[Swan-dev] FYI: recent Coverity warnings
Andrew Cagney
andrew.cagney at gmail.com
Sun Oct 1 19:16:44 UTC 2017
Just FYI,
The mixed-enum errors are not new.
(the error is also confusing - we're mapping an unsigned onto an enum and
not mixing enums)
Andrew
On 15 September 2017 at 19:00, Antony Antony <antony at phenome.org> wrote:
> New defect(s) Reported-by: Coverity Scan
> Showing 3 of 3 defect(s)
>
> ** CID 1456790: (MIXED_ENUMS)
> /programs/pluto/ikev1_spdb_struct.c: 2574 in parse_ipsec_sa_body()
> /programs/pluto/ikev1_spdb_struct.c: 2575 in parse_ipsec_sa_body()
> /programs/pluto/ikev1_spdb_struct.c: 2576 in parse_ipsec_sa_body()
> /programs/pluto/ikev1_spdb_struct.c: 2578 in parse_ipsec_sa_body()
> /programs/pluto/ikev1_spdb_struct.c: 2596 in parse_ipsec_sa_body()
>
> ____________________________________________________________
> ____________________________________________
> *** CID 1456790: (MIXED_ENUMS)
> /programs/pluto/ikev1_spdb_struct.c: 2574 in parse_ipsec_sa_body()
> 2568
> esp_attrs.transattrs.ta_ikev1_encrypt,
> 2569
> esp_attrs.transattrs.enckeylen);
> 2570 }
> 2571
> 2572 if (ugh != NULL) {
> 2573 switch
> (esp_attrs.transattrs.ta_ikev1_encrypt) {
> >>> CID 1456790: (MIXED_ENUMS)
> >>> But this case, "ESP_AES", is of different type "enum
> ipsec_cipher_algo".
> 2574 case ESP_AES:
> 2575 case ESP_CAMELLIA:
> 2576 case ESP_3DES:
> 2577 break;
> 2578 case ESP_NULL:
> 2579 if
> (esp_attrs.transattrs.ta_integ == &ike_alg_integ_none) {
> /programs/pluto/ikev1_spdb_struct.c: 2575 in parse_ipsec_sa_body()
> 2569
> esp_attrs.transattrs.enckeylen);
> 2570 }
> 2571
> 2572 if (ugh != NULL) {
> 2573 switch
> (esp_attrs.transattrs.ta_ikev1_encrypt) {
> 2574 case ESP_AES:
> >>> CID 1456790: (MIXED_ENUMS)
> >>> But this case, "ESP_CAMELLIA", is of different type "enum
> ipsec_cipher_algo".
> 2575 case ESP_CAMELLIA:
> 2576 case ESP_3DES:
> 2577 break;
> 2578 case ESP_NULL:
> 2579 if
> (esp_attrs.transattrs.ta_integ == &ike_alg_integ_none) {
> 2580
> loglog(RC_LOG_SERIOUS,
> /programs/pluto/ikev1_spdb_struct.c: 2576 in parse_ipsec_sa_body()
> 2570 }
> 2571
> 2572 if (ugh != NULL) {
> 2573 switch
> (esp_attrs.transattrs.ta_ikev1_encrypt) {
> 2574 case ESP_AES:
> 2575 case ESP_CAMELLIA:
> >>> CID 1456790: (MIXED_ENUMS)
> >>> But this case, "ESP_3DES", is of different type "enum
> ipsec_cipher_algo".
> 2576 case ESP_3DES:
> 2577 break;
> 2578 case ESP_NULL:
> 2579 if
> (esp_attrs.transattrs.ta_integ == &ike_alg_integ_none) {
> 2580
> loglog(RC_LOG_SERIOUS,
> 2581
> "ESP_NULL requires auth algorithm");
> /programs/pluto/ikev1_spdb_struct.c: 2578 in parse_ipsec_sa_body()
> 2572 if (ugh != NULL) {
> 2573 switch
> (esp_attrs.transattrs.ta_ikev1_encrypt) {
> 2574 case ESP_AES:
> 2575 case ESP_CAMELLIA:
> 2576 case ESP_3DES:
> 2577 break;
> >>> CID 1456790: (MIXED_ENUMS)
> >>> But this case, "ESP_NULL", is of different type "enum
> ipsec_cipher_algo".
> 2578 case ESP_NULL:
> 2579 if
> (esp_attrs.transattrs.ta_integ == &ike_alg_integ_none) {
> 2580
> loglog(RC_LOG_SERIOUS,
> 2581
> "ESP_NULL requires auth algorithm");
> 2582 return
> BAD_PROPOSAL_SYNTAX;
> 2583 }
> /programs/pluto/ikev1_spdb_struct.c: 2596 in parse_ipsec_sa_body()
> 2590
> ipstr(&c->spd.that.host_addr, &b));
> 2591 });
> 2592 continue;
> /* try another */
> 2593 }
> 2594 break;
> 2595
> >>> CID 1456790: (MIXED_ENUMS)
> >>> But this case, "ESP_DES", is of different type "enum
> ipsec_cipher_algo".
> 2596 case ESP_DES: /* NOT safe
> */
> 2597
> loglog(RC_LOG_SERIOUS,
> 2598 "1DES was
> proposed, it is insecure and was rejected");
> 2599 /* FALL THROUGH */
> 2600 default:
> 2601 {
>
> ** CID 1456789: Null pointer dereferences (FORWARD_NULL)
> /testing/enumcheck/enumcheck.c: 162 in test_enum_enum()
>
> ____________________________________________________________
> ____________________________________________
> *** CID 1456788: Incorrect expression (MIXED_ENUMS)
> /programs/pluto/ikev1_spdb_struct.c: 1625 in init_aggr_st_oakley()
> 1619 passert(enc->type.oakley == OAKLEY_ENCRYPTION_ALGORITHM);
> 1620 /*
> 1621 * XXX: Always assign both .ta_encrypt and .ta_encrypt -
> it makes
> 1622 * auditing easier.
> 1623 */
> 1624 ta.ta_ikev1_encrypt = enc->val; /*
> OAKLEY_ENCRYPTION_ALGORITHM */
> >>> CID 1456788: Incorrect expression (MIXED_ENUMS)
> >>> Mixing enum types "enum ikev1_auth_method" and "enum
> ikev1_encr_attribute" for "ta_ikev1_encrypt".
> 1625 ta.ta_encrypt = ikev1_get_ike_encrypt_desc(ta.
> ta_ikev1_encrypt);
> 1626 passert(ta.ta_encrypt != NULL);
> 1627
> 1628 if (trans->attr_cnt == 5) {
> 1629 struct db_attr *enc_keylen;
> 1630 enc_keylen = &trans->attrs[4];
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20171001/1810d51b/attachment-0001.html>
More information about the Swan-dev
mailing list