Yes, already looking into it.
On Wed, Apr 28, 2021 at 12:22 PM Mohit Agrawal <moagrawa@xxxxxxxxxx> wrote:
+Nikhil Ladha Can you resolve the same?On Wed, Apr 28, 2021 at 12:10 PM Yaniv Kaul <ykaul@xxxxxxxxxx> wrote:2 new coverity issues after yesterday's merge.Y.----------------- Forwarded message ---------
From: <scan-admin@xxxxxxxxxxxx>
Date: Wed, 28 Apr 2021, 8:57
Subject: New Defects reported by Coverity Scan for gluster/glusterfs
To: <ykaul@xxxxxxxxxx>
Hi,
Please find the latest report on new defect(s) introduced to gluster/glusterfs found with Coverity Scan.
2 new defect(s) introduced to gluster/glusterfs found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1452733: Security best practices violations (DC.WEAK_CRYPTO)
/xlators/mgmt/glusterd/src/glusterd-pmap.c: 107 in pmap_port_alloc()
________________________________________________________________________________________________________
*** CID 1452733: Security best practices violations (DC.WEAK_CRYPTO)
/xlators/mgmt/glusterd/src/glusterd-pmap.c: 107 in pmap_port_alloc()
101
102 GF_ASSERT(this);
103
104 pmap = pmap_registry_get(this);
105
106 while (true) {
>>> CID 1452733: Security best practices violations (DC.WEAK_CRYPTO)
>>> "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
107 p = (rand() % (pmap->max_port - pmap->base_port + 1)) + pmap->base_port;
108 if (pmap_port_isfree(p)) {
109 break;
110 }
111 }
112
** CID 1452732: (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-pmap.c: 267 in port_brick_bind()
/xlators/mgmt/glusterd/src/glusterd-pmap.c: 267 in port_brick_bind()
________________________________________________________________________________________________________
*** CID 1452732: (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-pmap.c: 267 in port_brick_bind()
261 ret = 0;
262 tmp_port->brickname = gf_strdup(new_brickname);
263 GF_FREE(tmp_brick);
264 }
265 }
266
>>> CID 1452732: (RESOURCE_LEAK)
>>> Variable "new_brickname" going out of scope leaks the storage it points to.
267 return ret;
268 }
269
270 /* Allocate memory to store details about the new port i.e, port number,
271 * brickname associated with that port, etc */
272
/xlators/mgmt/glusterd/src/glusterd-pmap.c: 267 in port_brick_bind()
261 ret = 0;
262 tmp_port->brickname = gf_strdup(new_brickname);
263 GF_FREE(tmp_brick);
264 }
265 }
266
>>> CID 1452732: (RESOURCE_LEAK)
>>> Variable "new_brickname" going out of scope leaks the storage it points to.
267 return ret;
268 }
269
270 /* Allocate memory to store details about the new port i.e, port number,
271 * brickname associated with that port, etc */
272
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoqyt9-2BNBJxRtOVYlWTKDxGfrdEBeUOMJK5CiYvKOgXK8IKD6iff9HkAMY-2ByeYjBB4-3DJ-yx_WtzmHOqHaIxwuIcdkb62qlaaWmTg34oOgORa3GkNo64DvoKg1N03JX3E-2FPYjWFbxbpUchpLNWtw7A7yY-2BondakC8Iz-2FxG59GC6r1EKnyy8CW44wgL6hb-2FZTz2bTbqQxkoIKXrC-2B-2BcP3PkpZII2wmEHo59l-2BAr-2FFguU4eSgD9Fcw43-2F182AdThvAOSDByZXMA56HbPFhcc3G7r-2FH0VKejBw-3D-3D
To manage Coverity Scan email notifications for "ykaul@xxxxxxxxxx", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxPPWxGL8nGVezYmoV75FBWk8rSMFlO3LlvVXQEqQIf-2FEg6jjO7Cp1BiAVaPqUZ3EGb6GA08P9V4QgpkQlwHWjAGXHbtCmY2MGU1A4bmb-2FOck-3DxbAd_WtzmHOqHaIxwuIcdkb62qlaaWmTg34oOgORa3GkNo64DvoKg1N03JX3E-2FPYjWFbxCLDfClMkneDNyCG-2BmLX63k2nfNMR6v936I-2BN4-2FnkvtZw9-2BkS-2B9v237f0qiohnHEz4YIT2O1-2BQXcrbWxv40KoabwrLeo06k18V4ZgJZltOJTpG2cinOoadT-2FSF0oLLqAktXTBbX2wfTo5MgdwJZFTIA-3D-3D
Community Meeting Calendar:
Schedule -
Every 2nd and 4th Tuesday at 14:30 IST / 09:00 UTC
Bridge: https://meet.google.com/cpu-eiue-hvk
Gluster-devel mailing list
Gluster-devel@xxxxxxxxxxx
https://lists.gluster.org/mailman/listinfo/gluster-devel
------- Community Meeting Calendar: Schedule - Every 2nd and 4th Tuesday at 14:30 IST / 09:00 UTC Bridge: https://meet.google.com/cpu-eiue-hvk Gluster-devel mailing list Gluster-devel@xxxxxxxxxxx https://lists.gluster.org/mailman/listinfo/gluster-devel
