[Swan-dev] New Defects reported by Coverity Scan for antonyantony/libreswan
scan-admin at coverity.com
scan-admin at coverity.com
Sat Jun 4 23:42:25 EEST 2022
Hi,
Please find the latest report on new defect(s) introduced to antonyantony/libreswan found with Coverity Scan.
3 new defect(s) introduced to antonyantony/libreswan found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 1518092: (UNINIT)
________________________________________________________________________________________________________
*** CID 1518092: (UNINIT)
/programs/pluto/keys.c: 440 in lsw_get_secret()
434 */
435 pexpect(address_is_specified(c->local->host.addr));
436 /* roadwarrior: replace that with %ANYADDR */
437 rw_id.kind = address_type(&c->local->host.addr)->id_ip_addr;
438 rw_id.ip_addr = address_type(&c->local->host.addr)->address.unspec;
439 id_buf old_buf, new_buf;
>>> CID 1518092: (UNINIT)
>>> Using uninitialized value "rw_id.name.len" when calling "str_id_bytes".
440 dbg("%s() switching remote roadwarrier ID from %s to %s (%%ANYADDR)",
441 __func__, str_id(that_id, &old_buf), str_id(&rw_id, &new_buf));
442 that_id = &rw_id;
443 }
444
445 id_buf this_buf, that_buf;
/programs/pluto/keys.c: 446 in lsw_get_secret()
440 dbg("%s() switching remote roadwarrier ID from %s to %s (%%ANYADDR)",
441 __func__, str_id(that_id, &old_buf), str_id(&rw_id, &new_buf));
442 that_id = &rw_id;
443 }
444
445 id_buf this_buf, that_buf;
>>> CID 1518092: (UNINIT)
>>> Using uninitialized value "that_id->name.ptr" when calling "str_id_bytes".
446 dbg("%s() using IDs for %s->%s of kind %s",
447 __func__,
448 str_id(this_id, &this_buf),
449 str_id(that_id, &that_buf),
450 enum_name(&private_key_kind_names, kind));
451
/programs/pluto/keys.c: 446 in lsw_get_secret()
440 dbg("%s() switching remote roadwarrier ID from %s to %s (%%ANYADDR)",
441 __func__, str_id(that_id, &old_buf), str_id(&rw_id, &new_buf));
442 that_id = &rw_id;
443 }
444
445 id_buf this_buf, that_buf;
>>> CID 1518092: (UNINIT)
>>> Using uninitialized value "that_id->name.ptr" when calling "str_id_bytes".
446 dbg("%s() using IDs for %s->%s of kind %s",
447 __func__,
448 str_id(this_id, &this_buf),
449 str_id(that_id, &that_buf),
450 enum_name(&private_key_kind_names, kind));
451
/programs/pluto/keys.c: 446 in lsw_get_secret()
440 dbg("%s() switching remote roadwarrier ID from %s to %s (%%ANYADDR)",
441 __func__, str_id(that_id, &old_buf), str_id(&rw_id, &new_buf));
442 that_id = &rw_id;
443 }
444
445 id_buf this_buf, that_buf;
>>> CID 1518092: (UNINIT)
>>> Using uninitialized value "that_id->name.len" when calling "str_id_bytes".
446 dbg("%s() using IDs for %s->%s of kind %s",
447 __func__,
448 str_id(this_id, &this_buf),
449 str_id(that_id, &that_buf),
450 enum_name(&private_key_kind_names, kind));
451
/programs/pluto/keys.c: 452 in lsw_get_secret()
446 dbg("%s() using IDs for %s->%s of kind %s",
447 __func__,
448 str_id(this_id, &this_buf),
449 str_id(that_id, &that_buf),
450 enum_name(&private_key_kind_names, kind));
451
>>> CID 1518092: (UNINIT)
>>> Using uninitialized value "that_id->name.len" when calling "lsw_find_secret_by_id".
452 return lsw_find_secret_by_id(pluto_secrets, kind,
453 this_id, that_id, asym);
454 }
455
456 /*
457 * find the struct secret associated with an XAUTH username.
/programs/pluto/keys.c: 440 in lsw_get_secret()
434 */
435 pexpect(address_is_specified(c->local->host.addr));
436 /* roadwarrior: replace that with %ANYADDR */
437 rw_id.kind = address_type(&c->local->host.addr)->id_ip_addr;
438 rw_id.ip_addr = address_type(&c->local->host.addr)->address.unspec;
439 id_buf old_buf, new_buf;
>>> CID 1518092: (UNINIT)
>>> Using uninitialized value "rw_id.name.ptr" when calling "str_id_bytes".
440 dbg("%s() switching remote roadwarrier ID from %s to %s (%%ANYADDR)",
441 __func__, str_id(that_id, &old_buf), str_id(&rw_id, &new_buf));
442 that_id = &rw_id;
443 }
444
445 id_buf this_buf, that_buf;
** CID 1518091: (OVERRUN)
________________________________________________________________________________________________________
*** CID 1518091: (OVERRUN)
/programs/pluto/kernel_xfrm.c: 2082 in netlink_get()
2076 break;
2077 case XFRM_MSG_EXPIRE:
2078 netlink_expire(&rsp.n, logger);
2079 break;
2080
2081 case RTM_NEWADDR:
>>> CID 1518091: (OVERRUN)
>>> Overrunning struct type nlmsghdr of 16 bytes by passing it to a function which accesses it at byte offset 31.
2082 process_addr_chage(&rsp.n, logger);
2083 break;
2084
2085 case RTM_DELADDR:
2086 process_addr_chage(&rsp.n, logger);
2087 break;
/programs/pluto/kernel_xfrm.c: 2086 in netlink_get()
2080
2081 case RTM_NEWADDR:
2082 process_addr_chage(&rsp.n, logger);
2083 break;
2084
2085 case RTM_DELADDR:
>>> CID 1518091: (OVERRUN)
>>> Overrunning struct type nlmsghdr of 16 bytes by passing it to a function which accesses it at byte offset 31.
2086 process_addr_chage(&rsp.n, logger);
2087 break;
2088
2089 default:
2090 /* ignored */
2091 break;
/programs/pluto/kernel_xfrm.c: 2072 in netlink_get()
2066
2067 dbg("kernel: netlink_get: %s message",
2068 sparse_val_show(xfrm_type_names, rsp.n.nlmsg_type));
2069
2070 switch (rsp.n.nlmsg_type) {
2071 case XFRM_MSG_ACQUIRE:
>>> CID 1518091: (OVERRUN)
>>> Overrunning struct type nlmsghdr of 16 bytes by passing it to a function which accesses it at byte offset 307.
2072 netlink_acquire(&rsp.n, logger);
2073 break;
2074 case XFRM_MSG_POLEXPIRE:
2075 netlink_policy_expire(&rsp.n, logger);
2076 break;
2077 case XFRM_MSG_EXPIRE:
** CID 1518090: (UNINIT)
________________________________________________________________________________________________________
*** CID 1518090: (UNINIT)
/testing/programs/ipcheck/ip_address_check.c: 372 in check_in_addr()
366 break;
367 }
368 }
369
370 /* as a string */
371 address_buf buf;
>>> CID 1518090: (UNINIT)
>>> Using uninitialized value "a.version" when calling "str_address".
372 const char *out = str_address(&a, &buf);
373 if (out == NULL) {
374 FAIL("str_address() returned NULL");
375 } else if (!strcaseeq(out, t->in)) {
376 FAIL("str_address() returned '%s', expecting '%s'",
377 out, t->in);
/testing/programs/ipcheck/ip_address_check.c: 372 in check_in_addr()
366 break;
367 }
368 }
369
370 /* as a string */
371 address_buf buf;
>>> CID 1518090: (UNINIT)
>>> Using uninitialized value "a.is_set" when calling "str_address".
372 const char *out = str_address(&a, &buf);
373 if (out == NULL) {
374 FAIL("str_address() returned NULL");
375 } else if (!strcaseeq(out, t->in)) {
376 FAIL("str_address() returned '%s', expecting '%s'",
377 out, t->in);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq8aBKViEpsZ9KPFMeJd7kKMDjyzu82COVFw1h1aYx-2FtFrefiPxkohPqZgI7DsTRPR5L954NuJuE0J6c4ee-2B5kYEtYL_Cir5ZFqEb-2Fpy-2FZDdTxjwNXxDWd37ZfwlkdBT1REyQ38EgbIG0H-2Boa-2BJilaB-2B4OhEEC9xzHLOX61w-2FxdytjUXa4MoNwxbdoV5wHQjx8RTgBNs4-2F-2BWzZkOdyBcDoYWXUyM2Q02YCmQwn8BQRW6TXCVxuPJq1-2F2MmSL2wyMkAIevNGIGLlFh1yIMgTuGFMTAzgmF0RK0S0Wqcx8MWqMohpfaXt8kECgpIz2Dusiw3itz8c-3D
To manage Coverity Scan email notifications for "swan-dev at lists.libreswan.org", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxUzCfl-2FUi6sRJtnGH1-2FWXEIl9xkb2JliKiAkqgdujeIgWYvUCIHO1g-2Ba8I-2B0nANYHmrw9-2B13a9hJ7YOPZRdlHcEQfoMvDvjqsfrRNzFQ8lscduvXP5RLkPig71dIKudxixF-6_Cir5ZFqEb-2Fpy-2FZDdTxjwNXxDWd37ZfwlkdBT1REyQ38EgbIG0H-2Boa-2BJilaB-2B4OhEEC9xzHLOX61w-2FxdytjUXa-2BbHRJHOoh1gR72gOHfO4pLiKINmzSDEQHWRf4Gi3p54u6MBf8csOelij5T8pcptCbNnIahmBGtDubr5hxoIYIqTJwZn4q2jS85r7g78Az4bIOeQpi0pkZKOYtGIjBAjFjSME0cs7Dkz3jAhR08bGLo-3D
More information about the Swan-dev
mailing list