You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by Ken Giusti <kg...@redhat.com> on 2016/04/06 16:32:47 UTC
Fwd: New Defects reported by Coverity Scan for Apache Qpid
dispatch-router
All,
Ran coverity against our 0.6.0 Beta 1. Follow the link
https://scan.coverity.com/projects/apache-qpid-dispatch-router?tab=overview
And hit the View Defects button to open the code browser.
If you'd like to fix a defect, please assign it to yourself first so we don't duplicate effort. You can do this by:
1) click on the one line defect description in the upper window, that will open a sidebar for that issue.
2) In the sidebar set the owner to yourself (email) and enter the JIRA you've created (you did create a Jira, right?) in the Ex.Reference box.
3) click 'apply'
If you don't have an account on the dispatch coverity project, create one and request membership in the dispatch project. I use my github account as the credential proxy for example.
thanks
-K
----- Forwarded Message -----
> From: scan-admin@coverity.com
> To: kgiusti@apache.org
> Sent: Wednesday, April 6, 2016 10:10:31 AM
> Subject: New Defects reported by Coverity Scan for Apache Qpid dispatch-router
>
>
> Hi,
>
> Please find the latest report on new defect(s) introduced to Apache Qpid
> dispatch-router found with Coverity Scan.
>
> 5 new defect(s) introduced to Apache Qpid dispatch-router found with Coverity
> Scan.
> 16 defect(s), reported by Coverity Scan earlier, were marked fixed in the
> recent build analyzed by Coverity Scan.
>
> New defect(s) Reported-by: Coverity Scan
> Showing 5 of 5 defect(s)
>
>
> ** CID 124882: Uninitialized variables (UNINIT)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 292 in
> qd_transport_get_user()
>
>
> ________________________________________________________________________________________________________
> *** CID 124882: Uninitialized variables (UNINIT)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 292 in
> qd_transport_get_user()
> 286 if(*user_id != '\0')
> 287 strcat(user_id, COMPONENT_SEPARATOR);
> 288 strcat(user_id, (char *) common_name);
> 289 }
> 290 }
> 291 else if (components[x] == CERT_FINGERPRINT_SHA1 ||
> components[x] == CERT_FINGERPRINT_SHA256 || components[x] ==
> CERT_FINGERPRINT_SHA512) {
> >>> CID 124882: Uninitialized variables (UNINIT)
> >>> Using uninitialized element of array "fingerprint" when calling
> >>> "strlen".
> 292 if (strlen((char *) fingerprint) > 0) {
> 293 if(*user_id != '\0')
> 294 strcat(user_id, COMPONENT_SEPARATOR);
> 295 strcat(user_id, (char *) fingerprint);
> 296 }
> 297 }
>
> ** CID 124881: Security best practices violations (STRING_OVERFLOW)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 148 in
> qd_transport_get_user()
>
>
> ________________________________________________________________________________________________________
> *** CID 124881: Security best practices violations (STRING_OVERFLOW)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 148 in
> qd_transport_get_user()
> 142 // The tokens in the uidFormat strings are delimited by
> comma. Load the individual components of the uidFormat
> 143 // into the components[] array. The maximum number of
> components that are allowed are 7 namely, c, s, l, o, u, n, (1 or 2 or 5)
> 144 //
> 145 char components[7];
> 146
> 147 //The strcpy() function copies the string pointed to by src,
> including the terminating null byte ('\0'), to the buffer pointed to by
> dest.
> >>> CID 124881: Security best practices violations (STRING_OVERFLOW)
> >>> You might overrun the 7 byte fixed-size string "components" by
> >>> copying "config->ssl_uid_format" without checking the length.
> 148 strcpy(components, config->ssl_uid_format);
> 149
> 150 const char *country_code = 0;
> 151 const char *state = 0;
> 152 const char *locality_city = 0;
> 153 const char *organization = 0;
>
> ** CID 124880: Null pointer dereferences (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_node.c: 57 in
> qd_router_connection_get_config()
>
>
> ________________________________________________________________________________________________________
> *** CID 124880: Null pointer dereferences (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_node.c: 57 in
> qd_router_connection_get_config()
> 51 if (conn) {
> 52 const qd_server_config_t *cf = qd_connection_config(conn);
> 53
> 54 *strip_annotations_in = cf ? cf->strip_inbound_annotations :
> false;
> 55 *strip_annotations_out = cf ? cf->strip_outbound_annotations :
> false;
> 56
> >>> CID 124880: Null pointer dereferences (FORWARD_NULL)
> >>> Dereferencing null pointer "cf".
> 57 *link_capacity = cf->link_capacity;
> 58
> 59 if (cf && strcmp(cf->role, router_role) == 0) {
> 60 *strip_annotations_in = false;
> 61 *strip_annotations_out = false;
> 62 *role = QDR_ROLE_INTER_ROUTER;
>
> ** CID 124879: Memory - corruptions (BAD_ALLOC_STRLEN)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/forwarder.c: 507 in
> qdr_forward_link_balanced_CT()
>
>
> ________________________________________________________________________________________________________
> *** CID 124879: Memory - corruptions (BAD_ALLOC_STRLEN)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/forwarder.c: 507 in
> qdr_forward_link_balanced_CT()
> 501 out_link->conn = conn;
> 502 out_link->link_type = QD_LINK_ENDPOINT;
> 503 out_link->link_direction = qdr_link_direction(in_link) ==
> QD_OUTGOING ? QD_INCOMING : QD_OUTGOING;
> 504 out_link->admin_enabled = true;
> 505 out_link->oper_status = QDR_LINK_OPER_DOWN;
> 506
> >>> CID 124879: Memory - corruptions (BAD_ALLOC_STRLEN)
> >>> Using "strlen(in_link->name + 1)" instead of "strlen(in_link->name) +
> >>> 1" as an argument to "malloc" might be an under-allocation.
> 507 out_link->name = (char*) malloc(strlen(in_link->name + 1));
> 508 strcpy(out_link->name, in_link->name);
> 509
> 510 out_link->connected_link = in_link;
> 511 in_link->connected_link = out_link;
> 512
>
> ** CID 107322: Error handling issues (CHECKED_RETURN)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 371 in
> qd_entity_refresh_connection()
>
>
> ________________________________________________________________________________________________________
> *** CID 107322: Error handling issues (CHECKED_RETURN)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 371 in
> qd_entity_refresh_connection()
> 365 char proto[SSL_ATTR_SIZE];
> 366 char cipher[SSL_ATTR_SIZE];
> 367 pn_ssl_get_protocol_name(ssl, proto, SSL_ATTR_SIZE);
> 368 pn_ssl_get_cipher_name(ssl, cipher, SSL_ATTR_SIZE);
> 369 qd_entity_set_string(entity, "sslProto", proto);
> 370 qd_entity_set_string(entity, "sslCipher", cipher);
> >>> CID 107322: Error handling issues (CHECKED_RETURN)
> >>> Calling "qd_entity_set_long" without checking return value (as is
> >>> done elsewhere 4 out of 5 times).
> 371 qd_entity_set_long(entity, "sslSsf",
> pn_ssl_get_ssf(ssl));
> 372 }
> 373 return QD_ERROR_NONE;
> 374 }
> 375 return qd_error_code();
> 376 }
>
>
> ________________________________________________________________________________________________________
> To view the defects in Coverity Scan visit,
> https://scan.coverity.com/projects/apache-qpid-dispatch-router?tab=overview
>
> To manage Coverity Scan email notifications for "kgiusti@apache.org", click
> https://scan.coverity.com/subscriptions/edit?email=kgiusti%40apache.org&token=16b65ac031594e561db4ad332deac52b
>
>
--
-K
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org