From 71454ce5d40cce4c50f8cbbdecb6a6e996cb8365 Mon Sep 17 00:00:00 2001 From: Vitezslav Crhonek Date: Wed, 15 Sep 2021 10:50:01 +0200 Subject: [PATCH] Fix license, fix issues found by static analysis, fix incorrect use of temporary paths Signed-off-by: Vitezslav Crhonek --- sblim-gather-2.2.9-covscan-fixes.patch | 744 ++++++++++++++++++ ...m-gather-2.2.9-fix-use-of-temp-paths.patch | 134 ++++ sblim-gather.spec | 15 +- 3 files changed, 891 insertions(+), 2 deletions(-) create mode 100644 sblim-gather-2.2.9-covscan-fixes.patch create mode 100644 sblim-gather-2.2.9-fix-use-of-temp-paths.patch diff --git a/sblim-gather-2.2.9-covscan-fixes.patch b/sblim-gather-2.2.9-covscan-fixes.patch new file mode 100644 index 0000000..1098ccc --- /dev/null +++ b/sblim-gather-2.2.9-covscan-fixes.patch @@ -0,0 +1,744 @@ +diff -up sblim-gather-2.2.9/comms/mcclt_unix.c.orig sblim-gather-2.2.9/comms/mcclt_unix.c +--- sblim-gather-2.2.9/comms/mcclt_unix.c.orig 2014-10-09 23:29:09.000000000 +0200 ++++ sblim-gather-2.2.9/comms/mcclt_unix.c 2021-09-15 10:46:48.289977660 +0200 +@@ -22,6 +22,7 @@ + + #include + #include ++#include + #include + #include + #include +@@ -73,7 +74,7 @@ int mcc_init(const char *commid) + m_setstrerror("mcc_init could not complete socket name %s",commid); + M_TRACE(MTRACE_ERROR,MTRACE_COMM, + ("mcc_init could not complete socket name %s")); +- /* TODO do we need a mutex unlock here? */ ++ pthread_mutex_unlock(&sockname_mutex); + return -1; + } + if (!_sigpipe_h_installed) { +@@ -149,7 +150,8 @@ static int _mcc_connect(int commhandle) + return -1; + } + sa.sun_family = AF_UNIX; +- strcpy(sa.sun_path,sockname[commhandle].sn_name); ++ strncpy(sa.sun_path,sockname[commhandle].sn_name,sizeof(sa.sun_path)-1); ++ sa.sun_path[sizeof(sa.sun_path)-1] = '\0'; + sockname[commhandle].sn_connects ++; + connhandle=connect(sockname[commhandle].sn_handle, + (struct sockaddr*)&sa, +diff -up sblim-gather-2.2.9/comms/mcserv_unix.c.orig sblim-gather-2.2.9/comms/mcserv_unix.c +--- sblim-gather-2.2.9/comms/mcserv_unix.c.orig 2014-10-09 23:29:09.000000000 +0200 ++++ sblim-gather-2.2.9/comms/mcserv_unix.c 2021-09-15 10:46:48.289977660 +0200 +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -63,7 +64,7 @@ int mcs_init(const char *commid) + if (snprintf(lockname,PATH_MAX+2,MC_LOCKFILE,commid) > + PATH_MAX) { + m_log(M_ERROR,M_QUIET, +- "mcs_init: could not complete lockfile name %s\n" ++ "mcs_init: could not complete lockfile name %s\n", + MC_LOCKFILE); + return -1; + } +@@ -86,13 +87,14 @@ int mcs_init(const char *commid) + if (snprintf(sockname,PATH_MAX+2,MC_SOCKET,commid) > + PATH_MAX) { + m_log(M_ERROR,M_QUIET, +- "mcs_init: could not complete socket name %s\n" ++ "mcs_init: could not complete socket name %s\n", + MC_SOCKET); + return -1; + } + unlink(sockname); + sa.sun_family=AF_UNIX; +- strcpy(sa.sun_path,sockname); ++ strncpy(sa.sun_path,sockname,sizeof(sa.sun_path)-1); ++ sa.sun_path[sizeof(sa.sun_path)-1] = '\0'; + if (bind(commhandle,(struct sockaddr*)&sa,sizeof(sa))) { + m_log(M_ERROR,M_QUIET, + "mcs_init: could not bind socket %s, error string %s\n", +@@ -140,7 +142,6 @@ int mcs_accept(MC_REQHDR *hdr) + if (hdr->mc_handle == -1) { + m_log(M_ERROR,M_QUIET, + "mcs_accept: failed to accept server socket, error string %s\n", +- sockname, + strerror(errno)); + return -1; + } +@@ -177,7 +178,6 @@ int mcs_getrequest(MC_REQHDR *hdr, void + if (readlen <= 0) { + m_log(M_ERROR,M_QUIET, + "mcs_getrequest: failed to read header, error string %s\n", +- sockname, + strerror(errno)); + break; + } +diff -up sblim-gather-2.2.9/comms/rcctest.c.orig sblim-gather-2.2.9/comms/rcctest.c +--- sblim-gather-2.2.9/comms/rcctest.c.orig 2014-10-09 23:29:09.000000000 +0200 ++++ sblim-gather-2.2.9/comms/rcctest.c 2021-09-15 10:46:48.290977675 +0200 +@@ -32,7 +32,6 @@ int main(int argc, char *argv[]) + { + char hostname[256]; + char buf[500]; +- size_t buflen; + time_t start, end; + int port = 6363; + int i = 0; +@@ -58,7 +57,6 @@ int main(int argc, char *argv[]) + rcc_request("",0); + break; + } else { +- buflen=sizeof(buf); + if (rcc_request(buf,strlen(buf)+1)==0) { + fprintf(stderr,"send : %s\n",buf); + } +diff -up sblim-gather-2.2.9/comms/rcstest.c.orig sblim-gather-2.2.9/comms/rcstest.c +--- sblim-gather-2.2.9/comms/rcstest.c.orig 2014-10-09 23:29:09.000000000 +0200 ++++ sblim-gather-2.2.9/comms/rcstest.c 2021-09-15 10:46:48.290977675 +0200 +@@ -51,6 +51,7 @@ static void * _get_request(void *hdl) + fprintf(stderr,"--- time out on socket %i\n",(int)rhdl); + break; + } ++ buf[buflen-1] = '\0'; + fprintf(stderr,"---- received on socket %i: %s\n",(int)rhdl,buf); + } + +@@ -88,9 +89,12 @@ int main() + while (1) { + pthread_mutex_lock(&connect_mutex); + if (hdl == -1) { +- if (rcs_accept(&hdl) == -1) { return -1;} ++ if (rcs_accept(&hdl) == -1) { ++ pthread_mutex_unlock(&connect_mutex); ++ return -1; ++ } + } +- for(i=0;impName = strdup(pluginname); + mp->mpRegister=MPR_IdForString; +@@ -340,7 +342,9 @@ static void pl_unlink(MetricPlugin *mp) + { + PluginList *p, *q; + p = pluginhead; +- if (p && p->plugin==mp) { ++ if (p == NULL) ++ return; ++ if (p->plugin==mp) { + pluginhead=p->next; + free(p); + pluginnum-=1; +diff -up sblim-gather-2.2.9/missing-providers/file_handler.c.orig sblim-gather-2.2.9/missing-providers/file_handler.c +--- sblim-gather-2.2.9/missing-providers/file_handler.c.orig 2013-02-27 12:38:07.000000000 +0100 ++++ sblim-gather-2.2.9/missing-providers/file_handler.c 2021-09-15 10:46:48.290977675 +0200 +@@ -270,8 +270,8 @@ int clear_rp(linked_list* ll) + free(rl); + rl = rn; + } +- return 0; + free(ll); ++ return 0; + } + + int clear_mvd(linked_list* ll) +diff -up sblim-gather-2.2.9/mlist.c.orig sblim-gather-2.2.9/mlist.c +--- sblim-gather-2.2.9/mlist.c.orig 2014-10-09 23:29:09.000000000 +0200 ++++ sblim-gather-2.2.9/mlist.c 2021-09-15 10:46:48.291977690 +0200 +@@ -182,6 +182,7 @@ int ML_Relocate(ML_Head mlhead, MetricBl + mcursor=mcursor->nextMetric; + } + if (!mcursor) { ++ pthread_mutex_unlock(&(mh->mutex)); + return -1; /* error - could not locate metric block in list */ + } else { + mpredecessor = mcursor; +diff -up sblim-gather-2.2.9/mreg.c.orig sblim-gather-2.2.9/mreg.c +--- sblim-gather-2.2.9/mreg.c.orig 2014-10-09 23:29:09.000000000 +0200 ++++ sblim-gather-2.2.9/mreg.c 2021-09-15 10:46:48.291977690 +0200 +@@ -160,7 +160,7 @@ static void Grow() + if (MR_MaxEntries == MR_NumEntries) { + MR_MaxEntries += INCREASE_BY; + MR_Entries = realloc(MR_Entries,MR_MaxEntries*sizeof(MetricEntry)); +- memset(MR_Entries+MR_MaxEntries-INCREASE_BY,0,INCREASE_BY); ++ memset(MR_Entries+MR_MaxEntries-INCREASE_BY,0,INCREASE_BY*sizeof(MetricEntry)); + } + } + +diff -up sblim-gather-2.2.9/plugin/cimplugKvm.c.orig sblim-gather-2.2.9/plugin/cimplugKvm.c +--- sblim-gather-2.2.9/plugin/cimplugKvm.c.orig 2014-10-09 23:29:09.000000000 +0200 ++++ sblim-gather-2.2.9/plugin/cimplugKvm.c 2021-09-15 10:46:48.291977690 +0200 +@@ -46,20 +46,6 @@ CMPIObjectPath *COP4VALID(CMPIBroker * b + int VALID4COP(CMPIObjectPath * cop, char *id, size_t idlen, + char *systemid, size_t systemidlen) + { +- CMPIData data; +- char *str; +- +- return -1; +- if (cop && id && systemid) { +- data = CMGetKey(cop, "Name", NULL); +- if (data.type == CMPI_string && data.value.string) { +- str = CMGetCharPtr(data.value.string); +- if (strlen(id) < idlen) { +- strcpy(id, str); +- return 0; +- } +- } +- } + // systemid is not a key property of KVM_ComputerSystem + return -1; + } +diff -up sblim-gather-2.2.9/plugin/cimplugLocalFileSystem.c.orig sblim-gather-2.2.9/plugin/cimplugLocalFileSystem.c +--- sblim-gather-2.2.9/plugin/cimplugLocalFileSystem.c.orig 2014-10-09 23:29:09.000000000 +0200 ++++ sblim-gather-2.2.9/plugin/cimplugLocalFileSystem.c 2021-09-15 10:46:48.291977690 +0200 +@@ -28,14 +28,15 @@ CMPIObjectPath* COP4VALID (CMPIBroker *b + { + CMPIObjectPath *cop; + char *fsclass; +- char fsname[300]; ++ char fsname[301]; + char *fstype, *idx2; + + if (id==NULL || systemid==NULL) { + return NULL; + } + +- strncpy(fsname,id,sizeof(fsname)); ++ strncpy(fsname,id,sizeof(fsname)-1); ++ fsname[sizeof(fsname)-1] = '\0'; + fstype = strchr(fsname,'('); + idx2 = strchr(fsname,')'); + if (fstype && idx2 && fstype < idx2) { +diff -up sblim-gather-2.2.9/plugin/cimplugXen.c.orig sblim-gather-2.2.9/plugin/cimplugXen.c +--- sblim-gather-2.2.9/plugin/cimplugXen.c.orig 2014-10-09 23:29:09.000000000 +0200 ++++ sblim-gather-2.2.9/plugin/cimplugXen.c 2021-09-15 10:46:48.291977690 +0200 +@@ -45,20 +45,6 @@ CMPIObjectPath *COP4VALID(CMPIBroker * b + int VALID4COP(CMPIObjectPath * cop, char *id, size_t idlen, + char *systemid, size_t systemidlen) + { +- CMPIData data; +- char *str; +- +- return -1; +- if (cop && id && systemid) { +- data = CMGetKey(cop, "Name", NULL); +- if (data.type == CMPI_string && data.value.string) { +- str = CMGetCharPtr(data.value.string); +- if (strlen(id) < idlen) { +- strcpy(id, str); +- return 0; +- } +- } +- } + // systemid is not a key property of Xen_ComputerSystem + return -1; + } +diff -up sblim-gather-2.2.9/plugin/metricIPProtocolEndpoint.c.orig sblim-gather-2.2.9/plugin/metricIPProtocolEndpoint.c +--- sblim-gather-2.2.9/plugin/metricIPProtocolEndpoint.c.orig 2014-10-09 23:29:10.000000000 +0200 ++++ sblim-gather-2.2.9/plugin/metricIPProtocolEndpoint.c 2021-09-15 10:46:48.291977690 +0200 +@@ -172,7 +172,10 @@ int metricRetrBytesSubmitted( int mid, + } + fclose(fhd); + } +- else { return -1; } ++ else { ++ fclose(fhd); ++ return -1; ++ } + } + return i; + } +diff -up sblim-gather-2.2.9/plugin/metricLocalFileSystem.c.orig sblim-gather-2.2.9/plugin/metricLocalFileSystem.c +--- sblim-gather-2.2.9/plugin/metricLocalFileSystem.c.orig 2014-10-09 23:29:10.000000000 +0200 ++++ sblim-gather-2.2.9/plugin/metricLocalFileSystem.c 2021-09-15 10:46:48.291977690 +0200 +@@ -172,6 +172,8 @@ int metricRetrAvSpace( int mid, + ptr_dir = _enum_fsdir + (i*LFSPATHMAX); + + fs = (struct statfs *) malloc (sizeof (struct statfs)); ++ if (fs == NULL) ++ return -1; + memset(fs, 0, sizeof (struct statfs) ); + if (statfs(ptr_dir, fs) == 0) { + size = ((unsigned long long)fs->f_bavail) * +@@ -240,6 +242,8 @@ int metricRetrAvSpacePerc( int mid, + ptr_dir = _enum_fsdir + (i*LFSPATHMAX); + size = 0; + fs = (struct statfs *) malloc (sizeof (struct statfs)); ++ if (fs == NULL) ++ return -1; + memset(fs, 0, sizeof (struct statfs) ); + if (statfs(ptr_dir, fs) == 0) { + if( fs->f_blocks != 0 ) { +@@ -292,7 +296,10 @@ int enum_all_fs() { + + if( (fhd = setmntent( ETC_MTAB ,"r")) == NULL ) { + fhd = setmntent( PROC_MOUNTS ,"r"); +- if ( fhd == NULL ) { return -2; } ++ if ( fhd == NULL ) { ++ pthread_mutex_unlock(&mutex); ++ return -2; ++ } + } + + _enum_fssize = 1; +diff -up sblim-gather-2.2.9/plugin/metricNetworkPort.c.orig sblim-gather-2.2.9/plugin/metricNetworkPort.c +--- sblim-gather-2.2.9/plugin/metricNetworkPort.c.orig 2014-10-09 23:29:10.000000000 +0200 ++++ sblim-gather-2.2.9/plugin/metricNetworkPort.c 2021-09-15 10:46:48.292977705 +0200 +@@ -169,7 +169,10 @@ int metricRetrBytesSubmitted( int mid, + } + fclose(fhd); + } +- else { return -1; } ++ else { ++ fclose(fhd); ++ return -1; ++ } + } + return i; + } +diff -up sblim-gather-2.2.9/plugin/metricOperatingSystem.c.orig sblim-gather-2.2.9/plugin/metricOperatingSystem.c +--- sblim-gather-2.2.9/plugin/metricOperatingSystem.c.orig 2014-10-09 23:29:10.000000000 +0200 ++++ sblim-gather-2.2.9/plugin/metricOperatingSystem.c 2021-09-15 10:46:48.292977705 +0200 +@@ -231,9 +231,14 @@ int metricRetrNumOfUser( int mid, + memset(str,0,sizeof(str)); + + fd_stdout = dup( fileno(stdout) ); ++ if (fd_stdout == -1) { return -1; } + dup2( fd_out[1], fileno(stdout) ); + + fd_stderr = dup( fileno(stderr) ); ++ if (fd_stderr == -1) { ++ close(fd_stdout); ++ return -1; ++ } + dup2( fd_err[1], fileno(stderr) ); + + rc = system("who -u | wc -l"); +@@ -304,9 +309,14 @@ int metricRetrNumOfProc( int mid, + memset(str, 0, sizeof(str)); + + fd_stdout = dup( fileno(stdout) ); ++ if (fd_stdout == -1) { return -1; } + dup2( fd_out[1], fileno(stdout) ); + + fd_stderr = dup( fileno(stderr) ); ++ if (fd_stderr == -1) { ++ close(fd_stdout); ++ return -1; ++ } + dup2( fd_err[1], fileno(stderr) ); + + rc = system("ps -ef | wc -l"); +@@ -471,6 +481,8 @@ int metricRetrMemorySize( int mid, + else { return -1; } + + str = calloc(1, ((4*ULL_CHAR_MAX)+4) ); ++ if (str == NULL) ++ return -1; + sprintf( str,"%lld:%lld:%lld:%lld", + totalPhysMem,freePhysMem,totalSwapMem,freeSwapMem); + +diff -up sblim-gather-2.2.9/plugin/metricProcessor.c.orig sblim-gather-2.2.9/plugin/metricProcessor.c +--- sblim-gather-2.2.9/plugin/metricProcessor.c.orig 2014-10-09 23:29:10.000000000 +0200 ++++ sblim-gather-2.2.9/plugin/metricProcessor.c 2021-09-15 10:46:48.292977705 +0200 +@@ -204,9 +204,14 @@ int enum_all_proc() { + if( pipe(fd_out)==0 && pipe(fd_err)==0 ) { + + fd_stdout = dup( fileno(stdout) ); ++ if (fd_stdout == -1) { return -1; } + dup2( fd_out[1], fileno(stdout) ); + + fd_stderr = dup( fileno(stderr) ); ++ if (fd_stderr == -1) { ++ close(fd_stdout); ++ return -1; ++ } + dup2( fd_err[1], fileno(stderr) ); + + cmd = calloc(1,(strlen(CPUINFO)+46)); +diff -up sblim-gather-2.2.9/plugin/metricStorage.c.orig sblim-gather-2.2.9/plugin/metricStorage.c +--- sblim-gather-2.2.9/plugin/metricStorage.c.orig 2014-10-09 23:29:10.000000000 +0200 ++++ sblim-gather-2.2.9/plugin/metricStorage.c 2021-09-15 10:46:48.292977705 +0200 +@@ -141,8 +141,8 @@ int metricRetrBlockStorage( int mid, Met + fd = open(dev, O_RDONLY | O_NONBLOCK); + if (fd > -1) { + ioctl(fd, BLKGETSIZE64, &capacity); ++ close(fd); + } +- close(fd); + + read = read / 2; /* convert form sectors to kb */ + write = write / 2; /* 512 bytes/sector, 1kb/1024 bytes = 1kb/2 sectors */ +@@ -170,7 +170,10 @@ int metricRetrBlockStorage( int mid, Met + } + fclose(fhd); + } +- else { return -1; } ++ else { ++ fclose(fhd); ++ return -1; ++ } + } + return i; + } +diff -up sblim-gather-2.2.9/plugin/metricUnixProcess.c.orig sblim-gather-2.2.9/plugin/metricUnixProcess.c +--- sblim-gather-2.2.9/plugin/metricUnixProcess.c.orig 2014-10-09 23:29:10.000000000 +0200 ++++ sblim-gather-2.2.9/plugin/metricUnixProcess.c 2021-09-15 10:46:48.293977720 +0200 +@@ -313,6 +313,7 @@ int metricRetrResSetSize( int mid, + if(_enum_pid) free(_enum_pid); + return _enum_size; + } ++ if(_enum_pid) free(_enum_pid); + } + return -1; + } +@@ -378,6 +379,7 @@ int metricRetrPageInCounter( int mid, + if(_enum_pid) free(_enum_pid); + return _enum_size; + } ++ if(_enum_pid) free(_enum_pid); + } + return -1; + } +@@ -445,6 +447,7 @@ int metricRetrPageOutCounter( int mid, + if(_enum_pid) free(_enum_pid); + return _enum_size; + } ++ if(_enum_pid) free(_enum_pid); + } + return -1; + } +@@ -509,6 +512,7 @@ int metricRetrVirtualSize( int mid, + if(_enum_pid) free(_enum_pid); + return _enum_size; + } ++ if(_enum_pid) free(_enum_pid); + } + return -1; + } +@@ -574,6 +578,7 @@ int metricRetrSharedSize( int mid, + if(_enum_pid) free(_enum_pid); + return _enum_size; + } ++ if(_enum_pid) free(_enum_pid); + } + return -1; + } +diff -up sblim-gather-2.2.9/plugin/metricVirt.c.orig sblim-gather-2.2.9/plugin/metricVirt.c +--- sblim-gather-2.2.9/plugin/metricVirt.c.orig 2014-10-09 23:29:10.000000000 +0200 ++++ sblim-gather-2.2.9/plugin/metricVirt.c 2021-09-15 10:46:48.293977720 +0200 +@@ -1098,6 +1098,8 @@ int virtMetricRetrVirtualBlockIOStats(in + strcpy(mv->mvResource, resource); + mret(mv); + } ++ ++ free(resource); + + disk = disk->next; + } +diff -up sblim-gather-2.2.9/plugin/repositoryUnixProcess.c.orig sblim-gather-2.2.9/plugin/repositoryUnixProcess.c +--- sblim-gather-2.2.9/plugin/repositoryUnixProcess.c.orig 2014-10-09 23:29:10.000000000 +0200 ++++ sblim-gather-2.2.9/plugin/repositoryUnixProcess.c 2021-09-15 10:46:48.293977720 +0200 +@@ -1289,7 +1289,8 @@ unsigned long long os_getCPUIdleTime( ch + if( (hlp = strrchr(data, ':')) != NULL ) { + hlp++; + memset(time,0,sizeof(time)); +- strcpy(time, hlp); ++ strncpy(time, hlp, sizeof(time)-1); ++ time[sizeof(time)-1] = '\0'; + val = strtoll(time,(char**)NULL,10)*10; + } + +diff -up sblim-gather-2.2.9/provider/OSBase_MetricIndicationProvider.c.orig sblim-gather-2.2.9/provider/OSBase_MetricIndicationProvider.c +--- sblim-gather-2.2.9/provider/OSBase_MetricIndicationProvider.c.orig 2014-10-09 23:29:10.000000000 +0200 ++++ sblim-gather-2.2.9/provider/OSBase_MetricIndicationProvider.c 2021-09-15 10:46:48.293977720 +0200 +@@ -182,8 +182,11 @@ CMPIStatus OSBase_MetricIndicationProvid + } else { + /* was not freed in addListenFilter */ + free(sr); ++ sr = NULL; + } + } ++ if (sr) ++ free(sr); + if( _debug ) + fprintf(stderr,"*** could not activate filter for %s\n", _ClassName); + CMReturn(CMPI_RC_ERR_FAILED); +@@ -364,10 +367,13 @@ static int removeListenFilter(const CMPI + free (lf->lf_namespace); + } + free(lf); ++ lf = NULL; + state=0; + } +- prev = lf; +- lf = lf->lf_next; ++ if (lf) { ++ prev = lf; ++ lf = lf->lf_next; ++ } + } + pthread_mutex_unlock(&listenMutex); + return state; +diff -up sblim-gather-2.2.9/provider/OSBase_MetricLifeCycleProvider.c.orig sblim-gather-2.2.9/provider/OSBase_MetricLifeCycleProvider.c +--- sblim-gather-2.2.9/provider/OSBase_MetricLifeCycleProvider.c.orig 2014-10-09 23:29:10.000000000 +0200 ++++ sblim-gather-2.2.9/provider/OSBase_MetricLifeCycleProvider.c 2021-09-15 10:46:48.294977735 +0200 +@@ -183,8 +183,11 @@ CMPIStatus OSBase_MetricLifeCycleProvide + } else { + /* was not freed in addListenFilter */ + free(sr); ++ sr = NULL; + } + } ++ if (sr) ++ free(sr); + if( _debug ) + fprintf(stderr,"*** could not activate filter for %s\n", _ClassName); + CMReturn(CMPI_RC_ERR_FAILED); +@@ -384,10 +387,13 @@ static int removeListenFilter(const CMPI + free (lf->lf_namespace); + } + free(lf); ++ lf = NULL; + state=0; + } +- prev = lf; +- lf = lf->lf_next; ++ if (lf) { ++ prev = lf; ++ lf = lf->lf_next; ++ } + } + pthread_mutex_unlock(&listenMutex); + return state; +diff -up sblim-gather-2.2.9/provider/OSBase_MetricUtil.c.orig sblim-gather-2.2.9/provider/OSBase_MetricUtil.c +--- sblim-gather-2.2.9/provider/OSBase_MetricUtil.c.orig 2014-10-09 23:29:10.000000000 +0200 ++++ sblim-gather-2.2.9/provider/OSBase_MetricUtil.c 2021-09-15 10:46:48.294977735 +0200 +@@ -133,6 +133,7 @@ static int refreshMetricValueList(const + /* assume lock is already done */ + _OSBASE_TRACE(4,("refreshMetricValueList() - namespace %s\n",namesp)); + removeValueList(); ++ memset(&valdata, 0, sizeof(CMPIData)); + while (en && CMHasNext(en,NULL)) { + data = CMGetNext(en,NULL); + if (data.value.inst) { +@@ -343,7 +344,8 @@ char * makeMetricDefIdFromCache(const CM + MReadLock(&MdefLock); + while(metricDefinitionList && metricDefinitionList[i].mdef_metricname) { + if (metricDefinitionList[i].mdef_metricid==id) { +- strcpy(name,metricDefinitionList[i].mdef_metricname); ++ strncpy(name,metricDefinitionList[i].mdef_metricname,sizeof(name)-1); ++ name[sizeof(name)-1] = '\0'; + MReadUnlock(&MdefLock); + return makeMetricDefId(defid,name,id); + } +@@ -365,7 +367,8 @@ char * makeMetricValueIdFromCache(const + MReadLock(&MdefLock); + while(metricDefinitionList && metricDefinitionList[i].mdef_metricname) { + if (metricDefinitionList[i].mdef_metricid==id) { +- strcpy(name,metricDefinitionList[i].mdef_metricname); ++ strncpy(name,metricDefinitionList[i].mdef_metricname,sizeof(name)-1); ++ name[sizeof(name)-1] = '\0'; + MReadUnlock(&MdefLock); + return makeMetricValueId(valid,name,id,resource,systemid,timestamp); + } +@@ -605,7 +608,8 @@ int getPluginNamesForValueClass(const CM + while(metricDefinitionList && metricDefinitionList[j].mdef_metricname) { + if (strcasecmp(metricValueList[i].mdef_classname, + metricDefinitionList[j].mdef_classname)==0) { +- strcpy(pluginname, metricDefinitionList[j].mdef_pluginname); ++ strncpy(pluginname, metricDefinitionList[j].mdef_pluginname, sizeof(pluginname)-1); ++ pluginname[sizeof(pluginname)-1] = '\0'; + break; + } + j++; +@@ -630,7 +634,8 @@ int getPluginNamesForValueClass(const CM + while(metricDefinitionList && metricDefinitionList[i].mdef_metricname) { + if (strcmp(pluginname,metricDefinitionList[i].mdef_pluginname)) { + /* a new plugin name found -- add to list */ +- strcpy(pluginname,metricDefinitionList[i].mdef_pluginname); ++ strncpy(pluginname,metricDefinitionList[i].mdef_pluginname,sizeof(pluginname)-1); ++ pluginname[sizeof(pluginname)-1] = '\0'; + *pluginnames=realloc(*pluginnames, sizeof(char*)*(totalnum+2)); + (*pluginnames)[totalnum]=strdup(pluginname); + (*pluginnames)[totalnum+1]=NULL; +@@ -839,7 +844,8 @@ CMPIString * val2string(const CMPIBroker + sprintf(valbuf,"%f",*(double*)val->viValue); + break; + case MD_STRING: +- strcpy(valbuf,val->viValue); ++ strncpy(valbuf,val->viValue,sizeof(valbuf)-1); ++ valbuf[sizeof(valbuf)-1] = '\0'; + break; + default: + sprintf(valbuf,"datatype %0x not supported",datatype); +diff -up sblim-gather-2.2.9/repos.c.orig sblim-gather-2.2.9/repos.c +--- sblim-gather-2.2.9/repos.c.orig 2021-09-15 10:46:48.284977584 +0200 ++++ sblim-gather-2.2.9/repos.c 2021-09-15 10:46:48.294977735 +0200 +@@ -126,7 +126,7 @@ int repos_sessiontoken(RepositoryToken * + if (rt) { + rt->rt_size=htonl(sizeof(RepositoryToken)); + rt->rt1 = 1234567; +- rt->rt1 = 7654321; ++ rt->rt2 = 7654321; + return 0; + } + return -1; +@@ -170,6 +170,8 @@ int reposplugin_add(const char *pluginna + return 0; + } + rp = malloc(sizeof(RepositoryPlugin)); ++ if (rp == NULL) ++ return -1; + /* load plugin */ + rp->rpName = strdup(pluginname); + rp->rpRegister=RPR_IdForString; +@@ -754,7 +756,9 @@ static void pl_unlink(RepositoryPlugin * + { + PluginList *p, *q; + p = pluginhead; +- if (p && p->plugin==rp) { ++ if (p == NULL) ++ return; ++ if (p->plugin==rp) { + pluginhead=p->next; + free(p); + pluginnum-=1; +diff -up sblim-gather-2.2.9/reposd.c.orig sblim-gather-2.2.9/reposd.c +--- sblim-gather-2.2.9/reposd.c.orig 2014-10-09 23:29:11.000000000 +0200 ++++ sblim-gather-2.2.9/reposd.c 2021-09-15 10:46:48.295977750 +0200 +@@ -796,8 +796,8 @@ static void * rrepos_getrequest(void * h + /* perform sanity check */ + if (bufferlen != sizeof(GATHERCOMM) + comm->gc_datalen) { + m_log(M_ERROR,M_SHOW, +- "Remote reposd invalid length received on socket %i: expected %d got %d.\n", +- hdl,sizeof(GATHERCOMM)+comm->gc_datalen,bufferlen); ++ "Remote reposd invalid length received on socket %ld: expected %d got %d.\n", ++ (long)hdl,sizeof(GATHERCOMM)+comm->gc_datalen,bufferlen); + continue; + } + /* the transmitted parameters are +@@ -822,8 +822,8 @@ static void * rrepos_getrequest(void * h + if (bufferlen + sizeof(MetricValue) - sizeof(MetricValue32) > GATHERVALBUFLEN) { + /* not enough room to expand ! */ + m_log(M_ERROR,M_SHOW, +- "Remote reposd short buffer on socket %i during 32-to-64-bit expansion.\n", +- hdl); ++ "Remote reposd short buffer on socket %ld during 32-to-64-bit expansion.\n", ++ (long)hdl); + continue; + } + mvTemp.mvId = mv32->mv32Id; +@@ -877,8 +877,8 @@ static void * rrepos_getrequest(void * h + ("Retrieved data on socket %i: %s %s %s",(long)hdl, + mv->mvSystemId,pluginname,metricname)); + if ((comm->gc_result=reposvalue_put(pluginname,metricname,mv)) != 0) { +- m_log(M_ERROR,M_SHOW,"Remote reposd on socket %i: write %s to repository failed.\n", +- hdl,metricname); ++ m_log(M_ERROR,M_SHOW,"Remote reposd on socket %ld: write %s to repository failed.\n", ++ (long)hdl,metricname); + } + } + M_TRACE(MTRACE_FLOW,MTRACE_REPOS,("Ending thread on socket %i",(long)hdl)); +diff -up sblim-gather-2.2.9/rreg.c.orig sblim-gather-2.2.9/rreg.c +--- sblim-gather-2.2.9/rreg.c.orig 2014-10-09 23:29:11.000000000 +0200 ++++ sblim-gather-2.2.9/rreg.c 2021-09-15 10:46:48.295977750 +0200 +@@ -164,7 +164,7 @@ static void Grow() + if (PR_MaxEntries == PR_NumEntries) { + PR_MaxEntries += INCREASE_BY; + PR_Entries = realloc(PR_Entries,PR_MaxEntries*sizeof(MetricCalcEntry)); +- memset(PR_Entries+PR_MaxEntries-INCREASE_BY,0,INCREASE_BY); ++ memset(PR_Entries+PR_MaxEntries-INCREASE_BY,0,INCREASE_BY*sizeof(MetricCalcEntry)); + } + } + +diff -up sblim-gather-2.2.9/rrepos.c.orig sblim-gather-2.2.9/rrepos.c +--- sblim-gather-2.2.9/rrepos.c.orig 2014-10-09 23:29:11.000000000 +0200 ++++ sblim-gather-2.2.9/rrepos.c 2021-09-15 10:46:48.295977750 +0200 +@@ -412,8 +412,8 @@ int rrepos_terminate() + if (mcc_request(rreposhandle,&hdr,comm,sizeof(GATHERCOMM))==0 && + mcc_response(&hdr,comm,&commlen)==0 && + mcc_term(rreposhandle)==0) { +- pthread_mutex_unlock(&rrepos_mutex); + rreposhandle=-1; ++ pthread_mutex_unlock(&rrepos_mutex); + return comm->gc_result; + } else { + pthread_mutex_unlock(&rrepos_mutex); +@@ -705,7 +705,7 @@ int rreposresource_list(const char * met + pthread_mutex_unlock(&rrepos_mutex); + return comm->gc_result; + } +- pthread_mutex_lock(&rrepos_mutex); ++ pthread_mutex_unlock(&rrepos_mutex); + } + return -1; + } +diff -up sblim-gather-2.2.9/sforward.c.orig sblim-gather-2.2.9/sforward.c +--- sblim-gather-2.2.9/sforward.c.orig 2014-10-09 23:29:11.000000000 +0200 ++++ sblim-gather-2.2.9/sforward.c 2021-09-15 10:46:48.295977750 +0200 +@@ -66,7 +66,8 @@ int subs_enable_forwarding(SubscriptionR + fwl->fw_corrid = fwCorrelatorId ++; + fwl->fw_origcorrid = sr->srCorrelatorId; + fwl->fw_listener.sun_family = AF_UNIX; +- strcpy(fwl->fw_listener.sun_path,listenerid); ++ strncpy(fwl->fw_listener.sun_path, listenerid, sizeof(fwl->fw_listener.sun_path)-1); ++ fwl->fw_listener.sun_path[sizeof(fwl->fw_listener.sun_path)-1] = '\0'; + if (fwHead == NULL) { + fwHead = fwl; + } else { +diff -up sblim-gather-2.2.9/util/mcfg.c.orig sblim-gather-2.2.9/util/mcfg.c +--- sblim-gather-2.2.9/util/mcfg.c.orig 2014-10-09 23:29:11.000000000 +0200 ++++ sblim-gather-2.2.9/util/mcfg.c 2021-09-15 10:46:48.296977765 +0200 +@@ -60,6 +60,7 @@ int set_configfile(const char * filename + m_log(M_ERROR,M_QUIET, + "set_configfile: maximum number (%d) of config files exceeded", + CFG_MAXHANDLE); ++ fclose(cfgf); + return -1; + } + while (!feof(cfgf)) { +diff -up sblim-gather-2.2.9/util/mtrace.c.orig sblim-gather-2.2.9/util/mtrace.c +--- sblim-gather-2.2.9/util/mtrace.c.orig 2014-10-09 23:29:11.000000000 +0200 ++++ sblim-gather-2.2.9/util/mtrace.c 2021-09-15 10:46:48.296977765 +0200 +@@ -93,9 +93,10 @@ static int _f_trace(char * buf, size_t l + char tm[20]; + static pid_t pid=0; + ++ memset(tm, 0, sizeof(tm)); ++ + if( gettimeofday( &tv, &tz) == 0 ) { + sec = tv.tv_sec + (tz.tz_minuteswest*-1*60); +- memset(tm, 0, sizeof(tm)); + if( gmtime_r( &sec , &cttm) != NULL ) { + strftime(tm,20,"%m/%d/%Y %H:%M:%S UTC",&cttm); + } diff --git a/sblim-gather-2.2.9-fix-use-of-temp-paths.patch b/sblim-gather-2.2.9-fix-use-of-temp-paths.patch new file mode 100644 index 0000000..65cd02d --- /dev/null +++ b/sblim-gather-2.2.9-fix-use-of-temp-paths.patch @@ -0,0 +1,134 @@ +diff -up sblim-gather-2.2.9/plugin/metricVirt.c.orig sblim-gather-2.2.9/plugin/metricVirt.c +--- sblim-gather-2.2.9/plugin/metricVirt.c.orig 2014-10-09 23:29:10.000000000 +0200 ++++ sblim-gather-2.2.9/plugin/metricVirt.c 2021-08-19 14:29:14.500341897 +0200 +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + + #define PIDDIR "/var/run/libvirt/qemu/" + #define L_piddir 22 +@@ -239,7 +240,8 @@ static void collectDomainSchedStats(int + FILE * fd = NULL; + char * pidfile = NULL; + char * tidfile = NULL; +- char tmpfile[L_tmpnam]; ++ char pidtmpfile[] = "/tmp/pidtmp-XXXXXX"; ++ int tfd = -1; + char cmdbuf[128]; + char buf[bufsize]; + int * tids = NULL; +@@ -266,10 +268,12 @@ static void collectDomainSchedStats(int + + /* determine thread ids for each vcpu via ps */ + if (pid) { +- if (tmpnam(tmpfile)) { +- sprintf(cmdbuf, "ps --no-headers -p %d -Lo lwp > %s", pid, tmpfile); ++ tfd = mkstemp(pidtmpfile); ++ if (tfd != -1) { ++ unlink(pidtmpfile); ++ sprintf(cmdbuf, "ps --no-headers -p %d -Lo lwp > %s", pid, pidtmpfile); + if (system(cmdbuf) == 0) { +- if ((fd = fopen(tmpfile, "r")) != NULL) { ++ if ((fd = fdopen(tfd, "r")) != NULL) { + /* ignore master thread (vm pid) */ + fgets(buf, bufsize, fd); + +@@ -282,7 +286,6 @@ static void collectDomainSchedStats(int + fclose(fd); + } + } +- remove(tmpfile); + } + } + +@@ -293,17 +296,20 @@ static void collectDomainSchedStats(int + /* for each vcpu/tid grab stats from /proc/$pid/task/$tid/sched */ + for (i = 0; i < domain_statistics.vcpus[cnt]; i++) { + float used, ready; ++ char tidtmpfile[] = "/tmp/tidtmp-XXXXXX"; + +- if (tmpnam(tmpfile)) { ++ tfd = mkstemp(tidtmpfile); ++ if (tfd != -1) { ++ unlink(tidtmpfile); + sprintf(tidfile, "%s%d%s%d%s", PROC, pid, TASK, tids[i], SCHED); + + /* interested in se.sum_exec_runtime and se.wait_sum */ + sprintf(cmdbuf, "cat %s | awk '/exec_runtime/ || /wait_sum/ {print $3}' > %s", +- tidfile, tmpfile); ++ tidfile, tidtmpfile); + + /* stats are in floating point ms, convert to microseconds */ + if (system(cmdbuf) == 0) { +- if ((fd = fopen(tmpfile, "r")) != NULL) { ++ if ((fd = fdopen(tfd, "r")) != NULL) { + fgets(buf, bufsize, fd); + sscanf(buf, "%f", &used); + used = used * 1000; +@@ -317,7 +323,6 @@ static void collectDomainSchedStats(int + fclose(fd); + } + } +- remove(tmpfile); + } + + } +diff -up sblim-gather-2.2.9/reposdump.c.orig sblim-gather-2.2.9/reposdump.c +--- sblim-gather-2.2.9/reposdump.c.orig 2014-10-09 23:29:11.000000000 +0200 ++++ sblim-gather-2.2.9/reposdump.c 2021-08-19 14:33:27.612564618 +0200 +@@ -55,6 +55,7 @@ int main(int argc, char * argv[]) + /* output file handling */ + char fname[400]; + char *dumpdir; ++ int tfd; + FILE * fhdl; + /* rrepos API related */ + char **plugins; +@@ -119,7 +120,8 @@ int main(int argc, char * argv[]) + + /* we will need the current time later on */ + now = time(NULL); +- strcpy(timestr,time_chars_unsafe(now)); ++ strncpy(timestr, time_chars_unsafe(now), sizeof(timestr)-1); ++ timestr[sizeof(timestr)-1] = '\0'; + + /* construct output filename and open for writing */ + if (argc > 3) { +@@ -127,8 +129,14 @@ int main(int argc, char * argv[]) + } else { + dumpdir = "/tmp"; + } +- sprintf(fname,"%s/reposd-dump-%s.out",dumpdir,timestr); +- fhdl = fopen(fname,"w"); ++ snprintf(fname, sizeof(fname)-1, "%s/reposd-dump-%s-XXXXXX.out", dumpdir, timestr); ++ fname[sizeof(fname)-1] = '\0'; ++ tfd = mkstemps(fname, 4); ++ if (tfd == -1) { ++ fprintf(stderr, "Could not create %s\n", fname); ++ return REPOSDUMP_FILEWRITE; ++ } ++ fhdl = fdopen(tfd,"w"); + if (fhdl == NULL) { + fprintf(stderr, "Could not open %s for writing\n", fname); + return REPOSDUMP_FILEWRITE; +diff -up sblim-gather-2.2.9/slisten.c.orig sblim-gather-2.2.9/slisten.c +--- sblim-gather-2.2.9/slisten.c.orig 2014-10-09 23:29:11.000000000 +0200 ++++ sblim-gather-2.2.9/slisten.c 2021-08-19 14:29:14.501341906 +0200 +@@ -64,6 +64,7 @@ static void subs_listener_cleanup(void * + /* reset to initial state */ + long fds = (long)fdsocket; + close(fds); ++ close(fdsockfile); + unlink(listener); + strcpy(listener,SOCKFILE_TEMPLATE); + fdsockfile=-1; +@@ -139,7 +140,6 @@ int add_subscription_listener(char *list + M_TRACE(MTRACE_DETAILED,MTRACE_RREPOS, + ("listener socket name = %s",listener)); + if (fdsockfile != -1) { +- close(fdsockfile); + unlink(listener); + pthread_create(&pt_listener,NULL,subs_listener,NULL); + pthread_detach(pt_listener); diff --git a/sblim-gather.spec b/sblim-gather.spec index 991bd1b..fc233ab 100644 --- a/sblim-gather.spec +++ b/sblim-gather.spec @@ -3,10 +3,10 @@ Name: sblim-gather Version: 2.2.9 -Release: 23%{?dist} +Release: 24%{?dist} Summary: SBLIM Gatherer -License: EPL +License: EPL-1.0 URL: http://sourceforge.net/projects/sblim/ Source0: http://downloads.sourceforge.net/project/sblim/%{name}/%{version}/%{name}-%{version}.tar.bz2 Source1: gather-config.h.prepend @@ -44,6 +44,10 @@ Patch7: sblim-gather-2.2.9-remove-assoc-conflict.patch Patch9: sblim-gather-2.2.9-inline.patch # Patch10: fixes multiple definiton of variables (FTBFS with GCC 10) Patch10: sblim-gather-2.2.9-fix-multiple-definition.patch +# Patch11: fix issues found by coverity scan +Patch11: sblim-gather-2.2.9-covscan-fixes.patch +# Patch12: fix incorrect use of temporary paths +Patch12: sblim-gather-2.2.9-fix-use-of-temp-paths.patch Requires: cim-server Requires(post): systemd @@ -102,6 +106,8 @@ tar xfvz %{SOURCE4} %patch8 -p1 -b .remove-cxx-check %patch9 -p1 -b .inline %patch10 -p1 -b .fix-multiple-definition +%patch11 -p1 -b .covscan-fixes +%patch12 -p1 -b .fix-use-of-temp-paths %build %ifarch s390 s390x ppc ppc64 @@ -296,6 +302,11 @@ fi %ldconfig_postun provider %changelog +* Wed Sep 15 2021 Vitezslav Crhonek - 2.2.9-24 +- Fix license +- Fix issues found by static analysis +- Fix incorrect use of temporary paths + * Wed Aug 04 2021 Vitezslav Crhonek - 2.2.9-23 - Fix FTBFS Resolves: #1987989