#3530 assigned task

Fix issues raised by Coverity Scan for FTP server

Reported by: Sebastian Huber Owned by: Sebastian Huber
Priority: normal Milestone: 5.1
Component: lib Version: 5
Severity: normal Keywords:
Cc: Blocked By: #3545
Blocking:

Description


Change History (16)

comment:1 Changed on Oct 4, 2018 at 8:50:06 AM by Sebastian Huber <sebastian.huber@…>

In f004b2b8/rtems:

Use rtems_task_exit()

Update #3530.
Update #3533.

comment:2 Changed on Oct 8, 2018 at 5:16:22 AM by Sebastian Huber <sebastian.huber@…>

In e761fb4/rtems:

ftpd: Avoid NULL pointer checks before free()

They are superfluous and just bloat the code.

Update #3530.

comment:3 Changed on Oct 8, 2018 at 5:16:33 AM by Sebastian Huber <sebastian.huber@…>

In dcf42bb2/rtems:

ftpd: Remove FTPD_SessionInfo_t::pass member

There is no need to keep the password throughout the session.

Update #3530.

comment:4 Changed on Oct 8, 2018 at 5:16:43 AM by Sebastian Huber <sebastian.huber@…>

In 51da629/rtems:

ftpd: Avoid malloc() and sscanf()

Move the user name to the session information.

Update #3530.

comment:5 Changed on Oct 8, 2018 at 5:16:53 AM by Sebastian Huber <sebastian.huber@…>

In 479a28e0/rtems:

ftpd: Avoid use of uninitialized memory

Update #3530.

comment:6 Changed on Oct 8, 2018 at 5:17:04 AM by Sebastian Huber <sebastian.huber@…>

In df97c4d2/rtems:

ftpd: Avoid resource leak

Update #3530.

comment:7 Changed on Oct 8, 2018 at 5:17:14 AM by Sebastian Huber <sebastian.huber@…>

In be8de0ff/rtems:

ftpd: Fix insecure chroot() handling

Ensure that the rtems_libio_set_private_env() was successful before the
chroot().

Update #3530.

comment:8 Changed on Oct 9, 2018 at 5:44:18 AM by Sebastian Huber <sebastian.huber@…>

In 2f784d7/rtems:

ftpd: Check return status of getsockname()

Update #3530.

comment:9 Changed on Oct 9, 2018 at 5:44:32 AM by Sebastian Huber <sebastian.huber@…>

In 5bd75823/rtems:

ftpd: Remove superfluous temporary buffer

Update #3530.

comment:10 Changed on Oct 10, 2018 at 11:59:13 AM by Sebastian Huber <sebastian.huber@…>

In 84a5921d/rtems:

ftpd: Restructure chroot() handling.

Remove superfluous setting of errno = 0.

Update #3530.

comment:11 Changed on Oct 11, 2018 at 8:49:05 AM by Sebastian Huber

Blocked By: 3545 added

comment:12 Changed on Oct 12, 2018 at 12:16:56 PM by Sebastian Huber <sebastian.huber@…>

In 35c533f/rtems-source-builder:

5: Update Newlib

Pick up POSIX header file changes and improved opendir() implementation.
This addesses time of check and time of use error conditions (TOCTOU).

Update #3530.
Update #3545.
Update #3546.
Update #3547.

comment:13 Changed on Nov 2, 2018 at 10:58:42 AM by Sebastian Huber <sebastian.huber@…>

In 706802f8/rtems:

ftpd: Make send_dirline() more robust

Account for large file names.

Update #3530.

comment:14 Changed on Nov 2, 2018 at 10:58:50 AM by Sebastian Huber <sebastian.huber@…>

In 8c3cd1e8/rtems:

ftpd: Deal with too long command lines

Update #3530.

comment:15 Changed on Nov 2, 2018 at 10:58:58 AM by Sebastian Huber <sebastian.huber@…>

In fa0adf36/rtems:

ftpd: Avoid TOCTOU problem

Assume that opendir() returns only non-NULL if we actually open a
directory.

Update #3530.

comment:16 Changed on Nov 2, 2018 at 2:16:10 PM by Joel Sherrill

Just an FYI that I have been trying to put the URL for the corresponding RTEMS tickets in the Coverity comment for the CID. Not sure it will ever be useful but best to be thorough in case we need it in the future.

Note: See TracTickets for help on using tickets.