New Defects reported by Coverity Scan for alfred

scan-admin at coverity.com scan-admin at coverity.com
Fri Jan 27 00:11:13 CET 2017


Hi,

Please find the latest report on new defect(s) introduced to alfred found with Coverity Scan.

1 new defect(s) introduced to alfred found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 155886:  Security best practices violations  (STRING_OVERFLOW)
/util.c: 95 in ipv4_arp_request()


________________________________________________________________________________________________________
*** CID 155886:  Security best practices violations  (STRING_OVERFLOW)
/util.c: 95 in ipv4_arp_request()
89     	memset(mac, 0, ETH_ALEN);
90     
91     	sin = (struct sockaddr_in *)&arpreq.arp_pa;
92     	sin->sin_family = AF_INET;
93     	sin->sin_addr.s_addr = addr->ipv4.s_addr;
94     
>>>     CID 155886:  Security best practices violations  (STRING_OVERFLOW)
>>>     Note: This defect has an elevated risk because the source argument is a parameter of the current function.
95     	strcpy(arpreq.arp_dev, interface->interface);
96     	if (ioctl(interface->netsock, SIOCGARP, &arpreq) < 0)
97     		return -1;
98     
99     	if (arpreq.arp_flags & ATF_COM) {
100     		memcpy(mac, arpreq.arp_ha.sa_data, sizeof(*mac));


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRb3iTxQ5qrvy9M-2BGX3PaEJofMesTrZ5UF7PfvTHtwog6Q-3D-3D_oDb6ny51mUB6FExYn3rQhmsnReyYRZCwTKHw9WoBEsNnh8nxYFbqN6LhqJN1pxVFq9oMaQepNhriCQYgfrMvlNgJ8Z9vVftNcNK3FlelshdLchsEtCNkgoE2emgDbuU3w6cyK-2BMO4AEl4h2PdQZ1DSeNjmAVnkmJbLjcJySYjd6FZNuDw4EmJcqn31iwz88Cnz9y-2B7-2B9SUCf-2FBCtzDlvznlCiBx-2F6cGtZMlOHsiN0mI-3D

To manage Coverity Scan email notifications for "linux-merge at lists.open-mesh.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4ItjzSeu3-2FD8QYXPKYkkxjcD-2BeuajDNPjh0rZRwtiVLSympUHXnLxAx-2BOCQq-2FfdoFWoyJ6jsYkZot-2FEd2gRhuvRF0f-2F-2BzqJsqv2EFdr-2BhbxWV9Qc7LEXHjWaTgeKz85BQ_oDb6ny51mUB6FExYn3rQhmsnReyYRZCwTKHw9WoBEsNnh8nxYFbqN6LhqJN1pxVFq9oMaQepNhriCQYgfrMvlJ-2FlwOu8esMNbf0GPfT9EVGy-2ByyegjqYlgbDIFeRcWYDwYfEug0vtZB4prFZsxLukziVNbsG-2FAJgyUfFpFrTiOiQK-2BR8tYBai-2B9Y8ornA3Wa-2Bf5nhDapxloI2ySbUhiWaYyzA2cibEY7gbiVNG4BP5w-3D



More information about the linux-merge mailing list