_EV_FLAG_IO_READ | # 135| VERTO_EV_FLAG_IO_WRITE); # 136|-> } # 137| # 138| void otpd_on_bind_io(verto_ctx *vctx, verto_ev *ev)
7. freeipa-4.9.11/client/ipa-rmkeytab.c:158: alloc_arg: "krb5_kt_start_seq_get" allocates memory that is stored into "kt_cursor". 14. freeipa-4.9.11/client/ipa-rmkeytab.c:175: leaked_storage: Variable "kt_cursor" going out of scope leaks the storage it points to. # 173| done: # 174| # 175|-> return rval; # 176| } # 177|
3. freeipa-4.9.11/client/ipa-rmkeytab.c:131: alloc_arg: "krb5_unparse_name" allocates memory that is stored into "entry_princ_s". 6. freeipa-4.9.11/client/ipa-rmkeytab.c:152: identity_transfer: Passing "entry_princ_s" as argument 1 to function "strstr", which returns an offset off that argument. 7. freeipa-4.9.11/client/ipa-rmkeytab.c:152: noescape: Resource "entry_princ_s" is not freed or pointed-to in "strstr". 9. freeipa-4.9.11/client/ipa-rmkeytab.c:154: noescape: Resource "entry_princ_s" is not freed or pointed-to in "remove_principal". 12. freeipa-4.9.11/client/ipa-rmkeytab.c:175: leaked_storage: Variable "entry_princ_s" going out of scope leaks the storage it points to. # 173| done: # 174| # 175|-> return rval; # 176| } # 177|
12. freeipa-4.9.11/client/ipa-getkeytab.c:251: alloc_arg: "krb5_init_context" allocates memory that is stored into "krbctx". 14. freeipa-4.9.11/client/ipa-getkeytab.c:262: noescape: Resource "krbctx" is not freed or pointed-to in "krb5_unparse_name". 29. freeipa-4.9.11/client/ipa-getkeytab.c:291: leaked_storage: Variable "krbctx" going out of scope leaks the storage it points to. # 289| } # 290| } # 291|-> return ret; # 292| } # 293|
Additional error reported on ipa-4-10:
9. freeipa-4.10.2/daemons/ipa-kdb/ipa_kdb_principals.c:1096: alloc_arg: "ipadb_ldap_attr_to_strlist" allocates memory that is stored into "acl_list". 14. freeipa-4.10.2/daemons/ipa-kdb/ipa_kdb_principals.c:1120: leaked_storage: Variable "acl_list" going out of scope leaks the storage it points to. # 1118| } # 1119| *kentry = entry; # 1120|-> return kerr; # 1121| } # 1122|
Any thoughts on one commit to address these vs several commits?
Metadata Update from @rcritten: - Issue assigned to rcritten
https://github.com/freeipa/freeipa/pull/7379
master:
ipa-4-12:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://issues.redhat.com/browse/RHEL-54546, https://issues.redhat.com/browse/RHEL-54545
Log in to comment on this ticket.