Hi, Recently, I let coverity run again. Note previously I have not include client directory. Maybe it helps with the current bug hunting activities :D
cheers, daniel -------- Original Message -------- Subject: New Defects reported by Coverity Scan for igaw/connman Date: Mon, 28 Apr 2014 07:36:27 -0700 From: [email protected] Hi, Please find the latest report on new defect(s) introduced to igaw/connman found with Coverity Scan. Defect(s) Reported-by: Coverity Scan Showing 8 of 8 defect(s) ** CID 49127: Unchecked return value (CHECKED_RETURN) /gdhcp/client.c: 1700 in continue_renew() ** CID 49128: Unchecked return value (CHECKED_RETURN) /plugins/wifi.c: 1889 in p2p_support() ** CID 49129: Copy-paste error (COPY_PASTE_ERROR) /src/service.c: 1002 in update_nameservers() ** CID 49130: Array compared against 0 (NO_EFFECT) /gsupplicant/supplicant.c: 2414 in create_peer_identifier() /gsupplicant/supplicant.c: 2414 in create_peer_identifier() ** CID 49131: Dereference null return value (NULL_RETURNS) /src/technology.c: 711 in technology_enable() ** CID 49133: Untrusted value as argument (TAINTED_SCALAR) /src/dnsproxy.c: 1728 in forward_dns_reply() ** CID 49134: Untrusted value as argument (TAINTED_SCALAR) /gdhcp/client.c: 230 in add_dhcpv6_binary_option() ** CID 49135: Untrusted value as argument (TAINTED_SCALAR) /gdhcp/common.c: 262 in dhcpv6_add_binary_option() ________________________________________________________________________________________________________ *** CID 49127: Unchecked return value (CHECKED_RETURN) /gdhcp/client.c: 1700 in continue_renew() 1694 } 1695 1696 static gboolean continue_renew (gpointer user_data) 1697 { 1698 GDHCPClient *dhcp_client = user_data; 1699 >>> CID 49127: Unchecked return value (CHECKED_RETURN) >>> Calling "switch_listening_mode" without checking return value (as is >>> done elsewhere 8 out of 9 times). 1700 switch_listening_mode(dhcp_client, L3); 1701 send_request(dhcp_client); 1702 1703 if (dhcp_client->t1_timeout > 0) 1704 g_source_remove(dhcp_client->t1_timeout); 1705 ________________________________________________________________________________________________________ *** CID 49128: Unchecked return value (CHECKED_RETURN) /plugins/wifi.c: 1889 in p2p_support() 1883 1884 static void p2p_support(GSupplicantInterface *interface) 1885 { 1886 DBG(""); 1887 1888 if (g_supplicant_interface_has_p2p(interface)) >>> CID 49128: Unchecked return value (CHECKED_RETURN) >>> Calling "connman_technology_driver_register" without checking return >>> value (as is done elsewhere 6 out of 7 times). 1889 connman_technology_driver_register(&p2p_tech_driver); 1890 } 1891 1892 static void scan_started(GSupplicantInterface *interface) 1893 { 1894 DBG(""); ________________________________________________________________________________________________________ *** CID 49129: Copy-paste error (COPY_PASTE_ERROR) /src/service.c: 1002 in update_nameservers() 996 break; 997 } 998 999 if (service->nameservers_config) { 1000 int i; 1001 >>> CID 49129: Copy-paste error (COPY_PASTE_ERROR) >>> "nameservers" in "service->nameservers" looks like a copy-paste error. 1002 remove_nameservers(service, index, service->nameservers); 1003 1004 i = g_strv_length(service->nameservers_config); 1005 while (i != 0) { 1006 i--; 1007 ________________________________________________________________________________________________________ *** CID 49130: Array compared against 0 (NO_EFFECT) /gsupplicant/supplicant.c: 2414 in create_peer_identifier() 2408 2409 static void create_peer_identifier(GSupplicantPeer *peer) 2410 { 2411 if (!peer) 2412 return; 2413 >>> CID 49130: Array compared against 0 (NO_EFFECT) >>> Comparing an array to null is not useful: "!peer->device_address". 2414 if (!peer->device_address) { 2415 peer->identifier = g_strdup(peer->name); 2416 return; 2417 } 2418 2419 peer->identifier = g_malloc0(19); /gsupplicant/supplicant.c: 2414 in create_peer_identifier() 2408 2409 static void create_peer_identifier(GSupplicantPeer *peer) 2410 { 2411 if (!peer) 2412 return; 2413 >>> CID 49130: Array compared against 0 (NO_EFFECT) >>> Comparing an array to null is not useful: "peer->device_address". 2414 if (!peer->device_address) { 2415 peer->identifier = g_strdup(peer->name); 2416 return; 2417 } 2418 2419 peer->identifier = g_malloc0(19); ________________________________________________________________________________________________________ *** CID 49131: Dereference null return value (NULL_RETURNS) /src/technology.c: 711 in technology_enable() 705 __sync_synchronize(); 706 707 if (technology->type == CONNMAN_SERVICE_TYPE_P2P) { 708 struct connman_technology *wifi; 709 710 wifi = technology_find(CONNMAN_SERVICE_TYPE_WIFI); >>> CID 49131: Dereference null return value (NULL_RETURNS) >>> Dereferencing a null pointer "wifi". 711 if (wifi->enabled) 712 return technology_enabled(technology); 713 return 0; 714 } 715 716 if (technology->enabled) ________________________________________________________________________________________________________ *** CID 49133: Untrusted value as argument (TAINTED_SCALAR) /src/dnsproxy.c: 1728 in forward_dns_reply() 1722 int dns_id, sk, err, offset = protocol_offset(protocol); 1723 1724 if (offset < 0) 1725 return offset; 1726 1727 hdr = (void *)(reply + offset); >>> CID 49133: Untrusted value as argument (TAINTED_SCALAR) >>> Performing a byte swapping operation on "reply" implies that it came >>> from an external source, and is therefore tainted. 1728 dns_id = reply[offset] | reply[offset + 1] << 8; 1729 1730 DBG("Received %d bytes (id 0x%04x)", reply_len, dns_id); 1731 1732 req = find_request(dns_id); 1733 if (!req) ________________________________________________________________________________________________________ *** CID 49134: Untrusted value as argument (TAINTED_SCALAR) /gdhcp/client.c: 230 in add_dhcpv6_binary_option() 224 /* option[0][1] contains option code */ 225 len = option[2] << 8 | option[3]; 226 227 if ((*params->ptr_buf + len + 2 + 2) > (params->buf + params->max_buf)) 228 return; 229 >>> CID 49134: Untrusted value as argument (TAINTED_SCALAR) >>> Passing tainted variable "len + 2 + 2" to a tainted sink. [Note: The >>> source code implementation of the function has been overridden by a builtin >>> model.] 230 memcpy(*params->ptr_buf, option, len + 2 + 2); 231 (*params->ptr_buf) += len + 2 + 2; 232 } 233 234 static void add_dhcpv6_send_options(GDHCPClient *dhcp_client, 235 unsigned char *buf, int max_buf, ________________________________________________________________________________________________________ *** CID 49135: Untrusted value as argument (TAINTED_SCALAR) /gdhcp/common.c: 262 in dhcpv6_add_binary_option() 256 257 /* end position + (option code/length + addopt length) */ 258 if (*pkt_len + len >= max_len) 259 /* option did not fit into the packet */ 260 return; 261 >>> CID 49135: Untrusted value as argument (TAINTED_SCALAR) >>> Passing tainted variable "len" to a tainted sink. [Note: The source >>> code implementation of the function has been overridden by a builtin model.] 262 memcpy(optionptr + *pkt_len, addopt, len); 263 *pkt_len += len; 264 } 265 266 static GDHCPOptionType check_option(uint8_t code, uint8_t data_len) 267 { ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/1709?tab=Overview To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py _______________________________________________ connman mailing list [email protected] https://lists.connman.net/mailman/listinfo/connman
