[Swan-dev] New Defects reported by Coverity Scan for antonyantony/libreswan

scan-admin at coverity.com scan-admin at coverity.com
Sat Feb 4 01:51:23 EET 2023 

Hi,

Please find the latest report on new defect(s) introduced to antonyantony/libreswan found with Coverity Scan.

1 new defect(s) introduced to antonyantony/libreswan found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 1532860:  Insecure data handling  (TAINTED_SCALAR)
/programs/pluto/kernel_xfrm.c: 2325 in xfrm_get_kernel_state()


________________________________________________________________________________________________________
*** CID 1532860:  Insecure data handling  (TAINTED_SCALAR)
/programs/pluto/kernel_xfrm.c: 2325 in xfrm_get_kernel_state()
2319     
2320     	/* Run through rtattributes looking for XFRMA_LASTUSED */
2321     	struct rtattr *attr = (struct rtattr *) ((char *) NLMSG_DATA(&rsp.n) +
2322     			NLMSG_ALIGN(sizeof(struct xfrm_usersa_info)));
2323     	size_t remaining = rsp.n.nlmsg_len -
2324     				NLMSG_SPACE(sizeof(struct xfrm_usersa_info));
>>>     CID 1532860:  Insecure data handling  (TAINTED_SCALAR)
>>>     Using tainted variable "remaining" as a loop boundary.
2325     	while (remaining > 0) {
2326     		dbg("xfrm get_sa rtattribute type %u ...", attr->rta_type);
2327     		switch (attr->rta_type) {
2328     		case XFRMA_LASTUSED:
2329     			memcpy(lastused, RTA_DATA(attr), sizeof(uint64_t));
2330     			break;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq8aBKViEpsZ9KPFMeJd7kKMDjyzu82COVFw1h1aYx-2FtFrefiPxkohPqZgI7DsTRPR5L954NuJuE0J6c4ee-2B5kYhvUK_Cir5ZFqEb-2Fpy-2FZDdTxjwNXxDWd37ZfwlkdBT1REyQ3-2F5Fd3UD-2B5Z82Alx-2B-2FJjvS20HCDZs8c7sxuXMvJAwZG45MQEioOAEXDEfMhXX4zUm7RsxX1amdjFdebgRowJEqAZO55Ufx0T9dBiswPTn5xUMRNzlwCuZCU3a9D8NpD5tEcR6rbpjBjk3GpVmIoHIvhMC70DBfqK2s8PUYKW5-2FwjF5KZ44bcvxgT6p2vtx3zTU-3D

  To manage Coverity Scan email notifications for "swan-dev at lists.libreswan.org", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxUzCfl-2FUi6sRJtnGH1-2FWXEIl9xkb2JliKiAkqgdujeIgWYvUCIHO1g-2Ba8I-2B0nANYHmrw9-2B13a9hJ7YOPZRdlHcEQfoMvDvjqsfrRNzFQ8lscduvXP5RLkPig71dIKudxiUaEJ_Cir5ZFqEb-2Fpy-2FZDdTxjwNXxDWd37ZfwlkdBT1REyQ3-2F5Fd3UD-2B5Z82Alx-2B-2FJjvS20HCDZs8c7sxuXMvJAwZG4-2BwcHeHjfChRc8NtRzxe7mx79cVnLsmYYaahQLoWudtmS8lsHmKPdXgMN6QDtaIT2qDVeZwIClMnslsttkF7qHUyy8nRXKMci2JwR3E5vnnaHOOkJ0B47eEmqwqNnanEoZtvdqC8PLGPl6XuQxOsgbA-3D

More information about the Swan-dev mailing list