[Swan-dev] New Defects reported by Coverity Scan for antonyantony/libreswan

Tue, 22 Dec 2020 07:12:46 -0800 

Hi,

Please find the latest report on new defect(s) introduced to 
antonyantony/libreswan found with Coverity Scan.

5 new defect(s) introduced to antonyantony/libreswan found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent 
build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 1500384:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/programs/pluto/ikev1_quick.c: 794 in quick_outI1_continue_tail()


________________________________________________________________________________________________________
*** CID 1500384:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/programs/pluto/ikev1_quick.c: 794 in quick_outI1_continue_tail()
788             /* SA out */
789     
790             /* Emit SA payload based on a subset of the policy bits.
791              * POLICY_COMPRESS is considered iff we can do IPcomp.
792              */
793             {
>>>     CID 1500384:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
>>>     "(96UL /* ((lset_t)1 << POLICY_ENCRYPT_IX) | ((lset_t)1 << 
>>> POLICY_AUTHENTICATE_IX) */) | can_do_IPcomp" is always true regardless of 
>>> the values of its operands. This occurs as the logical first operand of 
>>> "?:".
794                     lset_t pm = st->st_policy & (POLICY_ENCRYPT |
795                                                  POLICY_AUTHENTICATE |
796                                                  can_do_IPcomp ? 
POLICY_COMPRESS : 0);
797                     dbg("emitting quick defaults using policy %s",
798                          bitnamesof(sa_policy_bit_names, pm));
799     

** CID 1500383:  Code maintainability issues  (SIZEOF_MISMATCH)
/programs/pluto/ikev1_spdb_struct.c: 2388 in parse_ipsec_transform()


________________________________________________________________________________________________________
*** CID 1500383:  Code maintainability issues  (SIZEOF_MISMATCH)
/programs/pluto/ikev1_spdb_struct.c: 2388 in parse_ipsec_transform()
2382            lset_t seen_attrs = LEMPTY,
2383                   seen_durations = LEMPTY;
2384            bool seen_secctx_attr = FALSE;
2385            uint16_t life_type = 0; /* initialized to silence GCC */
2386            const struct dh_desc *pfs_group = NULL;
2387     
>>>     CID 1500383:  Code maintainability issues  (SIZEOF_MISMATCH)
>>>     Passing argument "trans" of type "struct isakmp_transform *" and 
>>> argument "8UL /* sizeof (trans) */" to function "pbs_in_struct" is 
>>> suspicious. In this case, "sizeof (struct isakmp_transform *)" is equal to 
>>> "sizeof (struct isakmp_transform)", but this is not a portable assumption.
2388            diag_t d = pbs_in_struct(prop_pbs, trans_desc, trans, 
sizeof(trans), trans_pbs);
2389            if (d != NULL) {
2390                    log_diag(RC_LOG, st->st_logger, &d, "%s", "");
2391                    return false;
2392            }
2393     

** CID 1500382:  Insecure data handling  (TAINTED_SCALAR)
/programs/_import_crl/_import_crl.c: 104 in main()


________________________________________________________________________________________________________
*** CID 1500382:  Insecure data handling  (TAINTED_SCALAR)
/programs/_import_crl/_import_crl.c: 104 in main()
98      if (buf == NULL)
99              exit(-1);
100     
101             ssize_t tlen = len;
102             uint8_t *tbuf = buf;
103     
>>>     CID 1500382:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted variable "len" to a tainted sink. [Note: The source 
>>> code implementation of the function has been overridden by a builtin model.]
104             while (tlen != 0 && (rd = read(STDIN_FILENO, buf, len)) != 0) {
105                     if (rd == -1) {
106                             if (errno == EINTR)
107                                     continue;
108                             exit(-1);
109                     }

** CID 1500381:  Control flow issues  (DEADCODE)
/programs/pluto/connections.c: 140 in conn_by_serialno()


________________________________________________________________________________________________________
*** CID 1500381:  Control flow issues  (DEADCODE)
/programs/pluto/connections.c: 140 in conn_by_serialno()
134     
135     struct connection *conn_by_serialno(co_serial_t serialno)
136     {
137             dbg("FOR_EACH_CONNECTION_... in %s", __func__);
138             for (struct connection *d = connections; d != NULL; ) {
139                     if (d == NULL)
>>>     CID 1500381:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "return NULL;".
140                             return NULL;
141                     if (co_serial_cmp(d->serialno, ==, serialno))
142                             return d;
143                     d = d->ac_next;
144             }
145             return NULL; /* unreachable */

** CID 1491626:  Control flow issues  (DEADCODE)
/programs/pluto/timer.c: 323 in timer_event_cb()


________________________________________________________________________________________________________
*** CID 1491626:  Control flow issues  (DEADCODE)
/programs/pluto/timer.c: 323 in timer_event_cb()
317                     } else if (!IS_IKE_SA_ESTABLISHED(st)) {
318                             /* not very interesting: failed IKE attempt */
319                             dbg("un-established partial CHILD SA timeout 
(%s)",
320                                 type == EVENT_SA_EXPIRE ? "SA expired" : 
"Responder timeout");
321                             pstat_sa_failed(st, REASON_EXCHANGE_TIMEOUT);
322                     } else {
>>>     CID 1491626:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach the expression ""Responder timeout"" inside this 
>>> statement: "log_state(RC_LOG, st, "%s %...".
323                             log_state(RC_LOG, st, "%s %s (%s)", satype,
324                                           type == EVENT_SA_EXPIRE ? "SA 
expired" : "Responder timeout",
325                                           (c->policy & POLICY_DONT_REKEY) ?
326                                           "--dontrekey" : "LATEST!");
327                     }
328     


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, 
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq8aBKViEpsZ9KPFMeJd7kKMDjyzu82COVFw1h1aYx-2FtFrefiPxkohPqZgI7DsTRPR5L954NuJuE0J6c4ee-2B5kYEDOf_Cir5ZFqEb-2Fpy-2FZDdTxjwNXxDWd37ZfwlkdBT1REyQ38bQ6vV3dYFaBkEIIup-2Bngsg0gXlywB3-2BG9HQ4k2CtrbwCglYCqOhvqcDvp74RWCJnzYLsuNOZRgev-2FNFzwOHmK41zcFG6IyoRqLi-2Bn9hiXqWhrfZ3-2B4RZV9MGSEq79-2FJgJhdPNGx6B5Mh9mcY18WgEeGLl4bK8XCBjK0zDp-2B8JCGCsvtFSt8lkQCgo2wNIzDw-3D

  To manage Coverity Scan email notifications for 
"[email protected]", click 
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxUzCfl-2FUi6sRJtnGH1-2FWXEIl9xkb2JliKiAkqgdujeIgWYvUCIHO1g-2Ba8I-2B0nANYHmrw9-2B13a9hJ7YOPZRdlHcEQfoMvDvjqsfrRNzFQ8lscduvXP5RLkPig71dIKudxiSNSF_Cir5ZFqEb-2Fpy-2FZDdTxjwNXxDWd37ZfwlkdBT1REyQ38bQ6vV3dYFaBkEIIup-2Bngsg0gXlywB3-2BG9HQ4k2Ctrb31IvxcBgROpTy2bUMlenJKjCNwCG0EsmbasVjAWPP9qJWJ54XMnvxrIsKsX5KwrmkLxma5AB11-2FNwgflKhSL7ZX2M4wRK2BQJmUSITZRjTKcBUJRRk6SWWLLNRH3tfo8x4mJUE1sYf09QIdpp4sbVg-3D

_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev

Reply via email to