New Defects reported by Coverity Scan for batctl

scan-admin at coverity.com scan-admin at coverity.com
Tue Oct 25 00:11:48 CEST 2016


Hi,

Please find the latest report on new defect(s) introduced to batctl found with Coverity Scan.

5 new defect(s) introduced to batctl found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 153716:  Memory - illegal accesses  (UNINIT)
/icmp_helper.c: 381 in get_nexthop_debugfs()


________________________________________________________________________________________________________
*** CID 153716:  Memory - illegal accesses  (UNINIT)
/icmp_helper.c: 381 in get_nexthop_debugfs()
375     			continue;
376     
377     		mac_tmp = ether_aton(dest);
378     		if (!mac_tmp || memcmp(mac_tmp, mac, ETH_ALEN) != 0)
379     			continue;
380     
>>>     CID 153716:  Memory - illegal accesses  (UNINIT)
>>>     Using uninitialized value "neigh" when calling "ether_aton".
381     		mac_tmp = ether_aton(neigh);
382     		if (!mac_tmp)
383     			continue;
384     
385     		memcpy(nexthop, mac_tmp, ETH_ALEN);
386     		strncpy(ifname, iface, IF_NAMESIZE);

** CID 153715:  Memory - illegal accesses  (UNINIT)
/icmp_helper.c: 386 in get_nexthop_debugfs()


________________________________________________________________________________________________________
*** CID 153715:  Memory - illegal accesses  (UNINIT)
/icmp_helper.c: 386 in get_nexthop_debugfs()
380     
381     		mac_tmp = ether_aton(neigh);
382     		if (!mac_tmp)
383     			continue;
384     
385     		memcpy(nexthop, mac_tmp, ETH_ALEN);
>>>     CID 153715:  Memory - illegal accesses  (UNINIT)
>>>     Using uninitialized value "iface" when calling "strncpy".
386     		strncpy(ifname, iface, IF_NAMESIZE);
387     		ifname[IF_NAMESIZE - 1] = '\0';
388     		break;
389     	}
390     	free(line);
391     	fclose(f);

** CID 153714:  Error handling issues  (NEGATIVE_RETURNS)
/ping.c: 204 in ping()


________________________________________________________________________________________________________
*** CID 153714:  Error handling issues  (NEGATIVE_RETURNS)
/ping.c: 204 in ping()
198     		icmp_packet_out.seqno = htons(++seq_counter);
199     
200     		res = icmp_interface_write(mesh_iface,
201     					   (struct batadv_icmp_header *)&icmp_packet_out,
202     					   packet_len);
203     		if (res < 0) {
>>>     CID 153714:  Error handling issues  (NEGATIVE_RETURNS)
>>>     "res" is passed to a parameter that cannot be negative.
204     			fprintf(stderr, "Error - can't send icmp packet: %s\n", strerror(res));
205     			goto sleep;
206     		}
207     
208     read_packet:
209     		start_timer();

** CID 153713:  Error handling issues  (NEGATIVE_RETURNS)
/traceroute.c: 151 in traceroute()


________________________________________________________________________________________________________
*** CID 153713:  Error handling issues  (NEGATIVE_RETURNS)
/traceroute.c: 151 in traceroute()
145     			time_delta[i] = 0.0;
146     
147     			res = icmp_interface_write(mesh_iface,
148     					   (struct batadv_icmp_header *)&icmp_packet_out,
149     					   sizeof(icmp_packet_out));
150     			if (res < 0) {
>>>     CID 153713:  Error handling issues  (NEGATIVE_RETURNS)
>>>     "res" is passed to a parameter that cannot be negative.
151     				fprintf(stderr, "Error - can't send icmp packet: %s\n", strerror(res));
152     				continue;
153     			}
154     
155     read_packet:
156     			start_timer();

** CID 153712:  Security best practices violations  (DC.WEAK_CRYPTO)
/functions.c: 1122 in get_random_bytes_fallback()


________________________________________________________________________________________________________
*** CID 153712:  Security best practices violations  (DC.WEAK_CRYPTO)
/functions.c: 1122 in get_random_bytes_fallback()
1116     		clock_gettime(CLOCK_MONOTONIC, &now);
1117     		srand(now.tv_sec ^ now.tv_nsec);
1118     		initialized = 1;
1119     	}
1120     
1121     	for (i = 0; i < buflen; i++)
>>>     CID 153712:  Security best practices violations  (DC.WEAK_CRYPTO)
>>>     "rand" should not be used for security related applications, as linear congruential algorithms are too easy to break.
1122     		bufc[i] = rand() & 0xff;
1123     
1124     	return 0;
1125     }
1126     
1127     void get_random_bytes(void *buf, size_t buflen)


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRaf2kC06LPgo9S999hFzU2D-2BXol8XmCHTkNzPyF166zJA-3D-3D_oDb6ny51mUB6FExYn3rQhmsnReyYRZCwTKHw9WoBEsNnh8nxYFbqN6LhqJN1pxVFUkyJj6NQc3x-2Fzp4BWIle5e4Df0ij2QkYId2GKJaNgqiuALZOwWcE0cEAuPqaz38TCMWESQCBwcFrvUpeirIoKNZ0eZPqoOa6sfVzSY3ZPvMIIOepDEt-2FBTl90qVBVtjap34ZhqpVQIW52Mb4J3a2JocsMbPZmVf2aMe-2BsuSfMZ4-3D

To manage Coverity Scan email notifications for "linux-merge at lists.open-mesh.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4ItjzSeu3-2FD8QYXPKYkkxjcD-2BeuajDNPjh0rZRwtiVLSympUHXnLxAx-2BOCQq-2FfdoFWoyJ6jsYkZot-2FEd2gRhuvRF0f-2F-2BzqJsqv2EFdr-2BhbxWV9Qc7LEXHjWaTgeKz85BQ_oDb6ny51mUB6FExYn3rQhmsnReyYRZCwTKHw9WoBEsNnh8nxYFbqN6LhqJN1pxVFUkyJj6NQc3x-2Fzp4BWIle5XbAMFF1xn-2Fh3GGJc6PZIfogIXhcR-2FzJF3K-2FvQRO5FGR3WIdSsCiby0mywMg9F0qF8lOvVssWah5msERxnl6mibt5VN7Onn2zuUgmnvK9f-2F0RzwecckVIZBvuQlnmFQ1gn-2BJ5WVoixu1fMb4tGTZ9EI-3D



More information about the linux-merge mailing list