Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
3 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
10 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 1309355: Error handling issues (CHECKED_RETURN)
________________________________________________________________________________________________________
*** CID 1309355: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssh/dist/auth2-pubkey.c: 477 in subprocess()
471 /* Keep stderr around a while longer to catch errors */
472 if (dup2(devnull, STDIN_FILENO) == -1 ||
473 dup2(p[1], STDOUT_FILENO) == -1) {
474 error("%s: dup2: %s", tag, strerror(errno));
475 _exit(1);
476 }
>>> CID 1309355: Error handling issues (CHECKED_RETURN)
>>> Calling "closefrom(3)" without checking return value. It wraps a library function that may fail and return an error code.
477 closefrom(STDERR_FILENO + 1);
478
479 /* Don't use permanently_set_uid() here to avoid fatal() */
480 if (setgid(pw->pw_gid) == -1) {
481 error("setgid %u: %s", (u_int)pw->pw_gid,
482 strerror(errno));
** CID 1309356: Memory - illegal accesses (STRING_NULL)
/lib/librt/shm.c: 93 in _shm_check_fs()
________________________________________________________________________________________________________
*** CID 1309356: Memory - illegal accesses (STRING_NULL)
/lib/librt/shm.c: 93 in _shm_check_fs()
87 }
88 if ((st.st_mode & SHMFS_DIR_MODE) != SHMFS_DIR_MODE) {
89 return false;
90 }
91
92 if (shmfs == buf) {
>>> CID 1309356: Memory - illegal accesses (STRING_NULL)
>>> Passing unterminated string "buf" to "strcpy", which expects a null-terminated string.
93 strcpy(_shmfs_path_buf, buf);
94 _shmfs_path = _shmfs_path_buf;
95 } else {
96 _shmfs_path = shmfs;
97 }
98 return true;
** CID 1309357: Security best practices violations (TOCTOU)
/crypto/external/bsd/openssh/dist/auth2-pubkey.c: 496 in subprocess()
________________________________________________________________________________________________________
*** CID 1309357: Security best practices violations (TOCTOU)
/crypto/external/bsd/openssh/dist/auth2-pubkey.c: 496 in subprocess()
490 /* stdin is pointed to /dev/null at this point */
491 if (dup2(STDIN_FILENO, STDERR_FILENO) == -1) {
492 error("%s: dup2: %s", tag, strerror(errno));
493 _exit(1);
494 }
495
>>> CID 1309357: Security best practices violations (TOCTOU)
>>> Calling function "execve" that uses "av[0]" after a check function. This can cause a time-of-check, time-of-use race condition.
496 execve(av[0], av, child_env);
497 error("%s exec \"%s\": %s", tag, command, strerror(errno));
498 _exit(127);
499 default: /* parent */
500 break;
501 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/1449?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782
Home |
Main Index |
Thread Index |
Old Index