Kruti [Tue, 21 May 2024 05:58:13 +0000 (22:58 -0700)]
Verify the xmlsec version before passing the compiler flag "-DXMLSEC_NO_SIZE_T",
as it has been deprecated since 1.3.3.
The configure option "--enable-size-t" has been set to yes by default starting
with 1.3.0.
version < 1.3.0 :
Add "-DXMLSEC_NO_SIZE_T" if size_t has a size other than 4 bytes.
(There was no enable-size-t before 1.2.35 and the enable-size-t is
"no" by default in [1.2.35, 1.3.0))
version >= 1.3.0 :
Do not add "-DXMLSEC_NO_SIZE_T" (as enable-size-t is "yes" by
default in version [1.3.0, 1.3.3) and no need to consider this
option since 1.3.3)
Kruti [Tue, 21 May 2024 05:58:12 +0000 (22:58 -0700)]
[Coverity]: UNINIT in resolutionSet finding from static application
security testing (SAST)
resolutionSet.c -- 1 issue reported in the file
issue: capabilityArray not initialized or partially initialized when
reaching the statement.
impact: False-positive
fix: suppress 'uninit_use_in_call'
VMTools_WrapArray converts the capabilityArray to a GArray.
The 'wrapped' array is allocated space for capabilityCount elements and
only the first capabilityCount elements are COPIED from capabilityArray
to the allocated GArray. As such, the uninitialized elements of the
capabilityArray are never used to generate the returned GArray. While
technically true (uninitialized) there is no reason to zero the array
indexes from capabilityCount through to the end of the array as these
elements are unused.
Kruti [Tue, 21 May 2024 05:58:12 +0000 (22:58 -0700)]
Fix LOCK_EVASION issue found by Coverity scan.
fileLogger.c -- 2 issues reported in file
issue: MultiReader/SingleWriter lock race conditions between assign and
check.
fix: Mitigation more than fix.
issue: Coverity seems confused by the MR/SW lock, but there is some data
field assignment performed under the wrong lock to clean up.
fix: Move assignment made under Read lock to Write lock.
Moved setting the data->error status inside of writer lock block.
Added re-checking the data->error status at reader -> writer and
writer -> reader lock transitions.
Kruti [Fri, 3 May 2024 16:27:03 +0000 (09:27 -0700)]
Update ChangeLog with the granular push of May 3, 2024.
- plus Copyright modification of files vmxnet3_defs.h and
get-connection-info.sh.
- plus ChangeLog update of Apr 7, 2024.
Kruti [Fri, 3 May 2024 16:05:45 +0000 (09:05 -0700)]
ProcManagerPosix.c: Direct child process's logs to stdio.
Mutexes in lib/libvmtools/vmtoolsLog.c and glib could have been locked
at fork time. The vmtoolsLog.c Debug(), Warning() and Panic()functions
are not safe for child processes.
- Direct the offspring process's logs to stdio.
- Terminate the offspring process with _exit() or abort().
Kruti [Fri, 3 May 2024 16:05:45 +0000 (09:05 -0700)]
Service Discovery data collection duration takes > 70 minutes when
monitoring large setups.
The issue happens on vrops node VMs that are part of large clusters
because these kind of nodes typically have a large amount of tcp/udp
connections. The root cause of the issue is an enormous number of
spaces generated by "ss -antup | grep -E $pattern" command in
get-connection-info.sh. The SDMP plugin considers these spaces while
calculating the chunk size for writing into NDB and writing about 200-400
chunks for the get-connection-info key. Processing of this amount of
data slows down the discovery process on both the adapter and plugin sides
and, as a result, the discovery exceeds the timing limit and fails.
The solution is to remove unnecessary spaces from the end of the
get-connection-info output lines.
Kruti [Fri, 3 May 2024 16:05:45 +0000 (09:05 -0700)]
Fixes for issues found in Coverity scan.
vgauth/serviceImpl/saml-xmlsec1.c
issue: 'string_null' for strlen(pemCert)
impact: False-positive
fix: suppress 'string_null'
issue: leaked_storage: certChain is not cleaned up on error.
impact: Memory is leaked on the error path.
fix: Add line before return to free certChain.
services/plugins/serviceDiscovery/serviceDiscovery.c
issue: overrun-local: gdpErrMsgs array contains one less entry then there are
enum defined.
impact: Valid but the function never return the GDP_ERR_MAX enum.
fix: in gdp.h, add an error entry for GDP_ERR_MAX this way gdpErrMsgs will
generate all entries.
lib/file/fileLockPosix.c
issue: string_null for 'buffer' not being null terminated.
impact: False-positive
fix: suppress 'string_null'
Kruti [Fri, 3 May 2024 16:05:45 +0000 (09:05 -0700)]
Fix the SHELLCHECK_WARNING findings from static application security testing
(SAST)
install/Linux/scripts/network: Multiple shellcheck issues found in the
Linux "network" script with the warning "Remove backticks to avoid
executing output (or use eval if intentional)."
Removed the backticks from those corresponding lines of the script.
Kruti [Fri, 3 May 2024 16:05:45 +0000 (09:05 -0700)]
[Coverity]: Fix the Y2K38_SAFETY findings from static application security
testing (SAST)
guestInfoServer.c -- 2 issues reported in file
issue: casting time_t (64bits) to int (32bits) causing Y2K38_SAFETY.
impact: delta is a time delta in seconds, overflow if delta >=
(G_MAXINT/1000)+1
fix: Remove cast on delta, cast both values as int64.
issue: casting time_t to int for logging to a '%d'.
impact: delta is a time delta in seconds, not expected to overflow a 32 bit
int.
fix: Remove cast on delta, change string to use '%"FMT64"d' format and cast
the time_t to int64; time_t is defined as 'long int'.
vixTools.c -- 7 issues reported in file
issue: casting time_t to int for convertion to string (xml)
impact: procStartTime is a time from epoch, it will overflow the int in Y2K38.
fix: Remove the cast, change the string to use '%"FMT64"d"' and cast the
time_t to int64; time_t is defined as 'long int'.
issues: casting time_t to int in call to VixToolsPrintProcInfoEx.
impact: The times used are time from epoch and will be impacted by Y2K38.
fix: Change signature of VixToolsPrintProcInfoEx to take in time_t types.
Change VixToolsPrintProcInfoEx to use '%"FMT64"d' in string conversions.
and cast the time_t to int64; time_t is defined as 'long int'.
Kruti [Fri, 3 May 2024 16:05:44 +0000 (09:05 -0700)]
GuestOS: Explicitly identify Flatcar Linux
We support a VMX guestOS string for Flatcar Linux ("flatcar-64").
Update the guest identification code to report Flatcar, rather than
generically (other linux <n> - 64).
Update NetworkManager calls in suspend/resume scripts.
Revise the NetworkManager calls in the Linux network script to
prefer using the Sleep method over the "Enable" method being used
to work around a bug in version 0.9.0.
Linux network log file permissions fix: 0644 to 0600
Since release 11.3.5, on linux guests, the vmware-network.log file has root
default file creation permissions (0644) rather than the expected 0600
permissions.
Fix:
- Adding chmod 0600 on log file creation.
- Adding file creation before first logging.
- Adding handling of unset handler in case switch, default to file logging.
- Adding logging of unknown or bad handler, and using file logging as default.
- Default number of logfiles when network.maxOldLogFiles is set to 0.
John Wolfe [Fri, 22 Mar 2024 21:08:29 +0000 (14:08 -0700)]
open-vm-tools 12.4.0 released at this point.
=================================================
Update of the ChangeLog with the final changes in preparation for
the open-vm-tools 12.4.0 release.
John Wolfe [Fri, 22 Mar 2024 20:53:03 +0000 (13:53 -0700)]
Correct build number strings in the build_number.h header file.
Synch the Broadcom copyright capitalization with that in official
source repo. - 4 files.
This change allows empty/0 byte payload to be sent from GDP Plugin on guest
to the gdp daemon on host when querying for subscriber presence,
without publishing the data to the subscribers.
This change allows empty/0 byte payload to be sent from GDP Plugin on guest
to the gdp daemon on host when querying for subscriber presence,
without publishing the data to the subscribers.
Kruti [Mon, 19 Feb 2024 14:32:44 +0000 (06:32 -0800)]
lib/file/file.c: Handle EACCES during File_CreateDirectoryHierarchyEx
On DELL thinOS, while creating an existing dir in a path without write
permission, mkdir returns EACCES. This breaks the directory
hierarchy check.
This patch handles the EACCES by checking the file with euidaccess
after an EACCES failure.
projects / thirdparty / open-vm-tools.git / log
