[Swan-dev] New Defects reported by Coverity Scan for antonyantony/libreswan

scan-admin at coverity.com scan-admin at coverity.com
Tue Dec 22 11:10:28 UTC 2020 

Hi,

Please find the latest report on new defect(s) introduced to antonyantony/libreswan found with Coverity Scan.

5 new defect(s) introduced to antonyantony/libreswan found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 1500384:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/programs/pluto/ikev1_quick.c: 794 in quick_outI1_continue_tail()


________________________________________________________________________________________________________
*** CID 1500384:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/programs/pluto/ikev1_quick.c: 794 in quick_outI1_continue_tail()
788     	/* SA out */
789     
790     	/* Emit SA payload based on a subset of the policy bits.
791     	 * POLICY_COMPRESS is considered iff we can do IPcomp.
792     	 */
793     	{
>>>     CID 1500384:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
>>>     "(96UL /* ((lset_t)1 << POLICY_ENCRYPT_IX) | ((lset_t)1 << POLICY_AUTHENTICATE_IX) */) | can_do_IPcomp" is always true regardless of the values of its operands. This occurs as the logical first operand of "?:".
794     		lset_t pm = st->st_policy & (POLICY_ENCRYPT |
795     					     POLICY_AUTHENTICATE |
796     					     can_do_IPcomp ? POLICY_COMPRESS : 0);
797     		dbg("emitting quick defaults using policy %s",
798     		     bitnamesof(sa_policy_bit_names, pm));
799     

** CID 1500383:  Code maintainability issues  (SIZEOF_MISMATCH)
/programs/pluto/ikev1_spdb_struct.c: 2388 in parse_ipsec_transform()


________________________________________________________________________________________________________
*** CID 1500383:  Code maintainability issues  (SIZEOF_MISMATCH)
/programs/pluto/ikev1_spdb_struct.c: 2388 in parse_ipsec_transform()
2382     	lset_t seen_attrs = LEMPTY,
2383     	       seen_durations = LEMPTY;
2384     	bool seen_secctx_attr = FALSE;
2385     	uint16_t life_type = 0;	/* initialized to silence GCC */
2386     	const struct dh_desc *pfs_group = NULL;
2387     
>>>     CID 1500383:  Code maintainability issues  (SIZEOF_MISMATCH)
>>>     Passing argument "trans" of type "struct isakmp_transform *" and argument "8UL /* sizeof (trans) */" to function "pbs_in_struct" is suspicious. In this case, "sizeof (struct isakmp_transform *)" is equal to "sizeof (struct isakmp_transform)", but this is not a portable assumption.
2388     	diag_t d = pbs_in_struct(prop_pbs, trans_desc, trans, sizeof(trans), trans_pbs);
2389     	if (d != NULL) {
2390     		log_diag(RC_LOG, st->st_logger, &d, "%s", "");
2391     		return false;
2392     	}
2393     

** CID 1500382:  Insecure data handling  (TAINTED_SCALAR)
/programs/_import_crl/_import_crl.c: 104 in main()


________________________________________________________________________________________________________
*** CID 1500382:  Insecure data handling  (TAINTED_SCALAR)
/programs/_import_crl/_import_crl.c: 104 in main()
98     	if (buf == NULL)
99     		exit(-1);
100     
101     	ssize_t tlen = len;
102     	uint8_t *tbuf = buf;
103     
>>>     CID 1500382:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted variable "len" to a tainted sink. [Note: The source code implementation of the function has been overridden by a builtin model.]
104     	while (tlen != 0 && (rd = read(STDIN_FILENO, buf, len)) != 0) {
105     		if (rd == -1) {
106     			if (errno == EINTR)
107     				continue;
108     			exit(-1);
109     		}

** CID 1500381:  Control flow issues  (DEADCODE)
/programs/pluto/connections.c: 140 in conn_by_serialno()


________________________________________________________________________________________________________
*** CID 1500381:  Control flow issues  (DEADCODE)
/programs/pluto/connections.c: 140 in conn_by_serialno()
134     
135     struct connection *conn_by_serialno(co_serial_t serialno)
136     {
137     	dbg("FOR_EACH_CONNECTION_... in %s", __func__);
138     	for (struct connection *d = connections; d != NULL; ) {
139     		if (d == NULL)
>>>     CID 1500381:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "return NULL;".
140     			return NULL;
141     		if (co_serial_cmp(d->serialno, ==, serialno))
142     			return d;
143     		d = d->ac_next;
144     	}
145     	return NULL; /* unreachable */

** CID 1491626:  Control flow issues  (DEADCODE)
/programs/pluto/timer.c: 323 in timer_event_cb()


________________________________________________________________________________________________________
*** CID 1491626:  Control flow issues  (DEADCODE)
/programs/pluto/timer.c: 323 in timer_event_cb()
317     		} else if (!IS_IKE_SA_ESTABLISHED(st)) {
318     			/* not very interesting: failed IKE attempt */
319     			dbg("un-established partial CHILD SA timeout (%s)",
320     			    type == EVENT_SA_EXPIRE ? "SA expired" : "Responder timeout");
321     			pstat_sa_failed(st, REASON_EXCHANGE_TIMEOUT);
322     		} else {
>>>     CID 1491626:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach the expression ""Responder timeout"" inside this statement: "log_state(RC_LOG, st, "%s %...".
323     			log_state(RC_LOG, st, "%s %s (%s)", satype,
324     				      type == EVENT_SA_EXPIRE ? "SA expired" : "Responder timeout",
325     				      (c->policy & POLICY_DONT_REKEY) ?
326     				      "--dontrekey" : "LATEST!");
327     		}
328     


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq8aBKViEpsZ9KPFMeJd7kKMDjyzu82COVFw1h1aYx-2FtFrefiPxkohPqZgI7DsTRPR5L954NuJuE0J6c4ee-2B5kYEDOf_Cir5ZFqEb-2Fpy-2FZDdTxjwNXxDWd37ZfwlkdBT1REyQ38bQ6vV3dYFaBkEIIup-2Bngsg0gXlywB3-2BG9HQ4k2CtrbwCglYCqOhvqcDvp74RWCJnzYLsuNOZRgev-2FNFzwOHmK41zcFG6IyoRqLi-2Bn9hiXqWhrfZ3-2B4RZV9MGSEq79-2FJgJhdPNGx6B5Mh9mcY18WgEeGLl4bK8XCBjK0zDp-2B8JCGCsvtFSt8lkQCgo2wNIzDw-3D

  To manage Coverity Scan email notifications for "swan-dev at lists.libreswan.org", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxUzCfl-2FUi6sRJtnGH1-2FWXEIl9xkb2JliKiAkqgdujeIgWYvUCIHO1g-2Ba8I-2B0nANYHmrw9-2B13a9hJ7YOPZRdlHcEQfoMvDvjqsfrRNzFQ8lscduvXP5RLkPig71dIKudxiSNSF_Cir5ZFqEb-2Fpy-2FZDdTxjwNXxDWd37ZfwlkdBT1REyQ38bQ6vV3dYFaBkEIIup-2Bngsg0gXlywB3-2BG9HQ4k2Ctrb31IvxcBgROpTy2bUMlenJKjCNwCG0EsmbasVjAWPP9qJWJ54XMnvxrIsKsX5KwrmkLxma5AB11-2FNwgflKhSL7ZX2M4wRK2BQJmUSITZRjTKcBUJRRk6SWWLLNRH3tfo8x4mJUE1sYf09QIdpp4sbVg-3D

More information about the Swan-dev mailing list