[Swan-dev] New Defects reported by Coverity Scan for antonyantony/libreswan
scan-admin at coverity.com
scan-admin at coverity.com
Tue Dec 22 11:10:28 UTC 2020
Hi,
Please find the latest report on new defect(s) introduced to antonyantony/libreswan found with Coverity Scan.
5 new defect(s) introduced to antonyantony/libreswan found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)
** CID 1500384: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/programs/pluto/ikev1_quick.c: 794 in quick_outI1_continue_tail()
________________________________________________________________________________________________________
*** CID 1500384: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/programs/pluto/ikev1_quick.c: 794 in quick_outI1_continue_tail()
788 /* SA out */
789
790 /* Emit SA payload based on a subset of the policy bits.
791 * POLICY_COMPRESS is considered iff we can do IPcomp.
792 */
793 {
>>> CID 1500384: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(96UL /* ((lset_t)1 << POLICY_ENCRYPT_IX) | ((lset_t)1 << POLICY_AUTHENTICATE_IX) */) | can_do_IPcomp" is always true regardless of the values of its operands. This occurs as the logical first operand of "?:".
794 lset_t pm = st->st_policy & (POLICY_ENCRYPT |
795 POLICY_AUTHENTICATE |
796 can_do_IPcomp ? POLICY_COMPRESS : 0);
797 dbg("emitting quick defaults using policy %s",
798 bitnamesof(sa_policy_bit_names, pm));
799
** CID 1500383: Code maintainability issues (SIZEOF_MISMATCH)
/programs/pluto/ikev1_spdb_struct.c: 2388 in parse_ipsec_transform()
________________________________________________________________________________________________________
*** CID 1500383: Code maintainability issues (SIZEOF_MISMATCH)
/programs/pluto/ikev1_spdb_struct.c: 2388 in parse_ipsec_transform()
2382 lset_t seen_attrs = LEMPTY,
2383 seen_durations = LEMPTY;
2384 bool seen_secctx_attr = FALSE;
2385 uint16_t life_type = 0; /* initialized to silence GCC */
2386 const struct dh_desc *pfs_group = NULL;
2387
>>> CID 1500383: Code maintainability issues (SIZEOF_MISMATCH)
>>> Passing argument "trans" of type "struct isakmp_transform *" and argument "8UL /* sizeof (trans) */" to function "pbs_in_struct" is suspicious. In this case, "sizeof (struct isakmp_transform *)" is equal to "sizeof (struct isakmp_transform)", but this is not a portable assumption.
2388 diag_t d = pbs_in_struct(prop_pbs, trans_desc, trans, sizeof(trans), trans_pbs);
2389 if (d != NULL) {
2390 log_diag(RC_LOG, st->st_logger, &d, "%s", "");
2391 return false;
2392 }
2393
** CID 1500382: Insecure data handling (TAINTED_SCALAR)
/programs/_import_crl/_import_crl.c: 104 in main()
________________________________________________________________________________________________________
*** CID 1500382: Insecure data handling (TAINTED_SCALAR)
/programs/_import_crl/_import_crl.c: 104 in main()
98 if (buf == NULL)
99 exit(-1);
100
101 ssize_t tlen = len;
102 uint8_t *tbuf = buf;
103
>>> CID 1500382: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "len" to a tainted sink. [Note: The source code implementation of the function has been overridden by a builtin model.]
104 while (tlen != 0 && (rd = read(STDIN_FILENO, buf, len)) != 0) {
105 if (rd == -1) {
106 if (errno == EINTR)
107 continue;
108 exit(-1);
109 }
** CID 1500381: Control flow issues (DEADCODE)
/programs/pluto/connections.c: 140 in conn_by_serialno()
________________________________________________________________________________________________________
*** CID 1500381: Control flow issues (DEADCODE)
/programs/pluto/connections.c: 140 in conn_by_serialno()
134
135 struct connection *conn_by_serialno(co_serial_t serialno)
136 {
137 dbg("FOR_EACH_CONNECTION_... in %s", __func__);
138 for (struct connection *d = connections; d != NULL; ) {
139 if (d == NULL)
>>> CID 1500381: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "return NULL;".
140 return NULL;
141 if (co_serial_cmp(d->serialno, ==, serialno))
142 return d;
143 d = d->ac_next;
144 }
145 return NULL; /* unreachable */
** CID 1491626: Control flow issues (DEADCODE)
/programs/pluto/timer.c: 323 in timer_event_cb()
________________________________________________________________________________________________________
*** CID 1491626: Control flow issues (DEADCODE)
/programs/pluto/timer.c: 323 in timer_event_cb()
317 } else if (!IS_IKE_SA_ESTABLISHED(st)) {
318 /* not very interesting: failed IKE attempt */
319 dbg("un-established partial CHILD SA timeout (%s)",
320 type == EVENT_SA_EXPIRE ? "SA expired" : "Responder timeout");
321 pstat_sa_failed(st, REASON_EXCHANGE_TIMEOUT);
322 } else {
>>> CID 1491626: Control flow issues (DEADCODE)
>>> Execution cannot reach the expression ""Responder timeout"" inside this statement: "log_state(RC_LOG, st, "%s %...".
323 log_state(RC_LOG, st, "%s %s (%s)", satype,
324 type == EVENT_SA_EXPIRE ? "SA expired" : "Responder timeout",
325 (c->policy & POLICY_DONT_REKEY) ?
326 "--dontrekey" : "LATEST!");
327 }
328
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq8aBKViEpsZ9KPFMeJd7kKMDjyzu82COVFw1h1aYx-2FtFrefiPxkohPqZgI7DsTRPR5L954NuJuE0J6c4ee-2B5kYEDOf_Cir5ZFqEb-2Fpy-2FZDdTxjwNXxDWd37ZfwlkdBT1REyQ38bQ6vV3dYFaBkEIIup-2Bngsg0gXlywB3-2BG9HQ4k2CtrbwCglYCqOhvqcDvp74RWCJnzYLsuNOZRgev-2FNFzwOHmK41zcFG6IyoRqLi-2Bn9hiXqWhrfZ3-2B4RZV9MGSEq79-2FJgJhdPNGx6B5Mh9mcY18WgEeGLl4bK8XCBjK0zDp-2B8JCGCsvtFSt8lkQCgo2wNIzDw-3D
To manage Coverity Scan email notifications for "swan-dev at lists.libreswan.org", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxUzCfl-2FUi6sRJtnGH1-2FWXEIl9xkb2JliKiAkqgdujeIgWYvUCIHO1g-2Ba8I-2B0nANYHmrw9-2B13a9hJ7YOPZRdlHcEQfoMvDvjqsfrRNzFQ8lscduvXP5RLkPig71dIKudxiSNSF_Cir5ZFqEb-2Fpy-2FZDdTxjwNXxDWd37ZfwlkdBT1REyQ38bQ6vV3dYFaBkEIIup-2Bngsg0gXlywB3-2BG9HQ4k2Ctrb31IvxcBgROpTy2bUMlenJKjCNwCG0EsmbasVjAWPP9qJWJ54XMnvxrIsKsX5KwrmkLxma5AB11-2FNwgflKhSL7ZX2M4wRK2BQJmUSITZRjTKcBUJRRk6SWWLLNRH3tfo8x4mJUE1sYf09QIdpp4sbVg-3D
More information about the Swan-dev
mailing list