Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

New Defects reported by Coverity Scan for NetBSD-amd64-user

Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
7 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
20 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)
** CID 1018734: Uninitialized variables (UNINIT)
/crypto/external/bsd/openssh/dist/packet.c: 1390 in ssh_packet_read_seqnr()
________________________________________________________________________________________________________
*** CID 1018734: Uninitialized variables (UNINIT)
/crypto/external/bsd/openssh/dist/packet.c: 1390 in ssh_packet_read_seqnr()
1384 */
1385 
1386 int
1387 ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
1388 {
1389 	struct session_state *state = ssh->state;
>>> CID 1018734: Uninitialized variables (UNINIT)
>>> Declaring variable "ms_remain" without initializer.
1390 	int len, r, ms_remain;
1391 	fd_set *setp;
1392 	char buf[8192];
1393 	struct timeval timeout, start, *timeoutp = NULL;
1394 
1395 	DBG(debug("packet_read()"));
** CID 1356384: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssh/dist/ssh-keyscan.c: 317 in keyprint_one()
________________________________________________________________________________________________________
*** CID 1356384: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssh/dist/ssh-keyscan.c: 317 in keyprint_one()
311 	if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL)
312 		fatal("host_hash failed");
313 
314 	hostport = put_host_port(host, ssh_port);
315 	if (!get_cert)
316 		fprintf(stdout, "%s ", hostport);
>>> CID 1356384: Error handling issues (CHECKED_RETURN)
>>> Calling "sshkey_write" without checking return value (as is done elsewhere 9 out of 10 times).
317 	sshkey_write(key, stdout);
318 	fputs("\n", stdout);
319 	free(hostport);
320 }
321 
322 static void
** CID 1356385: Control flow issues (MISSING_BREAK)
/crypto/dist/ipsec-tools/src/racoon/isakmp_ident.c: 175 in ident_i1send()
________________________________________________________________________________________________________
*** CID 1356385: Control flow issues (MISSING_BREAK)
/crypto/dist/ipsec-tools/src/racoon/isakmp_ident.c: 175 in ident_i1send()
169 			plog(LLV_ERROR, LOCATION, NULL,
170 			 "Xauth vendor ID generation failed\n");
171 		else
172 			plist = isakmp_plist_append(plist,
173 			 vid_xauth, ISAKMP_NPTYPE_VID);
174 
>>> CID 1356385: Control flow issues (MISSING_BREAK)
>>> The above case falls through to this one.
175 	case OAKLEY_ATTR_AUTH_METHOD_RSASIG:
176 		if ((vid_unity = set_vendorid(VENDORID_UNITY)) == NULL)
177 			plog(LLV_ERROR, LOCATION, NULL,
178 			 "Unity vendor ID generation failed\n");
179 		else
180 			plist = isakmp_plist_append(plist,
** CID 1356386: (RESOURCE_LEAK)
/crypto/external/bsd/openssh/dist/sshconnect.c: 1547 in maybe_add_key_to_agent()
/crypto/external/bsd/openssh/dist/sshconnect.c: 1555 in maybe_add_key_to_agent()
________________________________________________________________________________________________________
*** CID 1356386: (RESOURCE_LEAK)
/crypto/external/bsd/openssh/dist/sshconnect.c: 1547 in maybe_add_key_to_agent()
1541 		return;
1542 	}
1543 
1544 	if (options.add_keys_to_agent == 2 &&
1545 	 !ask_permission("Add key %s (%s) to agent?", authfile, comment)) {
1546 		debug3("user denied adding this key");
>>> CID 1356386: (RESOURCE_LEAK)
>>> Handle variable "auth_sock" going out of scope leaks the handle.
1547 		return;
1548 	}
1549 
1550 	if ((r = ssh_add_identity_constrained(auth_sock, private, comment, 0,
1551 	 (options.add_keys_to_agent == 3))) == 0)
1552 		debug("identity added to agent: %s", authfile);
1553 	else
1554 		debug("could not add identity to agent: %s (%d)", authfile, r);
/crypto/external/bsd/openssh/dist/sshconnect.c: 1555 in maybe_add_key_to_agent()
1549 
1550 	if ((r = ssh_add_identity_constrained(auth_sock, private, comment, 0,
1551 	 (options.add_keys_to_agent == 3))) == 0)
1552 		debug("identity added to agent: %s", authfile);
1553 	else
1554 		debug("could not add identity to agent: %s (%d)", authfile, r);
>>> CID 1356386: (RESOURCE_LEAK)
>>> Handle variable "auth_sock" going out of scope leaks the handle.
** CID 1356387: Incorrect expression (SIZEOF_MISMATCH)
/usr.bin/infocmp/infocmp.c: 509 in use_terms()
________________________________________________________________________________________________________
*** CID 1356387: Incorrect expression (SIZEOF_MISMATCH)
/usr.bin/infocmp/infocmp.c: 509 in use_terms()
503 use_terms(TERMINAL *term, size_t nuse, char **uterms)
504 {
505 	TERMINAL **terms;
506 	TERMUSERDEF *ud, *tud;
507 	size_t i, j, agree, absent, data;
508 
>>> CID 1356387: Incorrect expression (SIZEOF_MISMATCH)
>>> Passing argument "328UL /* sizeof (**terms) */" to function "ecalloc" and then casting the return value to "TERMINAL **" is suspicious.
509 	terms = ecalloc(nuse, sizeof(**terms));
510 	for (i = 0; i < nuse; i++) {
511 		if (strcmp(term->name, *uterms) == 0)
512 			errx(EXIT_FAILURE, "cannot use same terminal");
513 		for (j = 0; j < i; j++)
514 			if (strcmp(terms[j]->name, *uterms) == 0)
** CID 1356388: Insecure data handling (TAINTED_SCALAR)
/crypto/external/bsd/openssh/dist/kex.c: 367 in kex_input_ext_info()
________________________________________________________________________________________________________
*** CID 1356388: Insecure data handling (TAINTED_SCALAR)
/crypto/external/bsd/openssh/dist/kex.c: 367 in kex_input_ext_info()
361 	int r;
362 
363 	debug("SSH2_MSG_EXT_INFO received");
364 	ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_protocol_error);
365 	if ((r = sshpkt_get_u32(ssh, &ninfo)) != 0)
366 		return r;
>>> CID 1356388: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "ninfo" as a loop boundary.
367 	for (i = 0; i < ninfo; i++) {
368 		if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0)
369 			return r;
370 		if ((r = sshpkt_get_cstring(ssh, &val, NULL)) != 0) {
371 			free(name);
372 			return r;
** CID 1356389: Security best practices violations (TOCTOU)
/crypto/external/bsd/openssh/dist/ssh-keygen.c: 1926 in do_show_cert()
________________________________________________________________________________________________________
*** CID 1356389: Security best practices violations (TOCTOU)
/crypto/external/bsd/openssh/dist/ssh-keygen.c: 1926 in do_show_cert()
1920 
1921 	path = identity_file;
1922 	if (strcmp(path, "-") == 0) {
1923 		f = stdin;
1924 		path = "(stdin)";
1925 		is_stdin = 1;
>>> CID 1356389: Security best practices violations (TOCTOU)
>>> Calling function "fopen" that uses "identity_file" after a check function. This can cause a time-of-check, time-of-use race condition.
1926 	} else if ((f = fopen(identity_file, "r")) == NULL)
1927 		fatal("fopen %s: %s", identity_file, strerror(errno));
1928 
1929 	while (read_keyfile_line(f, path, line, sizeof(line), &lnum) == 0) {
1930 		sshkey_free(key);
1931 		key = NULL;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-amd64-user?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782
Home | Main Index | Thread Index | Old Index

AltStyle によって変換されたページ (->オリジナル) /