New Defects reported by Coverity Scan for NetBSD-amd64-user

To: coverity-updates%netbsd.org@localhost
Subject: New Defects reported by Coverity Scan for NetBSD-amd64-user
From: scan-admin%coverity.com@localhost
Date: Tue, 07 Jun 2016 06:39:09 -0700

Hi,

Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.

2 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 745503:  Security best practices violations  (TOCTOU)
/crypto/external/bsd/openssh/dist/scp.c: 1094 in sink()


________________________________________________________________________________________________________
*** CID 745503:  Security best practices violations  (TOCTOU)
/crypto/external/bsd/openssh/dist/scp.c: 1094 in sink()
1088     				(void) chmod(vect[0], mode);
1089     			free(vect[0]);
1090     			continue;
1091     		}
1092     		omode = mode;
1093     		mode |= S_IWUSR;
>>>     CID 745503:  Security best practices violations  (TOCTOU)
>>>     Calling function "open" that uses "np" after a check function. This can cause a time-of-check, time-of-use race condition.
1094     		if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) {
1095     bad:			run_err("%s: %s", np, strerror(errno));
1096     			continue;
1097     		}
1098     		(void) atomicio(vwrite, remout, empty, 1);
1099     		if ((bp = allocbuf(&buffer, ofd, COPY_BUFLEN)) == NULL) {

** CID 1362564:  Resource leaks  (RESOURCE_LEAK)
/usr.bin/make/meta.c: 436 in meta_needed()


________________________________________________________________________________________________________
*** CID 1362564:  Resource leaks  (RESOURCE_LEAK)
/usr.bin/make/meta.c: 436 in meta_needed()
430     	    fprintf(debug_file, "Skipping meta for %s: no .OBJDIR\n",
431     		    gn->name);
432     	return FALSE;
433         }
434     
435         /* make sure these are canonical */
>>>     CID 1362564:  Resource leaks  (RESOURCE_LEAK)
>>>     Failing to save or free storage allocated by "cached_realpath(dname, objdir)" leaks it.
436         if (cached_realpath(dname, objdir))
437     	dname = objdir;
438     
439         /* If we aren't in the object directory, don't create a meta file. */
440         if (!metaCurdirOk && strcmp(curdir, dname) == 0) {
441     	if (verbose)


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-amd64-user?tab=overview

To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782

Prev by Date: New Defects reported by Coverity Scan for NetBSD-amd64-kernel
Next by Date: New Defects reported by Coverity Scan for NetBSD-i386-kernel
Previous by Thread: New Defects reported by Coverity Scan for NetBSD-amd64-user
Next by Thread: New Defects reported by Coverity Scan for NetBSD-amd64-user
Indexes:

Home | Main Index | Thread Index | Old Index