All, Ran coverity against our 0.6.0 Beta 1. Follow the link
https://scan.coverity.com/projects/apache-qpid-dispatch-router?tab=overview And hit the View Defects button to open the code browser. If you'd like to fix a defect, please assign it to yourself first so we don't duplicate effort. You can do this by: 1) click on the one line defect description in the upper window, that will open a sidebar for that issue. 2) In the sidebar set the owner to yourself (email) and enter the JIRA you've created (you did create a Jira, right?) in the Ex.Reference box. 3) click 'apply' If you don't have an account on the dispatch coverity project, create one and request membership in the dispatch project. I use my github account as the credential proxy for example. thanks -K ----- Forwarded Message ----- > From: [email protected] > To: [email protected] > Sent: Wednesday, April 6, 2016 10:10:31 AM > Subject: New Defects reported by Coverity Scan for Apache Qpid dispatch-router > > > Hi, > > Please find the latest report on new defect(s) introduced to Apache Qpid > dispatch-router found with Coverity Scan. > > 5 new defect(s) introduced to Apache Qpid dispatch-router found with Coverity > Scan. > 16 defect(s), reported by Coverity Scan earlier, were marked fixed in the > recent build analyzed by Coverity Scan. > > New defect(s) Reported-by: Coverity Scan > Showing 5 of 5 defect(s) > > > ** CID 124882: Uninitialized variables (UNINIT) > /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 292 in > qd_transport_get_user() > > > ________________________________________________________________________________________________________ > *** CID 124882: Uninitialized variables (UNINIT) > /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 292 in > qd_transport_get_user() > 286 if(*user_id != '\0') > 287 strcat(user_id, COMPONENT_SEPARATOR); > 288 strcat(user_id, (char *) common_name); > 289 } > 290 } > 291 else if (components[x] == CERT_FINGERPRINT_SHA1 || > components[x] == CERT_FINGERPRINT_SHA256 || components[x] == > CERT_FINGERPRINT_SHA512) { > >>> CID 124882: Uninitialized variables (UNINIT) > >>> Using uninitialized element of array "fingerprint" when calling > >>> "strlen". > 292 if (strlen((char *) fingerprint) > 0) { > 293 if(*user_id != '\0') > 294 strcat(user_id, COMPONENT_SEPARATOR); > 295 strcat(user_id, (char *) fingerprint); > 296 } > 297 } > > ** CID 124881: Security best practices violations (STRING_OVERFLOW) > /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 148 in > qd_transport_get_user() > > > ________________________________________________________________________________________________________ > *** CID 124881: Security best practices violations (STRING_OVERFLOW) > /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 148 in > qd_transport_get_user() > 142 // The tokens in the uidFormat strings are delimited by > comma. Load the individual components of the uidFormat > 143 // into the components[] array. The maximum number of > components that are allowed are 7 namely, c, s, l, o, u, n, (1 or 2 or 5) > 144 // > 145 char components[7]; > 146 > 147 //The strcpy() function copies the string pointed to by src, > including the terminating null byte ('\0'), to the buffer pointed to by > dest. > >>> CID 124881: Security best practices violations (STRING_OVERFLOW) > >>> You might overrun the 7 byte fixed-size string "components" by > >>> copying "config->ssl_uid_format" without checking the length. > 148 strcpy(components, config->ssl_uid_format); > 149 > 150 const char *country_code = 0; > 151 const char *state = 0; > 152 const char *locality_city = 0; > 153 const char *organization = 0; > > ** CID 124880: Null pointer dereferences (FORWARD_NULL) > /home/kgiusti/work/dispatch/qpid-dispatch/src/router_node.c: 57 in > qd_router_connection_get_config() > > > ________________________________________________________________________________________________________ > *** CID 124880: Null pointer dereferences (FORWARD_NULL) > /home/kgiusti/work/dispatch/qpid-dispatch/src/router_node.c: 57 in > qd_router_connection_get_config() > 51 if (conn) { > 52 const qd_server_config_t *cf = qd_connection_config(conn); > 53 > 54 *strip_annotations_in = cf ? cf->strip_inbound_annotations : > false; > 55 *strip_annotations_out = cf ? cf->strip_outbound_annotations : > false; > 56 > >>> CID 124880: Null pointer dereferences (FORWARD_NULL) > >>> Dereferencing null pointer "cf". > 57 *link_capacity = cf->link_capacity; > 58 > 59 if (cf && strcmp(cf->role, router_role) == 0) { > 60 *strip_annotations_in = false; > 61 *strip_annotations_out = false; > 62 *role = QDR_ROLE_INTER_ROUTER; > > ** CID 124879: Memory - corruptions (BAD_ALLOC_STRLEN) > /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/forwarder.c: 507 in > qdr_forward_link_balanced_CT() > > > ________________________________________________________________________________________________________ > *** CID 124879: Memory - corruptions (BAD_ALLOC_STRLEN) > /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/forwarder.c: 507 in > qdr_forward_link_balanced_CT() > 501 out_link->conn = conn; > 502 out_link->link_type = QD_LINK_ENDPOINT; > 503 out_link->link_direction = qdr_link_direction(in_link) == > QD_OUTGOING ? QD_INCOMING : QD_OUTGOING; > 504 out_link->admin_enabled = true; > 505 out_link->oper_status = QDR_LINK_OPER_DOWN; > 506 > >>> CID 124879: Memory - corruptions (BAD_ALLOC_STRLEN) > >>> Using "strlen(in_link->name + 1)" instead of "strlen(in_link->name) + > >>> 1" as an argument to "malloc" might be an under-allocation. > 507 out_link->name = (char*) malloc(strlen(in_link->name + 1)); > 508 strcpy(out_link->name, in_link->name); > 509 > 510 out_link->connected_link = in_link; > 511 in_link->connected_link = out_link; > 512 > > ** CID 107322: Error handling issues (CHECKED_RETURN) > /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 371 in > qd_entity_refresh_connection() > > > ________________________________________________________________________________________________________ > *** CID 107322: Error handling issues (CHECKED_RETURN) > /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 371 in > qd_entity_refresh_connection() > 365 char proto[SSL_ATTR_SIZE]; > 366 char cipher[SSL_ATTR_SIZE]; > 367 pn_ssl_get_protocol_name(ssl, proto, SSL_ATTR_SIZE); > 368 pn_ssl_get_cipher_name(ssl, cipher, SSL_ATTR_SIZE); > 369 qd_entity_set_string(entity, "sslProto", proto); > 370 qd_entity_set_string(entity, "sslCipher", cipher); > >>> CID 107322: Error handling issues (CHECKED_RETURN) > >>> Calling "qd_entity_set_long" without checking return value (as is > >>> done elsewhere 4 out of 5 times). > 371 qd_entity_set_long(entity, "sslSsf", > pn_ssl_get_ssf(ssl)); > 372 } > 373 return QD_ERROR_NONE; > 374 } > 375 return qd_error_code(); > 376 } > > > ________________________________________________________________________________________________________ > To view the defects in Coverity Scan visit, > https://scan.coverity.com/projects/apache-qpid-dispatch-router?tab=overview > > To manage Coverity Scan email notifications for "[email protected]", click > https://scan.coverity.com/subscriptions/edit?email=kgiusti%40apache.org&token=16b65ac031594e561db4ad332deac52b > > -- -K --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
