[Swan-dev] New Defects reported by Coverity Scan for antonyantony/libreswan

scan-admin at coverity.com scan-admin at coverity.com
Mon Sep 19 13:51:05 EEST 2022 

Hi,

Please find the latest report on new defect(s) introduced to antonyantony/libreswan found with Coverity Scan.

1 new defect(s) introduced to antonyantony/libreswan found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 1445600:    (UNINIT)
/programs/pluto/kernel_xfrm.c: 1483 in netlink_add_sa()
/programs/pluto/kernel_xfrm.c: 1466 in netlink_add_sa()
/programs/pluto/kernel_xfrm.c: 1441 in netlink_add_sa()


________________________________________________________________________________________________________
*** CID 1445600:    (UNINIT)
/programs/pluto/kernel_xfrm.c: 1483 in netlink_add_sa()
1477     					sizeof(algo.alg_name));
1478     			algo.alg_key_len = sa->enckeylen * BITS_PER_BYTE;
1479     
1480     			attr->rta_type = XFRMA_ALG_CRYPT;
1481     			attr->rta_len = RTA_LENGTH(sizeof(algo) + sa->enckeylen);
1482     
>>>     CID 1445600:    (UNINIT)
>>>     Using uninitialized value "algo". Field "algo.alg_key" is uninitialized when calling "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
1483     			memcpy(RTA_DATA(attr), &algo, sizeof(algo));
1484     			memcpy((char *)RTA_DATA(attr) + sizeof(algo),
1485     				sa->enckey,
1486     			sa->enckeylen);
1487     
1488     			req.n.nlmsg_len += attr->rta_len;
/programs/pluto/kernel_xfrm.c: 1466 in netlink_add_sa()
1460     			algo.alg_key_len = sa->enckeylen * BITS_PER_BYTE;
1461     			algo.alg_icv_len = sa->encrypt->aead_tag_size * BITS_PER_BYTE;
1462     
1463     			attr->rta_type = XFRMA_ALG_AEAD;
1464     			attr->rta_len = RTA_LENGTH(sizeof(algo) + sa->enckeylen);
1465     
>>>     CID 1445600:    (UNINIT)
>>>     Using uninitialized value "algo". Field "algo.alg_key" is uninitialized when calling "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
1466     			memcpy(RTA_DATA(attr), &algo, sizeof(algo));
1467     			memcpy((char *)RTA_DATA(attr) + sizeof(algo),
1468     				sa->enckey, sa->enckeylen);
1469     
1470     			req.n.nlmsg_len += attr->rta_len;
1471     			attr = (struct rtattr *)((char *)attr + attr->rta_len);
/programs/pluto/kernel_xfrm.c: 1441 in netlink_add_sa()
1435     		fill_and_terminate(algo.alg_name, calg_name, sizeof(algo.alg_name));
1436     		algo.alg_key_len = 0;
1437     
1438     		/* append */
1439     		attr->rta_type = XFRMA_ALG_COMP;
1440     		attr->rta_len = RTA_LENGTH(sizeof(algo));
>>>     CID 1445600:    (UNINIT)
>>>     Using uninitialized value "algo". Field "algo.alg_key" is uninitialized when calling "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
1441     		memcpy(RTA_DATA(attr), &algo, sizeof(algo));
1442     		req.n.nlmsg_len += attr->rta_len;
1443     		attr = (struct rtattr *)((char *)attr + attr->rta_len);
1444     
1445     	} else if (sa->esatype == ET_ESP) {
1446     		const char *name = sa->encrypt->encrypt_netlink_xfrm_name;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq8aBKViEpsZ9KPFMeJd7kKMDjyzu82COVFw1h1aYx-2FtFrefiPxkohPqZgI7DsTRPR5L954NuJuE0J6c4ee-2B5kY28cD_Cir5ZFqEb-2Fpy-2FZDdTxjwNXxDWd37ZfwlkdBT1REyQ38tdcaNT1gv4aO-2FKCpzsPfn2piMDBVH2GYwr2U-2FtkbSpyRcOjCy42ikDD3lrtsRRrSy-2FuTR0rBts-2BvDEWal7tJ7rGgA5ciGBkKJyvuREVPNcrer7Vsu3v9Kh3eHsD9RAreS8bZJ-2FqcnGRhjEWZwS0ylpkzCl9KZzJ72mkvuogo6havua2Le-2F3W8iP9AtvRVbJw-3D

  To manage Coverity Scan email notifications for "swan-dev at lists.libreswan.org", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxUzCfl-2FUi6sRJtnGH1-2FWXEIl9xkb2JliKiAkqgdujeIgWYvUCIHO1g-2Ba8I-2B0nANYHmrw9-2B13a9hJ7YOPZRdlHcEQfoMvDvjqsfrRNzFQ8lscduvXP5RLkPig71dIKudxi7d0q_Cir5ZFqEb-2Fpy-2FZDdTxjwNXxDWd37ZfwlkdBT1REyQ38tdcaNT1gv4aO-2FKCpzsPfn2piMDBVH2GYwr2U-2FtkbSp6bMrgZOFfSz1Ch7SM-2FSGyFP1s2RP91QotrwL-2FM1Vk2qgPGJ8a-2FGkjaXbg3qJCwou0aAT-2BnyJgwQ9DEMPLRoXZfxAAYlelwS3UnHkkqCRivO6qXdEbFa8oBoEdMul1WZjLGXWIolxW9WF3EiTvbpldA-3D

More information about the Swan-dev mailing list