cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From scan-ad...@coverity.com
Subject New Defects reported by Coverity Scan for cloudstack
Date Mon, 01 Dec 2014 11:41:07 GMT

Hi,

Please find the latest report on new defect(s) introduced to cloudstack found with Coverity
Scan.

6 new defect(s) introduced to cloudstack found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed
by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 1256278:  Dm: Dubious method used  (FB.DM_DEFAULT_ENCODING)
/server/src/com/cloud/user/AccountManagerImpl.java: 2061 in com.cloud.user.AccountManagerImpl.authenticateUser(java.lang.String,
java.lang.String, java.lang.Long, java.net.InetAddress, java.util.Map)()
/server/src/com/cloud/user/AccountManagerImpl.java: 2057 in com.cloud.user.AccountManagerImpl.authenticateUser(java.lang.String,
java.lang.String, java.lang.Long, java.net.InetAddress, java.util.Map)()
/server/src/com/cloud/user/AccountManagerImpl.java: 2059 in com.cloud.user.AccountManagerImpl.authenticateUser(java.lang.String,
java.lang.String, java.lang.Long, java.net.InetAddress, java.util.Map)()

** CID 1256277:  SBSC: String concatenation in loop using + operator  (FB.SBSC_USE_STRINGBUFFER_CONCATENATION)
/server/src/com/cloud/user/AccountManagerImpl.java: 2042 in com.cloud.user.AccountManagerImpl.authenticateUser(java.lang.String,
java.lang.String, java.lang.Long, java.net.InetAddress, java.util.Map)()

** CID 1256276:  WMI: Inefficient Map Iterator  (FB.WMI_WRONG_MAP_ITERATOR)
/server/src/com/cloud/user/AccountManagerImpl.java: 2013 in com.cloud.user.AccountManagerImpl.authenticateUser(java.lang.String,
java.lang.String, java.lang.Long, java.net.InetAddress, java.util.Map)()

** CID 1256275:  Resource leak  (RESOURCE_LEAK)
/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java: 237 in com.cloud.upgrade.dao.Upgrade442to450.updateSystemVmTemplates(java.sql.Connection)()
/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java: 291 in com.cloud.upgrade.dao.Upgrade442to450.updateSystemVmTemplates(java.sql.Connection)()
/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java: 266 in com.cloud.upgrade.dao.Upgrade442to450.updateSystemVmTemplates(java.sql.Connection)()

** CID 1256274:  Resource leak on an exceptional path  (RESOURCE_LEAK)
/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java: 115 in com.cloud.upgrade.dao.Upgrade442to450.upgradeMemoryOfVirtualRoutervmOffering(java.sql.Connection)()

** CID 1256273:  Resource leak on an exceptional path  (RESOURCE_LEAK)
/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java: 157 in com.cloud.upgrade.dao.Upgrade442to450.upgradeMemoryOfInternalLoadBalancervmOffering(java.sql.Connection)()


________________________________________________________________________________________________________
*** CID 1256278:  Dm: Dubious method used  (FB.DM_DEFAULT_ENCODING)
/server/src/com/cloud/user/AccountManagerImpl.java: 2061 in com.cloud.user.AccountManagerImpl.authenticateUser(java.lang.String,
java.lang.String, java.lang.Long, java.net.InetAddress, java.util.Map)()
2055     
2056                     Mac mac = Mac.getInstance("HmacSHA1");
2057                     SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(), "HmacSHA1");
2058                     mac.init(keySpec);
2059                     mac.update(unsignedRequest.getBytes());
2060                     byte[] encryptedBytes = mac.doFinal();
>>>     CID 1256278:  Dm: Dubious method used  (FB.DM_DEFAULT_ENCODING)
>>>     Found reliance on default encoding: new String(byte[])
2061                     String computedSignature = new String(Base64.encodeBase64(encryptedBytes));
2062                     boolean equalSig = signature.equals(computedSignature);
2063                     if (!equalSig) {
2064                         s_logger.info("User signature: " + signature + " is not equaled
to computed signature: " + computedSignature);
2065                     } else {
2066                         user = _userAccountDao.getUserAccount(username, domainId);
/server/src/com/cloud/user/AccountManagerImpl.java: 2057 in com.cloud.user.AccountManagerImpl.authenticateUser(java.lang.String,
java.lang.String, java.lang.Long, java.net.InetAddress, java.util.Map)()
2051                         return null;
2052                     }
2053     
2054                     unsignedRequest = unsignedRequest.toLowerCase();
2055     
2056                     Mac mac = Mac.getInstance("HmacSHA1");
>>>     CID 1256278:  Dm: Dubious method used  (FB.DM_DEFAULT_ENCODING)
>>>     Found reliance on default encoding: String.getBytes()
2057                     SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(), "HmacSHA1");
2058                     mac.init(keySpec);
2059                     mac.update(unsignedRequest.getBytes());
2060                     byte[] encryptedBytes = mac.doFinal();
2061                     String computedSignature = new String(Base64.encodeBase64(encryptedBytes));
2062                     boolean equalSig = signature.equals(computedSignature);
/server/src/com/cloud/user/AccountManagerImpl.java: 2059 in com.cloud.user.AccountManagerImpl.authenticateUser(java.lang.String,
java.lang.String, java.lang.Long, java.net.InetAddress, java.util.Map)()
2053     
2054                     unsignedRequest = unsignedRequest.toLowerCase();
2055     
2056                     Mac mac = Mac.getInstance("HmacSHA1");
2057                     SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(), "HmacSHA1");
2058                     mac.init(keySpec);
>>>     CID 1256278:  Dm: Dubious method used  (FB.DM_DEFAULT_ENCODING)
>>>     Found reliance on default encoding: String.getBytes()
2059                     mac.update(unsignedRequest.getBytes());
2060                     byte[] encryptedBytes = mac.doFinal();
2061                     String computedSignature = new String(Base64.encodeBase64(encryptedBytes));
2062                     boolean equalSig = signature.equals(computedSignature);
2063                     if (!equalSig) {
2064                         s_logger.info("User signature: " + signature + " is not equaled
to computed signature: " + computedSignature);

________________________________________________________________________________________________________
*** CID 1256277:  SBSC: String concatenation in loop using + operator  (FB.SBSC_USE_STRINGBUFFER_CONCATENATION)
/server/src/com/cloud/user/AccountManagerImpl.java: 2042 in com.cloud.user.AccountManagerImpl.authenticateUser(java.lang.String,
java.lang.String, java.lang.Long, java.net.InetAddress, java.util.Map)()
2036                                 }
2037                             }
2038     
2039                             if (unsignedRequest == null) {
2040                                 unsignedRequest = paramName + "=" + URLEncoder.encode(paramValue,
"UTF-8").replaceAll("\\+", "%20");
2041                             } else {
>>>     CID 1256277:  SBSC: String concatenation in loop using + operator  (FB.SBSC_USE_STRINGBUFFER_CONCATENATION)
>>>     com.cloud.user.AccountManagerImpl.authenticateUser(String, String, Long,
InetAddress, Map) concatenates strings using + in a loop
2042                                 unsignedRequest = unsignedRequest + "&" + paramName
+ "=" + URLEncoder.encode(paramValue, "UTF-8").replaceAll("\\+", "%20");
2043                             }
2044                         }
2045                     }
2046     
2047                     if ((signature == null) || (timestamp == 0L)) {

________________________________________________________________________________________________________
*** CID 1256276:  WMI: Inefficient Map Iterator  (FB.WMI_WRONG_MAP_ITERATOR)
/server/src/com/cloud/user/AccountManagerImpl.java: 2013 in com.cloud.user.AccountManagerImpl.authenticateUser(java.lang.String,
java.lang.String, java.lang.Long, java.net.InetAddress, java.util.Map)()
2007     
2008                 Collections.sort(parameterNames);
2009     
2010                 try {
2011                     for (String paramName : parameterNames) {
2012                         // parameters come as name/value pairs in the form String/String[]
>>>     CID 1256276:  WMI: Inefficient Map Iterator  (FB.WMI_WRONG_MAP_ITERATOR)
>>>     com.cloud.user.AccountManagerImpl.authenticateUser(String, String, Long,
InetAddress, Map) makes inefficient use of keySet iterator instead of entrySet iterator
2013                         String paramValue = ((String[])requestParameters.get(paramName))[0];
2014     
2015                         if ("signature".equalsIgnoreCase(paramName)) {
2016                             signature = paramValue;
2017                         } else {
2018                             if ("timestamp".equalsIgnoreCase(paramName)) {

________________________________________________________________________________________________________
*** CID 1256275:  Resource leak  (RESOURCE_LEAK)
/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java: 237 in com.cloud.upgrade.dao.Upgrade442to450.updateSystemVmTemplates(java.sql.Connection)()
231                 };
232     
233                 for (Map.Entry<Hypervisor.HypervisorType, String> hypervisorAndTemplateName
: NewTemplateNameList.entrySet()){
234                     s_logger.debug("Updating " + hypervisorAndTemplateName.getKey() +
" System Vms");
235                     try {
236                         //Get 4.5.0 system Vm template Id for corresponding hypervisor
>>>     CID 1256275:  Resource leak  (RESOURCE_LEAK)
>>>     Overwriting "pstmt" in "pstmt = conn.prepareStatement("select id from `cloud`.`vm_template`
where name = ? and removed is null order by id desc limit 1")" leaks the resource that "pstmt"
refers to.
237                         pstmt = conn.prepareStatement("select id from `cloud`.`vm_template`
where name = ? and removed is null order by id desc limit 1");
238                         pstmt.setString(1, hypervisorAndTemplateName.getValue());
239                         rs = pstmt.executeQuery();
240                         if(rs.next()){
241                             long templateId = rs.getLong(1);
242                             rs.close();
/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java: 291 in com.cloud.upgrade.dao.Upgrade442to450.updateSystemVmTemplates(java.sql.Connection)()
285                     if (pstmt != null) {
286                         pstmt.close();
287                     }
288                 } catch (SQLException e) {
289                 }
290             }
>>>     CID 1256275:  Resource leak  (RESOURCE_LEAK)
>>>     Variable "pstmt" going out of scope leaks the resource it refers to.
291         }
292     
293     
294         private void dropInvalidKeyFromStoragePoolTable(Connection conn) {
295             HashMap<String, List<String>> uniqueKeys = new HashMap<String,
List<String>>();
296             List<String> keys = new ArrayList<String>();
/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java: 266 in com.cloud.upgrade.dao.Upgrade442to450.updateSystemVmTemplates(java.sql.Connection)()
260                         } else {
261                             if (hypervisorsListInUse.contains(hypervisorAndTemplateName.getKey())){
262                                 throw new CloudRuntimeException("4.5.0 " + hypervisorAndTemplateName.getKey()
+ " SystemVm template not found. Cannot upgrade system Vms");
263                             } else {
264                                 s_logger.warn("4.5.0 " + hypervisorAndTemplateName.getKey()
+ " SystemVm template not found. " + hypervisorAndTemplateName.getKey() + " hypervisor is
not used, so not failing upgrade");
265                                 // Update the latest template URLs for corresponding hypervisor
>>>     CID 1256275:  Resource leak  (RESOURCE_LEAK)
>>>     Overwriting "pstmt" in "pstmt = conn.prepareStatement("UPDATE `cloud`.`vm_template`
SET url = ? , checksum = ? WHERE hypervisor_type = ? AND type = 'SYSTEM' AND removed is null
order by id desc limit 1")" leaks the resource that "pstmt" refers to.
266                                 pstmt = conn.prepareStatement("UPDATE `cloud`.`vm_template`
SET url = ? , checksum = ? WHERE hypervisor_type = ? AND type = 'SYSTEM' AND removed is null
order by id desc limit 1");
267                                 pstmt.setString(1, newTemplateUrl.get(hypervisorAndTemplateName.getKey()));
268                                 pstmt.setString(2, newTemplateChecksum.get(hypervisorAndTemplateName.getKey()));
269                                 pstmt.setString(3, hypervisorAndTemplateName.getKey().toString());
270                                 pstmt.executeUpdate();
271                                 pstmt.close();

________________________________________________________________________________________________________
*** CID 1256274:  Resource leak on an exceptional path  (RESOURCE_LEAK)
/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java: 115 in com.cloud.upgrade.dao.Upgrade442to450.upgradeMemoryOfVirtualRoutervmOffering(java.sql.Connection)()
109                         updatePstmt.close();
110                     }
111                 } catch (SQLException e) {
112                 }
113             }
114             s_logger.debug("Done upgrading RAM for service offering of domain router to
" + newRamSize);
>>>     CID 1256274:  Resource leak on an exceptional path  (RESOURCE_LEAK)
>>>     Variable "updatePstmt" going out of scope leaks the resource it refers to.
115         }
116     
117         private void upgradeMemoryOfInternalLoadBalancervmOffering(Connection conn) {
118             PreparedStatement updatePstmt = null;
119             PreparedStatement selectPstmt = null;
120             ResultSet selectResultSet = null;

________________________________________________________________________________________________________
*** CID 1256273:  Resource leak on an exceptional path  (RESOURCE_LEAK)
/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java: 157 in com.cloud.upgrade.dao.Upgrade442to450.upgradeMemoryOfInternalLoadBalancervmOffering(java.sql.Connection)()
151                         updatePstmt.close();
152                     }
153                 } catch (SQLException e) {
154                 }
155             }
156             s_logger.debug("Done upgrading RAM for service offering of internal loadbalancer
vm to " + newRamSize);
>>>     CID 1256273:  Resource leak on an exceptional path  (RESOURCE_LEAK)
>>>     Variable "updatePstmt" going out of scope leaks the resource it refers to.
157         }
158     
159         @Override
160         public File[] getCleanupScripts() {
161             String script = Script.findScript("", "db/schema-442to450-cleanup.sql");
162             if (script == null) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/943?tab=overview

To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py




Mime
View raw message