From fbccd24db6f3d82fd2716150a07b0e1b7a079bc8 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Thu, 7 May 2020 08:26:34 +0200 Subject: [PATCH 1/6] cli/polkit: add missing variable initialization in dbus_method_call_cb() Reported by coverity: >>> CID 210217: (UNINIT) >>> Using uninitialized value "identities_gvariant" when calling "gs_local_variant_unref". Fixes: df1d214b2ea7 ('clients: polkit-agent: implement polkit agent without using libpolkit') --- clients/common/nm-polkit-listener.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clients/common/nm-polkit-listener.c b/clients/common/nm-polkit-listener.c index 7691ff4e06..d6361f4bfc 100644 --- a/clients/common/nm-polkit-listener.c +++ b/clients/common/nm-polkit-listener.c @@ -663,7 +663,7 @@ dbus_method_call_cb (GDBusConnection *connection, const char *message; const char *cookie; AuthRequest *request; - gs_unref_variant GVariant *identities_gvariant; + gs_unref_variant GVariant *identities_gvariant = NULL; if (nm_streq (method_name, "BeginAuthentication")) { g_variant_get (parameters, From 8cb58ef1ebebf719d639b962db9a6139de0c5ce9 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Thu, 7 May 2020 08:59:41 +0200 Subject: [PATCH 2/6] cli/polkit: add missing variable initialization in retrieve_session_id_cb() Reported by coverity: >>> CID 210213 Uninitialized pointer read (UNINIT) >>> Using uninitialized value iter when calling _nm_auto_free_variant_iter Fixes: df1d214b2ea7 ('clients: polkit-agent: implement polkit agent without using libpolkit') --- clients/common/nm-polkit-listener.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clients/common/nm-polkit-listener.c b/clients/common/nm-polkit-listener.c index d6361f4bfc..ace205e809 100644 --- a/clients/common/nm-polkit-listener.c +++ b/clients/common/nm-polkit-listener.c @@ -339,7 +339,7 @@ retrieve_session_id_cb (GObject *source_object, NMPolkitListener *listener = NM_POLKIT_LISTENER (user_data); char *session_id; guint32 session_uid; - nm_auto_free_variant_iter GVariantIter *iter; + nm_auto_free_variant_iter GVariantIter *iter = NULL; gs_unref_variant GVariant *ret = NULL; gs_free_error GError *error = NULL; gs_free char *err_str = NULL; From 966e3341a6fb0c2868be5355f077eeaa34025b28 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Thu, 7 May 2020 09:09:07 +0200 Subject: [PATCH 3/6] libnm-core: replace malloc() with g_malloc() For consistency with the rest of the code, prefer g_malloc() over malloc(). --- libnm-core/nm-utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libnm-core/nm-utils.c b/libnm-core/nm-utils.c index 8bddbd23ea..7b69b4ef7a 100644 --- a/libnm-core/nm-utils.c +++ b/libnm-core/nm-utils.c @@ -5444,7 +5444,7 @@ attribute_escape (const char *src, char c1, char c2) { char *ret, *dest; - dest = ret = malloc (strlen (src) * 2 + 1); + dest = ret = g_malloc (strlen (src) * 2 + 1); while (*src) { if (*src == c1 || *src == c2 || *src == '\\') From 272f19108b8c6250697ab081e21191f9108d710d Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Thu, 7 May 2020 09:20:06 +0200 Subject: [PATCH 4/6] libnm: fix assertion in NML_IS_DBUS_OBJECT() Reported by coverity: >>> CID 210228: Null pointer dereferences (REVERSE_INULL) >>> Null-checking "dbobj" suggests that it may be null, but it has already been dereferenced on all paths leading to the check. Fixes: ce0e898fb476 ('libnm: refactor caching of D-Bus objects in NMClient') --- libnm/nm-libnm-utils.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libnm/nm-libnm-utils.h b/libnm/nm-libnm-utils.h index 64ce81ad3b..b59ba5f036 100644 --- a/libnm/nm-libnm-utils.h +++ b/libnm/nm-libnm-utils.h @@ -671,7 +671,8 @@ NML_IS_DBUS_OBJECT (NMLDBusObject *dbobj) nm_assert ( !dbobj || ( NM_IS_REF_STRING (dbobj->dbus_path) && dbobj->ref_count > 0)); - nm_assert ( !dbobj->nmobj + nm_assert ( !dbobj + || !dbobj->nmobj || NM_IS_OBJECT (dbobj->nmobj) || NM_IS_CLIENT (dbobj->nmobj)); return !!dbobj; From 581aa981c27d4bde17eb8772fe92697f586a6ed6 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Thu, 7 May 2020 09:30:02 +0200 Subject: [PATCH 5/6] ifcfg-rh: check return value of fdopen() Reported by coverity: >>> CID 210222: Null pointer dereferences (NULL_RETURNS) >>> Dereferencing a pointer that might be "NULL" "f" when calling "fseek". Fixes: ac5206aa9c5a ('2007-11-21') --- src/settings/plugins/ifcfg-rh/shvar.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/settings/plugins/ifcfg-rh/shvar.c b/src/settings/plugins/ifcfg-rh/shvar.c index f2a1dd7875..cd63661d9a 100644 --- a/src/settings/plugins/ifcfg-rh/shvar.c +++ b/src/settings/plugins/ifcfg-rh/shvar.c @@ -1492,6 +1492,13 @@ svWriteFile (shvarFile *s, int mode, GError **error) return FALSE; } f = fdopen (tmpfd, "w"); + if (!f) { + errsv = errno; + g_set_error (error, G_FILE_ERROR, g_file_error_from_errno (errsv), + "Internal error writing file '%s': %s", + s->fileName, nm_strerror_native (errsv)); + return FALSE; + } fseek (f, 0, SEEK_SET); c_list_for_each (current, &s->lst_head) { const shvarLine *line = c_list_entry (current, shvarLine, lst); From a29b13c7f1eb03cb59ae0cd7bfa5dbd9f027ec84 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Thu, 7 May 2020 09:37:12 +0200 Subject: [PATCH 6/6] libnm: remove early return statement in test_nm_auth_permissions() Reported by coverity: >>> CID 210230: Control flow issues (UNREACHABLE) >>> This code cannot be reached: "i = 0;". Fixes: 09e17888f7f0 ('libnm: add mapping functions between string and NMClientPermission enum') --- libnm/tests/test-libnm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libnm/tests/test-libnm.c b/libnm/tests/test-libnm.c index 90d0cf0d3f..d437c82c6c 100644 --- a/libnm/tests/test-libnm.c +++ b/libnm/tests/test-libnm.c @@ -3103,7 +3103,7 @@ test_nm_auth_permissions (void) g_assert (s == nm_auth_permission_names_by_idx[i - 1]); g_assert_cmpint (nm_auth_permission_from_string (s), ==, i); } - return; + for (i = 0; i < NM_CLIENT_PERMISSION_LAST; i++) g_assert_cmpint (nm_auth_permission_from_string (nm_auth_permission_names_by_idx[i]), ==, i + 1); }