Can anyone enlighten me as to why I can't find half of these defects in
the coverity dashboard? None of the reported defects in the test cases
seem to exist any more (and I'm fairly sure we didn't fix them).
Actually I didn't think we scanned the tests at all, so I'm a little
confused.

Matt



-------- Forwarded Message --------
Subject: New Defects reported by Coverity Scan for openssl/openssl
Date: Sun, 15 Apr 2018 07:51:06 +0000 (UTC)
From: scan-ad...@coverity.com
To: m...@openssl.org

Hi,

Please find the latest report on new defect(s) introduced to
openssl/openssl found with Coverity Scan.

5 new defect(s) introduced to openssl/openssl found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 1434551:  Code maintainability issues  (SIZEOF_MISMATCH)
/test/sslapitest.c: 3831 in create_new_vfile()


________________________________________________________________________________________________________
*** CID 1434551:  Code maintainability issues  (SIZEOF_MISMATCH)
/test/sslapitest.c: 3831 in create_new_vfile()
3825         return ret;
3826     }
3827     3828     static int create_new_vfile(char *userid, char
*password, const char *filename)
3829     {
3830         char *gNid = NULL;
>>>     CID 1434551:  Code maintainability issues  (SIZEOF_MISMATCH)
>>>     Passing argument "56UL /* sizeof (row) * (6 + 1) */" to function 
>>> "CRYPTO_zalloc" and then casting the return value to "OPENSSL_STRING *" is 
>>> suspicious.  In this particular case "sizeof (OPENSSL_STRING *)" happens to 
>>> be equal to "sizeof (OPENSSL_STRING)", but this is not a portable 
>>> assumption.
3831         OPENSSL_STRING *row = OPENSSL_zalloc(sizeof(row) *
(DB_NUMBER + 1));
3832         TXT_DB *db = NULL;
3833         int ret = 0;
3834         BIO *out = NULL, *dummy = BIO_new_mem_buf("", 0);
3835         size_t i;
3836
** CID 1434550:    (RESOURCE_LEAK)
/crypto/srp/srp_vfy.c: 73 in t_fromb64()
/crypto/srp/srp_vfy.c: 97 in t_fromb64()


________________________________________________________________________________________________________
*** CID 1434550:    (RESOURCE_LEAK)
/crypto/srp/srp_vfy.c: 73 in t_fromb64()
67          *  2 bytes unencoded = 3 bytes encoded
68          *  3 bytes unencoded = 4 bytes encoded
69          *  4 bytes unencoded = 6 bytes encoded
70          *  etc
71          */
72         if (padsize == 3)
>>>     CID 1434550:    (RESOURCE_LEAK)
>>>     Variable "ctx" going out of scope leaks the storage it points to.
73             return -1;
74     75         /* Valid padsize values are now 0, 1 or 2 */
76     77         EVP_DecodeInit(ctx);
78         evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_USE_SRP_ALPHABET);
/crypto/srp/srp_vfy.c: 97 in t_fromb64()
91         EVP_DecodeFinal(ctx, a + outl, &outl2);
92         outl += outl2;
93     94         /* Strip off the leading padding */
95         if (padsize != 0) {
96             if ((int)padsize >= outl)
>>>     CID 1434550:    (RESOURCE_LEAK)
>>>     Variable "ctx" going out of scope leaks the storage it points to.
97                 return -1;
98             /*
99              * If we added 1 byte of padding prior to encoding then
we have 2 bytes
100              * of "real" data which gets spread across 4 encoded
bytes like this:
101              *   (6 bits pad)(2 bits pad | 4 bits data)(6 bits
data)(6 bits data)
102              * So 1 byte of pre-encoding padding results in 1 full
byte of encoded

** CID 1434549:  Error handling issues  (CHECKED_RETURN)
/test/evp_test.c: 1553 in encode_test_run()


________________________________________________________________________________________________________
*** CID 1434549:  Error handling issues  (CHECKED_RETURN)
/test/evp_test.c: 1553 in encode_test_run()
1547             if (!TEST_ptr(encode_ctx = EVP_ENCODE_CTX_new())
1548                     || !TEST_ptr(encode_out =
1549
OPENSSL_malloc(EVP_ENCODE_LENGTH(expected->input_len))))
1550                 goto err;
1551     1552             EVP_EncodeInit(encode_ctx);
>>>     CID 1434549:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "EVP_EncodeUpdate" without checking return value (as is done 
>>> elsewhere 4 out of 5 times).
1553             EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len,
1554                              expected->input, expected->input_len);
1555             output_len = chunk_len;
1556     1557             EVP_EncodeFinal(encode_ctx, encode_out +
chunk_len, &chunk_len);
1558             output_len += chunk_len;

** CID 1434548:  Error handling issues  (CHECKED_RETURN)
/test/drbgtest.c: 800 in run_multi_thread_test()


________________________________________________________________________________________________________
*** CID 1434548:  Error handling issues  (CHECKED_RETURN)
/test/drbgtest.c: 800 in run_multi_thread_test()
794         private = RAND_DRBG_get0_private();
795         RAND_DRBG_set_reseed_time_interval(public, 1);
796         RAND_DRBG_set_reseed_time_interval(private, 1);
797     798         do {
799             RAND_bytes(buf, sizeof(buf));
>>>     CID 1434548:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "RAND_priv_bytes" without checking return value (as is done 
>>> elsewhere 16 out of 18 times).
800             RAND_priv_bytes(buf, sizeof(buf));
801         }
802         while(time(NULL) - start < 5);
803     }
804     805     # if defined(OPENSSL_SYS_WINDOWS)

** CID 1420020:  Error handling issues  (CHECKED_RETURN)
/crypto/rand/drbg_lib.c: 872 in drbg_setup()


________________________________________________________________________________________________________
*** CID 1420020:  Error handling issues  (CHECKED_RETURN)
/crypto/rand/drbg_lib.c: 872 in drbg_setup()
866         /*
867          * Ignore instantiation error so support just-in-time
instantiation.
868          *
869          * The state of the drbg will be checked in
RAND_DRBG_generate() and
870          * an automatic recovery is attempted.
871          */
>>>     CID 1420020:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "RAND_DRBG_instantiate" without checking return value (as is 
>>> done elsewhere 12 out of 15 times).
872         RAND_DRBG_instantiate(drbg,
873                               (const unsigned char *) ossl_pers_string,
874                               sizeof(ossl_pers_string) - 1);
875         return drbg;
876     877     err:


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUE4H-2Fm-2BeoDOl8jw7bf4Z78hw-3D-3D_jrN6Mkpcg292t2HUi6j2dOVH2S6heGK5ZBOjbNfqPH352dQ5xl0pmJRAY1ip5LVafcjoehH47QcmnVMVCHS75-2Ffv-2B94fTDmxchItGwcKtjA-2BglyL1TseBRnNUMhRjRykmFEkv8zDqkoLWEz-2BDl-2BBvfjUa-2BIbV1PG73z2fX3eGyKo-2FakWQ9j6MYAOjEEj-2BsmLXZo1rKLb3gaoucm4fJc-2FHQ-3D-3D

  To manage Coverity Scan email notifications for "m...@openssl.org",
click
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4XSSb7qvu4FGGtzK9WuNy1Lsp-2BrdaVsnhVj6c7TxZVrqIhf5NIcqyR2fY4BU0Ynocxg3sT5sVvEU3dzDXH7yZ8-2B3X-2BdloVx0HAWCGstNd5pk-3D_jrN6Mkpcg292t2HUi6j2dOVH2S6heGK5ZBOjbNfqPH352dQ5xl0pmJRAY1ip5LVaVaWmJmxMmT9A4rVYbckAU8jCnfVpDJqTWh7nUQks-2B649caFtImdjTQSntJYbRcLOQVS7nByix-2FIyHIS5piFXlYFU2c-2B3EVLKT1nlqloFoR24XYbeGsz9a0RKTdAUfY5uTegMqMm2s0pXbOLbDll9hw-3D-3D

_______________________________________________
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

Reply via email to