[Swan-dev] New Defects reported by Coverity Scan for antonyantony/libreswan

scan-admin at coverity.com scan-admin at coverity.com
Mon Jun 6 11:31:25 EEST 2022 

Hi,

Please find the latest report on new defect(s) introduced to antonyantony/libreswan found with Coverity Scan.

2 new defect(s) introduced to antonyantony/libreswan found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 1518095:    (OVERRUN)


________________________________________________________________________________________________________
*** CID 1518095:    (OVERRUN)
/programs/pluto/kernel_xfrm.c: 2243 in add_icmpv6_bypass_policy()
2237     	req.p.dir = XFRM_POLICY_IN;
2238     	if (!sendrecv_xfrm_policy(&req.n, EXPECT_KERNEL_POLICY_OK,
2239     				  text, "(in)", logger))
2240     		return false;
2241     
2242     	req.p.dir = XFRM_POLICY_FWD;
>>>     CID 1518095:    (OVERRUN)
>>>     Overrunning struct type nlmsghdr of 16 bytes by passing it to a function which accesses it at byte offset 183 using argument "req.n.nlmsg_len" (which evaluates to 184).
2243     	if (!sendrecv_xfrm_policy(&req.n, EXPECT_KERNEL_POLICY_OK,
2244     				  text, "(fwd)", logger))
2245     		return false;
2246     
2247     	req.p.dir = XFRM_POLICY_OUT;
2248     	if (!sendrecv_xfrm_policy(&req.n, EXPECT_KERNEL_POLICY_OK,
/programs/pluto/kernel_xfrm.c: 2248 in add_icmpv6_bypass_policy()
2242     	req.p.dir = XFRM_POLICY_FWD;
2243     	if (!sendrecv_xfrm_policy(&req.n, EXPECT_KERNEL_POLICY_OK,
2244     				  text, "(fwd)", logger))
2245     		return false;
2246     
2247     	req.p.dir = XFRM_POLICY_OUT;
>>>     CID 1518095:    (OVERRUN)
>>>     Overrunning struct type nlmsghdr of 16 bytes by passing it to a function which accesses it at byte offset 183 using argument "req.n.nlmsg_len" (which evaluates to 184).
2248     	if (!sendrecv_xfrm_policy(&req.n, EXPECT_KERNEL_POLICY_OK,
2249     				  text, "(out)", logger))
2250     		return false;
2251     
2252     	return true;
2253     }
/programs/pluto/kernel_xfrm.c: 2238 in add_icmpv6_bypass_policy()
2232     
2233     	/*
2234     	 * EXPECT_NO_INBOUND means no fail on missing and/or
2235     	 * success.
2236     	 */
2237     	req.p.dir = XFRM_POLICY_IN;
>>>     CID 1518095:    (OVERRUN)
>>>     Overrunning struct type nlmsghdr of 16 bytes by passing it to a function which accesses it at byte offset 183 using argument "req.n.nlmsg_len" (which evaluates to 184).
2238     	if (!sendrecv_xfrm_policy(&req.n, EXPECT_KERNEL_POLICY_OK,
2239     				  text, "(in)", logger))
2240     		return false;
2241     
2242     	req.p.dir = XFRM_POLICY_FWD;
2243     	if (!sendrecv_xfrm_policy(&req.n, EXPECT_KERNEL_POLICY_OK,

** CID 1518094:  Null pointer dereferences  (FORWARD_NULL)
/programs/pluto/kernel_xfrm.c: 1942 in netlink_policy_expire()


________________________________________________________________________________________________________
*** CID 1518094:  Null pointer dereferences  (FORWARD_NULL)
/programs/pluto/kernel_xfrm.c: 1942 in netlink_policy_expire()
1936     	struct {
1937     		struct nlmsghdr n;
1938     		struct xfrm_userpolicy_id id;
1939     	} req;
1940     	struct nlm_resp rsp;
1941     
>>>     CID 1518094:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "upe".
1942     	xfrm2ip(&upe->pol.sel.saddr, &src, upe->pol.sel.family);
1943     	xfrm2ip(&upe->pol.sel.daddr, &dst, upe->pol.sel.family);
1944     	address_buf a;
1945     	address_buf b;
1946     	dbg("%s src %s/%u dst %s/%u dir %d index %d",
1947     	    __func__,


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq8aBKViEpsZ9KPFMeJd7kKMDjyzu82COVFw1h1aYx-2FtFrefiPxkohPqZgI7DsTRPR5L954NuJuE0J6c4ee-2B5kYLCk8_Cir5ZFqEb-2Fpy-2FZDdTxjwNXxDWd37ZfwlkdBT1REyQ38l4w9pomvhW9bDiDOfHVhTBRY2zas-2BNS2E-2BmQ-2BBTuKIY-2FRXrA2Jp3017wEJTkRREku-2F8-2FbiSpLRvqtpJz1f-2B9lLhkcjlrcnN0eJ9u6j7VI-2FkB3PLvqEb4KPMjk-2FyE0gRHLnrzPIwb5TLGwj4XO-2B2yRT7u0etqyY22Q5WIGrFMLIoaf3B2NM92EF7ijpcirPUg-3D

  To manage Coverity Scan email notifications for "swan-dev at lists.libreswan.org", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxUzCfl-2FUi6sRJtnGH1-2FWXEIl9xkb2JliKiAkqgdujeIgWYvUCIHO1g-2Ba8I-2B0nANYHmrw9-2B13a9hJ7YOPZRdlHcEQfoMvDvjqsfrRNzFQ8lscduvXP5RLkPig71dIKudxicrwB_Cir5ZFqEb-2Fpy-2FZDdTxjwNXxDWd37ZfwlkdBT1REyQ38l4w9pomvhW9bDiDOfHVhTBRY2zas-2BNS2E-2BmQ-2BBTuKIQC8sq98m8xOxjLhqNQu9uovcAG2O232E-2BhE3iV-2FFySk9Wbr7hflC5Szb5DGVgvYeCMLUVhCoddTG9ZY1KMulm-2BIQgaQpXSp6A94X8FbKpihnfA4lhQi4A29sm9MgSSM417DKdLZKEtKBkVvY5t4lM8-3D

More information about the Swan-dev mailing list