From 60f1aeb08df80501caf6b17543592de02d61381f Mon Sep 17 00:00:00 2001
From: ShyamsundarR <srangana@redhat.com>
Date: Mon, 30 Jul 2018 14:09:14 -0400
Subject: coverity: Fix remaining SECURE_TEMP issues reported

Two pending SECURE_TEMP issues still exist in the coverity
reports, these are fixed by this patch.

In both instances (where functions actually seem to be
duplicates of each other) the need was for a FILE * and
not an fd. Applied the same pattern in both places as in
other parts of the code where mkstemp was used and later
a FILE * was created from the resulting fd for use.

Coverity report: https://download.gluster.org/pub/gluster/
  glusterfs/static-analysis/master/glusterfs-coverity/
  2018-07-30-4d3c62e7/html/

Issues numbered: 382, 383 (named SECURE_TEMP)

Further added tmpfile to the blacklist, so that future code
changes do not add the same, into symbol-check.sh.

Also corrected shellcheck errors in symbol-check.sh as a
result of updating the same.

Updates: bz#789278

Change-Id: I1d572a16ca5b5df2f597aeaa5f454fad34c8296e
Signed-off-by: ShyamsundarR <srangana@redhat.com>
---
 tests/basic/symbol-check.sh | 33 ++++++++++++++++++++++++++++++---
 1 file changed, 30 insertions(+), 3 deletions(-)

(limited to 'tests')

diff --git a/tests/basic/symbol-check.sh b/tests/basic/symbol-check.sh
index f84d591facb..0f8243ca731 100755
--- a/tests/basic/symbol-check.sh
+++ b/tests/basic/symbol-check.sh
@@ -13,6 +13,8 @@ syscalls32=$'creat\nfallocate\nftruncate\n__fxstat\n__fxstatat\n\
 lseek\n__lxstat\nopenat\nreaddir\nstatvfs\ntruncate\nstat\n\
 preadv\npwritev\npread\npwrite'
 
+glibccalls=$'tmpfile'
+
 exclude_files=$'/libglusterfs/src/.libs/libglusterfs_la-syscall.o\n\
 /libglusterfs/src/.libs/libglusterfs_la-gen_uuid.o\n\
 /contrib/fuse-util/fusermount.o\n\
@@ -33,13 +35,14 @@ function main()
     done
 
     local retval=0
-    local t=$(nm ${1} | grep " U " | sed -e "s/  //g" -e "s/ U //g")
+    local t
+    t=$(nm "${1}" | grep " U " | sed -e "s/  //g" -e "s/ U //g")
 
     for symy in ${t}; do
 
         for symx in ${syscalls}; do
 
-            if [[ ${symx} = ${symy} ]]; then
+            if [[ ${symx} = "${symy}" ]]; then
 
                 case ${symx} in
                 "creat64") sym="creat";;
@@ -70,12 +73,36 @@ function main()
 
         for symx in ${syscalls32}; do
 
-            if [[ ${symx} = ${symy} ]]; then
+            if [[ ${symx} = "${symy}" ]]; then
 
                 echo "${1} was not compiled with -D_FILE_OFFSET_BITS=64" >&2
                 retval=1
             fi
         done
+
+        symy_glibc=$(echo "${symy}" | sed -e "s/@@GLIBC.*//g")
+        # Eliminate false positives, check if we have a GLIBC symbol in 'y'
+        if [[ ${symy} != "${symy_glibc}" ]]; then
+            for symx in ${glibccalls}; do
+
+                if [[ ${symx} = "${symy_glibc}" ]]; then
+
+                    case ${symx} in
+                    "tmpfile") alt="mkstemp";;
+                    *) alt="none";;
+                    esac
+
+                    if [[ ${alt} = "none" ]]; then
+                        echo "${1} should not call ${symy_glibc}";
+                    else
+                        echo "${1} should use ${alt} instead of ${symy_glibc}" >&2;
+                    fi
+
+                    retval=1
+                fi
+            done
+        fi
+
     done
 
     if [ ${retval} = 1 ]; then
-- 
cgit