From 3afc18d13ae79a73cfdee0e8f43cfb2baec8f643 Mon Sep 17 00:00:00 2001 From: Coiby Xu Date: Wed, 28 Jul 2021 09:12:02 +0800 Subject: [PATCH] Backported fixes for issues found by covscan Resolves: rhbz#1938852 Signed-off-by: Coiby Xu --- ...K-errors-detected-by-covscan-in-src-.patch | 232 ++++++++++++++++++ ...K-error-detected-by-covscan-in-src-u.patch | 50 ++++ ...K-errors-detected-by-covscan-in-src-.patch | 103 ++++++++ ...NT_EXPRESSION_RESULT-detected-by-cov.patch | 36 +++ ...or-MISSING_COMMA-detected-by-covscan.patch | 72 ++++++ ....c-55-9-warning-Wanalyzer-possible-n.patch | 46 ++++ ...fix-Error-FORWARD_NULL-CWE-476-def23.patch | 62 +++++ ...emodule.c-828-9-warning-Wanalyzer-po.patch | 37 +++ python-dmidecode.spec | 14 +- 9 files changed, 651 insertions(+), 1 deletion(-) create mode 100644 0001-fix-RESOURCE_LEAK-errors-detected-by-covscan-in-src-.patch create mode 100644 0002-fix-RESOURCE_LEAK-error-detected-by-covscan-in-src-u.patch create mode 100644 0003-fix-RESOURCE_LEAK-errors-detected-by-covscan-in-src-.patch create mode 100644 0004-fix-Error-CONSTANT_EXPRESSION_RESULT-detected-by-cov.patch create mode 100644 0005-fix-Error-MISSING_COMMA-detected-by-covscan.patch create mode 100644 0006-fix-src-dmierror.c-55-9-warning-Wanalyzer-possible-n.patch create mode 100644 0007-fix-Error-FORWARD_NULL-CWE-476-def23.patch create mode 100644 0008-fix-src-dmidecodemodule.c-828-9-warning-Wanalyzer-po.patch diff --git a/0001-fix-RESOURCE_LEAK-errors-detected-by-covscan-in-src-.patch b/0001-fix-RESOURCE_LEAK-errors-detected-by-covscan-in-src-.patch new file mode 100644 index 0000000..5ccda7f --- /dev/null +++ b/0001-fix-RESOURCE_LEAK-errors-detected-by-covscan-in-src-.patch @@ -0,0 +1,232 @@ +From 6ef06c19bb4e0a410f523bdae8c675229408ad17 Mon Sep 17 00:00:00 2001 +From: Coiby Xu +Date: Fri, 11 Jun 2021 11:00:27 +0800 +Subject: [PATCH 1/8] fix RESOURCE_LEAK errors detected by covscan in + src/xmlpythonizer.c + +Fix the following errors found by covscan, + + Error: RESOURCE_LEAK (CWE-772): [#def6] + python-dmidecode-3.12.2/src/xmlpythonizer.c:847: alloc_fn: Storage is returned from allocation function "malloc". + python-dmidecode-3.12.2/src/xmlpythonizer.c:847: var_assign: Assigning: "key" = storage returned from "malloc(258UL)". + python-dmidecode-3.12.2/src/xmlpythonizer.c:853: noescape: Resource "key" is not freed or pointed-to in "_get_key_value". + python-dmidecode-3.12.2/src/xmlpythonizer.c:857: leaked_storage: Variable "key" going out of scope leaks the storage it points to. + # 855| PyADD_DICT_VALUE(retdata, key, value); + # 856| } else { + # 857|-> PyReturnError(PyExc_ValueError, "Could not get key value: %s [%i] (Defining key: %s)", + # 858| map_p->rootpath, elmtid, map_p->key); + # 859| } + + Error: RESOURCE_LEAK (CWE-772): [#def7] + python-dmidecode-3.12.2/src/xmlpythonizer.c:847: alloc_fn: Storage is returned from allocation function "malloc". + python-dmidecode-3.12.2/src/xmlpythonizer.c:847: var_assign: Assigning: "key" = storage returned from "malloc(258UL)". + python-dmidecode-3.12.2/src/xmlpythonizer.c:879: noescape: Resource "key" is not freed or pointed-to in "_get_key_value". + python-dmidecode-3.12.2/src/xmlpythonizer.c:921: leaked_storage: Variable "key" going out of scope leaks the storage it points to. + # 919| xmlXPathFreeObject(xpo); + # 920| } else { + # 921|-> PyReturnError(PyExc_ValueError, "Could not get key value: " + # 922| "%s [%i] (Defining key: %s)", + # 923| map_p->rootpath, elmtid, map_p->key); + + Error: RESOURCE_LEAK (CWE-772): [#def8] + python-dmidecode-3.12.2/src/xmlpythonizer.c:877: alloc_fn: Storage is returned from allocation function "_get_xpath_values". + python-dmidecode-3.12.2/src/xmlpythonizer.c:877: var_assign: Assigning: "xpo" = storage returned from "_get_xpath_values(xpctx, map_p->value)". + python-dmidecode-3.12.2/src/xmlpythonizer.c:921: leaked_storage: Variable "xpo" going out of scope leaks the storage it points to. + # 919| xmlXPathFreeObject(xpo); + # 920| } else { + # 921|-> PyReturnError(PyExc_ValueError, "Could not get key value: " + # 922| "%s [%i] (Defining key: %s)", + # 923| map_p->rootpath, elmtid, map_p->key); + + Error: RESOURCE_LEAK (CWE-772): [#def9] + python-dmidecode-3.12.2/src/xmlpythonizer.c:847: alloc_fn: Storage is returned from allocation function "malloc". + python-dmidecode-3.12.2/src/xmlpythonizer.c:847: var_assign: Assigning: "key" = storage returned from "malloc(258UL)". + python-dmidecode-3.12.2/src/xmlpythonizer.c:933: noescape: Resource "key" is not freed or pointed-to in "_get_key_value". + python-dmidecode-3.12.2/src/xmlpythonizer.c:934: leaked_storage: Variable "key" going out of scope leaks the storage it points to. + # 932| } + # 933| if( _get_key_value(logp, key, 256, map_p, xpctx, 0) == NULL ) { + # 934|-> PyReturnError(PyExc_ValueError, + # 935| "Could not get key value: %s [%i] (Defining key: %s)", + # 936| map_p->rootpath, elmtid, map_p->key); + + Error: RESOURCE_LEAK (CWE-772): [#def10] + python-dmidecode-3.12.2/src/xmlpythonizer.c:847: alloc_fn: Storage is returned from allocation function "malloc". + python-dmidecode-3.12.2/src/xmlpythonizer.c:847: var_assign: Assigning: "key" = storage returned from "malloc(258UL)". + python-dmidecode-3.12.2/src/xmlpythonizer.c:947: noescape: Resource "key" is not freed or pointed-to in "_get_key_value". + python-dmidecode-3.12.2/src/xmlpythonizer.c:948: leaked_storage: Variable "key" going out of scope leaks the storage it points to. + # 946| } + # 947| if( _get_key_value(logp, key, 256, map_p, xpctx, 0) == NULL ) { + # 948|-> PyReturnError(PyExc_ValueError, + # 949| "Could not get key value: %s [%i] (Defining key: %s)", + # 950| map_p->rootpath, elmtid, map_p->key); + + Error: RESOURCE_LEAK (CWE-772): [#def11] + python-dmidecode-3.12.2/src/xmlpythonizer.c:847: alloc_fn: Storage is returned from allocation function "malloc". + python-dmidecode-3.12.2/src/xmlpythonizer.c:847: var_assign: Assigning: "key" = storage returned from "malloc(258UL)". + python-dmidecode-3.12.2/src/xmlpythonizer.c:947: identity_transfer: Passing "key" as argument 2 to function "_get_key_value", which returns that argument. + python-dmidecode-3.12.2/src/xmlpythonizer.c:947: noescape: Resource "key" is not freed or pointed-to in "_get_key_value". + python-dmidecode-3.12.2/src/xmlpythonizer.c:959: leaked_storage: Variable "key" going out of scope leaks the storage it points to. + # 957| xmlXPathFreeObject(xpo); + # 958| } + # 959|-> PyReturnError(PyExc_ValueError, + # 960| "Could not get key value: %s [%i] (Defining key: %s)", + # 961| map_p->rootpath, elmtid, map_p->key); + + Error: RESOURCE_LEAK (CWE-772): [#def12] + python-dmidecode-3.12.2/src/xmlpythonizer.c:847: alloc_fn: Storage is returned from allocation function "malloc". + python-dmidecode-3.12.2/src/xmlpythonizer.c:847: var_assign: Assigning: "key" = storage returned from "malloc(258UL)". + python-dmidecode-3.12.2/src/xmlpythonizer.c:947: identity_transfer: Passing "key" as argument 2 to function "_get_key_value", which returns that argument. + python-dmidecode-3.12.2/src/xmlpythonizer.c:947: noescape: Resource "key" is not freed or pointed-to in "_get_key_value". + python-dmidecode-3.12.2/src/xmlpythonizer.c:995: leaked_storage: Variable "key" going out of scope leaks the storage it points to. + # 993| } else { + # 994| // If NULL, something is wrong - exception is already set. + # 995|-> return NULL; + # 996| } + # 997| } + + Error: RESOURCE_LEAK (CWE-772): [#def13] + python-dmidecode-3.12.2/src/xmlpythonizer.c:954: alloc_fn: Storage is returned from allocation function "_get_xpath_values". + python-dmidecode-3.12.2/src/xmlpythonizer.c:954: var_assign: Assigning: "xpo" = storage returned from "_get_xpath_values(xpctx, map_p->value)". + python-dmidecode-3.12.2/src/xmlpythonizer.c:995: leaked_storage: Variable "xpo" going out of scope leaks the storage it points to. + # 993| } else { + # 994| // If NULL, something is wrong - exception is already set. + # 995|-> return NULL; + # 996| } + # 997| } + + Error: RESOURCE_LEAK (CWE-772): [#def14] + python-dmidecode-3.12.2/src/xmlpythonizer.c:1031: alloc_fn: Storage is returned from allocation function "malloc". + python-dmidecode-3.12.2/src/xmlpythonizer.c:1031: var_assign: Assigning: "key" = storage returned from "malloc(258UL)". + python-dmidecode-3.12.2/src/xmlpythonizer.c:1050: leaked_storage: Variable "key" going out of scope leaks the storage it points to. + # 1048| xpctx = xmlXPathNewContext(xpdoc); + # 1049| if( xpctx == NULL ) { + # 1050|-> PyReturnError(PyExc_MemoryError, "Could not setup new XPath context"); + # 1051| } + # 1052| xpctx->node = data_n; + + Error: RESOURCE_LEAK (CWE-772): [#def15] + python-dmidecode-3.12.2/src/xmlpythonizer.c:1054: alloc_fn: Storage is returned from allocation function "_get_xpath_values". + python-dmidecode-3.12.2/src/xmlpythonizer.c:1054: var_assign: Assigning: "xpo" = storage returned from "_get_xpath_values(xpctx, map_p->rootpath)". + python-dmidecode-3.12.2/src/xmlpythonizer.c:1065: leaked_storage: Variable "xpo" going out of scope leaks the storage it points to. + # 1063| // Exit if we get NULL - something is wrong + # 1064| //and exception is set + # 1065|-> return NULL; + # 1066| } + # 1067| } + + Error: RESOURCE_LEAK (CWE-772): [#def16] + python-dmidecode-3.12.2/src/xmlpythonizer.c:1031: alloc_fn: Storage is returned from allocation function "malloc". + python-dmidecode-3.12.2/src/xmlpythonizer.c:1031: var_assign: Assigning: "key" = storage returned from "malloc(258UL)". + python-dmidecode-3.12.2/src/xmlpythonizer.c:1059: identity_transfer: Passing "key" as argument 2 to function "_get_key_value", which returns that argument. + python-dmidecode-3.12.2/src/xmlpythonizer.c:1059: noescape: Resource "key" is not freed or pointed-to in "_get_key_value". + python-dmidecode-3.12.2/src/xmlpythonizer.c:1059: identity_transfer: Passing "key" as argument 2 to function "_get_key_value", which returns that argument. + python-dmidecode-3.12.2/src/xmlpythonizer.c:1059: noescape: Resource "key" is not freed or pointed-to in "_get_key_value". + python-dmidecode-3.12.2/src/xmlpythonizer.c:1087: leaked_storage: Variable "key" going out of scope leaks the storage it points to. + # 1085| // Exit if we get NULL - something is wrong + # 1086| //and exception is set + # 1087|-> return NULL; + # 1088| } + # 1089| } + +Signed-off-by: Coiby Xu +--- + src/xmlpythonizer.c | 27 +++++++++++++++++++++++++++ + 1 file changed, 27 insertions(+) + +diff --git a/src/xmlpythonizer.c b/src/xmlpythonizer.c +index e9c9242..ce2d067 100644 +--- a/src/xmlpythonizer.c ++++ b/src/xmlpythonizer.c +@@ -854,6 +854,9 @@ PyObject *_deep_pythonize(Log_t *logp, PyObject *retdata, + value = PyBytes_FromString(map_p->value); + PyADD_DICT_VALUE(retdata, key, value); + } else { ++ xmlXPathFreeContext(xpctx); ++ xmlFreeDoc(xpdoc); ++ free(key); + PyReturnError(PyExc_ValueError, "Could not get key value: %s [%i] (Defining key: %s)", + map_p->rootpath, elmtid, map_p->key); + } +@@ -918,6 +921,10 @@ PyObject *_deep_pythonize(Log_t *logp, PyObject *retdata, + PyADD_DICT_VALUE(retdata, key, value); + xmlXPathFreeObject(xpo); + } else { ++ xmlXPathFreeObject(xpo); ++ xmlXPathFreeContext(xpctx); ++ xmlFreeDoc(xpdoc); ++ free(key); + PyReturnError(PyExc_ValueError, "Could not get key value: " + "%s [%i] (Defining key: %s)", + map_p->rootpath, elmtid, map_p->key); +@@ -931,6 +938,9 @@ PyObject *_deep_pythonize(Log_t *logp, PyObject *retdata, + break; + } + if( _get_key_value(logp, key, 256, map_p, xpctx, 0) == NULL ) { ++ xmlXPathFreeContext(xpctx); ++ xmlFreeDoc(xpdoc); ++ free(key); + PyReturnError(PyExc_ValueError, + "Could not get key value: %s [%i] (Defining key: %s)", + map_p->rootpath, elmtid, map_p->key); +@@ -945,6 +955,9 @@ PyObject *_deep_pythonize(Log_t *logp, PyObject *retdata, + break; + } + if( _get_key_value(logp, key, 256, map_p, xpctx, 0) == NULL ) { ++ xmlXPathFreeContext(xpctx); ++ xmlFreeDoc(xpdoc); ++ free(key); + PyReturnError(PyExc_ValueError, + "Could not get key value: %s [%i] (Defining key: %s)", + map_p->rootpath, elmtid, map_p->key); +@@ -956,6 +969,9 @@ PyObject *_deep_pythonize(Log_t *logp, PyObject *retdata, + if( xpo != NULL ) { + xmlXPathFreeObject(xpo); + } ++ xmlXPathFreeContext(xpctx); ++ xmlFreeDoc(xpdoc); ++ free(key); + PyReturnError(PyExc_ValueError, + "Could not get key value: %s [%i] (Defining key: %s)", + map_p->rootpath, elmtid, map_p->key); +@@ -991,6 +1007,10 @@ PyObject *_deep_pythonize(Log_t *logp, PyObject *retdata, + PyList_Append(value, dataset); + } + } else { ++ xmlXPathFreeObject(xpo); ++ xmlXPathFreeContext(xpctx); ++ xmlFreeDoc(xpdoc); ++ free(key); + // If NULL, something is wrong - exception is already set. + return NULL; + } +@@ -1047,6 +1067,8 @@ PyObject *pythonizeXMLnode(Log_t *logp, ptzMAP *in_map, xmlNode *data_n) { + + xpctx = xmlXPathNewContext(xpdoc); + if( xpctx == NULL ) { ++ xmlFreeDoc(xpdoc); ++ free(key); + PyReturnError(PyExc_MemoryError, "Could not setup new XPath context"); + } + xpctx->node = data_n; +@@ -1062,6 +1084,10 @@ PyObject *pythonizeXMLnode(Log_t *logp, ptzMAP *in_map, xmlNode *data_n) { + if( res == NULL ) { + // Exit if we get NULL - something is wrong + //and exception is set ++ xmlXPathFreeObject(xpo); ++ xmlXPathFreeContext(xpctx); ++ xmlFreeDoc(xpdoc); ++ free(key); + return NULL; + } + } +@@ -1084,6 +1110,7 @@ PyObject *pythonizeXMLnode(Log_t *logp, ptzMAP *in_map, xmlNode *data_n) { + if( res == NULL ) { + // Exit if we get NULL - something is wrong + //and exception is set ++ free(key); + return NULL; + } + } +-- +2.31.1 + diff --git a/0002-fix-RESOURCE_LEAK-error-detected-by-covscan-in-src-u.patch b/0002-fix-RESOURCE_LEAK-error-detected-by-covscan-in-src-u.patch new file mode 100644 index 0000000..19050ba --- /dev/null +++ b/0002-fix-RESOURCE_LEAK-error-detected-by-covscan-in-src-u.patch @@ -0,0 +1,50 @@ +From 58d91636a0269ded8f550c07fa1a8d362685f7c9 Mon Sep 17 00:00:00 2001 +From: Coiby Xu +Date: Fri, 11 Jun 2021 11:06:59 +0800 +Subject: [PATCH 2/8] fix RESOURCE_LEAK error detected by covscan in src/util.c + +Fix the following error, + Error: RESOURCE_LEAK (CWE-772): [#def5] + python-dmidecode-3.12.2/src/util.c:123: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.] + python-dmidecode-3.12.2/src/util.c:123: var_assign: Assigning: "fd" = handle returned from "open(devmem, 0)". + python-dmidecode-3.12.2/src/util.c:147: noescape: Resource "fd" is not freed or pointed-to in "mmap". + python-dmidecode-3.12.2/src/util.c:191: leaked_handle: Handle variable "fd" going out of scope leaks the handle. + +by initializing fd to -1 moving close(fd) to exit. + +Signed-off-by: Coiby Xu +--- + src/util.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/src/util.c b/src/util.c +index acef5bd..da97767 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -112,7 +112,7 @@ void sigill_handler(int ignore_this) { + void *mem_chunk(Log_t *logp, size_t base, size_t len, const char *devmem) + { + void *p; +- int fd; ++ int fd = -1; + + #ifdef USE_MMAP + size_t mmoffset; +@@ -182,10 +182,11 @@ void *mem_chunk(Log_t *logp, size_t base, size_t len, const char *devmem) + } + #endif /* USE_MMAP */ + +- if(close(fd) == -1) +- perror(devmem); +- + exit: ++ if (fd >= 0) { ++ if(close(fd) == -1) ++ perror(devmem); ++ } + signal(SIGILL, SIG_DFL); + sigill_logobj = NULL; + return p; +-- +2.31.1 + diff --git a/0003-fix-RESOURCE_LEAK-errors-detected-by-covscan-in-src-.patch b/0003-fix-RESOURCE_LEAK-errors-detected-by-covscan-in-src-.patch new file mode 100644 index 0000000..1adaf83 --- /dev/null +++ b/0003-fix-RESOURCE_LEAK-errors-detected-by-covscan-in-src-.patch @@ -0,0 +1,103 @@ +From c8d43e94583cde7c5289d8206e658f2bcfce389a Mon Sep 17 00:00:00 2001 +From: Coiby Xu +Date: Fri, 11 Jun 2021 11:15:06 +0800 +Subject: [PATCH 3/8] fix RESOURCE_LEAK errors detected by covscan in + src/dmidecodemodule.c + +Fix the following errors found by covscan, + + Error: RESOURCE_LEAK (CWE-772): [#def1] + python-dmidecode-3.12.2/src/dmidecodemodule.c:274: alloc_fn: Storage is returned from allocation function "xmlNewNode". + python-dmidecode-3.12.2/src/dmidecodemodule.c:274: var_assign: Assigning: "dmixml_n" = storage returned from "xmlNewNode(NULL, (xmlChar *)"dmidecode")". + python-dmidecode-3.12.2/src/dmidecodemodule.c:284: leaked_storage: Variable "dmixml_n" going out of scope leaks the storage it points to. + # 282| if( (group_n = load_mappingxml(opt)) == NULL) { + # 283| // Exception already set by calling function + # 284|-> return NULL; + # 285| } + # 286| + + Error: RESOURCE_LEAK (CWE-772): [#def2] + python-dmidecode-3.12.2/src/dmidecodemodule.c:321: alloc_fn: Storage is returned from allocation function "log_retrieve". + python-dmidecode-3.12.2/src/dmidecodemodule.c:321: var_assign: Assigning: "err" = storage returned from "log_retrieve(opt->logdata, 3)". + python-dmidecode-3.12.2/src/dmidecodemodule.c:323: leaked_storage: Variable "err" going out of scope leaks the storage it points to. + # 321| char *err = log_retrieve(opt->logdata, LOG_ERR); + # 322| log_clear_partial(opt->logdata, LOG_ERR, 0); + # 323|-> PyReturnError(PyExc_RuntimeError, "Invalid type id '%s' -- %s", typeid, err); + # 324| } + # 325| + + Error: RESOURCE_LEAK (CWE-772): [#def3] + python-dmidecode-3.12.2/src/dmidecodemodule.c:388: alloc_fn: Storage is returned from allocation function "xmlNewNode". + python-dmidecode-3.12.2/src/dmidecodemodule.c:388: var_assign: Assigning: "dmixml_n" = storage returned from "xmlNewNode(NULL, (xmlChar *)"dmidecode")". + python-dmidecode-3.12.2/src/dmidecodemodule.c:397: leaked_storage: Variable "dmixml_n" going out of scope leaks the storage it points to. + # 395| // Fetch the Mapping XML file + # 396| if( load_mappingxml(opt) == NULL) { + # 397|-> return NULL; + # 398| } + # 399| + + Error: RESOURCE_LEAK (CWE-772): [#def4] + python-dmidecode-3.12.2/src/dmidecodemodule.c:823: alloc_fn: Storage is returned from allocation function "malloc". + python-dmidecode-3.12.2/src/dmidecodemodule.c:823: var_assign: Assigning: "opt" = storage returned from "malloc(58UL)". + python-dmidecode-3.12.2/src/dmidecodemodule.c:824: noescape: Resource "opt" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] + python-dmidecode-3.12.2/src/dmidecodemodule.c:825: noescape: Resource "opt" is not freed or pointed-to in "init". + python-dmidecode-3.12.2/src/dmidecodemodule.c:833: leaked_storage: Variable "opt" going out of scope leaks the storage it points to. + # 831| #endif + # 832| if (module == NULL) + # 833|-> MODINITERROR; + # 834| + # 835| version = PYTEXT_FROMSTRING(VERSION); + +Note for "Error: RESOURCE_LEAK (CWE-772): [#def2]", we have to call _PyReturnError directly so we can free the memory before return. + +Signed-off-by: Coiby Xu +--- + src/dmidecodemodule.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/dmidecodemodule.c b/src/dmidecodemodule.c +index b31c002..b73811e 100644 +--- a/src/dmidecodemodule.c ++++ b/src/dmidecodemodule.c +@@ -280,6 +280,7 @@ xmlNode *__dmidecode_xml_getsection(options *opt, const char *section) { + + // Fetch the Mapping XML file + if( (group_n = load_mappingxml(opt)) == NULL) { ++ xmlFreeNode(dmixml_n); + // Exception already set by calling function + return NULL; + } +@@ -320,7 +321,9 @@ xmlNode *__dmidecode_xml_getsection(options *opt, const char *section) { + if(opt->type == -1) { + char *err = log_retrieve(opt->logdata, LOG_ERR); + log_clear_partial(opt->logdata, LOG_ERR, 0); +- PyReturnError(PyExc_RuntimeError, "Invalid type id '%s' -- %s", typeid, err); ++ _pyReturnError(PyExc_RuntimeError, "Invalid type id '%s' -- %s", typeid, err); ++ free(err); ++ return NULL; + } + + // Parse the DMI data and put the result into dmixml_n node chain. +@@ -394,6 +397,7 @@ xmlNode *__dmidecode_xml_gettypeid(options *opt, int typeid) + + // Fetch the Mapping XML file + if( load_mappingxml(opt) == NULL) { ++ xmlFreeNode(dmixml_n); + return NULL; + } + +@@ -829,8 +833,10 @@ initdmidecodemod(void) + module = Py_InitModule3((char *)"dmidecodemod", DMIDataMethods, + "Python extension module for dmidecode"); + #endif +- if (module == NULL) ++ if (module == NULL) { ++ free(opt); + MODINITERROR; ++ } + + version = PYTEXT_FROMSTRING(VERSION); + Py_INCREF(version); +-- +2.31.1 + diff --git a/0004-fix-Error-CONSTANT_EXPRESSION_RESULT-detected-by-cov.patch b/0004-fix-Error-CONSTANT_EXPRESSION_RESULT-detected-by-cov.patch new file mode 100644 index 0000000..ffa9ab0 --- /dev/null +++ b/0004-fix-Error-CONSTANT_EXPRESSION_RESULT-detected-by-cov.patch @@ -0,0 +1,36 @@ +From ea6cd1d0b631da5bf64b2b0ab7c5e1d4e0e95562 Mon Sep 17 00:00:00 2001 +From: Coiby Xu +Date: Tue, 15 Jun 2021 10:47:03 +0800 +Subject: [PATCH 4/8] fix Error: CONSTANT_EXPRESSION_RESULT detected by covscan + +This commit fixes the following error found by conscan, + + Error: CONSTANT_EXPRESSION_RESULT (CWE-569): [#def1] + python-dmidecode-3.12.2/src/dmidecode.c:225: logical_vs_bitwise: The expression "16 && i < h->length - (row << 4)" is suspicious because it performs a Boolean operation on a constant other than 0 or 1. + # 223| memset(tmp_s, 0, (h->length * 2) + 2); + # 224| + # 225|-> for(i = 0; i < (16 && i < h->length - (row << 4)); i++) { + # 226| snprintf(tmp_s + strlen(tmp_s), (h->length * 2)-strlen(tmp_s), + # 227| "0x%02x", (h->data)[(row << 4) + i]); + +Signed-off-by: Coiby Xu +--- + src/dmidecode.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/dmidecode.c b/src/dmidecode.c +index d2bed53..9efab60 100644 +--- a/src/dmidecode.c ++++ b/src/dmidecode.c +@@ -222,7 +222,7 @@ void dmi_dump(xmlNode *node, struct dmi_header * h) + for(row = 0; row < ((h->length - 1) >> 4) + 1; row++) { + memset(tmp_s, 0, (h->length * 2) + 2); + +- for(i = 0; i < (16 && i < h->length - (row << 4)); i++) { ++ for(i = 0; i < 16 && (i < h->length - (row << 4)); i++) { + snprintf(tmp_s + strlen(tmp_s), (h->length * 2)-strlen(tmp_s), + "0x%02x", (h->data)[(row << 4) + i]); + } +-- +2.31.1 + diff --git a/0005-fix-Error-MISSING_COMMA-detected-by-covscan.patch b/0005-fix-Error-MISSING_COMMA-detected-by-covscan.patch new file mode 100644 index 0000000..1123d82 --- /dev/null +++ b/0005-fix-Error-MISSING_COMMA-detected-by-covscan.patch @@ -0,0 +1,72 @@ +From 393b4c2384639fc1c22e3493585c005009b58de7 Mon Sep 17 00:00:00 2001 +From: Coiby Xu +Date: Tue, 15 Jun 2021 10:48:50 +0800 +Subject: [PATCH 5/8] fix Error: MISSING_COMMA: detected by covscan + +This commit fixes the following errors found by conscan, + + Error: MISSING_COMMA: [#def3] + python-dmidecode-3.12.2/src/dmidecode.c:1375: missing_comma: In the initialization of "upgrade", a suspicious concatenated string ""Socket BGA1288Socket rPGA988B"" is produced due to a missing comma between lines. + python-dmidecode-3.12.2/src/dmidecode.c:1375: remediation: Did you intend to separate these two string literals with a comma? + # 1373| "Socket LGA1567", + # 1374| "Socket PGA988A", + # 1375|-> "Socket BGA1288" /* 0x20 */ + # 1376| "Socket rPGA988B", + # 1377| "Socket BGA1023", + + Error: MISSING_COMMA: [#def4] + python-dmidecode-3.12.2/src/dmidecode.c:1843: missing_comma: In the initialization of "type", a suspicious concatenated string ""64-way Set-associative20-way Set-associative"" is produced due to a missing comma between lines. + python-dmidecode-3.12.2/src/dmidecode.c:1843: remediation: Did you intend to separate these two string literals with a comma? + + Error: MISSING_COMMA: [#def6] + python-dmidecode-3.12.2/src/dmidecode.c:2868: missing_comma: In the initialization of "type", a suspicious concatenated string ""DDR3FBD2"" is produced. + python-dmidecode-3.12.2/src/dmidecode.c:2868: remediation: Did you intend to separate these two string literals with a comma? + # 2866| "Reserved", + # 2867| "Reserved", + # 2868|-> "DDR3" + # 2869| "FBD2" /* 0x19 */ + # 2870| }; + # 1841| "32-way Set-associative", + # 1842| "48-way Set-associative", + # 1843|-> "64-way Set-associative" /* 0x0D */ + # 1844| "20-way Set-associative" /* 0x0E */ + +Signed-off-by: Coiby Xu +--- + src/dmidecode.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/dmidecode.c b/src/dmidecode.c +index 9efab60..d30a5d3 100644 +--- a/src/dmidecode.c ++++ b/src/dmidecode.c +@@ -1372,7 +1372,7 @@ void dmi_processor_upgrade(xmlNode *node, u8 code) + "Socket LGA1156", + "Socket LGA1567", + "Socket PGA988A", +- "Socket BGA1288" /* 0x20 */ ++ "Socket BGA1288", /* 0x20 */ + "Socket rPGA988B", + "Socket BGA1023", + "Socket BGA1224", +@@ -1840,7 +1840,7 @@ void dmi_cache_associativity(xmlNode *node, u8 code) + "24-way Set-associative", + "32-way Set-associative", + "48-way Set-associative", +- "64-way Set-associative" /* 0x0D */ ++ "64-way Set-associative", /* 0x0D */ + "20-way Set-associative" /* 0x0E */ + }; + xmlNode *data_n = xmlNewChild(node, NULL, (xmlChar *) "Associativity", NULL); +@@ -2865,7 +2865,7 @@ void dmi_memory_device_type(xmlNode *node, u8 code) + "Reserved", + "Reserved", + "Reserved", +- "DDR3" ++ "DDR3", + "FBD2" /* 0x19 */ + }; + xmlNode *data_n = xmlNewChild(node, NULL, (xmlChar *) "Type", NULL); +-- +2.31.1 + diff --git a/0006-fix-src-dmierror.c-55-9-warning-Wanalyzer-possible-n.patch b/0006-fix-src-dmierror.c-55-9-warning-Wanalyzer-possible-n.patch new file mode 100644 index 0000000..96ba66f --- /dev/null +++ b/0006-fix-src-dmierror.c-55-9-warning-Wanalyzer-possible-n.patch @@ -0,0 +1,46 @@ +From fa5f62272997ea5b402ce28c2b197afe1a3c9422 Mon Sep 17 00:00:00 2001 +From: Coiby Xu +Date: Tue, 15 Jun 2021 10:57:45 +0800 +Subject: [PATCH 6/8] fix "src/dmierror.c:55:9: + warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL buf where + non-null expected" + +Fix the following error found by covscan, + python-dmidecode-3.12.2/src/dmierror.c:55:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL buf where non-null expected + /usr/include/python3.9/Python.h:30: included_from: Included from here. + python-dmidecode-3.12.2/src/dmierror.c:32: included_from: Included from here. + /usr/include/string.h:61:14: note: argument 1 of memset must be non-null + # 53| va_start(ap, fmt); + # 54| buf = (char *) malloc(4098); + # 55|-> memset(buf, 0, 4098); + # 56| + # 57| if( buf == NULL ) { + +Signed-off-by: Coiby Xu +--- + src/dmierror.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/dmierror.c b/src/dmierror.c +index d64b4b9..7054cd8 100644 +--- a/src/dmierror.c ++++ b/src/dmierror.c +@@ -52,7 +52,6 @@ void _pyReturnError(void *exception, const char *fname, int line, const char *fm + + va_start(ap, fmt); + buf = (char *) malloc(4098); +- memset(buf, 0, 4098); + + if( buf == NULL ) { + // Backup routine if we can't get the needed memory +@@ -64,6 +63,7 @@ void _pyReturnError(void *exception, const char *fname, int line, const char *fm + return; + } + ++ memset(buf, 0, 4098); + // Set the error state and message + snprintf(buf, 4096, "[%s:%i] %s", fname, line, fmt); + PyErr_Format(exception, buf, ap); +-- +2.31.1 + diff --git a/0007-fix-Error-FORWARD_NULL-CWE-476-def23.patch b/0007-fix-Error-FORWARD_NULL-CWE-476-def23.patch new file mode 100644 index 0000000..dfba530 --- /dev/null +++ b/0007-fix-Error-FORWARD_NULL-CWE-476-def23.patch @@ -0,0 +1,62 @@ +From 2c944edcd933de0860459a7011581c8a40a3c56f Mon Sep 17 00:00:00 2001 +From: Coiby Xu +Date: Tue, 15 Jun 2021 11:03:21 +0800 +Subject: [PATCH 7/8] fix Error: FORWARD_NULL (CWE-476): [#def23] + +Fix the following errors found by covscan, + + Error: FORWARD_NULL (CWE-476): [#def23] + python-dmidecode-3.12.2/src/dmilog.c:48: var_compare_op: Comparing "ret" to null implies that "ret" might be null. + python-dmidecode-3.12.2/src/dmilog.c:51: var_deref_op: Dereferencing null pointer "ret". + # 49| fprintf(stderr, "** ERROR ** Could not allocate memory for log data\n"); + # 50| } + # 51|-> ret->level = -1; // Initialised - chain header pointer always have -1. + # 52| return ret; + # 53| } + + Error: CLANG_WARNING: [#def24] + python-dmidecode-3.12.2/src/dmilog.c:51:13: warning[core.NullDereference]: Access to field 'level' results in a dereference of a null pointer (loaded from variable 'ret') + # 49| fprintf(stderr, "** ERROR ** Could not allocate memory for log data\n"); + # 50| } + # 51|-> ret->level = -1; // Initialised - chain header pointer always have -1. + # 52| return ret; + # 53| } + + Error: GCC_ANALYZER_WARNING (CWE-476): [#def25] + python-dmidecode-3.12.2/src/dmilog.c: scope_hint: In function 'log_init' + python-dmidecode-3.12.2/src/dmilog.c:51:20: warning[-Wanalyzer-null-dereference]: dereference of NULL 'ret' + # 49| fprintf(stderr, "** ERROR ** Could not allocate memory for log data\n"); + # 50| } + # 51|-> ret->level = -1; // Initialised - chain header pointer always have -1. + # 52| return ret; + # 53| } + + Error: GCC_ANALYZER_WARNING (CWE-476): [#def26] + python-dmidecode-3.12.2/src/dmilog.c: scope_hint: In function log_init + python-dmidecode-3.12.2/src/dmilog.c:51:20: warning[-Wanalyzer-null-dereference]: dereference of NULL ret + # 49| fprintf(stderr, "** ERROR ** Could not allocate memory for log data\n"); + # 50| } + # 51|-> ret->level = -1; // Initialised - chain header pointer always have -1. + # 52| return ret; + # 53| } + +Signed-off-by: Coiby Xu +--- + src/dmilog.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/dmilog.c b/src/dmilog.c +index f7ade5d..80b2ac3 100644 +--- a/src/dmilog.c ++++ b/src/dmilog.c +@@ -47,6 +47,7 @@ Log_t * log_init() + ret = (Log_t *) calloc(1, sizeof(Log_t)+2); + if( !ret ) { + fprintf(stderr, "** ERROR ** Could not allocate memory for log data\n"); ++ return ret; + } + ret->level = -1; // Initialised - chain header pointer always have -1. + return ret; +-- +2.31.1 + diff --git a/0008-fix-src-dmidecodemodule.c-828-9-warning-Wanalyzer-po.patch b/0008-fix-src-dmidecodemodule.c-828-9-warning-Wanalyzer-po.patch new file mode 100644 index 0000000..4792f23 --- /dev/null +++ b/0008-fix-src-dmidecodemodule.c-828-9-warning-Wanalyzer-po.patch @@ -0,0 +1,37 @@ +From 8ae11992db2a5b338c4d28e44174f57c37f020e8 Mon Sep 17 00:00:00 2001 +From: Coiby Xu +Date: Tue, 15 Jun 2021 11:09:33 +0800 +Subject: [PATCH 8/8] fix "src/dmidecodemodule.c:828:9 + warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL opt where + non-null expected" + +Fix the following error found by covscan, + + Error: GCC_ANALYZER_WARNING (CWE-688): [#def20] + python-dmidecode-3.12.2/src/dmidecodemodule.c:828:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL opt where non-null expected + /usr/include/python3.9/Python.h:30: included_from: Included from here. + python-dmidecode-3.12.2/src/dmidecodemodule.c:42: included_from: Included from here. + /usr/include/string.h:61:14: note: argument 1 of memset must be non-null + +Signed-off-by: Coiby Xu +--- + src/dmidecodemodule.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/dmidecodemodule.c b/src/dmidecodemodule.c +index b73811e..44ef7aa 100644 +--- a/src/dmidecodemodule.c ++++ b/src/dmidecodemodule.c +@@ -825,6 +825,9 @@ initdmidecodemod(void) + xmlXPathInit(); + + opt = (options *) malloc(sizeof(options)+2); ++ if (opt == NULL) ++ MODINITERROR; ++ + memset(opt, 0, sizeof(options)+2); + init(opt); + #ifdef IS_PY3K +-- +2.31.1 + diff --git a/python-dmidecode.spec b/python-dmidecode.spec index b2ac767..c6776a4 100644 --- a/python-dmidecode.spec +++ b/python-dmidecode.spec @@ -1,12 +1,20 @@ Name: python-dmidecode Summary: Python module to access DMI data Version: 3.12.2 -Release: 24%{?dist} +Release: 25%{?dist} License: GPLv2 URL: https://github.com/nima/python-dmidecode Source0: https://github.com/nima/python-dmidecode/archive/v%{version}/%{name}/%{name}-%{version}.tar.gz Patch0: python-dmidecode-use_python3.patch +Patch1: 0001-fix-RESOURCE_LEAK-errors-detected-by-covscan-in-src-.patch +Patch2: 0002-fix-RESOURCE_LEAK-error-detected-by-covscan-in-src-u.patch +Patch3: 0003-fix-RESOURCE_LEAK-errors-detected-by-covscan-in-src-.patch +Patch4: 0004-fix-Error-CONSTANT_EXPRESSION_RESULT-detected-by-cov.patch +Patch5: 0005-fix-Error-MISSING_COMMA-detected-by-covscan.patch +Patch6: 0006-fix-src-dmierror.c-55-9-warning-Wanalyzer-possible-n.patch +Patch7: 0007-fix-Error-FORWARD_NULL-CWE-476-def23.patch +Patch8: 0008-fix-src-dmidecodemodule.c-828-9-warning-Wanalyzer-po.patch BuildRequires: make BuildRequires: gcc @@ -62,6 +70,10 @@ make -C unit-tests %{_datadir}/python-dmidecode/ %changelog +* Mon Jul 19 2021 Coiby Xu - 3.12.2-25 +- Fix several issues found by covscan +- Resolves: rhbz#1938852 + * Fri Apr 16 2021 Mohan Boddu - 3.12.2-24 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937