Coverity-updates archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

New Defects reported by Coverity Scan for NetBSD-i386-user



Hi,

Please find the latest report on new defect(s) introduced to NetBSD-i386-user found with Coverity Scan.

11 new defect(s) introduced to NetBSD-i386-user found with Coverity Scan.
22 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 11 of 11 defect(s)


** CID 483248:    (FORWARD_NULL)
/crypto/external/bsd/openssl/dist/apps/s_cb.c: 172 in verify_callback()
/crypto/external/bsd/openssl/dist/apps/s_cb.c: 178 in verify_callback()
/crypto/external/bsd/openssl/dist/apps/s_cb.c: 144 in verify_callback()


________________________________________________________________________________________________________
*** CID 483248:    (FORWARD_NULL)
/crypto/external/bsd/openssl/dist/apps/s_cb.c: 172 in verify_callback()
166                                0, XN_FLAG_ONELINE);
167             BIO_puts(bio_err, "\n");
168             break;
169         case X509_V_ERR_CERT_NOT_YET_VALID:
170         case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
171             BIO_printf(bio_err, "notBefore=");
>>>     CID 483248:    (FORWARD_NULL)
>>>     Dereferencing null pointer "err_cert".
172             ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert));
173             BIO_printf(bio_err, "\n");
174             break;
175         case X509_V_ERR_CERT_HAS_EXPIRED:
176         case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
177             BIO_printf(bio_err, "notAfter=");
/crypto/external/bsd/openssl/dist/apps/s_cb.c: 178 in verify_callback()
172             ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert));
173             BIO_printf(bio_err, "\n");
174             break;
175         case X509_V_ERR_CERT_HAS_EXPIRED:
176         case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
177             BIO_printf(bio_err, "notAfter=");
>>>     CID 483248:    (FORWARD_NULL)
>>>     Dereferencing null pointer "err_cert".
178             ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert));
179             BIO_printf(bio_err, "\n");
180             break;
181         case X509_V_ERR_NO_EXPLICIT_POLICY:
182             policies_print(bio_err, ctx);
183             break;
/crypto/external/bsd/openssl/dist/apps/s_cb.c: 144 in verify_callback()
138     
139         err_cert = X509_STORE_CTX_get_current_cert(ctx);
140         err = X509_STORE_CTX_get_error(ctx);
141         depth = X509_STORE_CTX_get_error_depth(ctx);
142     
143         BIO_printf(bio_err, "depth=%d ", depth);
>>>     CID 483248:    (FORWARD_NULL)
>>>     Comparing "err_cert" to null implies that "err_cert" might be null.
144         if (err_cert) {
145             X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
146                                0, XN_FLAG_ONELINE);
147             BIO_puts(bio_err, "\n");
148         } else
149             BIO_puts(bio_err, "<no cert>\n");

** CID 483257:  Resource leaks  (RESOURCE_LEAK)
/crypto/external/bsd/openssl/dist/apps/enc.c: 240 in enc_main()


________________________________________________________________________________________________________
*** CID 483257:  Resource leaks  (RESOURCE_LEAK)
/crypto/external/bsd/openssl/dist/apps/enc.c: 240 in enc_main()
234                     BIO_printf(bio_err, "unable to read key from '%s'\n", file);
235                     goto bad;
236                 }
237                 buf[0] = '\0';
238                 if (!fgets(buf, sizeof buf, infile)) {
239                     BIO_printf(bio_err, "unable to read key from '%s'\n", file);
>>>     CID 483257:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "infile" going out of scope leaks the storage it points to.
240                     goto bad;
241                 }
242                 fclose(infile);
243                 i = strlen(buf);
244                 if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
245                     buf[--i] = '\0';

** CID 1011262:  Error handling issues  (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/apps/apps.c: 1702 in rotate_serial()


________________________________________________________________________________________________________
*** CID 1011262:  Error handling issues  (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/apps/apps.c: 1702 in rotate_serial()
1696                    buf[0], serialfile);
1697     #endif
1698         if (rename(buf[0], serialfile) < 0) {
1699             BIO_printf(bio_err,
1700                        "unable to rename %s to %s\n", buf[0], serialfile);
1701             perror("reason");
>>>     CID 1011262:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "rename(buf[1], serialfile)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
1702             rename(buf[1], serialfile);
1703             goto err;
1704         }
1705         return 1;
1706      err:
1707         return 0;

** CID 1011263:    (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/apps/apps.c: 1952 in rotate_index()
/crypto/external/bsd/openssl/dist/apps/apps.c: 1966 in rotate_index()
/crypto/external/bsd/openssl/dist/apps/apps.c: 1977 in rotate_index()
/crypto/external/bsd/openssl/dist/apps/apps.c: 1975 in rotate_index()
/crypto/external/bsd/openssl/dist/apps/apps.c: 1965 in rotate_index()
/crypto/external/bsd/openssl/dist/apps/apps.c: 1976 in rotate_index()


________________________________________________________________________________________________________
*** CID 1011263:    (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/apps/apps.c: 1952 in rotate_index()
1946     #ifdef RL_DEBUG
1947         BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[0], dbfile);
1948     #endif
1949         if (rename(buf[0], dbfile) < 0) {
1950             BIO_printf(bio_err, "unable to rename %s to %s\n", buf[0], dbfile);
1951             perror("reason");
>>>     CID 1011263:    (CHECKED_RETURN)
>>>     Calling "rename(buf[1], dbfile)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
1952             rename(buf[1], dbfile);
1953             goto err;
1954         }
1955     #ifdef RL_DEBUG
1956         BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[4], buf[3]);
1957     #endif
/crypto/external/bsd/openssl/dist/apps/apps.c: 1966 in rotate_index()
1960             && errno != ENOTDIR
1961     #endif
1962             ) {
1963             BIO_printf(bio_err, "unable to rename %s to %s\n", buf[4], buf[3]);
1964             perror("reason");
1965             rename(dbfile, buf[0]);
>>>     CID 1011263:    (CHECKED_RETURN)
>>>     Calling "rename(buf[1], dbfile)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
1966             rename(buf[1], dbfile);
1967             goto err;
1968         }
1969     #ifdef RL_DEBUG
1970         BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[2], buf[4]);
1971     #endif
/crypto/external/bsd/openssl/dist/apps/apps.c: 1977 in rotate_index()
1971     #endif
1972         if (rename(buf[2], buf[4]) < 0) {
1973             BIO_printf(bio_err, "unable to rename %s to %s\n", buf[2], buf[4]);
1974             perror("reason");
1975             rename(buf[3], buf[4]);
1976             rename(dbfile, buf[0]);
>>>     CID 1011263:    (CHECKED_RETURN)
>>>     Calling "rename(buf[1], dbfile)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
1977             rename(buf[1], dbfile);
1978             goto err;
1979         }
1980         return 1;
1981      err:
1982         return 0;
/crypto/external/bsd/openssl/dist/apps/apps.c: 1975 in rotate_index()
1969     #ifdef RL_DEBUG
1970         BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[2], buf[4]);
1971     #endif
1972         if (rename(buf[2], buf[4]) < 0) {
1973             BIO_printf(bio_err, "unable to rename %s to %s\n", buf[2], buf[4]);
1974             perror("reason");
>>>     CID 1011263:    (CHECKED_RETURN)
>>>     Calling "rename(buf[3], buf[4])" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
1975             rename(buf[3], buf[4]);
1976             rename(dbfile, buf[0]);
1977             rename(buf[1], dbfile);
1978             goto err;
1979         }
1980         return 1;
/crypto/external/bsd/openssl/dist/apps/apps.c: 1965 in rotate_index()
1959     #ifdef ENOTDIR
1960             && errno != ENOTDIR
1961     #endif
1962             ) {
1963             BIO_printf(bio_err, "unable to rename %s to %s\n", buf[4], buf[3]);
1964             perror("reason");
>>>     CID 1011263:    (CHECKED_RETURN)
>>>     Calling "rename(dbfile, buf[0])" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
1965             rename(dbfile, buf[0]);
1966             rename(buf[1], dbfile);
1967             goto err;
1968         }
1969     #ifdef RL_DEBUG
1970         BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[2], buf[4]);
/crypto/external/bsd/openssl/dist/apps/apps.c: 1976 in rotate_index()
1970         BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[2], buf[4]);
1971     #endif
1972         if (rename(buf[2], buf[4]) < 0) {
1973             BIO_printf(bio_err, "unable to rename %s to %s\n", buf[2], buf[4]);
1974             perror("reason");
1975             rename(buf[3], buf[4]);
>>>     CID 1011263:    (CHECKED_RETURN)
>>>     Calling "rename(dbfile, buf[0])" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
1976             rename(dbfile, buf[0]);
1977             rename(buf[1], dbfile);
1978             goto err;
1979         }
1980         return 1;
1981      err:

** CID 1018138:  Control flow issues  (DEADCODE)
/external/cddl/osnet/dist/lib/libdtrace/common/drti.c: 161 in dtrace_dof_init()


________________________________________________________________________________________________________
*** CID 1018138:  Control flow issues  (DEADCODE)
/external/cddl/osnet/dist/lib/libdtrace/common/drti.c: 161 in dtrace_dof_init()
155     #endif
156     
157     	if (lmid == 0) {
158     		(void) snprintf(dh.dofhp_mod, sizeof (dh.dofhp_mod),
159     		    "%s", modname);
160     	} else {
>>>     CID 1018138:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "(void)snprintf(dh.dofhp_mod...".
161     		(void) snprintf(dh.dofhp_mod, sizeof (dh.dofhp_mod),
162     		    "LM%lu`%s", lmid, modname);
163     	}
164     
165     	if ((p = getenv("DTRACE_DOF_INIT_DEVNAME")) != NULL)
166     		devnamep = p;

** CID 1291620:  Control flow issues  (DEADCODE)
/crypto/external/bsd/openssl/dist/ssl/s23_clnt.c: 408 in ssl23_client_hello()


________________________________________________________________________________________________________
*** CID 1291620:  Control flow issues  (DEADCODE)
/crypto/external/bsd/openssl/dist/ssl/s23_clnt.c: 408 in ssl23_client_hello()
402                 return -1;
403             }
404     #endif
405             else if (version == SSL3_VERSION) {
406                 version_major = SSL3_VERSION_MAJOR;
407                 version_minor = SSL3_VERSION_MINOR;
>>>     CID 1291620:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "if (version == 2) {
  versi...".
408             } else if (version == SSL2_VERSION) {
409                 version_major = SSL2_VERSION_MAJOR;
410                 version_minor = SSL2_VERSION_MINOR;
411             } else {
412                 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE);
413                 return (-1);

** CID 1315713:  Error handling issues  (CHECKED_RETURN)
/sys/external/bsd/compiler_rt/dist/lib/profile/InstrProfilingUtil.c: 32 in __llvm_profile_recursive_mkdir()


________________________________________________________________________________________________________
*** CID 1315713:  Error handling issues  (CHECKED_RETURN)
/sys/external/bsd/compiler_rt/dist/lib/profile/InstrProfilingUtil.c: 32 in __llvm_profile_recursive_mkdir()
26       for (i = 1; path[i] != '\0'; ++i) {
27         if (path[i] != '/') continue;
28         path[i] = '\0';
29     #ifdef _WIN32
30         _mkdir(path);
31     #else
>>>     CID 1315713:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "mkdir(path, 493U)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
32         mkdir(path, 0755);  /* Some of these will fail, ignore it. */
33     #endif
34         path[i] = '/';
35       }

** CID 1355428:  Error handling issues  (CHECKED_RETURN)
/sys/external/bsd/compiler_rt/dist/lib/profile/GCDAProfiling.c: 490 in llvm_gcda_end_file()


________________________________________________________________________________________________________
*** CID 1355428:  Error handling issues  (CHECKED_RETURN)
/sys/external/bsd/compiler_rt/dist/lib/profile/GCDAProfiling.c: 490 in llvm_gcda_end_file()
484           free(write_buffer);
485         } else {
486           unmap_file();
487         }
488     
489         fclose(output_file);
>>>     CID 1355428:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "flock" without checking return value (as is done elsewhere 49 out of 56 times).
490         flock(fd, LOCK_UN);
491         output_file = NULL;
492         write_buffer = NULL;
493       }
494       free(filename);
495     

** CID 1355429:  Null pointer dereferences  (NULL_RETURNS)
/sys/net/npf/npf_rproc.c: 295 in npf_rproc_create()


________________________________________________________________________________________________________
*** CID 1355429:  Null pointer dereferences  (NULL_RETURNS)
/sys/net/npf/npf_rproc.c: 295 in npf_rproc_create()
289     
290     	if (!prop_dictionary_get_cstring_nocopy(rpdict, "name", &name)) {
291     		return NULL;
292     	}
293     
294     	rp = kmem_intr_zalloc(sizeof(npf_rproc_t), KM_SLEEP);
>>>     CID 1355429:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing a null pointer "rp".
295     	rp->rp_refcnt = 1;
296     
297     	strlcpy(rp->rp_name, name, RPROC_NAME_LEN);
298     	prop_dictionary_get_uint32(rpdict, "flags", &rp->rp_flags);
299     	return rp;
300     }

** CID 1355430:  Resource leaks  (RESOURCE_LEAK)
/usr.bin/netstat/vtw.c: 296 in show_vtw_v4()


________________________________________________________________________________________________________
*** CID 1355430:  Resource leaks  (RESOURCE_LEAK)
/usr.bin/netstat/vtw.c: 296 in show_vtw_v4()
290     		vtw_tcpv4[i].lim.v4 += delta;
291     		vtw_tcpv4[i].alloc.v4 += delta;
292     		vtw_tcpv4[i].fat = &fat_tcpv4;
293     
294     		if (vtw_tcpv4[i].oldest.v4)
295     			vtw_tcpv4[i].oldest.v4 += delta;
>>>     CID 1355430:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "ubase" going out of scope leaks the storage it points to.
296     	}
297     
298     	/* snarf/adjust fat_ctl */
299     
300     	base = fat_tcpv4.base;
301     	lim = fat_tcpv4.lim;

** CID 1355431:  Resource leaks  (RESOURCE_LEAK)
/usr.bin/netstat/vtw.c: 397 in show_vtw_v6()


________________________________________________________________________________________________________
*** CID 1355431:  Resource leaks  (RESOURCE_LEAK)
/usr.bin/netstat/vtw.c: 397 in show_vtw_v6()
391     		vtw_tcpv6[i].lim.v6 += delta;
392     		vtw_tcpv6[i].alloc.v6 += delta;
393     		vtw_tcpv6[i].fat = &fat_tcpv6;
394     
395     		if (vtw_tcpv6[i].oldest.v6)
396     			vtw_tcpv6[i].oldest.v6 += delta;
>>>     CID 1355431:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "ubase" going out of scope leaks the storage it points to.
397     	}
398     
399     	base = fat_tcpv6.base;
400     	lim = fat_tcpv6.lim;
401     
402     	if (!base || !lim)


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-i386-user?tab=overview

To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782



Home | Main Index | Thread Index | Old Index