[Swan-dev] FYI: recent Coverity warnings

Fri Sep 15 23:00:17 UTC 2017

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)

** CID 1456790:    (MIXED_ENUMS)
/programs/pluto/ikev1_spdb_struct.c: 2574 in parse_ipsec_sa_body()
/programs/pluto/ikev1_spdb_struct.c: 2575 in parse_ipsec_sa_body()
/programs/pluto/ikev1_spdb_struct.c: 2576 in parse_ipsec_sa_body()
/programs/pluto/ikev1_spdb_struct.c: 2578 in parse_ipsec_sa_body()
/programs/pluto/ikev1_spdb_struct.c: 2596 in parse_ipsec_sa_body()

________________________________________________________________________________________________________
*** CID 1456790:    (MIXED_ENUMS)
/programs/pluto/ikev1_spdb_struct.c: 2574 in parse_ipsec_sa_body()
2568     						esp_attrs.transattrs.ta_ikev1_encrypt,
2569     						esp_attrs.transattrs.enckeylen);
2570     				}
2571     
2572     				if (ugh != NULL) {
2573     					switch (esp_attrs.transattrs.ta_ikev1_encrypt) {
>>>     CID 1456790:    (MIXED_ENUMS)
>>>     But this case, "ESP_AES", is of different type "enum ipsec_cipher_algo".
2574     					case ESP_AES:
2575     					case ESP_CAMELLIA:
2576     					case ESP_3DES:
2577     						break;
2578     					case ESP_NULL:
2579     						if (esp_attrs.transattrs.ta_integ == &ike_alg_integ_none) {
/programs/pluto/ikev1_spdb_struct.c: 2575 in parse_ipsec_sa_body()
2569     						esp_attrs.transattrs.enckeylen);
2570     				}
2571     
2572     				if (ugh != NULL) {
2573     					switch (esp_attrs.transattrs.ta_ikev1_encrypt) {
2574     					case ESP_AES:
>>>     CID 1456790:    (MIXED_ENUMS)
>>>     But this case, "ESP_CAMELLIA", is of different type "enum ipsec_cipher_algo".
2575     					case ESP_CAMELLIA:
2576     					case ESP_3DES:
2577     						break;
2578     					case ESP_NULL:
2579     						if (esp_attrs.transattrs.ta_integ == &ike_alg_integ_none) {
2580     							loglog(RC_LOG_SERIOUS,
/programs/pluto/ikev1_spdb_struct.c: 2576 in parse_ipsec_sa_body()
2570     				}
2571     
2572     				if (ugh != NULL) {
2573     					switch (esp_attrs.transattrs.ta_ikev1_encrypt) {
2574     					case ESP_AES:
2575     					case ESP_CAMELLIA:
>>>     CID 1456790:    (MIXED_ENUMS)
>>>     But this case, "ESP_3DES", is of different type "enum ipsec_cipher_algo".
2576     					case ESP_3DES:
2577     						break;
2578     					case ESP_NULL:
2579     						if (esp_attrs.transattrs.ta_integ == &ike_alg_integ_none) {
2580     							loglog(RC_LOG_SERIOUS,
2581     							       "ESP_NULL requires auth algorithm");
/programs/pluto/ikev1_spdb_struct.c: 2578 in parse_ipsec_sa_body()
2572     				if (ugh != NULL) {
2573     					switch (esp_attrs.transattrs.ta_ikev1_encrypt) {
2574     					case ESP_AES:
2575     					case ESP_CAMELLIA:
2576     					case ESP_3DES:
2577     						break;
>>>     CID 1456790:    (MIXED_ENUMS)
>>>     But this case, "ESP_NULL", is of different type "enum ipsec_cipher_algo".
2578     					case ESP_NULL:
2579     						if (esp_attrs.transattrs.ta_integ == &ike_alg_integ_none) {
2580     							loglog(RC_LOG_SERIOUS,
2581     							       "ESP_NULL requires auth algorithm");
2582     							return BAD_PROPOSAL_SYNTAX;
2583     						}
/programs/pluto/ikev1_spdb_struct.c: 2596 in parse_ipsec_sa_body()
2590     									ipstr(&c->spd.that.host_addr, &b));
2591     							});
2592     							continue; /* try another */
2593     						}
2594     						break;
2595     
>>>     CID 1456790:    (MIXED_ENUMS)
>>>     But this case, "ESP_DES", is of different type "enum ipsec_cipher_algo".
2596     					case ESP_DES: /* NOT safe */
2597     						loglog(RC_LOG_SERIOUS,
2598     						       "1DES was proposed, it is insecure and was rejected");
2599     						/* FALL THROUGH */
2600     					default:
2601     						{

** CID 1456789:  Null pointer dereferences  (FORWARD_NULL)
/testing/enumcheck/enumcheck.c: 162 in test_enum_enum()


________________________________________________________________________________________________________
*** CID 1456789:  Null pointer dereferences  (FORWARD_NULL)
/testing/enumcheck/enumcheck.c: 162 in test_enum_enum()
156     		printf("ERROR\n");
157     	}
158     
159     	LSWBUF(buf) {
160     		printf(PREFIX "lswlog_enum_enum %lu %lu: ", table, val);
161     		lswlog_enum_enum(buf, een, table, val);
>>>     CID 1456789:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "name" to "strcmp", which dereferences it.
162     		if (val_ok && streq(buf->array, name)) {
163     			printf("OK\n");
164     		} else if (strlen(buf->array) > 0) {
165     			printf("OK\n");
166     		} else {
167     			printf("ERROR [empty]\n");

** CID 1456788:  Incorrect expression  (MIXED_ENUMS)
/programs/pluto/ikev1_spdb_struct.c: 1625 in init_aggr_st_oakley()


________________________________________________________________________________________________________
*** CID 1456788:  Incorrect expression  (MIXED_ENUMS)
/programs/pluto/ikev1_spdb_struct.c: 1625 in init_aggr_st_oakley()
1619     	passert(enc->type.oakley == OAKLEY_ENCRYPTION_ALGORITHM);
1620     	/*
1621     	 * XXX: Always assign both .ta_encrypt and .ta_encrypt - it makes
1622     	 * auditing easier.
1623     	 */
1624     	ta.ta_ikev1_encrypt = enc->val;         /* OAKLEY_ENCRYPTION_ALGORITHM */
>>>     CID 1456788:  Incorrect expression  (MIXED_ENUMS)
>>>     Mixing enum types "enum ikev1_auth_method" and "enum ikev1_encr_attribute" for "ta_ikev1_encrypt".
1625     	ta.ta_encrypt = ikev1_get_ike_encrypt_desc(ta.ta_ikev1_encrypt);
1626     	passert(ta.ta_encrypt != NULL);
1627     
1628     	if (trans->attr_cnt == 5) {
1629     		struct db_attr *enc_keylen;
1630     		enc_keylen = &trans->attrs[4];