[Swan-dev] New Defects reported by Coverity Scan for antonyantony/libreswan
scan-admin at coverity.com
scan-admin at coverity.com
Sat Feb 4 01:51:23 EET 2023
Hi,
Please find the latest report on new defect(s) introduced to antonyantony/libreswan found with Coverity Scan.
1 new defect(s) introduced to antonyantony/libreswan found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1532860: Insecure data handling (TAINTED_SCALAR)
/programs/pluto/kernel_xfrm.c: 2325 in xfrm_get_kernel_state()
________________________________________________________________________________________________________
*** CID 1532860: Insecure data handling (TAINTED_SCALAR)
/programs/pluto/kernel_xfrm.c: 2325 in xfrm_get_kernel_state()
2319
2320 /* Run through rtattributes looking for XFRMA_LASTUSED */
2321 struct rtattr *attr = (struct rtattr *) ((char *) NLMSG_DATA(&rsp.n) +
2322 NLMSG_ALIGN(sizeof(struct xfrm_usersa_info)));
2323 size_t remaining = rsp.n.nlmsg_len -
2324 NLMSG_SPACE(sizeof(struct xfrm_usersa_info));
>>> CID 1532860: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "remaining" as a loop boundary.
2325 while (remaining > 0) {
2326 dbg("xfrm get_sa rtattribute type %u ...", attr->rta_type);
2327 switch (attr->rta_type) {
2328 case XFRMA_LASTUSED:
2329 memcpy(lastused, RTA_DATA(attr), sizeof(uint64_t));
2330 break;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq8aBKViEpsZ9KPFMeJd7kKMDjyzu82COVFw1h1aYx-2FtFrefiPxkohPqZgI7DsTRPR5L954NuJuE0J6c4ee-2B5kYhvUK_Cir5ZFqEb-2Fpy-2FZDdTxjwNXxDWd37ZfwlkdBT1REyQ3-2F5Fd3UD-2B5Z82Alx-2B-2FJjvS20HCDZs8c7sxuXMvJAwZG45MQEioOAEXDEfMhXX4zUm7RsxX1amdjFdebgRowJEqAZO55Ufx0T9dBiswPTn5xUMRNzlwCuZCU3a9D8NpD5tEcR6rbpjBjk3GpVmIoHIvhMC70DBfqK2s8PUYKW5-2FwjF5KZ44bcvxgT6p2vtx3zTU-3D
To manage Coverity Scan email notifications for "swan-dev at lists.libreswan.org", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxUzCfl-2FUi6sRJtnGH1-2FWXEIl9xkb2JliKiAkqgdujeIgWYvUCIHO1g-2Ba8I-2B0nANYHmrw9-2B13a9hJ7YOPZRdlHcEQfoMvDvjqsfrRNzFQ8lscduvXP5RLkPig71dIKudxiUaEJ_Cir5ZFqEb-2Fpy-2FZDdTxjwNXxDWd37ZfwlkdBT1REyQ3-2F5Fd3UD-2B5Z82Alx-2B-2FJjvS20HCDZs8c7sxuXMvJAwZG4-2BwcHeHjfChRc8NtRzxe7mx79cVnLsmYYaahQLoWudtmS8lsHmKPdXgMN6QDtaIT2qDVeZwIClMnslsttkF7qHUyy8nRXKMci2JwR3E5vnnaHOOkJ0B47eEmqwqNnanEoZtvdqC8PLGPl6XuQxOsgbA-3D
More information about the Swan-dev
mailing list