[Bug 862558] [NEW] cobbler-enlist is not checking for return codes enough
Jamie Strandboge
jamie at ubuntu.com
Thu Sep 29 16:49:09 UTC 2011
Public bug reported:
In performing the MIR audit for cobbler-enlist (bug #860492), I
discovred:
- PROBLEM: most xmlrpc_* calls are not doing any error checking, but should be based on looking at code of xmlrpc-c.
- RECOMMENDATION: create utility function wrappers for the common xmlrpc-c comamnds, have the cobbler-enlist code use the wrappers, and have the wrappers do all the error checking. Eg: all current uses of xmlrpc_array_new(...) should be changed to use ce_xmlrpc_array_new(...), then ce_xmlrpc_array_new() calls xmlrpc_array_new() and does the necessary error checking and fails. This should be done everywhere that an xmlrpc function is used a lot, and for those things that are used only once, simply do it inline (eg for xmlrpc_server_info_new()).
This needs to get fixed so that cobbler-enlist is defensively coded.
This must happen before 12.04 and I think it would also be good for SRU.
** Affects: cobbler-enlist (Ubuntu)
Importance: High
Assignee: Canonical Server Team (canonical-server)
Status: Triaged
** Affects: cobbler-enlist (Ubuntu Oneiric)
Importance: High
Assignee: Canonical Server Team (canonical-server)
Status: Triaged
** Affects: cobbler-enlist (Ubuntu P-series)
Importance: High
Assignee: Canonical Server Team (canonical-server)
Status: Triaged
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
** Changed in: cobbler-enlist (Ubuntu)
Importance: Undecided => High
** Changed in: cobbler-enlist (Ubuntu)
Status: New => Triaged
** Changed in: cobbler-enlist (Ubuntu)
Assignee: (unassigned) => Canonical Server Team (canonical-server)
** Also affects: cobbler-enlist (Ubuntu Oneiric)
Importance: High
Assignee: Canonical Server Team (canonical-server)
Status: Triaged
** Also affects: cobbler-enlist (Ubuntu P-series)
Importance: Undecided
Status: New
** Changed in: cobbler-enlist (Ubuntu P-series)
Status: New => Triaged
** Changed in: cobbler-enlist (Ubuntu P-series)
Importance: Undecided => High
** Changed in: cobbler-enlist (Ubuntu P-series)
Assignee: (unassigned) => Canonical Server Team (canonical-server)
** Changed in: cobbler-enlist (Ubuntu Oneiric)
Milestone: None => oneiric-updates
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cobbler-enlist in Ubuntu.
https://bugs.launchpad.net/bugs/862558
Title:
cobbler-enlist is not checking for return codes enough
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cobbler-enlist/+bug/862558/+subscriptions
More information about the Ubuntu-server-bugs
mailing list