[Swan-dev] New Defects reported by Coverity Scan for antonyantony/libreswan
scan-admin at coverity.com
scan-admin at coverity.com
Mon Jun 6 11:31:25 EEST 2022
Hi,
Please find the latest report on new defect(s) introduced to antonyantony/libreswan found with Coverity Scan.
2 new defect(s) introduced to antonyantony/libreswan found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1518095: (OVERRUN)
________________________________________________________________________________________________________
*** CID 1518095: (OVERRUN)
/programs/pluto/kernel_xfrm.c: 2243 in add_icmpv6_bypass_policy()
2237 req.p.dir = XFRM_POLICY_IN;
2238 if (!sendrecv_xfrm_policy(&req.n, EXPECT_KERNEL_POLICY_OK,
2239 text, "(in)", logger))
2240 return false;
2241
2242 req.p.dir = XFRM_POLICY_FWD;
>>> CID 1518095: (OVERRUN)
>>> Overrunning struct type nlmsghdr of 16 bytes by passing it to a function which accesses it at byte offset 183 using argument "req.n.nlmsg_len" (which evaluates to 184).
2243 if (!sendrecv_xfrm_policy(&req.n, EXPECT_KERNEL_POLICY_OK,
2244 text, "(fwd)", logger))
2245 return false;
2246
2247 req.p.dir = XFRM_POLICY_OUT;
2248 if (!sendrecv_xfrm_policy(&req.n, EXPECT_KERNEL_POLICY_OK,
/programs/pluto/kernel_xfrm.c: 2248 in add_icmpv6_bypass_policy()
2242 req.p.dir = XFRM_POLICY_FWD;
2243 if (!sendrecv_xfrm_policy(&req.n, EXPECT_KERNEL_POLICY_OK,
2244 text, "(fwd)", logger))
2245 return false;
2246
2247 req.p.dir = XFRM_POLICY_OUT;
>>> CID 1518095: (OVERRUN)
>>> Overrunning struct type nlmsghdr of 16 bytes by passing it to a function which accesses it at byte offset 183 using argument "req.n.nlmsg_len" (which evaluates to 184).
2248 if (!sendrecv_xfrm_policy(&req.n, EXPECT_KERNEL_POLICY_OK,
2249 text, "(out)", logger))
2250 return false;
2251
2252 return true;
2253 }
/programs/pluto/kernel_xfrm.c: 2238 in add_icmpv6_bypass_policy()
2232
2233 /*
2234 * EXPECT_NO_INBOUND means no fail on missing and/or
2235 * success.
2236 */
2237 req.p.dir = XFRM_POLICY_IN;
>>> CID 1518095: (OVERRUN)
>>> Overrunning struct type nlmsghdr of 16 bytes by passing it to a function which accesses it at byte offset 183 using argument "req.n.nlmsg_len" (which evaluates to 184).
2238 if (!sendrecv_xfrm_policy(&req.n, EXPECT_KERNEL_POLICY_OK,
2239 text, "(in)", logger))
2240 return false;
2241
2242 req.p.dir = XFRM_POLICY_FWD;
2243 if (!sendrecv_xfrm_policy(&req.n, EXPECT_KERNEL_POLICY_OK,
** CID 1518094: Null pointer dereferences (FORWARD_NULL)
/programs/pluto/kernel_xfrm.c: 1942 in netlink_policy_expire()
________________________________________________________________________________________________________
*** CID 1518094: Null pointer dereferences (FORWARD_NULL)
/programs/pluto/kernel_xfrm.c: 1942 in netlink_policy_expire()
1936 struct {
1937 struct nlmsghdr n;
1938 struct xfrm_userpolicy_id id;
1939 } req;
1940 struct nlm_resp rsp;
1941
>>> CID 1518094: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "upe".
1942 xfrm2ip(&upe->pol.sel.saddr, &src, upe->pol.sel.family);
1943 xfrm2ip(&upe->pol.sel.daddr, &dst, upe->pol.sel.family);
1944 address_buf a;
1945 address_buf b;
1946 dbg("%s src %s/%u dst %s/%u dir %d index %d",
1947 __func__,
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq8aBKViEpsZ9KPFMeJd7kKMDjyzu82COVFw1h1aYx-2FtFrefiPxkohPqZgI7DsTRPR5L954NuJuE0J6c4ee-2B5kYLCk8_Cir5ZFqEb-2Fpy-2FZDdTxjwNXxDWd37ZfwlkdBT1REyQ38l4w9pomvhW9bDiDOfHVhTBRY2zas-2BNS2E-2BmQ-2BBTuKIY-2FRXrA2Jp3017wEJTkRREku-2F8-2FbiSpLRvqtpJz1f-2B9lLhkcjlrcnN0eJ9u6j7VI-2FkB3PLvqEb4KPMjk-2FyE0gRHLnrzPIwb5TLGwj4XO-2B2yRT7u0etqyY22Q5WIGrFMLIoaf3B2NM92EF7ijpcirPUg-3D
To manage Coverity Scan email notifications for "swan-dev at lists.libreswan.org", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxUzCfl-2FUi6sRJtnGH1-2FWXEIl9xkb2JliKiAkqgdujeIgWYvUCIHO1g-2Ba8I-2B0nANYHmrw9-2B13a9hJ7YOPZRdlHcEQfoMvDvjqsfrRNzFQ8lscduvXP5RLkPig71dIKudxicrwB_Cir5ZFqEb-2Fpy-2FZDdTxjwNXxDWd37ZfwlkdBT1REyQ38l4w9pomvhW9bDiDOfHVhTBRY2zas-2BNS2E-2BmQ-2BBTuKIQC8sq98m8xOxjLhqNQu9uovcAG2O232E-2BhE3iV-2FFySk9Wbr7hflC5Szb5DGVgvYeCMLUVhCoddTG9ZY1KMulm-2BIQgaQpXSp6A94X8FbKpihnfA4lhQi4A29sm9MgSSM417DKdLZKEtKBkVvY5t4lM8-3D
More information about the Swan-dev
mailing list