Commit 7bdd878a authored by Hugo Wen's avatar Hugo Wen Committed by Daniel Black

Fix few vulnerabilities found by Cppcheck

While performing SAST scanning using Cppcheck against source code of
commit 81196469, several code vulnerabilities were found.

Fix following issues:

1. Parameters of `snprintf` function are incorrect.

   Cppcheck error:

       client/mysql_plugin.c:1228: error: snprintf format string requires 6 parameters but only 5 are given.

   It is due to commit 630d7229 introduced option `--lc-messages-dir`
   in the bootstrap command. However the parameter was not even given
   in the `snprintf` after changing the format string.

   Fix:
   Restructure the code logic and correct the function parameters for
   `snprintf`.

2. Null pointer is used in a `snprintf` which could cause a crash.

   Cppcheck error:

       extra/mariabackup/xbcloud.cc:2534: error: Null pointer dereference

   The code intended to print the swift_project name, if the
   opt_swift_project_id is NULL but opt_swift_project is not NULL.
   However the parameter of `snprintf` was mistakenly using
   `opt_swift_project_id`.

   Fix:
   Change to use the correct string from `opt_swift_project`.

3. Potential double release of a memory

   Cppcheck error:

       plugin/auth_pam/testing/pam_mariadb_mtr.c:69: error: Memory pointed to by 'resp' is freed twice.

   A pointer `resp` is reused and allocated new memory after it has been
   freed. However, `resp` was not set to NULL after freed.
   Potential double release of the same pointer if the call back
   function doesn't allocate new memory for `resp` pointer.

   Fix:
   Set the `resp` pointer to NULL after the first free() to make sure
   the same address is not freed twice.

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license. I am contributing on behalf of my employer Amazon Web
Services, Inc.
parent acfb5dfd
......@@ -1194,47 +1194,39 @@ static int dump_bootstrap_file(char *bootstrap_file)
static int bootstrap_server(char *server_path, char *bootstrap_file)
{
char bootstrap_cmd[FN_REFLEN];
char bootstrap_cmd[FN_REFLEN]= {0};
char lc_messages_dir_str[FN_REFLEN]= {0};
int error= 0;
#ifdef __WIN__
char *format_str= 0;
const char *verbose_str= NULL;
#endif
if (opt_lc_messages_dir != NULL)
snprintf(lc_messages_dir_str, sizeof(lc_messages_dir_str), "--lc-messages-dir=%s",
opt_lc_messages_dir);
#ifdef __WIN__
if (opt_verbose)
verbose_str= "--console";
else
verbose_str= "";
if (has_spaces(opt_datadir) || has_spaces(opt_basedir) ||
has_spaces(bootstrap_file))
{
if (opt_lc_messages_dir != NULL)
format_str= "\"%s %s --bootstrap --datadir=%s --basedir=%s --lc-messages-dir=%s <%s\"";
else
format_str= "\"%s %s --bootstrap --datadir=%s --basedir=%s <%s\"";
}
has_spaces(bootstrap_file) || has_spaces(lc_messages_dir_str))
format_str= "\"%s %s --bootstrap --datadir=%s --basedir=%s %s <%s\"";
else
{
if (opt_lc_messages_dir != NULL)
format_str= "\"%s %s --bootstrap --datadir=%s --basedir=%s --lc-messages-dir=%s <%s\"";
else
format_str= "%s %s --bootstrap --datadir=%s --basedir=%s <%s";
}
format_str= "%s %s --bootstrap --datadir=%s --basedir=%s %s <%s";
snprintf(bootstrap_cmd, sizeof(bootstrap_cmd), format_str,
add_quotes(convert_path(server_path)), verbose_str,
add_quotes(opt_datadir), add_quotes(opt_basedir),
add_quotes(bootstrap_file));
add_quotes(lc_messages_dir_str), add_quotes(bootstrap_file));
#else
if (opt_lc_messages_dir != NULL)
snprintf(bootstrap_cmd, sizeof(bootstrap_cmd),
"%s --no-defaults --bootstrap --datadir=%s --basedir=%s --lc-messages-dir=%s"
" <%s", server_path, opt_datadir, opt_basedir, opt_lc_messages_dir, bootstrap_file);
else
snprintf(bootstrap_cmd, sizeof(bootstrap_cmd),
"%s --no-defaults --bootstrap --datadir=%s --basedir=%s"
" <%s", server_path, opt_datadir, opt_basedir, bootstrap_file);
"%s --no-defaults --bootstrap --datadir=%s --basedir=%s %s"
" <%s", server_path, opt_datadir, opt_basedir, lc_messages_dir_str, bootstrap_file);
#endif
/* Execute the command */
......
......@@ -2534,7 +2534,7 @@ swift_keystone_auth_v3(const char *auth_url, swift_auth_info *info)
} else if (opt_swift_project != NULL) {
snprintf(scope, sizeof(scope),
",\"scope\":{\"project\":{\"name\":\"%s\"%s}}",
opt_swift_project_id, domain);
opt_swift_project, domain);
}
snprintf(payload, sizeof(payload), "{\"auth\":{\"identity\":"
......
......@@ -45,6 +45,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags __attribute__((unused)),
else
{
free(resp);
resp= NULL;
msg[0].msg_style = PAM_PROMPT_ECHO_ON;
msg[0].msg = "PIN:";
pam_err = (*conv->conv)(1, msgp, &resp, conv->appdata_ptr);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment