Domagoj Babic wrote: > Hi, > > I've ran my static checker Calysto ( http://www.calysto.org/ ) on krb 5.1.6. > Here's the postprocessed report: > > + krb5-1.6/src/util/support/fake-addrinfo.c:1336 > krb5int_getaddrinfo is a function with external linkage, which calls > getaddrinfo (fake-addrinfo.c:1097), passing aip as the fourth parameter > (received as **result). Without checking whether result is NULL or not, > getaddrinfo passes it to system_getaddrinfo (which is actually > getaddrinfo in netdb.h). system_getaddrinfo can set result to NULL if > the system is out of memory. Code at > krb5-1.6/src/util/support/fake-addrinfo.c:1143 dereferences result, > without checking it. > > + krb5-1.6/src/util/support/gmt_mktime.c:54 krb5int_gmt_mktime is a > function with external linkage, dereferences parameter t without > checking it. > > + krb5-1.6/src/util/support/errors.c:155 same as above, for parameter > ep. > > + krb5-1.6/src/util/support/errors.c:77 same as above, same param. > > + krb5-1.6/src/util/support/errors.c:54 similar as above - function > krb5int_set_error calls krb5int_vset_error passing it ep pointer without > checking it, which then krb5int_vset_error dereferences. > > + krb5-1.6/src/util/support/plugins.c:647 pointer ptrs dereferenced > without being checked first. Function also has external linkage. > > + krb5-1.6/src/util/support/plugins.c:588 same as above. > > + krb5-1.6/src/util/support/plugins.c:528 same as above, for parameter > dirhandle. > > + krb5-1.6/src/util/support/plugins.c:428 same as above, for parameter > dirnames. > > + krb5-1.6/src/util/support/plugins.c:515, same as above, for parameter > dirhandle. > > + krb5-1.6/src/util/support/plugins.c:260, same, parameter h > > + krb5-1.6/src/util/support/plugins.c:189, same, param h > > + krb5-1.6/src/util/support/plugins.c:251, same, param ptr > > + krb5-1.6/src/util/support/plugins.c:230, same, param ptr > > + krb5-1.6/src/util/support/threads.c:651, same, param m > > + krb5-1.6/src/util/support/threads.c:646, same, param m > > + krb5-1.6/src/util/support/threads.c:637, same, param m > > + krb5-1.6/src/util/support/threads.c:631, same, param m > > Note: Calysto reports warnings about unchecked dereferenced parameters > only if a function F: > 1) has external linkage, > 2) parameter is dereferenced in F or any function called by F, > 3) there is a feasible path from the entry block of F to the statement > that dereferences the pointer, and > 4) F is not called from any other function - in that case, Calysto has no > context information about the parameters, and has to consider them to > be undefined. > > None of the functions mentioned above seem to be called from any > other function in the compiled binary (compiled with llvm-gcc > http://llvm.org/ ), although in the source I see that some are called > from the code that didn't end up in the binary for some reason. > Hence, Calysto assumes that those functions are library-like functions. > > > I'd appreciate if you could let me know whether you consider these to > be bugs or not and why. > > > Besides these reports, there seem to be no other unckecked dereferences > in krb, which certainly says a lot about the code quality - other open source > projects I've checked so far have a larger number of non-trivial NULL ptr > dereferences. >
If you see such things in NTP we'd be glad to know about it. Danny > Kind regards, > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
