Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
17 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
28 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 17 of 17 defect(s)
** CID 483285: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/engines/ccgost/gost2001_keyx.c: 45 in VKO_compute_key()
________________________________________________________________________________________________________
*** CID 483285: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/engines/ccgost/gost2001_keyx.c: 45 in VKO_compute_key()
39 p = BN_CTX_get(ctx);
40 order = BN_CTX_get(ctx);
41 X = BN_CTX_get(ctx);
42 Y = BN_CTX_get(ctx);
43 EC_GROUP_get_order(EC_KEY_get0_group(priv_key), order, ctx);
44 BN_mod_mul(p, key, UKM, order, ctx);
>>> CID 483285: Error handling issues (CHECKED_RETURN)
>>> Calling "EC_POINT_mul" without checking return value (as is done elsewhere 20 out of 21 times).
45 EC_POINT_mul(EC_KEY_get0_group(priv_key), pnt, NULL, pub_key, p, ctx);
46 EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(priv_key),
47 pnt, X, Y, ctx);
48 /*
49 * Serialize elliptic curve point same way as we do it when saving key
50 */
** CID 483290: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/engines/ccgost/gost_sign.c: 86 in gost_do_sign()
________________________________________________________________________________________________________
*** CID 483290: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/engines/ccgost/gost_sign.c: 86 in gost_do_sign()
80 }
81 do {
82 do {
83 /*
84 * Generate random number k less than q
85 */
>>> CID 483290: Error handling issues (CHECKED_RETURN)
>>> Calling "BN_rand_range" without checking return value (as is done elsewhere 9 out of 11 times).
86 BN_rand_range(k, dsa->q);
87 /* generate r = (a^x mod p) mod q */
88 BN_mod_exp(tmp, dsa->g, k, dsa->p, ctx);
89 if (!(newsig->r)) {
90 newsig->r = BN_new();
91 if(!newsig->r) {
** CID 1201485: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/engines/ccgost/gost_ameth.c: 737 in pub_encode_gost01()
________________________________________________________________________________________________________
*** CID 1201485: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/engines/ccgost/gost_ameth.c: 737 in pub_encode_gost01()
731 if (pk->save_parameters) {
732 ASN1_STRING *params = encode_gost_algor_params(pk);
733 pval = params;
734 ptype = V_ASN1_SEQUENCE;
735 }
736 order = BN_new();
>>> CID 1201485: Error handling issues (CHECKED_RETURN)
>>> Calling "EC_GROUP_get_order" without checking return value (as is done elsewhere 21 out of 23 times).
737 EC_GROUP_get_order(EC_KEY_get0_group(ec), order, NULL);
738 pub_key = EC_KEY_get0_public_key(ec);
739 if (!pub_key) {
740 GOSTerr(GOST_F_PUB_ENCODE_GOST01, GOST_R_PUBLIC_KEY_UNDEFINED);
741 return 0;
742 }
** CID 1201530: (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/engines/ccgost/gost_sign.c: 77 in gost_do_sign()
/crypto/external/bsd/openssl/dist/engines/ccgost/gost_sign.c: 96 in gost_do_sign()
________________________________________________________________________________________________________
*** CID 1201530: (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/engines/ccgost/gost_sign.c: 77 in gost_do_sign()
71 k = BN_CTX_get(ctx);
72 tmp2 = BN_CTX_get(ctx);
73 if(!tmp || !k || !tmp2) {
74 GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
75 goto err;
76 }
>>> CID 1201530: (CHECKED_RETURN)
>>> Calling "BN_div" without checking return value (as is done elsewhere 32 out of 37 times).
77 BN_mod(tmp, md, dsa->q, ctx);
78 if (BN_is_zero(tmp)) {
79 BN_one(md);
80 }
81 do {
82 do {
/crypto/external/bsd/openssl/dist/engines/ccgost/gost_sign.c: 96 in gost_do_sign()
90 newsig->r = BN_new();
91 if(!newsig->r) {
92 GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
93 goto err;
94 }
95 }
>>> CID 1201530: (CHECKED_RETURN)
>>> Calling "BN_div" without checking return value (as is done elsewhere 32 out of 37 times).
96 BN_mod(newsig->r, tmp, dsa->q, ctx);
97 }
98 while (BN_is_zero(newsig->r));
99 /* generate s = (xr + k(Hm)) mod q */
100 BN_mod_mul(tmp, dsa->priv_key, newsig->r, dsa->q, ctx);
101 BN_mod_mul(tmp2, k, md, dsa->q, ctx);
** CID 1201532: (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/engines/ccgost/gost_sign.c: 196 in gost_do_verify()
/crypto/external/bsd/openssl/dist/engines/ccgost/gost_sign.c: 209 in gost_do_verify()
________________________________________________________________________________________________________
*** CID 1201532: (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/engines/ccgost/gost_sign.c: 196 in gost_do_verify()
190 u = BN_CTX_get(ctx);
191 if(!tmp || !v || !q2 || !z1 || !z2 || !tmp2 || !tmp3 || !u) {
192 GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
193 goto err;
194 }
195
>>> CID 1201532: (CHECKED_RETURN)
>>> Calling "BN_div" without checking return value (as is done elsewhere 32 out of 37 times).
196 BN_mod(tmp, md, dsa->q, ctx);
197 if (BN_is_zero(tmp)) {
198 BN_one(md);
199 }
200 BN_copy(q2, dsa->q);
201 BN_sub_word(q2, 2);
/crypto/external/bsd/openssl/dist/engines/ccgost/gost_sign.c: 209 in gost_do_verify()
203 BN_mod_mul(z1, sig->s, v, dsa->q, ctx);
204 BN_sub(tmp, dsa->q, sig->r);
205 BN_mod_mul(z2, tmp, v, dsa->p, ctx);
206 BN_mod_exp(tmp, dsa->g, z1, dsa->p, ctx);
207 BN_mod_exp(tmp2, dsa->pub_key, z2, dsa->p, ctx);
208 BN_mod_mul(tmp3, tmp, tmp2, dsa->p, ctx);
>>> CID 1201532: (CHECKED_RETURN)
>>> Calling "BN_div" without checking return value (as is done elsewhere 32 out of 37 times).
209 BN_mod(u, tmp3, dsa->q, ctx);
210 ok = (BN_cmp(u, sig->r) == 0);
211
212 if (!ok) {
213 GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
214 }
** CID 1201536: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/engines/ccgost/gost_sign.c: 204 in gost_do_verify()
________________________________________________________________________________________________________
*** CID 1201536: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/engines/ccgost/gost_sign.c: 204 in gost_do_verify()
198 BN_one(md);
199 }
200 BN_copy(q2, dsa->q);
201 BN_sub_word(q2, 2);
202 BN_mod_exp(v, md, q2, dsa->q, ctx);
203 BN_mod_mul(z1, sig->s, v, dsa->q, ctx);
>>> CID 1201536: Error handling issues (CHECKED_RETURN)
>>> Calling "BN_sub" without checking return value (as is done elsewhere 33 out of 37 times).
204 BN_sub(tmp, dsa->q, sig->r);
205 BN_mod_mul(z2, tmp, v, dsa->p, ctx);
206 BN_mod_exp(tmp, dsa->g, z1, dsa->p, ctx);
207 BN_mod_exp(tmp2, dsa->pub_key, z2, dsa->p, ctx);
208 BN_mod_mul(tmp3, tmp, tmp2, dsa->p, ctx);
209 BN_mod(u, tmp3, dsa->q, ctx);
** CID 1306232: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c: 1630 in do_dtls1_write()
________________________________________________________________________________________________________
*** CID 1306232: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c: 1630 in do_dtls1_write()
1624 /* this is true regardless of mac size */
1625 wr->input = p;
1626 wr->data = p;
1627
1628 /* ssl3_enc can only have an error on read */
1629 if (bs) { /* bs != 0 in case of CBC */
>>> CID 1306232: Error handling issues (CHECKED_RETURN)
>>> Calling "RAND_pseudo_bytes" without checking return value (as is done elsewhere 44 out of 55 times).
1630 RAND_pseudo_bytes(p, bs);
1631 /*
1632 * master IV and last CBC residue stand for the rest of randomness
1633 */
1634 wr->length += bs;
1635 }
** CID 1306233: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/heimdal/dist/kdc/pkinit.c: 269 in generate_dh_keyblock()
________________________________________________________________________________________________________
*** CID 1306233: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/heimdal/dist/kdc/pkinit.c: 269 in generate_dh_keyblock()
263
264 client_params->u.ecdh.key = EC_KEY_new();
265 if (client_params->u.ecdh.key == NULL) {
266 ret = ENOMEM;
267 goto out;
268 }
>>> CID 1306233: Error handling issues (CHECKED_RETURN)
>>> Calling "EC_KEY_set_group" without checking return value (as is done elsewhere 16 out of 18 times).
269 EC_KEY_set_group(client_params->u.ecdh.key,
270 EC_KEY_get0_group(client_params->u.ecdh.public_key));
271
272 if (EC_KEY_generate_key(client_params->u.ecdh.key) != 1) {
273 ret = ENOMEM;
274 goto out;
** CID 1306275: Code maintainability issues (UNUSED_VALUE)
/sys/ddb/db_examine.c: 106 in db_examine()
________________________________________________________________________________________________________
*** CID 1306275: Code maintainability issues (UNUSED_VALUE)
/sys/ddb/db_examine.c: 106 in db_examine()
100 case 'l': /* long-word */
101 size = 4;
102 width = 12;
103 break;
104 case 'q':
105 if (sizeof(db_expr_t) != sizeof(uint64_t)) {
>>> CID 1306275: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value "-1" to "size" here, but that stored value is overwritten before it can be used.
106 size = -1;
107 db_error("q not supported\n");
108 /*NOTREACHED*/
109 }
110 case 'L': /* implementation maximum */
111 size = sizeof value;
** CID 1306276: Code maintainability issues (UNUSED_VALUE)
/sys/ufs/ufs/ufs_inode.c: 105 in ufs_inactive()
________________________________________________________________________________________________________
*** CID 1306276: Code maintainability issues (UNUSED_VALUE)
/sys/ufs/ufs/ufs_inode.c: 105 in ufs_inactive()
99 goto out;
100 if (ip->i_nlink <= 0 && (mp->mnt_flag & MNT_RDONLY) == 0) {
101 #ifdef UFS_EXTATTR
102 ufs_extattr_vnode_inactive(vp, curlwp);
103 #endif
104 if (ip->i_size != 0)
>>> CID 1306276: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value from "ufs_truncate(vp, 0UL, (kauth_cred_t)0xffffffffffffffff)" to "error" here, but that stored value is overwritten before it can be used.
105 error = ufs_truncate(vp, 0, NOCRED);
106 #if defined(QUOTA) || defined(QUOTA2)
107 error = UFS_WAPBL_BEGIN(mp);
108 if (error == 0) {
109 wapbl_locked = true;
110 (void)chkiq(ip, -1, NOCRED, 0);
** CID 1306277: Code maintainability issues (UNUSED_VALUE)
/sys/ddb/db_write_cmd.c: 72 in db_write_cmd()
________________________________________________________________________________________________________
*** CID 1306277: Code maintainability issues (UNUSED_VALUE)
/sys/ddb/db_write_cmd.c: 72 in db_write_cmd()
66 case 'l':
67 case '\0':
68 size = 4;
69 break;
70 case 'q':
71 if (sizeof(db_expr_t) != sizeof(uint64_t)) {
>>> CID 1306277: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value "-1" to "size" here, but that stored value is overwritten before it can be used.
72 size = -1;
73 db_error("q not supported\n");
74 /*NOTREACHED*/
75 }
76 case 'L':
77 size = sizeof(db_expr_t);
** CID 1306278: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/crypto/bn/divtest.c: 7 in Rand()
________________________________________________________________________________________________________
*** CID 1306278: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/crypto/bn/divtest.c: 7 in Rand()
1 #include <openssl/bn.h>
2 #include <openssl/rand.h>
3
4 static int Rand(void)
5 {
6 unsigned char x[2];
>>> CID 1306278: Error handling issues (CHECKED_RETURN)
>>> Calling "RAND_pseudo_bytes" without checking return value (as is done elsewhere 44 out of 55 times).
7 RAND_pseudo_bytes(x, 2);
8 return (x[0] + 2 * x[1]);
9 }
10
11 static void bug(const char *m, BIGNUM *a, BIGNUM *b)
12 {
** CID 1306279: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/crypto/srp/srptest.c: 62 in run_srp()
________________________________________________________________________________________________________
*** CID 1306279: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/crypto/srp/srptest.c: 62 in run_srp()
56 showbn("N", GN->N);
57 showbn("g", GN->g);
58 showbn("Salt", s);
59 showbn("Verifier", v);
60
61 /* Server random */
>>> CID 1306279: Error handling issues (CHECKED_RETURN)
>>> Calling "RAND_pseudo_bytes" without checking return value (as is done elsewhere 44 out of 55 times).
62 RAND_pseudo_bytes(rand_tmp, sizeof(rand_tmp));
63 b = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL);
64 /* TODO - check b != 0 */
65 showbn("b", b);
66
67 /* Server's first message */
** CID 1306280: Integer handling issues (NEGATIVE_RETURNS)
________________________________________________________________________________________________________
*** CID 1306280: Integer handling issues (NEGATIVE_RETURNS)
/crypto/external/bsd/openssl/dist/crypto/hmac/hmactest.c: 209 in main()
203 }
204 if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
205 printf("Should fail HMAC_Update with ctx not set up (test 5)\n");
206 err++;
207 goto test6;
208 }
>>> CID 1306280: Integer handling issues (NEGATIVE_RETURNS)
>>> A negative constant "-1" is passed as an argument to a parameter that cannot be negative.
209 if (HMAC_Init_ex(&ctx, test[4].key, -1, EVP_sha1(), NULL)) {
210 printf("Should fail to initialise HMAC with invalid key len(test 5)\n");
211 err++;
212 goto test6;
213 }
214 if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) {
** CID 1306281: Null pointer dereferences (NULL_RETURNS)
/usr.sbin/installboot/installboot.c: 242 in main()
________________________________________________________________________________________________________
*** CID 1306281: Null pointer dereferences (NULL_RETURNS)
/usr.sbin/installboot/installboot.c: 242 in main()
236
237 if (argc >= 3) {
238 params->stage2 = argv[2];
239 }
240
241 #if !HAVE_NBTOOL_CONFIG_H
>>> CID 1306281: Null pointer dereferences (NULL_RETURNS)
>>> Assigning: "special" = null return value from "getfsspecname".
242 special = getfsspecname(specname, sizeof(specname), argv[0]);
243 raw = getdiskrawname(rawname, sizeof(rawname), special);
244 if (raw != NULL)
245 special = raw;
246 params->filesystem = special;
247 #else
** CID 1306282: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1306282: Insecure data handling (TAINTED_SCALAR)
/usr.sbin/installboot/installboot.c: 242 in main()
236
237 if (argc >= 3) {
238 params->stage2 = argv[2];
239 }
240
241 #if !HAVE_NBTOOL_CONFIG_H
>>> CID 1306282: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "argv[0]" to a tainted sink.
242 special = getfsspecname(specname, sizeof(specname), argv[0]);
243 raw = getdiskrawname(rawname, sizeof(rawname), special);
244 if (raw != NULL)
245 special = raw;
246 params->filesystem = special;
247 #else
** CID 1306283: Insecure data handling (TAINTED_SCALAR)
/crypto/external/bsd/openssl/dist/apps/asn1pars.c: 387 in do_generate()
________________________________________________________________________________________________________
*** CID 1306283: Insecure data handling (TAINTED_SCALAR)
/crypto/external/bsd/openssl/dist/apps/asn1pars.c: 387 in do_generate()
381
382 if (genconf) {
383 cnf = NCONF_new(NULL);
384 if (!NCONF_load(cnf, genconf, &errline))
385 goto conferr;
386 if (!genstr)
>>> CID 1306283: Insecure data handling (TAINTED_SCALAR)
>>> Assigning: "genstr" = "NCONF_get_string", which taints "genstr".
387 genstr = NCONF_get_string(cnf, "default", "asn1");
388 if (!genstr) {
389 BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
390 goto err;
391 }
392 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/1449?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782 .
Home |
Main Index |
Thread Index |
Old Index