Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-i386-user
- To: undisclosed-recipients:;
- Subject: New Defects reported by Coverity Scan for NetBSD-i386-user
- From: scan-admin%coverity.com@localhost
- Date: Thu, 05 Jun 2014 02:10:56 -0700
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-i386-user
found with Coverity Scan.
Defect(s) Reported-by: Coverity Scan
Showing 13 of 13 defect(s)
** CID 275226: Resource leak (RESOURCE_LEAK)
/external/bsd/openldap/dist/clients/tools/common.c: 1586 in tool_bind()
** CID 982365: Logically dead code (DEADCODE)
/external/bsd/openldap/dist/libraries/libldap/options.c: 136 in
ldap_get_option()
/external/bsd/openldap/dist/libraries/libldap/options.c: 344 in
ldap_get_option()
** CID 982886: Printf arg count mismatch (PW.TOO_MANY_PRINTF_ARGS)
/external/bsd/openldap/dist/libraries/libldap/open.c: 538 in ()
** CID 1220175: Buffer not null terminated (BUFFER_SIZE_WARNING)
/libexec/rpc.rstatd/rstat_proc.c: 257 in updatestat()
** CID 1220176: Unchecked return value (CHECKED_RETURN)
/external/bsd/openldap/dist/clients/tools/ldapsearch.c: 1533 in dosearch()
** CID 1220177: Printf arg count mismatch (PW.TOO_MANY_PRINTF_ARGS)
/external/bsd/openldap/dist/libraries/libldap/os-ip.c: 446 in ()
** CID 1220178: Printf arg count mismatch (PW.TOO_MANY_PRINTF_ARGS)
/external/bsd/openldap/dist/libraries/libldap/os-ip.c: 444 in ()
** CID 1220179: Printf arg count mismatch (PW.TOO_MANY_PRINTF_ARGS)
/external/bsd/openldap/dist/libraries/libldap/os-ip.c: 453 in ()
** CID 1220180: Resource leak (RESOURCE_LEAK)
/external/bsd/openldap/dist/clients/tools/ldapsearch.c: 1538 in dosearch()
** CID 1220181: Untrusted pointer read (TAINTED_SCALAR)
/external/bsd/openldap/dist/libraries/libldap/ldif.c: 878 in ldif_read_record()
/external/bsd/openldap/dist/libraries/libldap/ldif.c: 898 in ldif_read_record()
** CID 1220182: Uninitialized scalar variable (UNINIT)
/external/bsd/openldap/dist/clients/tools/common.c: 1572 in tool_bind()
** CID 1220183: Uninitialized pointer read (UNINIT)
/external/bsd/openldap/dist/clients/tools/common.c: 1538 in tool_bind()
** CID 1220184: Unused pointer value (UNUSED_VALUE)
/external/bsd/openldap/dist/clients/tools/common.c: 1945 in print_prepostread()
________________________________________________________________________________________________________
*** CID 275226: Resource leak (RESOURCE_LEAK)
/external/bsd/openldap/dist/clients/tools/common.c: 1586 in tool_bind()
1580 if( matched ) ber_memfree( matched );
1581 if( info ) ber_memfree( info );
1582 if( refs ) ber_memvfree( (void **)refs );
1583
1584 if ( err != LDAP_SUCCESS ) tool_exit( ld, err );
1585 }
>>> CID 275226: Resource leak (RESOURCE_LEAK)
>>> Variable "info" going out of scope leaks the storage it points to.
1586 }
1587 }
1588
1589 void
1590 tool_unbind( LDAP *ld )
1591 {
________________________________________________________________________________________________________
*** CID 982365: Logically dead code (DEADCODE)
/external/bsd/openldap/dist/libraries/libldap/options.c: 136 in
ldap_get_option()
130 switch(option) {
131 case LDAP_OPT_API_INFO: {
132 struct ldapapiinfo *info = (struct ldapapiinfo
*) outvalue;
133
134 if(info == NULL) {
135 /* outvalue must point to an apiinfo
structure */
>>> CID 982365: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement "break;".
136 break; /* LDAP_OPT_ERROR */
137 }
138
139 if(info->ldapai_info_version !=
LDAP_API_INFO_VERSION) {
140 /* api info version mismatch */
141 info->ldapai_info_version =
LDAP_API_INFO_VERSION;
/external/bsd/openldap/dist/libraries/libldap/options.c: 344 in
ldap_get_option()
338
339 case LDAP_OPT_API_FEATURE_INFO: {
340 LDAPAPIFeatureInfo *info = (LDAPAPIFeatureInfo
*) outvalue;
341 int i;
342
343 if(info == NULL)
>>> CID 982365: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement "break;".
344 break; /* LDAP_OPT_ERROR */
345
346 if(info->ldapaif_info_version !=
LDAP_FEATURE_INFO_VERSION) {
347 /* api info version mismatch */
348 info->ldapaif_info_version =
LDAP_FEATURE_INFO_VERSION;
349 break; /* LDAP_OPT_ERROR */
________________________________________________________________________________________________________
*** CID 982886: Printf arg count mismatch (PW.TOO_MANY_PRINTF_ARGS)
/external/bsd/openldap/dist/libraries/libldap/open.c: 538 in ()
532 LDAP *ld;
533
534 if ( old == NULL ) {
535 return( NULL );
536 }
537
>>> CID 982886: Printf arg count mismatch (PW.TOO_MANY_PRINTF_ARGS)
>>> the format string ends before this argument
538 Debug( LDAP_DEBUG_TRACE, "ldap_dup\n", 0, 0, 0 );
539
540 if ( (ld = (LDAP *) LDAP_CALLOC( 1, sizeof(LDAP) )) == NULL ) {
541 return( NULL );
542 }
543
________________________________________________________________________________________________________
*** CID 1220175: Buffer not null terminated (BUFFER_SIZE_WARNING)
/libexec/rpc.rstatd/rstat_proc.c: 257 in updatestat()
251 if (ifps == NULL) {
252 syslog(LOG_ERR, "can't read interface list from
kernel");
253 exit(1);
254 }
255 s = socket(AF_INET, SOCK_DGRAM, 0);
256 for (i = 0; s != -1 && ifps[i].if_name != NULL; ++i) {
>>> CID 1220175: Buffer not null terminated (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 16 bytes on destination
>>> array "ifdr.ifdr_name" of size 16 bytes might leave the destination string
>>> unterminated.
257 strncpy(ifdr.ifdr_name, ifps[i].if_name,
sizeof(ifdr.ifdr_name));
258 if (ioctl(s, SIOCGIFDATA, &ifdr) != 0)
259 continue;
260 stats_all.s3.if_ipackets += ifdr.ifdr_data.ifi_ipackets;
261 stats_all.s3.if_opackets += ifdr.ifdr_data.ifi_opackets;
262 stats_all.s3.if_ierrors += ifdr.ifdr_data.ifi_ierrors;
________________________________________________________________________________________________________
*** CID 1220176: Unchecked return value (CHECKED_RETURN)
/external/bsd/openldap/dist/clients/tools/ldapsearch.c: 1533 in dosearch()
1527
1528 if ( ldapsync && sync_slimit != -1 &&
1529 nresponses_psearch >=
sync_slimit ) {
1530 BerElement *msgidber = NULL;
1531 struct berval *msgidvalp = NULL;
1532 msgidber = ber_alloc_t(LBER_USE_DER);
>>> CID 1220176: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "ber_printf(msgidber, "{i}", msgid)".
1533 ber_printf(msgidber, "{i}", msgid);
1534 ber_flatten(msgidber, &msgidvalp);
1535 ldap_extended_operation(ld,
LDAP_EXOP_CANCEL,
1536 msgidvalp, NULL, NULL,
&cancel_msgid);
1537 nresponses_psearch = -1;
1538 }
________________________________________________________________________________________________________
*** CID 1220177: Printf arg count mismatch (PW.TOO_MANY_PRINTF_ARGS)
/external/bsd/openldap/dist/libraries/libldap/os-ip.c: 446 in ()
440 if ( opt_tv && ldap_pvt_ndelay_on(ld, s) == -1 )
441 return ( -1 );
442
443 do{
444 osip_debug(ld, "attempting to connect: \n", 0, 0, 0);
445 if ( connect(s, sin, addrlen) != AC_SOCKET_ERROR ) {
>>> CID 1220177: Printf arg count mismatch (PW.TOO_MANY_PRINTF_ARGS)
>>> the format string ends before this argument
446 osip_debug(ld, "connect success\n", 0, 0, 0);
447
448 if ( opt_tv && ldap_pvt_ndelay_off(ld, s) == -1
)
449 return ( -1 );
450 return ( 0 );
451 }
________________________________________________________________________________________________________
*** CID 1220178: Printf arg count mismatch (PW.TOO_MANY_PRINTF_ARGS)
/external/bsd/openldap/dist/libraries/libldap/os-ip.c: 444 in ()
438 s, opt_tv ? (intmax_t)tv.tv_sec : -1, async);
439
440 if ( opt_tv && ldap_pvt_ndelay_on(ld, s) == -1 )
441 return ( -1 );
442
443 do{
>>> CID 1220178: Printf arg count mismatch (PW.TOO_MANY_PRINTF_ARGS)
>>> the format string ends before this argument
444 osip_debug(ld, "attempting to connect: \n", 0, 0, 0);
445 if ( connect(s, sin, addrlen) != AC_SOCKET_ERROR ) {
446 osip_debug(ld, "connect success\n", 0, 0, 0);
447
448 if ( opt_tv && ldap_pvt_ndelay_off(ld, s) == -1
)
449 return ( -1 );
________________________________________________________________________________________________________
*** CID 1220179: Printf arg count mismatch (PW.TOO_MANY_PRINTF_ARGS)
/external/bsd/openldap/dist/libraries/libldap/os-ip.c: 453 in ()
447
448 if ( opt_tv && ldap_pvt_ndelay_off(ld, s) == -1
)
449 return ( -1 );
450 return ( 0 );
451 }
452 err = sock_errno();
>>> CID 1220179: Printf arg count mismatch (PW.TOO_MANY_PRINTF_ARGS)
>>> the format string ends before this argument
453 osip_debug(ld, "connect errno: %d\n", err, 0, 0);
454
455 } while(err == EINTR &&
456 LDAP_BOOL_GET( &ld->ld_options, LDAP_BOOL_RESTART ));
457
458 if ( err != EINPROGRESS && err != EWOULDBLOCK ) {
________________________________________________________________________________________________________
*** CID 1220180: Resource leak (RESOURCE_LEAK)
/external/bsd/openldap/dist/clients/tools/ldapsearch.c: 1538 in dosearch()
1532 msgidber = ber_alloc_t(LBER_USE_DER);
1533 ber_printf(msgidber, "{i}", msgid);
1534 ber_flatten(msgidber, &msgidvalp);
1535 ldap_extended_operation(ld,
LDAP_EXOP_CANCEL,
1536 msgidvalp, NULL, NULL,
&cancel_msgid);
1537 nresponses_psearch = -1;
>>> CID 1220180: Resource leak (RESOURCE_LEAK)
>>> Variable "msgidvalp" going out of scope leaks the storage it points to.
1538 }
1539 }
1540
1541 ldap_msgfree( res );
1542 }
1543
________________________________________________________________________________________________________
*** CID 1220181: Untrusted pointer read (TAINTED_SCALAR)
/external/bsd/openldap/dist/libraries/libldap/ldif.c: 878 in ldif_read_record()
872 if ( line[0] == '#' ) {
873 top_comment = 1;
874 } else if ( ! ( top_comment && line[0]
== ' ' ) ) {
875 /* Found a new entry */
876 found_entry = 1;
877
>>> CID 1220181: Untrusted pointer read (TAINTED_SCALAR)
>>> Using tainted variable "(unsigned char)line[0]" as an index to pointer
>>> "_ctype_tab_ + 1".
878 if ( isdigit( (unsigned char)
line[0] ) ) {
879 /* skip index */
880 continue;
881 }
882 if ( !strncasecmp( line,
"include:",
883 STRLENOF("include:"))) {
/external/bsd/openldap/dist/libraries/libldap/ldif.c: 898 in ldif_read_record()
892 if ( line[len-1] ==
'\r' ) {
893 len--;
894 line[len] =
'\0';
895 }
896
897 ptr = line +
STRLENOF("include:");
>>> CID 1220181: Untrusted pointer read (TAINTED_SCALAR)
>>> Using tainted variable "(unsigned char)*ptr" as an index to pointer
>>> "_ctype_tab_ + 1".
898 while
(isspace((unsigned char) *ptr)) ptr++;
899 fp2 = ldif_open_url(
ptr );
900 if ( fp2 ) {
901 LDIFFP *lnew =
ber_memalloc( sizeof( LDIFFP ));
902 if ( lnew ==
NULL ) {
903 fclose(
fp2 );
________________________________________________________________________________________________________
*** CID 1220182: Uninitialized scalar variable (UNINIT)
/external/bsd/openldap/dist/clients/tools/common.c: 1572 in tool_bind()
1566 #endif
1567
1568 if ( ctrls ) {
1569 ldap_controls_free( ctrls );
1570 }
1571
>>> CID 1220182: Uninitialized scalar variable (UNINIT)
>>> Using uninitialized value "err".
1572 if ( err != LDAP_SUCCESS
1573 || msgbuf[0]
1574 || ( matched && matched[ 0 ] )
1575 || ( info && info[ 0 ] )
1576 || refs )
1577 {
________________________________________________________________________________________________________
*** CID 1220183: Uninitialized pointer read (UNINIT)
/external/bsd/openldap/dist/clients/tools/common.c: 1538 in tool_bind()
1532 tool_perror( "ldap_bind parse result",
rc, NULL, matched, info, refs );
1533 tool_exit( ld, LDAP_LOCAL_ERROR );
1534 }
1535 }
1536
1537 #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
>>> CID 1220183: Uninitialized pointer read (UNINIT)
>>> Using uninitialized value "ctrls".
1538 if ( ctrls && ppolicy ) {
1539 LDAPControl *ctrl;
1540 int expire, grace, len = 0;
1541 LDAPPasswordPolicyError pErr = -1;
1542
1543 ctrl = ldap_control_find(
LDAP_CONTROL_PASSWORDPOLICYRESPONSE,
________________________________________________________________________________________________________
*** CID 1220184: Unused pointer value (UNUSED_VALUE)
/external/bsd/openldap/dist/clients/tools/common.c: 1945 in print_prepostread()
1939 char *ptr;
1940
1941 str = malloc( bv.bv_len + STRLENOF(":
") + 1 );
1942
1943 ptr = str;
1944 ptr = lutil_strncopy( ptr, bv.bv_val,
bv.bv_len );
>>> CID 1220184: Unused pointer value (UNUSED_VALUE)
>>> Pointer "ptr" returned by "lutil_strcopy(ptr, ": ")" is never used.
1945 ptr = lutil_strcopy( ptr, ": " );
1946 }
1947
1948 for ( i = 0; vals[ i ].bv_val != NULL; i++ ) {
1949 tool_write_ldif(
1950 ldif ? LDIF_PUT_COMMENT :
LDIF_PUT_VALUE,
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
http://scan.coverity.com/projects/1448?tab=overview
To unsubscribe from the email notification for new defects,
http://scan5.coverity.com/cgi-bin/unsubscribe.py
Home |
Main Index |
Thread Index |
Old Index