[Bug 862558] [NEW] cobbler-enlist is not checking for return codes enough

Jamie Strandboge jamie at ubuntu.com
Thu Sep 29 16:49:09 UTC 2011 

Public bug reported:

In performing the MIR audit for cobbler-enlist (bug #860492), I
discovred:

- PROBLEM: most xmlrpc_* calls are not doing any error checking, but should be based on looking at code of xmlrpc-c.
- RECOMMENDATION: create utility function wrappers for the common xmlrpc-c comamnds, have the cobbler-enlist code use the wrappers, and have the wrappers do all the error checking. Eg: all current uses of xmlrpc_array_new(...) should be changed to use ce_xmlrpc_array_new(...), then ce_xmlrpc_array_new() calls xmlrpc_array_new() and does the necessary error checking and fails. This should be done everywhere that an xmlrpc function is used a lot, and for those things that are used only once, simply do it inline (eg for xmlrpc_server_info_new()).

This needs to get fixed so that cobbler-enlist is defensively coded.
This must happen before 12.04 and I think it would also be good for SRU.

** Affects: cobbler-enlist (Ubuntu)
     Importance: High
     Assignee: Canonical Server Team (canonical-server)
         Status: Triaged

** Affects: cobbler-enlist (Ubuntu Oneiric)
     Importance: High
     Assignee: Canonical Server Team (canonical-server)
         Status: Triaged

** Affects: cobbler-enlist (Ubuntu P-series)
     Importance: High
     Assignee: Canonical Server Team (canonical-server)
         Status: Triaged

** Visibility changed to: Public

** This bug is no longer flagged as a security vulnerability

** Changed in: cobbler-enlist (Ubuntu)
   Importance: Undecided => High

** Changed in: cobbler-enlist (Ubuntu)
       Status: New => Triaged

** Changed in: cobbler-enlist (Ubuntu)
     Assignee: (unassigned) => Canonical Server Team (canonical-server)

** Also affects: cobbler-enlist (Ubuntu Oneiric)
   Importance: High
     Assignee: Canonical Server Team (canonical-server)
       Status: Triaged

** Also affects: cobbler-enlist (Ubuntu P-series)
   Importance: Undecided
       Status: New

** Changed in: cobbler-enlist (Ubuntu P-series)
       Status: New => Triaged

** Changed in: cobbler-enlist (Ubuntu P-series)
   Importance: Undecided => High

** Changed in: cobbler-enlist (Ubuntu P-series)
     Assignee: (unassigned) => Canonical Server Team (canonical-server)

** Changed in: cobbler-enlist (Ubuntu Oneiric)
    Milestone: None => oneiric-updates

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cobbler-enlist in Ubuntu.
https://bugs.launchpad.net/bugs/862558

Title:
  cobbler-enlist is not checking for return codes enough

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cobbler-enlist/+bug/862558/+subscriptions

More information about the Ubuntu-server-bugs mailing list