New Defects reported by Coverity Scan for NetBSD-amd64-user

[scan-admin%coverity.com@localhost]

Hi,

Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.

3 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
10 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 1309355:  Error handling issues  (CHECKED_RETURN)


________________________________________________________________________________________________________
*** CID 1309355:  Error handling issues  (CHECKED_RETURN)
/crypto/external/bsd/openssh/dist/auth2-pubkey.c: 477 in subprocess()
471     		/* Keep stderr around a while longer to catch errors */
472     		if (dup2(devnull, STDIN_FILENO) == -1 ||
473     		    dup2(p[1], STDOUT_FILENO) == -1) {
474     			error("%s: dup2: %s", tag, strerror(errno));
475     			_exit(1);
476     		}
>>>     CID 1309355:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "closefrom(3)" without checking return value. It wraps a library function that may fail and return an error code.
477     		closefrom(STDERR_FILENO + 1);
478     
479     		/* Don't use permanently_set_uid() here to avoid fatal() */
480     		if (setgid(pw->pw_gid) == -1) {
481     			error("setgid %u: %s", (u_int)pw->pw_gid,
482     			    strerror(errno));

** CID 1309356:  Memory - illegal accesses  (STRING_NULL)
/lib/librt/shm.c: 93 in _shm_check_fs()


________________________________________________________________________________________________________
*** CID 1309356:  Memory - illegal accesses  (STRING_NULL)
/lib/librt/shm.c: 93 in _shm_check_fs()
87     	}
88     	if ((st.st_mode & SHMFS_DIR_MODE) != SHMFS_DIR_MODE) {
89     		return false;
90     	}
91     
92     	if (shmfs == buf) {
>>>     CID 1309356:  Memory - illegal accesses  (STRING_NULL)
>>>     Passing unterminated string "buf" to "strcpy", which expects a null-terminated string.
93     		strcpy(_shmfs_path_buf, buf);
94     		_shmfs_path = _shmfs_path_buf;
95     	} else {
96     		_shmfs_path = shmfs;
97     	}
98     	return true;

** CID 1309357:  Security best practices violations  (TOCTOU)
/crypto/external/bsd/openssh/dist/auth2-pubkey.c: 496 in subprocess()


________________________________________________________________________________________________________
*** CID 1309357:  Security best practices violations  (TOCTOU)
/crypto/external/bsd/openssh/dist/auth2-pubkey.c: 496 in subprocess()
490     		/* stdin is pointed to /dev/null at this point */
491     		if (dup2(STDIN_FILENO, STDERR_FILENO) == -1) {
492     			error("%s: dup2: %s", tag, strerror(errno));
493     			_exit(1);
494     		}
495     
>>>     CID 1309357:  Security best practices violations  (TOCTOU)
>>>     Calling function "execve" that uses "av[0]" after a check function. This can cause a time-of-check, time-of-use race condition.
496     		execve(av[0], av, child_env);
497     		error("%s exec \"%s\": %s", tag, command, strerror(errno));
498     		_exit(127);
499     	default: /* parent */
500     		break;
501     	}


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/1449?tab=overview

To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782