Hi, Please find the latest report on new defect(s) introduced to antonyantony/libreswan found with Coverity Scan.
4 new defect(s) introduced to antonyantony/libreswan found with Coverity Scan. 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 4 of 4 defect(s) ** CID 1527292: (FORWARD_NULL) /programs/pluto/ikev2_liveness.c: 251 in liveness_check() ________________________________________________________________________________________________________ *** CID 1527292: (FORWARD_NULL) /programs/pluto/ikev2_liveness.c: 251 in liveness_check() 245 (child == NULL ? NULL : 246 child->sa.st_esp.present ? &child->sa.st_esp : 247 child->sa.st_ah.present ? &child->sa.st_ah : 248 child->sa.st_ipcomp.present ? &child->sa.st_ipcomp : 249 NULL); 250 if (get_ipsec_traffic(&child->sa, first_ipsec_proto, ENCAP_DIRECTION_INBOUND)) { >>> CID 1527292: (FORWARD_NULL) >>> Dereferencing null pointer "first_ipsec_proto". 251 if (recent_last_contact(child, now, 252 first_ipsec_proto->inbound.last_used, 253 "recent IPsec traffic")) { 254 return; 255 } 256 } /programs/pluto/ikev2_liveness.c: 250 in liveness_check() 244 struct ipsec_proto_info *const first_ipsec_proto = 245 (child == NULL ? NULL : 246 child->sa.st_esp.present ? &child->sa.st_esp : 247 child->sa.st_ah.present ? &child->sa.st_ah : 248 child->sa.st_ipcomp.present ? &child->sa.st_ipcomp : 249 NULL); >>> CID 1527292: (FORWARD_NULL) >>> Passing null pointer "first_ipsec_proto" to "get_ipsec_traffic", which >>> dereferences it. 250 if (get_ipsec_traffic(&child->sa, first_ipsec_proto, ENCAP_DIRECTION_INBOUND)) { 251 if (recent_last_contact(child, now, 252 first_ipsec_proto->inbound.last_used, 253 "recent IPsec traffic")) { 254 return; 255 } ** CID 1527291: Null pointer dereferences (REVERSE_INULL) /programs/pluto/state.c: 956 in delete_state_tail() ________________________________________________________________________________________________________ *** CID 1527291: Null pointer dereferences (REVERSE_INULL) /programs/pluto/state.c: 956 in delete_state_tail() 950 IS_CHILD_SA_ESTABLISHED(st)) { 951 /* 952 * XXX: should be iterating over ESP, AH, and IPCOMP 953 * fetching any that matter. 954 */ 955 struct ipsec_proto_info *const first_ipsec_proto = >>> CID 1527291: Null pointer dereferences (REVERSE_INULL) >>> Null-checking "st" suggests that it may be null, but it has already >>> been dereferenced on all paths leading to the check. 956 (st == NULL ? NULL : 957 st->st_esp.present ? &st->st_esp : 958 st->st_ah.present ? &st->st_ah : 959 st->st_ipcomp.present ? &st->st_ipcomp : 960 NULL); 961 passert(first_ipsec_proto != NULL); ** CID 1527290: Control flow issues (DEADCODE) /programs/pluto/ikev2_liveness.c: 244 in liveness_check() ________________________________________________________________________________________________________ *** CID 1527290: Control flow issues (DEADCODE) /programs/pluto/ikev2_liveness.c: 244 in liveness_check() 238 * XXX: But is this useful? Liveness should be checking 239 * round-trip but this is just looking at incoming data - 240 * outgoing data could lost and this traffic is all 241 * re-transmit requests ... 242 */ 243 >>> CID 1527290: Control flow issues (DEADCODE) >>> Execution cannot reach the expression "NULL" inside this statement: >>> "first_ipsec_proto = ((child...". 244 struct ipsec_proto_info *const first_ipsec_proto = 245 (child == NULL ? NULL : 246 child->sa.st_esp.present ? &child->sa.st_esp : 247 child->sa.st_ah.present ? &child->sa.st_ah : 248 child->sa.st_ipcomp.present ? &child->sa.st_ipcomp : 249 NULL); ** CID 1527289: Memory - corruptions (OVERRUN) ________________________________________________________________________________________________________ *** CID 1527289: Memory - corruptions (OVERRUN) /programs/pluto/kernel_xfrm.c: 2258 in xfrm_get_kernel_state() 2252 req.id.family = address_info(sa->src.address)->af; 2253 req.id.proto = sa->proto->ipproto; 2254 2255 req.n.nlmsg_len = NLMSG_ALIGN(NLMSG_LENGTH(sizeof(req.id))); 2256 2257 int recv_errno; >>> CID 1527289: Memory - corruptions (OVERRUN) >>> Overrunning struct type nlmsghdr of 16 bytes by passing it to a >>> function which accesses it at byte offset 39 using argument >>> "req.n.nlmsg_len" (which evaluates to 40). 2258 if (!sendrecv_xfrm_msg(&req.n, XFRM_MSG_NEWSA, &rsp, 2259 "Get SA", sa->story, 2260 &recv_errno, logger)) { 2261 return false; 2262 } 2263 ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq8aBKViEpsZ9KPFMeJd7kKMDjyzu82COVFw1h1aYx-2FtFrefiPxkohPqZgI7DsTRPR5L954NuJuE0J6c4ee-2B5kY7XlD_Cir5ZFqEb-2Fpy-2FZDdTxjwNXxDWd37ZfwlkdBT1REyQ3-2F0N3ggBsZEgw-2B01OIW-2FTwuR1EpBpMQmWv8C8U6f6M-2BoqWY2pRA6-2BrnnGaGmhR4tvBTARRyyR069OZWGct9waA-2FbkMpQm66vEI6gkqWhS71ykPiRzua3jZovY-2Fk9Kl-2FT8iPHlBL7VOUVRuqVIwlt0qdZCsnbCSlPSQAF60uMOHLTNtLDz5R63UH4Lv48n4LOkE-3D To manage Coverity Scan email notifications for "swan-dev@lists.libreswan.org", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxUzCfl-2FUi6sRJtnGH1-2FWXEIl9xkb2JliKiAkqgdujeIgWYvUCIHO1g-2Ba8I-2B0nANYHmrw9-2B13a9hJ7YOPZRdlHcEQfoMvDvjqsfrRNzFQ8lscduvXP5RLkPig71dIKudxiJGlU_Cir5ZFqEb-2Fpy-2FZDdTxjwNXxDWd37ZfwlkdBT1REyQ3-2F0N3ggBsZEgw-2B01OIW-2FTwuR1EpBpMQmWv8C8U6f6M-2BoiI8CHgUVQG-2FfGzH-2Ffz35W7P-2B41ypC4iAl-2F-2FdPTf5NwF8XRp4VoNQJjv2mb7FqekJC7vYqOX64raVZ-2FKWKtxDoQFgUfmJAwvUGCmPNS-2FwDm4YT6NRa-2Fpw9y3MKgyK7BNjmZ0-2BNaj9nREo-2FlGm2q3f4o-3D _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev