Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-i386-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-i386-user found with Coverity Scan.
7 new defect(s) introduced to NetBSD-i386-user found with Coverity Scan.
20 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)
** CID 1018734: Uninitialized variables (UNINIT)
/crypto/external/bsd/openssh/dist/packet.c: 1390 in ssh_packet_read_seqnr()
________________________________________________________________________________________________________
*** CID 1018734: Uninitialized variables (UNINIT)
/crypto/external/bsd/openssh/dist/packet.c: 1390 in ssh_packet_read_seqnr()
1384 */
1385
1386 int
1387 ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
1388 {
1389 struct session_state *state = ssh->state;
>>> CID 1018734: Uninitialized variables (UNINIT)
>>> Declaring variable "ms_remain" without initializer.
1390 int len, r, ms_remain;
1391 fd_set *setp;
1392 char buf[8192];
1393 struct timeval timeout, start, *timeoutp = NULL;
1394
1395 DBG(debug("packet_read()"));
** CID 1356384: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssh/dist/ssh-keyscan.c: 317 in keyprint_one()
________________________________________________________________________________________________________
*** CID 1356384: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssh/dist/ssh-keyscan.c: 317 in keyprint_one()
311 if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL)
312 fatal("host_hash failed");
313
314 hostport = put_host_port(host, ssh_port);
315 if (!get_cert)
316 fprintf(stdout, "%s ", hostport);
>>> CID 1356384: Error handling issues (CHECKED_RETURN)
>>> Calling "sshkey_write" without checking return value (as is done elsewhere 9 out of 10 times).
317 sshkey_write(key, stdout);
318 fputs("\n", stdout);
319 free(hostport);
320 }
321
322 static void
** CID 1356385: Control flow issues (MISSING_BREAK)
/crypto/dist/ipsec-tools/src/racoon/isakmp_ident.c: 175 in ident_i1send()
________________________________________________________________________________________________________
*** CID 1356385: Control flow issues (MISSING_BREAK)
/crypto/dist/ipsec-tools/src/racoon/isakmp_ident.c: 175 in ident_i1send()
169 plog(LLV_ERROR, LOCATION, NULL,
170 "Xauth vendor ID generation failed\n");
171 else
172 plist = isakmp_plist_append(plist,
173 vid_xauth, ISAKMP_NPTYPE_VID);
174
>>> CID 1356385: Control flow issues (MISSING_BREAK)
>>> The above case falls through to this one.
175 case OAKLEY_ATTR_AUTH_METHOD_RSASIG:
176 if ((vid_unity = set_vendorid(VENDORID_UNITY)) == NULL)
177 plog(LLV_ERROR, LOCATION, NULL,
178 "Unity vendor ID generation failed\n");
179 else
180 plist = isakmp_plist_append(plist,
** CID 1356386: (RESOURCE_LEAK)
/crypto/external/bsd/openssh/dist/sshconnect.c: 1547 in maybe_add_key_to_agent()
/crypto/external/bsd/openssh/dist/sshconnect.c: 1555 in maybe_add_key_to_agent()
________________________________________________________________________________________________________
*** CID 1356386: (RESOURCE_LEAK)
/crypto/external/bsd/openssh/dist/sshconnect.c: 1547 in maybe_add_key_to_agent()
1541 return;
1542 }
1543
1544 if (options.add_keys_to_agent == 2 &&
1545 !ask_permission("Add key %s (%s) to agent?", authfile, comment)) {
1546 debug3("user denied adding this key");
>>> CID 1356386: (RESOURCE_LEAK)
>>> Handle variable "auth_sock" going out of scope leaks the handle.
1547 return;
1548 }
1549
1550 if ((r = ssh_add_identity_constrained(auth_sock, private, comment, 0,
1551 (options.add_keys_to_agent == 3))) == 0)
1552 debug("identity added to agent: %s", authfile);
1553 else
1554 debug("could not add identity to agent: %s (%d)", authfile, r);
/crypto/external/bsd/openssh/dist/sshconnect.c: 1555 in maybe_add_key_to_agent()
1549
1550 if ((r = ssh_add_identity_constrained(auth_sock, private, comment, 0,
1551 (options.add_keys_to_agent == 3))) == 0)
1552 debug("identity added to agent: %s", authfile);
1553 else
1554 debug("could not add identity to agent: %s (%d)", authfile, r);
>>> CID 1356386: (RESOURCE_LEAK)
>>> Handle variable "auth_sock" going out of scope leaks the handle.
** CID 1356387: Incorrect expression (SIZEOF_MISMATCH)
/usr.bin/infocmp/infocmp.c: 509 in use_terms()
________________________________________________________________________________________________________
*** CID 1356387: Incorrect expression (SIZEOF_MISMATCH)
/usr.bin/infocmp/infocmp.c: 509 in use_terms()
503 use_terms(TERMINAL *term, size_t nuse, char **uterms)
504 {
505 TERMINAL **terms;
506 TERMUSERDEF *ud, *tud;
507 size_t i, j, agree, absent, data;
508
>>> CID 1356387: Incorrect expression (SIZEOF_MISMATCH)
>>> Passing argument "164U /* sizeof (**terms) */" to function "ecalloc" and then casting the return value to "TERMINAL **" is suspicious.
509 terms = ecalloc(nuse, sizeof(**terms));
510 for (i = 0; i < nuse; i++) {
511 if (strcmp(term->name, *uterms) == 0)
512 errx(EXIT_FAILURE, "cannot use same terminal");
513 for (j = 0; j < i; j++)
514 if (strcmp(terms[j]->name, *uterms) == 0)
** CID 1356388: Insecure data handling (TAINTED_SCALAR)
/crypto/external/bsd/openssh/dist/kex.c: 367 in kex_input_ext_info()
________________________________________________________________________________________________________
*** CID 1356388: Insecure data handling (TAINTED_SCALAR)
/crypto/external/bsd/openssh/dist/kex.c: 367 in kex_input_ext_info()
361 int r;
362
363 debug("SSH2_MSG_EXT_INFO received");
364 ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_protocol_error);
365 if ((r = sshpkt_get_u32(ssh, &ninfo)) != 0)
366 return r;
>>> CID 1356388: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "ninfo" as a loop boundary.
367 for (i = 0; i < ninfo; i++) {
368 if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0)
369 return r;
370 if ((r = sshpkt_get_cstring(ssh, &val, NULL)) != 0) {
371 free(name);
372 return r;
** CID 1356389: Security best practices violations (TOCTOU)
/crypto/external/bsd/openssh/dist/ssh-keygen.c: 1926 in do_show_cert()
________________________________________________________________________________________________________
*** CID 1356389: Security best practices violations (TOCTOU)
/crypto/external/bsd/openssh/dist/ssh-keygen.c: 1926 in do_show_cert()
1920
1921 path = identity_file;
1922 if (strcmp(path, "-") == 0) {
1923 f = stdin;
1924 path = "(stdin)";
1925 is_stdin = 1;
>>> CID 1356389: Security best practices violations (TOCTOU)
>>> Calling function "fopen" that uses "identity_file" after a check function. This can cause a time-of-check, time-of-use race condition.
1926 } else if ((f = fopen(identity_file, "r")) == NULL)
1927 fatal("fopen %s: %s", identity_file, strerror(errno));
1928
1929 while (read_keyfile_line(f, path, line, sizeof(line), &lnum) == 0) {
1930 sshkey_free(key);
1931 key = NULL;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-i386-user?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782
Home |
Main Index |
Thread Index |
Old Index