[Swan-dev] New Defects reported by Coverity Scan for antonyantony/libreswan

scan-admin at coverity.com scan-admin at coverity.com
Thu May 20 22:08:52 UTC 2021 

Hi,

Please find the latest report on new defect(s) introduced to antonyantony/libreswan found with Coverity Scan.

1 new defect(s) introduced to antonyantony/libreswan found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 1504902:  Insecure data handling  (TAINTED_SCALAR)


________________________________________________________________________________________________________
*** CID 1504902:  Insecure data handling  (TAINTED_SCALAR)
/programs/pluto/rcv_whack.c: 1108 in whack_handle()
1102     	if (!unpack_whack_msg(&wp, whack_logger)) {
1103     		/* already logged */
1104     		return; /* don't shutdown */
1105     	}
1106     
1107     	struct show *s = alloc_show(whack_logger);
>>>     CID 1504902:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted expression "msg.nr_impairments" to "whack_process", which uses it as a loop boundary.
1108     	whack_process(&msg, s);
1109     	free_show(&s);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq8aBKViEpsZ9KPFMeJd7kKMDjyzu82COVFw1h1aYx-2FtFrefiPxkohPqZgI7DsTRPR5L954NuJuE0J6c4ee-2B5kYZS_Z_Cir5ZFqEb-2Fpy-2FZDdTxjwNXxDWd37ZfwlkdBT1REyQ3-2FeToKyNVuxGJc5Qr6YaHdfCl-2FHWDoIfb8d4qww4weDsvyIDFvTYO82gRCo0aTy14JwgJRDIs9q3bT4Ix-2B-2BnIoRBPeUzmd1f-2F-2F8YcK7E-2BWIJB6TrE5DtTz6KcABf1e1HoqHrKrKib9k322aItXV2ipsJWq0J8XSV5EUZKMa1WtEYDYYQK7ZYO5-2FUSXEFw1-2BUZo-3D

  To manage Coverity Scan email notifications for "swan-dev at lists.libreswan.org", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxUzCfl-2FUi6sRJtnGH1-2FWXEIl9xkb2JliKiAkqgdujeIgWYvUCIHO1g-2Ba8I-2B0nANYHmrw9-2B13a9hJ7YOPZRdlHcEQfoMvDvjqsfrRNzFQ8lscduvXP5RLkPig71dIKudxioWAa_Cir5ZFqEb-2Fpy-2FZDdTxjwNXxDWd37ZfwlkdBT1REyQ3-2FeToKyNVuxGJc5Qr6YaHdfCl-2FHWDoIfb8d4qww4weDshPVj6mJjEIGFCLiRqrsmifxtYBtGnDhZQlYBMYevZtGCsi9p20L8PVAFjjlpopXKdYmNF3N64wunEpFcdC7dXBQy74zlkq51MRaS4qesMJ3e84QKVMPeglIliwFKbJVLFvglpWU6l49-2BNG2YNVkCjw-3D

More information about the Swan-dev mailing list