[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-wget] Fwd: New Defects reported by Coverity Scan for GNU Wget
|
From: |
Darshit Shah |
|
Subject: |
[Bug-wget] Fwd: New Defects reported by Coverity Scan for GNU Wget |
|
Date: |
Sun, 6 Dec 2015 22:45:00 +0100 |
---------- Forwarded message ----------
From: <address@hidden>
Date: 6 December 2015 at 22:39
Subject: New Defects reported by Coverity Scan for GNU Wget
To: address@hidden
Hi,
Please find the latest report on new defect(s) introduced to GNU Wget
found with Coverity Scan.
6 new defect(s) introduced to GNU Wget found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 1341706: (RESOURCE_LEAK)
/src/ftp.c: 1518 in getftp()
/src/ftp.c: 1528 in getftp()
/src/ftp.c: 1518 in getftp()
/src/ftp.c: 1518 in getftp()
________________________________________________________________________________________________________
*** CID 1341706: (RESOURCE_LEAK)
/src/ftp.c: 1518 in getftp()
1512 logputs (LOG_NOTQUIET, "Server does not want to
resume the SSL session. Trying with a new one.\n");
1513 if (!ssl_connect_wget (dtsock, u->host, NULL))
1514 {
1515 fd_close (csock);
1516 fd_close (dtsock);
1517 logputs (LOG_NOTQUIET, "Could not perform SSL
handshake.\n");
>>> CID 1341706: (RESOURCE_LEAK)
>>> Variable "fp" going out of scope leaks the storage it points to.
1518 return CONERROR;
1519 }
1520 }
1521 else
1522 logputs (LOG_NOTQUIET, "Resuming SSL session in data
connection.\n");
1523
/src/ftp.c: 1528 in getftp()
1522 logputs (LOG_NOTQUIET, "Resuming SSL session in data
connection.\n");
1523
1524 if (!ssl_check_certificate (dtsock, u->host))
1525 {
1526 fd_close (csock);
1527 fd_close (dtsock);
>>> CID 1341706: (RESOURCE_LEAK)
>>> Variable "fp" going out of scope leaks the storage it points to.
1528 return CONERROR;
1529 }
1530 }
1531 #endif
1532
1533 /* Get the contents of the document. */
/src/ftp.c: 1518 in getftp()
1512 logputs (LOG_NOTQUIET, "Server does not want to
resume the SSL session. Trying with a new one.\n");
1513 if (!ssl_connect_wget (dtsock, u->host, NULL))
1514 {
1515 fd_close (csock);
1516 fd_close (dtsock);
1517 logputs (LOG_NOTQUIET, "Could not perform SSL
handshake.\n");
>>> CID 1341706: (RESOURCE_LEAK)
>>> Variable "fp" going out of scope leaks the storage it points to.
1518 return CONERROR;
1519 }
1520 }
1521 else
1522 logputs (LOG_NOTQUIET, "Resuming SSL session in data
connection.\n");
1523
/src/ftp.c: 1518 in getftp()
1512 logputs (LOG_NOTQUIET, "Server does not want to
resume the SSL session. Trying with a new one.\n");
1513 if (!ssl_connect_wget (dtsock, u->host, NULL))
1514 {
1515 fd_close (csock);
1516 fd_close (dtsock);
1517 logputs (LOG_NOTQUIET, "Could not perform SSL
handshake.\n");
>>> CID 1341706: (RESOURCE_LEAK)
>>> Variable "fp" going out of scope leaks the storage it points to.
1518 return CONERROR;
1519 }
1520 }
1521 else
1522 logputs (LOG_NOTQUIET, "Resuming SSL session in data
connection.\n");
1523
** CID 1341705: Security best practices violations (TOCTOU)
/src/hsts.c: 479 in hsts_store_open()
________________________________________________________________________________________________________
*** CID 1341705: Security best practices violations (TOCTOU)
/src/hsts.c: 479 in hsts_store_open()
473
474 if (file_exists_p (filename))
475 {
476 if (stat (filename, &st) == 0)
477 store->last_mtime = st.st_mtime;
478
>>> CID 1341705: Security best practices violations (TOCTOU)
>>> Calling function "fopen" that uses "filename" after a check function.
>>> This can cause a time-of-check, time-of-use race condition.
479 fp = fopen (filename, "r");
480 if (!fp || !hsts_read_database (store, fp, false))
481 {
482 /* abort! */
483 hsts_store_close (store);
484 xfree (store);
** CID 1273467: API usage errors (BUFFER_SIZE)
/lib/md5.c: 291 in md5_process_bytes()
________________________________________________________________________________________________________
*** CID 1273467: API usage errors (BUFFER_SIZE)
/lib/md5.c: 291 in md5_process_bytes()
285 memcpy (&((char *) ctx->buffer)[left_over], buffer, len);
286 left_over += len;
287 if (left_over >= 64)
288 {
289 md5_process_block (ctx->buffer, 64, ctx);
290 left_over -= 64;
>>> CID 1273467: API usage errors (BUFFER_SIZE)
>>> The source buffer "&ctx->buffer[16]" potentially overlaps with the
>>> destination buffer "ctx->buffer", which results in undefined behavior for
>>> memcpy.
291 memcpy (ctx->buffer, &ctx->buffer[16], left_over);
292 }
293 ctx->buflen = left_over;
294 }
295 }
296
** CID 1273466: API usage errors (BUFFER_SIZE)
/lib/sha256.c: 411 in sha256_process_bytes()
________________________________________________________________________________________________________
*** CID 1273466: API usage errors (BUFFER_SIZE)
/lib/sha256.c: 411 in sha256_process_bytes()
405 memcpy (&((char *) ctx->buffer)[left_over], buffer, len);
406 left_over += len;
407 if (left_over >= 64)
408 {
409 sha256_process_block (ctx->buffer, 64, ctx);
410 left_over -= 64;
>>> CID 1273466: API usage errors (BUFFER_SIZE)
>>> The source buffer "&ctx->buffer[16]" potentially overlaps with the
>>> destination buffer "ctx->buffer", which results in undefined behavior for
>>> memcpy.
411 memcpy (ctx->buffer, &ctx->buffer[16], left_over);
412 }
413 ctx->buflen = left_over;
414 }
415 }
416
** CID 1273463: API usage errors (BUFFER_SIZE)
/lib/sha1.c: 278 in sha1_process_bytes()
________________________________________________________________________________________________________
*** CID 1273463: API usage errors (BUFFER_SIZE)
/lib/sha1.c: 278 in sha1_process_bytes()
272 memcpy (&((char *) ctx->buffer)[left_over], buffer, len);
273 left_over += len;
274 if (left_over >= 64)
275 {
276 sha1_process_block (ctx->buffer, 64, ctx);
277 left_over -= 64;
>>> CID 1273463: API usage errors (BUFFER_SIZE)
>>> The source buffer "&ctx->buffer[16]" potentially overlaps with the
>>> destination buffer "ctx->buffer", which results in undefined behavior for
>>> memcpy.
278 memcpy (ctx->buffer, &ctx->buffer[16], left_over);
279 }
280 ctx->buflen = left_over;
281 }
282 }
283
** CID 420711: Insecure data handling (INTEGER_OVERFLOW)
/lib/str-two-way.h: 221 in critical_factorization()
________________________________________________________________________________________________________
*** CID 420711: Insecure data handling (INTEGER_OVERFLOW)
/lib/str-two-way.h: 221 in critical_factorization()
215 lexicographic suffix of 'a' works for 'bba', but not 'ab' for
216 'aab'. The shorter suffix of the two will always be a critical
217 factorization. */
218 if (max_suffix_rev + 1 < max_suffix + 1)
219 return max_suffix + 1;
220 *period = p;
>>> CID 420711: Insecure data handling (INTEGER_OVERFLOW)
>>> Overflowed or truncated value (or a value computed from an overflowed
>>> or truncated value) "max_suffix_rev + 1UL" used as return value.
221 return max_suffix_rev + 1;
222 }
223
224 /* Return the first location of non-empty NEEDLE within HAYSTACK, or
225 NULL. HAYSTACK_LEN is the minimum known length of HAYSTACK. This
226 method is optimized for NEEDLE_LEN < LONG_NEEDLE_THRESHOLD.
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://scan.coverity.com/projects/gnu-wget?tab=overview
To manage Coverity Scan email notifications for "address@hidden",
click
https://scan.coverity.com/subscriptions/edit?email=darnir%40gmail.com&token=a247cf0e017fe1ea3e52680a7e0c1fcf
--
Thanking You,
Darshit Shah
- [Bug-wget] Fwd: New Defects reported by Coverity Scan for GNU Wget,
Darshit Shah <=