<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
GlusterFS was rejected during the security analysis with these
comments:<br>
<blockquote type="cite">
<p id="yui_3_10_3_1_1398442245235_54" style="margin: 0px 0px
0.8em; padding: 0px; width: auto; max-width: 45em; color:
rgb(51, 51, 51); font-family: 'Ubuntu Mono', monospace;
font-size: 12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height: 18px;
orphans: auto; text-align: left; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);">here's just a list of
what I found while reading the code:</p>
<p style="margin: 0px 0px 0.8em; padding: 0px; width: auto;
max-width: 45em; color: rgb(51, 51, 51); font-family: 'Ubuntu
Mono', monospace; font-size: 12px; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: 18px; orphans: auto; text-align: left;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);">- cppcheck reports ~20
real coding mistakes, perhaps a few false positives<br>
- get_uuid_<wbr>via_daemon(<wbr>) doesn't check fork() for error
return<br>
- rdd_valid_config() buffer overflow rdd_config.<wbr>out_file.<wbr>path<br>
- gf_cli_<wbr>print_limit_<wbr>list() doesn't check
sprintf(abspath) return value<br>
- rb_malloc() and rb_free() ignore their allocator argument<br>
Not a security problem, but might be very surprising<br>
- int_to_data() data_from_<wbr>[u]int{<wbr>64,32,16,<wbr>8}()
data_from_double()<br>
all re-calculate the length rather than use the return value
from<br>
gf_asprintf(). (Not a security problem, just redundant.)</p>
</blockquote>
Should we add cppcheck to Jenkins?<br>
</body>
</html>