From cfd0a1d04b6c824c4b1a5e691e5e1466b0dbc893 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Mon, 3 May 2021 16:15:40 +0200 Subject: [PATCH] Coverity-related changes --- cyrus-sasl-2.1.27-coverity.patch | 56 +++++++++++++++++++++++++++++++ cyrus-sasl-2.1.27-nostrncpy.patch | 51 ++++++++++++++++++++++++++++ cyrus-sasl.spec | 11 +++++- 3 files changed, 117 insertions(+), 1 deletion(-) create mode 100644 cyrus-sasl-2.1.27-coverity.patch create mode 100644 cyrus-sasl-2.1.27-nostrncpy.patch diff --git a/cyrus-sasl-2.1.27-coverity.patch b/cyrus-sasl-2.1.27-coverity.patch new file mode 100644 index 0000000..871ea10 --- /dev/null +++ b/cyrus-sasl-2.1.27-coverity.patch @@ -0,0 +1,56 @@ +diff -up cyrus-sasl-2.1.27/include/makemd5.c.coverity cyrus-sasl-2.1.27/include/makemd5.c +--- cyrus-sasl-2.1.27/include/makemd5.c.coverity 2021-04-12 15:10:25.421431535 +0200 ++++ cyrus-sasl-2.1.27/include/makemd5.c 2021-04-12 15:56:46.752827737 +0200 +@@ -107,7 +107,6 @@ my_strupr(char *s) + } + } + +- + #define BITSIZE(TYPE) \ + { \ + int b = 0; TYPE x = 1, zero = 0; char *pre = "U"; \ +@@ -129,6 +128,8 @@ my_strupr(char *s) + static void + try_signed(FILE *f, int len) + { ++/* Local macros for not-installed program. No coverity/compiler issues! */ ++#pragma GCC diagnostic ignored "-Wformat-overflow" + #ifdef HAVE_INT8_T + BITSIZE(int8_t); + #endif +@@ -149,6 +150,7 @@ try_signed(FILE *f, int len) + BITSIZE(long long); + #endif + fprintf(f, "/* There is no %d bit type */\n", len); ++#pragma GCC pop + } + + static void +diff -up cyrus-sasl-2.1.27/saslauthd/lak.c.coverity cyrus-sasl-2.1.27/saslauthd/lak.c +--- cyrus-sasl-2.1.27/saslauthd/lak.c.coverity 2018-11-08 18:29:57.000000000 +0100 ++++ cyrus-sasl-2.1.27/saslauthd/lak.c 2021-04-12 15:10:25.433431630 +0200 +@@ -337,9 +337,9 @@ static int lak_config_read( + EMPTY(conf->group_search_base) ) + strlcpy(conf->group_search_base, conf->search_base, LAK_DN_LEN); + +- fclose(infile); ++ fclose(infile); + +- return LAK_OK; ++ return LAK_OK; + } + + static int lak_config_int( +diff -up cyrus-sasl-2.1.27/saslauthd/saslauthd-main.c.coverity cyrus-sasl-2.1.27/saslauthd/saslauthd-main.c +--- cyrus-sasl-2.1.27/saslauthd/saslauthd-main.c.coverity 2018-01-19 15:13:40.000000000 +0100 ++++ cyrus-sasl-2.1.27/saslauthd/saslauthd-main.c 2021-04-12 15:10:25.433431630 +0200 +@@ -833,7 +833,8 @@ void detach_tty() { + } + + logger(L_INFO, L_FUNC, "master pid is: %lu", (unsigned long)master_pid); +- ++ /* null_fd expected to be more than 2, so it is closed after dups, no leaks occur */ ++ /* coverity[leaked_handle : FALSE]*/ + return; + } + diff --git a/cyrus-sasl-2.1.27-nostrncpy.patch b/cyrus-sasl-2.1.27-nostrncpy.patch new file mode 100644 index 0000000..d009047 --- /dev/null +++ b/cyrus-sasl-2.1.27-nostrncpy.patch @@ -0,0 +1,51 @@ +diff --git a/plugins/gssapi.c b/plugins/gssapi.c +index 5d900c5e..4688bb9a 100644 +--- a/plugins/gssapi.c ++++ b/plugins/gssapi.c +@@ -1567,7 +1567,6 @@ int gssapiv2_server_plug_init( + { + #ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY + const char *keytab = NULL; +- char keytab_path[1024]; + unsigned int rl; + #endif + +@@ -1589,15 +1588,7 @@ int gssapiv2_server_plug_init( + return SASL_FAIL; + } + +- if(strlen(keytab) > 1024) { +- utils->log(NULL, SASL_LOG_ERR, +- "path to keytab is > 1024 characters"); +- return SASL_BUFOVER; +- } +- +- strncpy(keytab_path, keytab, 1024); +- +- gsskrb5_register_acceptor_identity(keytab_path); ++ gsskrb5_register_acceptor_identity(keytab); + } + #endif + +diff --git a/plugins/ntlm.c b/plugins/ntlm.c +index aeb3ac34..8a7d9065 100644 +--- a/plugins/ntlm.c ++++ b/plugins/ntlm.c +@@ -375,10 +375,15 @@ static unsigned char *P16_lm(unsigned char *P16, sasl_secret_t *passwd, + unsigned *buflen __attribute__((unused)), + int *result) + { +- char P14[14]; ++ char P14[14] = { 0 }; ++ int Plen; + unsigned char S8[] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; + +- strncpy(P14, (const char *) passwd->data, sizeof(P14)); ++ Plen = sizeof(P14); ++ if (passwd->len < Plen) { ++ Plen = passwd->len; ++ } ++ memcpy(P14, (const char *) passwd->data, Plen); + ucase(P14, sizeof(P14)); + + E(P16, (unsigned char *) P14, sizeof(P14), S8, sizeof(S8)); diff --git a/cyrus-sasl.spec b/cyrus-sasl.spec index 25630c2..6f3969b 100644 --- a/cyrus-sasl.spec +++ b/cyrus-sasl.spec @@ -8,7 +8,7 @@ Summary: The Cyrus SASL library Name: cyrus-sasl Version: 2.1.27 -Release: 10%{?dist} +Release: 11%{?dist} License: BSD with advertising URL: https://www.cyrusimap.org/sasl/ @@ -39,6 +39,9 @@ Patch102: cyrus-sasl-2.1.27-Add-Channel-Binding-support-for-GSSAPI-GSS-SPNEGO.pa Patch103: cyrus-sasl-2.1.27-Add-support-for-setting-max-ssf-0-to-GSS-SPNEGO.patch Patch104: cyrus-sasl-2.1.27-Emit-debug-log-only-in-case-of-errors.patch Patch105: cyrus-sasl-2.1.27-fix-for-autoconf270.patch +#https://github.com/simo5/cyrus-sasl/commit/ebd2387f06c84c7f9aac3167ec041bb01e5c6e48 +Patch106: cyrus-sasl-2.1.27-nostrncpy.patch +Patch500: cyrus-sasl-2.1.27-coverity.patch BuildRequires: autoconf, automake, libtool, gdbm-devel, groff BuildRequires: krb5-devel >= 1.2.2, openssl-devel, pam-devel, pkgconfig @@ -167,6 +170,9 @@ the GS2 authentication scheme. %patch103 -p1 -b .maxssf0 %patch104 -p1 -b .nolog %patch105 -p1 -b .autoconf270 +%patch106 -p1 -b .nostrncpy +%patch500 -p1 -b .coverity + %build # reconfigure @@ -375,6 +381,9 @@ getent passwd %{username} >/dev/null || useradd -r -g %{username} -d %{homedir} %{_sbindir}/sasl2-shared-mechlist %changelog +* Mon May 03 2021 Dmitry Belyavskiy - 2.1.27-11 +- rebuilt + * Tue Apr 06 2021 Simo Sorce - 2.1.27-10 - Fix issues with autoconf 2.70+