Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

covscan issues for 4.8.1: OVERRUN #370

Open
ikerexxe opened this issue Jun 22, 2021 · 0 comments
Open

covscan issues for 4.8.1: OVERRUN #370

ikerexxe opened this issue Jun 22, 2021 · 0 comments

Comments

@ikerexxe
Copy link
Collaborator

The following issues were detected by covscan for shadow-utils version 4.8.1. I've done a first review to fix the critical ones, remove the false positives and divide the issues by type.

Error: OVERRUN (CWE-119): [#def15]
shadow-4.8.1/lib/groupio.c:320: assignment: Assigning: "members" = "0UL".
shadow-4.8.1/lib/groupio.c:345: assignment: Assigning: "i" = "0UL".
shadow-4.8.1/lib/groupio.c:346: assignment: Assigning: "members" += "i". The value of "members" is now 0.
shadow-4.8.1/lib/groupio.c:359: buffer_alloc: "calloc" allocates 8 bytes dictated by parameters "members + 1UL" and "8UL".
shadow-4.8.1/lib/groupio.c:359: var_assign: Assigning: "new_members" = "calloc(members + 1UL, 8UL)".
shadow-4.8.1/lib/groupio.c:365: assignment: Assigning: "i" = "0UL".
shadow-4.8.1/lib/groupio.c:370: assignment: Assigning: "members" = "i". The value of "members" is now 0.
shadow-4.8.1/lib/groupio.c:381: incr: Incrementing "members". The value of "members" is now 1.
shadow-4.8.1/lib/groupio.c:382: overrun-local: Overrunning array of 1 8-byte elements at element index 1 (byte offset 15) by dereferencing pointer "new_members + members".
  380|   			new_members[members] = gptr2->gr_mem[i];
  381|   			members++;
  382|-> 			new_members[members] = NULL;
  383|   		}
  384|   	}
Error: OVERRUN (CWE-119): [#def26]
shadow-4.8.1/lib/port.c:177: alias: Assigning: "port.pt_names" = "ttys". "port.pt_names" now points to element 0 of "ttys" (which consists of 65 8-byte elements).
shadow-4.8.1/lib/port.c:178: cond_const: Checking "j < 64" implies that "j" is 64 on the false branch.
shadow-4.8.1/lib/port.c:198: overrun-local: Overrunning array of 65 8-byte elements at element index 65 (byte offset 527) by dereferencing pointer "port.pt_names + (j + 1)".
  196|   	*cp = '\0';
  197|   	cp++;
  198|-> 	port.pt_names[j + 1] = (char *) 0;
  199|   
  200|   	/*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant