#3530 closed task (fixed)

Fix issues raised by Coverity Scan for FTP server

Reported by: Sebastian Huber Owned by: Sebastian Huber
Priority: normal Milestone: 5.1
Component: lib Version: 5
Severity: normal Keywords:
Cc: Blocked By: #3545


Change History (19)

comment:1 Changed on 10/04/18 at 08:50:06 by Sebastian Huber <sebastian.huber@…>

In f004b2b8/rtems:

Use rtems_task_exit()

Update #3530.
Update #3533.

comment:2 Changed on 10/08/18 at 05:16:22 by Sebastian Huber <sebastian.huber@…>

In e761fb4/rtems:

ftpd: Avoid NULL pointer checks before free()

They are superfluous and just bloat the code.

Update #3530.

comment:3 Changed on 10/08/18 at 05:16:33 by Sebastian Huber <sebastian.huber@…>

In dcf42bb2/rtems:

ftpd: Remove FTPD_SessionInfo_t::pass member

There is no need to keep the password throughout the session.

Update #3530.

comment:4 Changed on 10/08/18 at 05:16:43 by Sebastian Huber <sebastian.huber@…>

In 51da629/rtems:

ftpd: Avoid malloc() and sscanf()

Move the user name to the session information.

Update #3530.

comment:5 Changed on 10/08/18 at 05:16:53 by Sebastian Huber <sebastian.huber@…>

In 479a28e0/rtems:

ftpd: Avoid use of uninitialized memory

Update #3530.

comment:6 Changed on 10/08/18 at 05:17:04 by Sebastian Huber <sebastian.huber@…>

In df97c4d2/rtems:

ftpd: Avoid resource leak

Update #3530.

comment:7 Changed on 10/08/18 at 05:17:14 by Sebastian Huber <sebastian.huber@…>

In be8de0ff/rtems:

ftpd: Fix insecure chroot() handling

Ensure that the rtems_libio_set_private_env() was successful before the

Update #3530.

comment:8 Changed on 10/09/18 at 05:44:18 by Sebastian Huber <sebastian.huber@…>

In 2f784d7/rtems:

ftpd: Check return status of getsockname()

Update #3530.

comment:9 Changed on 10/09/18 at 05:44:32 by Sebastian Huber <sebastian.huber@…>

In 5bd75823/rtems:

ftpd: Remove superfluous temporary buffer

Update #3530.

comment:10 Changed on 10/10/18 at 11:59:13 by Sebastian Huber <sebastian.huber@…>

In 84a5921d/rtems:

ftpd: Restructure chroot() handling.

Remove superfluous setting of errno = 0.

Update #3530.

comment:11 Changed on 10/11/18 at 08:49:05 by Sebastian Huber

Blocked By: 3545 added

comment:12 Changed on 10/12/18 at 12:16:56 by Sebastian Huber <sebastian.huber@…>

In 35c533f/rtems-source-builder:

5: Update Newlib

Pick up POSIX header file changes and improved opendir() implementation.
This addesses time of check and time of use error conditions (TOCTOU).

Update #3530.
Update #3545.
Update #3546.
Update #3547.

comment:13 Changed on 11/02/18 at 10:58:42 by Sebastian Huber <sebastian.huber@…>

In 706802f8/rtems:

ftpd: Make send_dirline() more robust

Account for large file names.

Update #3530.

comment:14 Changed on 11/02/18 at 10:58:50 by Sebastian Huber <sebastian.huber@…>

In 8c3cd1e8/rtems:

ftpd: Deal with too long command lines

Update #3530.

comment:15 Changed on 11/02/18 at 10:58:58 by Sebastian Huber <sebastian.huber@…>

In fa0adf36/rtems:

ftpd: Avoid TOCTOU problem

Assume that opendir() returns only non-NULL if we actually open a

Update #3530.

comment:16 Changed on 11/02/18 at 14:16:10 by Joel Sherrill

Just an FYI that I have been trying to put the URL for the corresponding RTEMS tickets in the Coverity comment for the CID. Not sure it will ever be useful but best to be thorough in case we need it in the future.

comment:17 Changed on 12/19/19 at 08:20:33 by Sebastian Huber

An up to date Coverity run would be nice to see if all issues are fixed.

comment:18 Changed on 12/19/19 at 14:49:38 by Joel Sherrill

I just submitted one. Hopefully it will pop out soon.

comment:19 Changed on 03/04/20 at 07:22:16 by Sebastian Huber

Resolution: fixed
Status: assignedclosed

I reviewed all CIDs with respect to the FTP server. I think further improvements require some modelling in Coverity so remove the taint from data.

Note: See TracTickets for help on using tickets.