-------- Original Message --------
Subject: Re: GlusterFS inclusion
Date: Mon, 28 Apr 2014 09:10:23 -0700
From: Patricia Gaughen <patricia.gaughen@xxxxxxxxxxxxx>
To: Joe Julian <me at joejulian.name>
I've started the discussions internally. Will keep you posted.
On Thu, Apr 24, 2014 at 7:34 PM, Joe Julian <me at joejulian.name> wrote:
> Please help us get current releases of GlusterFS in Ubuntu proper. Contact
> myself for introductions or Louis 'semiosis' Zuckerman in #gluster. We are
> both board members and almost always on IRC.
On 04/25/2014 09:14 AM, Joe Julian wrote:
> GlusterFS was rejected during the security analysis with these comments:
>>
>> here's just a list of what I found while reading the code:
>>
>> - cppcheck reports ~20 real coding mistakes, perhaps a few false
>> positives
>> - get_uuid_via_daemon() doesn't check fork() for error return
>> - rdd_valid_config() buffer overflow rdd_config.out_file.path
>> - gf_cli_print_limit_list() doesn't check sprintf(abspath) return value
>> - rb_malloc() and rb_free() ignore their allocator argument
>> Not a security problem, but might be very surprising
>> - int_to_data() data_from_[u]int{64,32,16,8}() data_from_double()
>> all re-calculate the length rather than use the return value from
>> gf_asprintf(). (Not a security problem, just redundant.)
>>
> Should we add cppcheck to Jenkins?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://supercolony.gluster.org/pipermail/gluster-devel/attachments/20140428/4d3d9b1f/attachment.html>
