Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
262 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
45 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 262 defect(s)
** CID 977798: Resource leaks (RESOURCE_LEAK)
/crypto/external/bsd/openssh/dist/sftp.c: 714 in process_put()
________________________________________________________________________________________________________
*** CID 977798: Resource leaks (RESOURCE_LEAK)
/crypto/external/bsd/openssh/dist/sftp.c: 714 in process_put()
708 abs_dst = path_append(tmp_dst, filename);
709 else
710 abs_dst = xstrdup(tmp_dst);
711 } else if (tmp_dst) {
712 abs_dst = path_append(tmp_dst, filename);
713 } else {
>>> CID 977798: Resource leaks (RESOURCE_LEAK)
>>> Overwriting "abs_dst" in "abs_dst = make_absolute(ssh_strdup(filename), pwd)" leaks the storage that "abs_dst" points to.
714 abs_dst = make_absolute(xstrdup(filename), pwd);
715 }
716 free(tmp);
717
718 resume |= global_aflag;
719 if (!quiet && resume)
** CID 996110: Control flow issues (DEADCODE)
/crypto/external/bsd/openssh/dist/krl.c: 1029 in ssh_krl_from_blob()
________________________________________________________________________________________________________
*** CID 996110: Control flow issues (DEADCODE)
/crypto/external/bsd/openssh/dist/krl.c: 1029 in ssh_krl_from_blob()
1023 /* Check signature over entire KRL up to this point */
1024 if ((r = sshkey_verify(key, blob, blen,
1025 sshbuf_ptr(buf), sshbuf_len(buf) - sig_off, 0)) != 0)
1026 goto out;
1027 /* Check if this key has already signed this KRL */
1028 for (i = 0; i < nca_used; i++) {
>>> CID 996110: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement "if (sshkey_equal(ca_used[i]...".
1029 if (sshkey_equal(ca_used[i], key)) {
1030 error("KRL signed more than once with "
1031 "the same key");
1032 r = SSH_ERR_INVALID_FORMAT;
1033 goto out;
1034 }
** CID 1009485: Control flow issues (DEADCODE)
/external/cddl/osnet/dist/uts/common/fs/zfs/dmu.c: 826 in dmu_read_uio()
________________________________________________________________________________________________________
*** CID 1009485: Control flow issues (DEADCODE)
/external/cddl/osnet/dist/uts/common/fs/zfs/dmu.c: 826 in dmu_read_uio()
820 ASSERT(size > 0);
821
822 bufoff = uio->uio_loffset - db->db_offset;
823 tocpy = (int)MIN(db->db_size - bufoff, size);
824
825 if (xuio) {
>>> CID 1009485: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement "dbi = (dmu_buf_impl_t *)db;".
826 dmu_buf_impl_t *dbi = (dmu_buf_impl_t *)db;
827 arc_buf_t *dbuf_abuf = dbi->db_buf;
828 arc_buf_t *abuf = dbuf_loan_arcbuf(dbi);
829 err = dmu_xuio_add(xuio, abuf, bufoff, tocpy);
830 if (!err) {
831 uio->uio_resid -= tocpy;
** CID 1018734: Uninitialized variables (UNINIT)
/crypto/external/bsd/openssh/dist/packet.c: 1265 in ssh_packet_read_seqnr()
________________________________________________________________________________________________________
*** CID 1018734: Uninitialized variables (UNINIT)
/crypto/external/bsd/openssh/dist/packet.c: 1265 in ssh_packet_read_seqnr()
1259 */
1260
1261 int
1262 ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
1263 {
1264 struct session_state *state = ssh->state;
>>> CID 1018734: Uninitialized variables (UNINIT)
>>> Declaring variable "ms_remain" without initializer.
1265 int len, r, ms_remain, cont;
1266 fd_set *setp;
1267 char buf[8192];
1268 struct timeval timeout, start, *timeoutp = NULL;
1269
1270 DBG(debug("packet_read()"));
** CID 1199067: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/apps/s_time.c: 378 in s_time_main()
________________________________________________________________________________________________________
*** CID 1199067: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/apps/s_time.c: 378 in s_time_main()
372 return (1);
373
374 SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
375
376 if (st_bugs)
377 SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
>>> CID 1199067: Error handling issues (CHECKED_RETURN)
>>> No check of the return value of "SSL_CTX_set_cipher_list(tm_ctx, tm_cipher)".
378 SSL_CTX_set_cipher_list(tm_ctx, tm_cipher);
379 if (!set_cert_stuff(tm_ctx, t_cert_file, t_key_file))
380 goto end;
381
382 SSL_load_error_strings();
383
** CID 1269537: Control flow issues (UNREACHABLE)
/external/bsd/ntp/dist/ntpd/refclock_shm.c: 202 in getShmTime()
________________________________________________________________________________________________________
*** CID 1269537: Control flow issues (UNREACHABLE)
/external/bsd/ntp/dist/ntpd/refclock_shm.c: 202 in getShmTime()
196 msyslog(LOG_ERR,"SHM MapViewOfFile (unit %d): %s", unit, buf);
197 return NULL;
198 }
199
200 #endif
201
>>> CID 1269537: Control flow issues (UNREACHABLE)
>>> This code cannot be reached: "return p;".
202 return p;
203 }
204 /*
205 * shm_start - attach to shared memory
206 */
207 static int
** CID 1293642: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssh/dist/serverloop.c: 866 in server_loop2()
________________________________________________________________________________________________________
*** CID 1293642: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssh/dist/serverloop.c: 866 in server_loop2()
860 collect_children();
861 if (!rekeying) {
862 channel_after_select(readset, writeset);
863 if (packet_need_rekeying()) {
864 debug("need rekeying");
865 active_state->kex->done = 0;
>>> CID 1293642: Error handling issues (CHECKED_RETURN)
>>> No check of the return value of "kex_send_kexinit(active_state)".
866 kex_send_kexinit(active_state);
867 }
868 }
869 process_input(readset);
870 if (connection_closed)
871 break;
** CID 1293643: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssh/dist/sshconnect2.c: 1546 in ssh_keysign()
________________________________________________________________________________________________________
*** CID 1293643: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssh/dist/sshconnect2.c: 1546 in ssh_keysign()
1540 fatal("%s: dup2: %s", __func__, strerror(errno));
1541 close(from[1]);
1542 close(to[0]);
1543 /* Close everything but stdio and the socket */
1544 for (i = STDERR_FILENO + 1; i < sock; i++)
1545 close(i);
>>> CID 1293643: Error handling issues (CHECKED_RETURN)
>>> No check of the return value of "closefrom(sock + 1)".
1546 closefrom(sock + 1);
1547 debug3("%s: [child] pid=%ld, exec %s",
1548 __func__, (long)getpid(), _PATH_SSH_KEY_SIGN);
1549 execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0);
1550 fatal("%s: exec(%s): %s", __func__, _PATH_SSH_KEY_SIGN,
1551 strerror(errno));
** CID 1293644: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssh/dist/ssh-keyscan.c: 294 in keyprint()
________________________________________________________________________________________________________
*** CID 1293644: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssh/dist/ssh-keyscan.c: 294 in keyprint()
288 if (!key)
289 return;
290 if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL)
291 fatal("host_hash failed");
292
293 fprintf(stdout, "%s ", host);
>>> CID 1293644: Error handling issues (CHECKED_RETURN)
>>> No check of the return value of "sshkey_write(key, &__sF[1])".
294 sshkey_write(key, stdout);
295 fputs("\n", stdout);
296 }
297
298 static int
299 tcpconnect(char *host)
** CID 1293645: (CONSTANT_EXPRESSION_RESULT)
/crypto/external/bsd/openssh/dist/mac.c: 190 in mac_compute()
/crypto/external/bsd/openssh/dist/mac.c: 190 in mac_compute()
/crypto/external/bsd/openssh/dist/mac.c: 190 in mac_compute()
/crypto/external/bsd/openssh/dist/mac.c: 190 in mac_compute()
________________________________________________________________________________________________________
*** CID 1293645: (CONSTANT_EXPRESSION_RESULT)
/crypto/external/bsd/openssh/dist/mac.c: 190 in mac_compute()
184 ssh_hmac_update(mac->hmac_ctx, b, sizeof(b)) < 0 ||
185 ssh_hmac_update(mac->hmac_ctx, data, datalen) < 0 ||
186 ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0)
187 return SSH_ERR_LIBCRYPTO_ERROR;
188 break;
189 case SSH_UMAC:
>>> CID 1293645: (CONSTANT_EXPRESSION_RESULT)
>>> "(u_int64_t)seqno >> 32" is 0 regardless of the values of its operands. This occurs as the bitwise first operand of '&'.
190 POKE_U64(nonce, seqno);
191 umac_update(mac->umac_ctx, data, datalen);
192 umac_final(mac->umac_ctx, u.m, nonce);
193 break;
194 case SSH_UMAC128:
195 put_u64(nonce, seqno);
/crypto/external/bsd/openssh/dist/mac.c: 190 in mac_compute()
184 ssh_hmac_update(mac->hmac_ctx, b, sizeof(b)) < 0 ||
185 ssh_hmac_update(mac->hmac_ctx, data, datalen) < 0 ||
186 ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0)
187 return SSH_ERR_LIBCRYPTO_ERROR;
188 break;
189 case SSH_UMAC:
>>> CID 1293645: (CONSTANT_EXPRESSION_RESULT)
>>> "(u_int64_t)seqno >> 40" is 0 regardless of the values of its operands. This occurs as the bitwise first operand of '&'.
190 POKE_U64(nonce, seqno);
191 umac_update(mac->umac_ctx, data, datalen);
192 umac_final(mac->umac_ctx, u.m, nonce);
193 break;
194 case SSH_UMAC128:
195 put_u64(nonce, seqno);
/crypto/external/bsd/openssh/dist/mac.c: 190 in mac_compute()
184 ssh_hmac_update(mac->hmac_ctx, b, sizeof(b)) < 0 ||
185 ssh_hmac_update(mac->hmac_ctx, data, datalen) < 0 ||
186 ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0)
187 return SSH_ERR_LIBCRYPTO_ERROR;
188 break;
189 case SSH_UMAC:
>>> CID 1293645: (CONSTANT_EXPRESSION_RESULT)
>>> "(u_int64_t)seqno >> 48" is 0 regardless of the values of its operands. This occurs as the bitwise first operand of '&'.
190 POKE_U64(nonce, seqno);
191 umac_update(mac->umac_ctx, data, datalen);
192 umac_final(mac->umac_ctx, u.m, nonce);
193 break;
194 case SSH_UMAC128:
195 put_u64(nonce, seqno);
/crypto/external/bsd/openssh/dist/mac.c: 190 in mac_compute()
184 ssh_hmac_update(mac->hmac_ctx, b, sizeof(b)) < 0 ||
185 ssh_hmac_update(mac->hmac_ctx, data, datalen) < 0 ||
186 ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0)
187 return SSH_ERR_LIBCRYPTO_ERROR;
188 break;
189 case SSH_UMAC:
>>> CID 1293645: (CONSTANT_EXPRESSION_RESULT)
>>> "(u_int64_t)seqno >> 56" is 0 regardless of the values of its operands. This occurs as the bitwise first operand of '&'.
190 POKE_U64(nonce, seqno);
191 umac_update(mac->umac_ctx, data, datalen);
192 umac_final(mac->umac_ctx, u.m, nonce);
193 break;
194 case SSH_UMAC128:
195 put_u64(nonce, seqno);
** CID 1293646: (CONSTANT_EXPRESSION_RESULT)
/external/bsd/tcpdump/dist/print-bgp.c: 643 in bgp_vpn_sg_print()
/external/bsd/tcpdump/dist/print-bgp.c: 657 in bgp_vpn_sg_print()
________________________________________________________________________________________________________
*** CID 1293646: (CONSTANT_EXPRESSION_RESULT)
/external/bsd/tcpdump/dist/print-bgp.c: 643 in bgp_vpn_sg_print()
637
638 /* Source address length, encoded in bits */
639 ND_TCHECK2(pptr[0], 1);
640 addr_length = *pptr++;
641
642 /* Source address */
>>> CID 1293646: (CONSTANT_EXPRESSION_RESULT)
>>> "(addr_length >> 3) >= 0" is always true regardless of the values of its operands. This occurs as the logical first operand of '&&'.
643 ND_TCHECK2(pptr[0], (addr_length >> 3));
644 total_length += (addr_length >> 3) + 1;
645 offset = strlen(buf);
646 if (addr_length) {
647 snprintf(buf + offset, buflen - offset, ", Source %s",
648 bgp_vpn_ip_print(ndo, pptr, addr_length));
/external/bsd/tcpdump/dist/print-bgp.c: 657 in bgp_vpn_sg_print()
651
652 /* Group address length, encoded in bits */
653 ND_TCHECK2(pptr[0], 1);
654 addr_length = *pptr++;
655
656 /* Group address */
>>> CID 1293646: (CONSTANT_EXPRESSION_RESULT)
>>> "(addr_length >> 3) >= 0" is always true regardless of the values of its operands. This occurs as the logical first operand of '&&'.
657 ND_TCHECK2(pptr[0], (addr_length >> 3));
658 total_length += (addr_length >> 3) + 1;
659 offset = strlen(buf);
660 if (addr_length) {
661 snprintf(buf + offset, buflen - offset, ", Group %s",
662 bgp_vpn_ip_print(ndo, pptr, addr_length));
** CID 1293647: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/external/bsd/tcpdump/dist/print-isakmp.c: 2798 in ikev2_sub_print()
________________________________________________________________________________________________________
*** CID 1293647: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/external/bsd/tcpdump/dist/print-isakmp.c: 2798 in ikev2_sub_print()
2792 while (np) {
2793 pcount++;
2794 ND_TCHECK(*ext);
2795
2796 UNALIGNED_MEMCPY(&e, ext, sizeof(e));
2797
>>> CID 1293647: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(__uint16_t)(0 ? (__uint16_t)((((__uint16_t)e.len & 0xff00) >> 8) | (((__uint16_t)e.len & 0xff) << 8)) : __byte_swap_u16_variable((__uint16_t)e.len)) >= 0" is always true regardless of the values of its operands. This occurs as the logical first operand of '&&'.
2798 ND_TCHECK2(*ext, ntohs(e.len));
2799
2800 depth++;
2801 ND_PRINT((ndo,"\n"));
2802 for (i = 0; i < depth; i++)
2803 ND_PRINT((ndo," "));
** CID 1293648: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/external/bsd/tcpdump/dist/print-isakmp.c: 2621 in ikev1_sub_print()
________________________________________________________________________________________________________
*** CID 1293648: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/external/bsd/tcpdump/dist/print-isakmp.c: 2621 in ikev1_sub_print()
2615
2616 while (np) {
2617 ND_TCHECK(*ext);
2618
2619 UNALIGNED_MEMCPY(&e, ext, sizeof(e));
2620
>>> CID 1293648: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(__uint16_t)(0 ? (__uint16_t)((((__uint16_t)e.len & 0xff00) >> 8) | (((__uint16_t)e.len & 0xff) << 8)) : __byte_swap_u16_variable((__uint16_t)e.len)) >= 0" is always true regardless of the values of its operands. This occurs as the logical first operand of '&&'.
2621 ND_TCHECK2(*ext, ntohs(e.len));
2622
2623 depth++;
2624 ND_PRINT((ndo,"\n"));
2625 for (i = 0; i < depth; i++)
2626 ND_PRINT((ndo," "));
** CID 1293649: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/external/bsd/tcpdump/dist/print-nfs.c: 1216 in parsestatfs()
________________________________________________________________________________________________________
*** CID 1293649: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/external/bsd/tcpdump/dist/print-nfs.c: 1216 in parsestatfs()
1210 if (ndo->ndo_vflag)
1211 ND_PRINT((ndo, " POST:"));
1212 if (!(dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag)))
1213 return (0);
1214 }
1215
>>> CID 1293649: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(v3 ? 52 : 20) >= 0" is always true regardless of the values of its operands. This occurs as the logical first operand of '&&'.
1216 ND_TCHECK2(*dp, (v3 ? NFSX_V3STATFS : NFSX_V2STATFS));
1217
1218 sfsp = (const struct nfs_statfs *)dp;
1219
1220 if (v3) {
1221 ND_PRINT((ndo, " tbytes %" PRIu64 " fbytes %" PRIu64 " abytes %" PRIu64,
** CID 1293650: Control flow issues (DEADCODE)
/crypto/external/bsd/openssh/dist/servconf.c: 2325 in dump_cfg_string()
________________________________________________________________________________________________________
*** CID 1293650: Control flow issues (DEADCODE)
/crypto/external/bsd/openssh/dist/servconf.c: 2325 in dump_cfg_string()
2319
2320 static void
2321 dump_cfg_string(ServerOpCodes code, const char *val)
2322 {
2323 if (val == NULL)
2324 return;
>>> CID 1293650: Control flow issues (DEADCODE)
>>> Execution cannot reach this expression ""none"" inside statement "printf("%s %s\n", lookup_op...".
2325 printf("%s %s\n", lookup_opcode_name(code),
2326 val == NULL ? "none" : val);
2327 }
2328
2329 static void
2330 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals)
** CID 1293651: (DEADCODE)
/external/bsd/tcpdump/dist/print-babel.c: 396 in babel_print_v2()
/external/bsd/tcpdump/dist/print-babel.c: 410 in babel_print_v2()
/external/bsd/tcpdump/dist/print-babel.c: 423 in babel_print_v2()
/external/bsd/tcpdump/dist/print-babel.c: 442 in babel_print_v2()
/external/bsd/tcpdump/dist/print-babel.c: 462 in babel_print_v2()
/external/bsd/tcpdump/dist/print-babel.c: 475 in babel_print_v2()
/external/bsd/tcpdump/dist/print-babel.c: 499 in babel_print_v2()
/external/bsd/tcpdump/dist/print-babel.c: 535 in babel_print_v2()
/external/bsd/tcpdump/dist/print-babel.c: 554 in babel_print_v2()
/external/bsd/tcpdump/dist/print-babel.c: 571 in babel_print_v2()
/external/bsd/tcpdump/dist/print-babel.c: 582 in babel_print_v2()
________________________________________________________________________________________________________
*** CID 1293651: (DEADCODE)
/external/bsd/tcpdump/dist/print-babel.c: 396 in babel_print_v2()
390 case MESSAGE_ACK_REQ: {
391 u_short nonce, interval;
392 if (!ndo->ndo_vflag)
393 ND_PRINT((ndo, " ack-req"));
394 else {
395 ND_PRINT((ndo, "\n\tAcknowledgment Request "));
>>> CID 1293651: (DEADCODE)
>>> Execution cannot reach this statement "goto corrupt;".
396 if(len < 6) goto corrupt;
397 nonce = EXTRACT_16BITS(message + 4);
398 interval = EXTRACT_16BITS(message + 6);
399 ND_PRINT((ndo, "%04x %s", nonce, format_interval(interval)));
400 }
401 }
/external/bsd/tcpdump/dist/print-babel.c: 410 in babel_print_v2()
404 case MESSAGE_ACK: {
405 u_short nonce;
406 if (!ndo->ndo_vflag)
407 ND_PRINT((ndo, " ack"));
408 else {
409 ND_PRINT((ndo, "\n\tAcknowledgment "));
>>> CID 1293651: (DEADCODE)
>>> Execution cannot reach this statement "goto corrupt;".
410 if(len < 2) goto corrupt;
411 nonce = EXTRACT_16BITS(message + 2);
412 ND_PRINT((ndo, "%04x", nonce));
413 }
414 }
415 break;
/external/bsd/tcpdump/dist/print-babel.c: 423 in babel_print_v2()
417 case MESSAGE_HELLO: {
418 u_short seqno, interval;
419 if (!ndo->ndo_vflag)
420 ND_PRINT((ndo, " hello"));
421 else {
422 ND_PRINT((ndo, "\n\tHello "));
>>> CID 1293651: (DEADCODE)
>>> Execution cannot reach this statement "goto corrupt;".
423 if(len < 6) goto corrupt;
424 seqno = EXTRACT_16BITS(message + 4);
425 interval = EXTRACT_16BITS(message + 6);
426 ND_PRINT((ndo, "seqno %u interval %s", seqno, format_interval(interval)));
427 /* Extra data. */
428 if(len > 6)
/external/bsd/tcpdump/dist/print-babel.c: 442 in babel_print_v2()
436 if (!ndo->ndo_vflag)
437 ND_PRINT((ndo, " ihu"));
438 else {
439 u_char address[16];
440 int rc;
441 ND_PRINT((ndo, "\n\tIHU "));
>>> CID 1293651: (DEADCODE)
>>> Execution cannot reach this statement "goto corrupt;".
442 if(len < 6) goto corrupt;
443 txcost = EXTRACT_16BITS(message + 4);
444 interval = EXTRACT_16BITS(message + 6);
445 rc = network_address(message[2], message + 8, len - 6, address);
446 if(rc < 0) { ND_PRINT((ndo, "%s", tstr)); break; }
447 ND_PRINT((ndo, "%s txcost %u interval %s",
/external/bsd/tcpdump/dist/print-babel.c: 462 in babel_print_v2()
456
457 case MESSAGE_ROUTER_ID: {
458 if (!ndo->ndo_vflag)
459 ND_PRINT((ndo, " router-id"));
460 else {
461 ND_PRINT((ndo, "\n\tRouter Id"));
>>> CID 1293651: (DEADCODE)
>>> Execution cannot reach this statement "goto corrupt;".
462 if(len < 10) goto corrupt;
463 ND_PRINT((ndo, " %s", format_id(message + 4)));
464 }
465 }
466 break;
467
/external/bsd/tcpdump/dist/print-babel.c: 475 in babel_print_v2()
469 if (!ndo->ndo_vflag)
470 ND_PRINT((ndo, " nh"));
471 else {
472 int rc;
473 u_char nh[16];
474 ND_PRINT((ndo, "\n\tNext Hop"));
>>> CID 1293651: (DEADCODE)
>>> Execution cannot reach this statement "goto corrupt;".
475 if(len < 2) goto corrupt;
476 rc = network_address(message[2], message + 4, len - 2, nh);
477 if(rc < 0) goto corrupt;
478 ND_PRINT((ndo, " %s", format_address(ndo, nh)));
479 }
480 }
/external/bsd/tcpdump/dist/print-babel.c: 499 in babel_print_v2()
493 } else {
494 u_short interval, seqno, metric;
495 u_char plen;
496 int rc;
497 u_char prefix[16];
498 ND_PRINT((ndo, "\n\tUpdate"));
>>> CID 1293651: (DEADCODE)
>>> Execution cannot reach this statement "goto corrupt;".
499 if(len < 10) goto corrupt;
500 plen = message[4] + (message[2] == 1 ? 96 : 0);
501 rc = network_prefix(message[2], message[4], message[5],
502 message + 12,
503 message[2] == 1 ? v4_prefix : v6_prefix,
504 len - 10, prefix);
/external/bsd/tcpdump/dist/print-babel.c: 535 in babel_print_v2()
529 if (!ndo->ndo_vflag)
530 ND_PRINT((ndo, " request"));
531 else {
532 int rc;
533 u_char prefix[16], plen;
534 ND_PRINT((ndo, "\n\tRequest "));
>>> CID 1293651: (DEADCODE)
>>> Execution cannot reach this statement "goto corrupt;".
535 if(len < 2) goto corrupt;
536 plen = message[3] + (message[2] == 1 ? 96 : 0);
537 rc = network_prefix(message[2], message[3], 0,
538 message + 4, NULL, len - 2, prefix);
539 if(rc < 0) goto corrupt;
540 ND_PRINT((ndo, "for %s",
/external/bsd/tcpdump/dist/print-babel.c: 554 in babel_print_v2()
548 ND_PRINT((ndo, " mh-request"));
549 else {
550 int rc;
551 u_short seqno;
552 u_char prefix[16], plen;
553 ND_PRINT((ndo, "\n\tMH-Request "));
>>> CID 1293651: (DEADCODE)
>>> Execution cannot reach this statement "goto corrupt;".
554 if(len < 14) goto corrupt;
555 seqno = EXTRACT_16BITS(message + 4);
556 rc = network_prefix(message[2], message[3], 0,
557 message + 16, NULL, len - 14, prefix);
558 if(rc < 0) goto corrupt;
559 plen = message[3] + (message[2] == 1 ? 96 : 0);
/external/bsd/tcpdump/dist/print-babel.c: 571 in babel_print_v2()
565 break;
566 case MESSAGE_TSPC :
567 if (!ndo->ndo_vflag)
568 ND_PRINT((ndo, " tspc"));
569 else {
570 ND_PRINT((ndo, "\n\tTS/PC "));
>>> CID 1293651: (DEADCODE)
>>> Execution cannot reach this statement "goto corrupt;".
571 if(len < 6) goto corrupt;
572 ND_PRINT((ndo, "timestamp %u packetcounter %u", EXTRACT_32BITS (message + 4),
573 EXTRACT_16BITS(message + 2)));
574 }
575 break;
576 case MESSAGE_HMAC : {
/external/bsd/tcpdump/dist/print-babel.c: 582 in babel_print_v2()
576 case MESSAGE_HMAC : {
577 if (!ndo->ndo_vflag)
578 ND_PRINT((ndo, " hmac"));
579 else {
580 unsigned j;
581 ND_PRINT((ndo, "\n\tHMAC "));
>>> CID 1293651: (DEADCODE)
>>> Execution cannot reach this statement "goto corrupt;".
582 if(len < 18) goto corrupt;
583 ND_PRINT((ndo, "key-id %u digest-%u ", EXTRACT_16BITS(message + 2), len - 2));
584 for (j = 0; j < len - 2; j++)
585 ND_PRINT((ndo, "%02X", message[4 + j]));
586 }
587 }
** CID 1293652: Null pointer dereferences (FORWARD_NULL)
/crypto/external/bsd/openssh/dist/clientloop.c: 1597 in client_loop()
________________________________________________________________________________________________________
*** CID 1293652: Null pointer dereferences (FORWARD_NULL)
/crypto/external/bsd/openssh/dist/clientloop.c: 1597 in client_loop()
1591
1592 /* Do channel operations unless rekeying in progress. */
1593 if (!rekeying) {
1594 channel_after_select(readset, writeset);
1595 if (need_rekeying || packet_need_rekeying()) {
1596 debug("need rekeying");
>>> CID 1293652: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "active_state->kex".
1597 active_state->kex->done = 0;
1598 if ((r = kex_send_kexinit(active_state)) != 0)
1599 fatal("%s: kex_send_kexinit: %s",
1600 __func__, ssh_err(r));
1601 need_rekeying = 0;
1602 }
** CID 1293653: Null pointer dereferences (FORWARD_NULL)
/crypto/external/bsd/openssh/dist/kex.c: 568 in kex_choose_conf()
________________________________________________________________________________________________________
*** CID 1293653: Null pointer dereferences (FORWARD_NULL)
/crypto/external/bsd/openssh/dist/kex.c: 568 in kex_choose_conf()
562
563 static int
564 kex_choose_conf(struct ssh *ssh)
565 {
566 struct kex *kex = ssh->kex;
567 struct newkeys *newkeys;
>>> CID 1293653: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "peer" = "NULL".
568 char **my = NULL, **peer = NULL;
569 char **cprop, **sprop;
570 int nenc, nmac, ncomp;
571 u_int mode, ctos, need, dh_need, authlen;
572 int log_flag = 0;
573 int r, first_kex_follows;
** CID 1293654: Null pointer dereferences (FORWARD_NULL)
/crypto/external/bsd/openssh/dist/serverloop.c: 865 in server_loop2()
________________________________________________________________________________________________________
*** CID 1293654: Null pointer dereferences (FORWARD_NULL)
/crypto/external/bsd/openssh/dist/serverloop.c: 865 in server_loop2()
859
860 collect_children();
861 if (!rekeying) {
862 channel_after_select(readset, writeset);
863 if (packet_need_rekeying()) {
864 debug("need rekeying");
>>> CID 1293654: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "active_state->kex".
865 active_state->kex->done = 0;
866 kex_send_kexinit(active_state);
867 }
868 }
869 process_input(readset);
870 if (connection_closed)
** CID 1293655: Insecure data handling (INTEGER_OVERFLOW)
/crypto/external/bsd/openssh/dist/packet.c: 1478 in ssh_packet_read_poll1()
________________________________________________________________________________________________________
*** CID 1293655: Insecure data handling (INTEGER_OVERFLOW)
/crypto/external/bsd/openssh/dist/packet.c: 1478 in ssh_packet_read_poll1()
1472 #ifdef PACKET_DEBUG
1473 fprintf(stderr, "read_poll plain: ");
1474 sshbuf_dump(state->incoming_packet, stderr);
1475 #endif
1476
1477 /* Compute packet checksum. */
>>> CID 1293655: Insecure data handling (INTEGER_OVERFLOW)
>>> Subtract operation overflows on operands "sshbuf_len(state->incoming_packet)" and "4UL".
1478 checksum = ssh_crc32(sshbuf_ptr(state->incoming_packet),
1479 sshbuf_len(state->incoming_packet) - 4);
1480
1481 /* Skip padding. */
1482 if ((r = sshbuf_consume(state->incoming_packet, 8 - len % 8)) != 0)
1483 goto out;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/1449?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782 .
Home |
Main Index |
Thread Index |
Old Index