Public bug reported: In performing the MIR audit for cobbler-enlist (bug #860492), I discovred:
- PROBLEM: most xmlrpc_* calls are not doing any error checking, but should be based on looking at code of xmlrpc-c. - RECOMMENDATION: create utility function wrappers for the common xmlrpc-c comamnds, have the cobbler-enlist code use the wrappers, and have the wrappers do all the error checking. Eg: all current uses of xmlrpc_array_new(...) should be changed to use ce_xmlrpc_array_new(...), then ce_xmlrpc_array_new() calls xmlrpc_array_new() and does the necessary error checking and fails. This should be done everywhere that an xmlrpc function is used a lot, and for those things that are used only once, simply do it inline (eg for xmlrpc_server_info_new()). This needs to get fixed so that cobbler-enlist is defensively coded. This must happen before 12.04 and I think it would also be good for SRU. ** Affects: cobbler-enlist (Ubuntu) Importance: High Assignee: Canonical Server Team (canonical-server) Status: Triaged ** Affects: cobbler-enlist (Ubuntu Oneiric) Importance: High Assignee: Canonical Server Team (canonical-server) Status: Triaged ** Affects: cobbler-enlist (Ubuntu P-series) Importance: High Assignee: Canonical Server Team (canonical-server) Status: Triaged ** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability ** Changed in: cobbler-enlist (Ubuntu) Importance: Undecided => High ** Changed in: cobbler-enlist (Ubuntu) Status: New => Triaged ** Changed in: cobbler-enlist (Ubuntu) Assignee: (unassigned) => Canonical Server Team (canonical-server) ** Also affects: cobbler-enlist (Ubuntu Oneiric) Importance: High Assignee: Canonical Server Team (canonical-server) Status: Triaged ** Also affects: cobbler-enlist (Ubuntu P-series) Importance: Undecided Status: New ** Changed in: cobbler-enlist (Ubuntu P-series) Status: New => Triaged ** Changed in: cobbler-enlist (Ubuntu P-series) Importance: Undecided => High ** Changed in: cobbler-enlist (Ubuntu P-series) Assignee: (unassigned) => Canonical Server Team (canonical-server) ** Changed in: cobbler-enlist (Ubuntu Oneiric) Milestone: None => oneiric-updates -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler-enlist in Ubuntu. https://bugs.launchpad.net/bugs/862558 Title: cobbler-enlist is not checking for return codes enough To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler-enlist/+bug/862558/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs