Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 606175 Details for
Bug 850722
New defect - use of uninitialized value.
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
List of all defects in sssd-1.5.1-56
sssd-1.5.1-56.el5.err (text/plain), 26.53 KB, created by
Pavel Raiskup
on 2012-08-22 08:47:04 UTC
(
hide
)
Description:
List of all defects in sssd-1.5.1-56
Filename:
MIME Type:
Creator:
Pavel Raiskup
Created:
2012-08-22 08:47:04 UTC
Size:
26.53 KB
patch
obsolete
>Error: CHECKED_RETURN (CWE-252): >/builddir/build/BUILD/sssd-1.5.1/src/providers/data_provider_be.c:685: example_assign: Assigning: "ret" = return value from "pam_add_response(pd, SSS_PAM_SYSTEM_INFO, 48, (uint8_t const *)"sssd_be: The requested target is not configured")". >/builddir/build/BUILD/sssd-1.5.1/src/providers/data_provider_be.c:688: example_checked: "ret" has its value checked in "ret != 0U". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_auth.c:808: example_assign: Assigning: "ret" = return value from "pam_add_response(pd, msg_type, msg_len, buf + p)". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_auth.c:809: example_checked: "ret" has its value checked in "ret != 0". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_auth.c:657: example_assign: Assigning: "ret" = return value from "pam_add_response(pd, SSS_PAM_ENV_ITEM, strlen(msg) + 1UL, (uint8_t *)msg)". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_auth.c:659: example_checked: "ret" has its value checked in "ret != 0". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_child.c:486: example_assign: Assigning: "ret" = return value from "pam_add_response(kr->pd, (enum response_type)3221225473, 32, (uint8_t *)t)". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_child.c:488: example_checked: "ret" has its value checked in "ret != 0". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_child.c:417: example_assign: Assigning: "ret" = return value from "pam_add_response(kr->pd, SSS_PAM_ENV_ITEM, strlen(msg) + 1UL, (uint8_t *)msg)". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_child.c:433: example_checked: "ret" has its value checked in "ret != 0". >/builddir/build/BUILD/sssd-1.5.1/src/responder/pam/pamsrv_cmd.c:508: check_return: Calling function "pam_add_response" without checking return value (as is done elsewhere 20 out of 24 times). >/builddir/build/BUILD/sssd-1.5.1/src/responder/pam/pamsrv_cmd.c:508: unchecked_value: No check of the return value of "pam_add_response(pd, SSS_PAM_USER_INFO, 4, (uint8_t const *)&user_info_type)". > >Error: CHECKED_RETURN (CWE-252): >/builddir/build/BUILD/sssd-1.5.1/src/providers/data_provider_be.c:685: example_assign: Assigning: "ret" = return value from "pam_add_response(pd, SSS_PAM_SYSTEM_INFO, 48, (uint8_t const *)"sssd_be: The requested target is not configured")". >/builddir/build/BUILD/sssd-1.5.1/src/providers/data_provider_be.c:688: example_checked: "ret" has its value checked in "ret != 0U". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_auth.c:808: example_assign: Assigning: "ret" = return value from "pam_add_response(pd, msg_type, msg_len, buf + p)". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_auth.c:809: example_checked: "ret" has its value checked in "ret != 0". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_auth.c:657: example_assign: Assigning: "ret" = return value from "pam_add_response(pd, SSS_PAM_ENV_ITEM, strlen(msg) + 1UL, (uint8_t *)msg)". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_auth.c:659: example_checked: "ret" has its value checked in "ret != 0". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_child.c:486: example_assign: Assigning: "ret" = return value from "pam_add_response(kr->pd, (enum response_type)3221225473, 32, (uint8_t *)t)". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_child.c:488: example_checked: "ret" has its value checked in "ret != 0". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_child.c:417: example_assign: Assigning: "ret" = return value from "pam_add_response(kr->pd, SSS_PAM_ENV_ITEM, strlen(msg) + 1UL, (uint8_t *)msg)". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_child.c:433: example_checked: "ret" has its value checked in "ret != 0". >/builddir/build/BUILD/sssd-1.5.1/src/responder/pam/pamsrv_cmd.c:573: check_return: Calling function "pam_add_response" without checking return value (as is done elsewhere 20 out of 24 times). >/builddir/build/BUILD/sssd-1.5.1/src/responder/pam/pamsrv_cmd.c:573: unchecked_value: No check of the return value of "pam_add_response(pd, SSS_PAM_DOMAIN_NAME, strlen(pd->domain) + 1UL, (uint8_t *)pd->domain)". > >Error: CHECKED_RETURN (CWE-252): >/builddir/build/BUILD/sssd-1.5.1/src/providers/data_provider_be.c:685: example_assign: Assigning: "ret" = return value from "pam_add_response(pd, SSS_PAM_SYSTEM_INFO, 48, (uint8_t const *)"sssd_be: The requested target is not configured")". >/builddir/build/BUILD/sssd-1.5.1/src/providers/data_provider_be.c:688: example_checked: "ret" has its value checked in "ret != 0U". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_auth.c:808: example_assign: Assigning: "ret" = return value from "pam_add_response(pd, msg_type, msg_len, buf + p)". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_auth.c:809: example_checked: "ret" has its value checked in "ret != 0". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_auth.c:657: example_assign: Assigning: "ret" = return value from "pam_add_response(pd, SSS_PAM_ENV_ITEM, strlen(msg) + 1UL, (uint8_t *)msg)". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_auth.c:659: example_checked: "ret" has its value checked in "ret != 0". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_child.c:486: example_assign: Assigning: "ret" = return value from "pam_add_response(kr->pd, (enum response_type)3221225473, 32, (uint8_t *)t)". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_child.c:488: example_checked: "ret" has its value checked in "ret != 0". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_child.c:417: example_assign: Assigning: "ret" = return value from "pam_add_response(kr->pd, SSS_PAM_ENV_ITEM, strlen(msg) + 1UL, (uint8_t *)msg)". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_child.c:433: example_checked: "ret" has its value checked in "ret != 0". >/builddir/build/BUILD/sssd-1.5.1/src/providers/dp_auth_util.c:258: check_return: Calling function "pam_add_response" without checking return value (as is done elsewhere 20 out of 24 times). >/builddir/build/BUILD/sssd-1.5.1/src/providers/dp_auth_util.c:258: unchecked_value: No check of the return value of "pam_add_response(pd, type, len, data)". > >Error: CHECKED_RETURN (CWE-252): >/builddir/build/BUILD/sssd-1.5.1/src/providers/data_provider_be.c:685: example_assign: Assigning: "ret" = return value from "pam_add_response(pd, SSS_PAM_SYSTEM_INFO, 48, (uint8_t const *)"sssd_be: The requested target is not configured")". >/builddir/build/BUILD/sssd-1.5.1/src/providers/data_provider_be.c:688: example_checked: "ret" has its value checked in "ret != 0U". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_auth.c:808: example_assign: Assigning: "ret" = return value from "pam_add_response(pd, msg_type, msg_len, buf + p)". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_auth.c:809: example_checked: "ret" has its value checked in "ret != 0". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_auth.c:657: example_assign: Assigning: "ret" = return value from "pam_add_response(pd, SSS_PAM_ENV_ITEM, strlen(msg) + 1UL, (uint8_t *)msg)". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_auth.c:659: example_checked: "ret" has its value checked in "ret != 0". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_child.c:486: example_assign: Assigning: "ret" = return value from "pam_add_response(kr->pd, (enum response_type)3221225473, 32, (uint8_t *)t)". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_child.c:488: example_checked: "ret" has its value checked in "ret != 0". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_child.c:417: example_assign: Assigning: "ret" = return value from "pam_add_response(kr->pd, SSS_PAM_ENV_ITEM, strlen(msg) + 1UL, (uint8_t *)msg)". >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_child.c:433: example_checked: "ret" has its value checked in "ret != 0". >/builddir/build/BUILD/sssd-1.5.1/src/providers/ldap/ldap_auth.c:227: check_return: Calling function "pam_add_response" without checking return value (as is done elsewhere 20 out of 24 times). >/builddir/build/BUILD/sssd-1.5.1/src/providers/ldap/ldap_auth.c:227: unchecked_value: No check of the return value of "pam_add_response(pd, SSS_PAM_USER_INFO, 8, (uint8_t *)data)". > >Error: OVERRUN_DYNAMIC (CWE-119): >/builddir/build/BUILD/sssd-1.5.1/src/util/crypto/nss/nss_sha512crypt.c:116: strlen_assign: Setting variable "key_len" to the return value of strlen called with argument "key". >/builddir/build/BUILD/sssd-1.5.1/src/util/crypto/nss/nss_sha512crypt.c:175: strlen_assign: Setting variable "cnt" to the return value of strlen called with argument "key". >/builddir/build/BUILD/sssd-1.5.1/src/util/crypto/nss/nss_sha512crypt.c:182: strlen_assign: Setting variable "cnt" to the return value of strlen called with argument "key". >/builddir/build/BUILD/sssd-1.5.1/src/util/crypto/nss/nss_sha512crypt.c:205: alloc_strlen: Allocating insufficient memory for the terminating null of the string. > >Error: RESOURCE_LEAK (CWE-404): >/builddir/build/BUILD/sssd-1.5.1/src/util/find_uid.c:79: open_fn: Calling opening function "open". >/builddir/build/BUILD/sssd-1.5.1/src/util/find_uid.c:79: var_assign: Assigning: "fd" = handle returned from "open(path, 0)". >/builddir/build/BUILD/sssd-1.5.1/src/util/find_uid.c:91: noescape: Variable "fd" is not closed or saved in function "fstat". >/builddir/build/BUILD/sssd-1.5.1/src/util/find_uid.c:97: leaked_handle: Handle variable "fd" going out of scope leaks the handle. >/builddir/build/BUILD/sssd-1.5.1/src/util/find_uid.c:100: leaked_handle: Handle variable "fd" going out of scope leaks the handle. >/builddir/build/BUILD/sssd-1.5.1/src/util/find_uid.c:105: leaked_handle: Handle variable "fd" going out of scope leaks the handle. >/builddir/build/BUILD/sssd-1.5.1/src/util/find_uid.c:108: noescape: Variable "fd" is not closed or saved in function "read". >/builddir/build/BUILD/sssd-1.5.1/src/util/find_uid.c:115: leaked_handle: Handle variable "fd" going out of scope leaks the handle. > >Error: RESOURCE_LEAK (CWE-404): >/builddir/build/BUILD/sssd-1.5.1/src/util/backup_file.c:68: open_fn: Calling opening function "open". >/builddir/build/BUILD/sssd-1.5.1/src/util/backup_file.c:68: var_assign: Assigning: "dst_fd" = handle returned from "open(dst_file, 193, 384)". >/builddir/build/BUILD/sssd-1.5.1/src/util/backup_file.c:71: off_by_one: Testing whether handle "dst_fd" is strictly greater than zero is suspicious. Did you intend to include equality with zero? "dst_fd" leaks when it is zero. >/builddir/build/BUILD/sssd-1.5.1/src/util/backup_file.c:68: overwrite_var: Overwriting handle "dst_fd" in call "dst_fd = open(dst_file, 193, 384)" leaks the handle. > >Error: RESOURCE_LEAK (CWE-404): >/builddir/build/BUILD/sssd-1.5.1/src/util/server.c:55: open_fn: Calling opening function "open". >/builddir/build/BUILD/sssd-1.5.1/src/util/server.c:55: var_assign: Assigning: "fd" = handle returned from "open("/dev/null", 2, 0)". >/builddir/build/BUILD/sssd-1.5.1/src/util/server.c:55: overwrite_var: Overwriting handle "fd" in call "fd = open("/dev/null", 2, 0)" leaks the handle. > >Error: RESOURCE_LEAK (CWE-404): >/builddir/build/BUILD/sssd-1.5.1/src/util/server.c:55: overwrite_var: Overwriting handle "fd" in call "fd = open("/dev/null", 2, 0)" leaks the handle. >/builddir/build/BUILD/sssd-1.5.1/src/util/server.c:57: open_fn: Calling opening function "open". >/builddir/build/BUILD/sssd-1.5.1/src/util/server.c:57: var_assign: Assigning: "fd" = handle returned from "open("/dev/null", 1, 0)". > >Error: RESOURCE_LEAK (CWE-404): >/builddir/build/BUILD/sssd-1.5.1/src/util/server.c:55: open_fn: Calling opening function "open". >/builddir/build/BUILD/sssd-1.5.1/src/util/server.c:55: var_assign: Assigning: "fd" = handle returned from "open("/dev/null", 2, 0)". >/builddir/build/BUILD/sssd-1.5.1/src/util/server.c:64: leaked_handle: Handle variable "fd" going out of scope leaks the handle. >/builddir/build/BUILD/sssd-1.5.1/src/util/server.c:68: leaked_handle: Handle variable "fd" going out of scope leaks the handle. > >Error: RESOURCE_LEAK (CWE-404): >/builddir/build/BUILD/sssd-1.5.1/src/util/server.c:57: open_fn: Calling opening function "open". >/builddir/build/BUILD/sssd-1.5.1/src/util/server.c:57: var_assign: Assigning: "fd" = handle returned from "open("/dev/null", 1, 0)". >/builddir/build/BUILD/sssd-1.5.1/src/util/server.c:64: leaked_handle: Handle variable "fd" going out of scope leaks the handle. >/builddir/build/BUILD/sssd-1.5.1/src/util/server.c:68: leaked_handle: Handle variable "fd" going out of scope leaks the handle. > >Error: RESOURCE_LEAK (CWE-404): >/builddir/build/BUILD/sssd-1.5.1/src/resolv/ares/ares_data.c:91: alloc_fn: Calling allocation function "malloc". >/builddir/build/BUILD/sssd-1.5.1/src/resolv/ares/ares_data.c:91: var_assign: Assigning: "ptr" = storage returned from "malloc(32UL)". >/builddir/build/BUILD/sssd-1.5.1/src/resolv/ares/ares_data.c:119: leaked_storage: Variable "ptr" going out of scope leaks the storage it points to. > >Error: RESOURCE_LEAK (CWE-404): >/builddir/build/BUILD/sssd-1.5.1/src/tools/tools_util.c:423: open_fn: Calling opening function "open". >/builddir/build/BUILD/sssd-1.5.1/src/tools/tools_util.c:423: var_assign: Assigning: "fd" = handle returned from "open(spool_file, 193, 0)". >/builddir/build/BUILD/sssd-1.5.1/src/tools/tools_util.c:431: noescape: Variable "fd" is not closed or saved in function "fchmod". >/builddir/build/BUILD/sssd-1.5.1/src/tools/tools_util.c:439: noescape: Variable "fd" is not closed or saved in function "fchown". >/builddir/build/BUILD/sssd-1.5.1/src/tools/tools_util.c:447: noescape: Variable "fd" is not closed or saved in function "fsync". >/builddir/build/BUILD/sssd-1.5.1/src/tools/tools_util.c:466: leaked_handle: Handle variable "fd" going out of scope leaks the handle. > >Error: SECURE_TEMP (CWE-377): >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_child.c:260: secure_temp: Calling "mkstemp" without securely setting umask first. >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_child.c:308: secure_temp: Calling "mkstemp" without securely setting umask first. > >Error: SECURE_TEMP (CWE-377): >/builddir/build/BUILD/sssd-1.5.1/src/providers/krb5/krb5_common.c:311: secure_temp: Calling "mkstemp" without securely setting umask first. > >Error: STRING_NULL (CWE-170): >/builddir/build/BUILD/sssd-1.5.1/src/util/find_uid.c:108: string_null_argument: Function "read" does not terminate string "*buf". >/builddir/build/BUILD/sssd-1.5.1/src/util/find_uid.c:125: string_null: Passing unterminated string "buf" to a function expecting a null-terminated string. > >Error: STRING_NULL (CWE-170): >/builddir/build/BUILD/sssd-1.5.1/src/util/server.c:124: string_null_argument: Function "read" does not terminate string "pid_str[len]". >/builddir/build/BUILD/sssd-1.5.1/src/util/server.c:185: tainted_data_transitive: Call to function "__coverity_memset" with tainted argument "pid_str" returns tainted data. >/builddir/build/BUILD/sssd-1.5.1/src/util/server.c:187: string_null: Passing unterminated string "pid_str" to a function expecting a null-terminated string. > >Error: STRING_NULL (CWE-170): >/builddir/build/BUILD/sssd-1.5.1/src/util/server.c:124: string_null_argument: Function "read" does not terminate string "pid_str[len]". >/builddir/build/BUILD/sssd-1.5.1/src/util/server.c:147: tainted_data_transitive: Call to function "atoi" with tainted argument "pid_str" returns tainted data. >/builddir/build/BUILD/sssd-1.5.1/src/util/server.c:185: tainted_data_transitive: Call to function "__coverity_memset" with tainted argument "pid_str" returns tainted data. >/builddir/build/BUILD/sssd-1.5.1/src/util/server.c:187: string_null: Passing unterminated string "pid_str" to a function expecting a null-terminated string. > >Error: TAINTED_SCALAR (CWE-20): >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:258: tainted_data_argument: Calling function "read" taints argument "header". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:313: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "header[0] > 16UL". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:314: var_assign_var: Assigning: "len" = "header[0] - 16UL". Both are now tainted. >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:315: tainted_data: Passing tainted variable "len" to a tainted sink. > >Error: TAINTED_SCALAR (CWE-20): >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:258: tainted_data_argument: Calling function "read" taints argument "header". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:313: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "header[0] > 16UL". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:314: var_assign_var: Assigning: "len" = "header[0] - 16UL". Both are now tainted. >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:315: tainted_data: Passing tainted variable "len" to a tainted sink. > >Error: TAINTED_SCALAR (CWE-20): >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:258: tainted_data_argument: Calling function "read" taints argument "header". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:263: tainted_data: Passing tainted variable "header[0] - datarecv" to a tainted sink. > >Error: TAINTED_SCALAR (CWE-20): >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:258: tainted_data_argument: Calling function "read" taints argument "header". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:313: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "header[0] > 16UL". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:314: var_assign_var: Assigning: "len" = "header[0] - 16UL". Both are now tainted. >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:315: tainted_data: Passing tainted variable "len" to a tainted sink. > >Error: TAINTED_SCALAR (CWE-20): >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:258: tainted_data_argument: Calling function "read" taints argument "header". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:313: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "header[0] > 16UL". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:314: var_assign_var: Assigning: "len" = "header[0] - 16UL". Both are now tainted. >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:315: tainted_data: Passing tainted variable "len" to a tainted sink. > >Error: TAINTED_SCALAR (CWE-20): >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:258: tainted_data_argument: Calling function "read" taints argument "header". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:313: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "header[0] > 16UL". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:263: tainted_data: Passing tainted variable "header[0] - datarecv" to a tainted sink. > >Error: TAINTED_SCALAR (CWE-20): >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:258: tainted_data_argument: Calling function "read" taints argument "header". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:313: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "header[0] > 16UL". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:314: var_assign_var: Assigning: "len" = "header[0] - 16UL". Both are now tainted. >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:315: tainted_data: Passing tainted variable "len" to a tainted sink. > >Error: TAINTED_SCALAR (CWE-20): >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:258: tainted_data_argument: Calling function "read" taints argument "header". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:313: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "header[0] > 16UL". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:263: tainted_data: Passing tainted variable "header[0] - datarecv" to a tainted sink. > >Error: TAINTED_SCALAR (CWE-20): >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:258: tainted_data_argument: Calling function "read" taints argument "header". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:313: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "header[0] > 16UL". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:212: lower_bounds: Checking lower bounds of unsigned scalar "header[0]" by "datarecv < header[0]". >/builddir/build/BUILD/sssd-1.5.1/src/sss_client/common.c:263: tainted_data: Passing tainted variable "header[0] - datarecv" to a tainted sink. > >Error: TAINTED_SCALAR (CWE-20): >/builddir/build/BUILD/sssd-1.5.1/src/monitor/monitor.c:1491: tainted_data_argument: Calling function "read" taints argument "buf". >/builddir/build/BUILD/sssd-1.5.1/src/monitor/monitor.c:1501: var_assign_var: Assigning: "in_event" = "(struct inotify_event *)buf". Both are now tainted. >/builddir/build/BUILD/sssd-1.5.1/src/monitor/monitor.c:1503: lower_bounds: Checking lower bounds of unsigned scalar "in_event->len" by "in_event->len > 0U". >/builddir/build/BUILD/sssd-1.5.1/src/monitor/monitor.c:1512: tainted_data: Using tainted variable "in_event->len" as a loop boundary. > >Error: TAINTED_SCALAR (CWE-20): >/builddir/build/BUILD/sssd-1.5.1/src/monitor/monitor.c:1491: tainted_data_argument: Calling function "read" taints argument "buf". >/builddir/build/BUILD/sssd-1.5.1/src/monitor/monitor.c:1501: var_assign_var: Assigning: "in_event" = "(struct inotify_event *)buf". Both are now tainted. >/builddir/build/BUILD/sssd-1.5.1/src/monitor/monitor.c:1512: lower_bounds: Checking lower bounds of unsigned scalar "in_event->len" by "total_len < in_event->len". >/builddir/build/BUILD/sssd-1.5.1/src/monitor/monitor.c:1513: tainted_data: Passing tainted variable "in_event->len" to a tainted sink. > >Error: TOCTOU (CWE-367): >/builddir/build/BUILD/sssd-1.5.1/src/tools/files.c:140: fs_check_call: Calling function "lstat" to perform check on "fullpath". >/builddir/build/BUILD/sssd-1.5.1/src/tools/files.c:164: toctou: Calling function "unlink" that uses "fullpath" after a check function. This can cause a time-of-check, time-of-use race condition. > >Error: TOCTOU (CWE-367): >/builddir/build/BUILD/sssd-1.5.1/src/sbus/sssd_dbus_server.c:137: fs_check_call: Calling function "readlink" to perform check on "symlink_name". >/builddir/build/BUILD/sssd-1.5.1/src/sbus/sssd_dbus_server.c:165: toctou: Calling function "unlink" that uses "symlink_name" after a check function. This can cause a time-of-check, time-of-use race condition. > >Error: UNINIT (CWE-457): >/builddir/build/BUILD/sssd-1.5.1/src/providers/ipa/ipa_access.c:131: var_decl: Declaring variable "hbac_ctx" without initializer. >/builddir/build/BUILD/sssd-1.5.1/src/providers/ipa/ipa_access.c:201: uninit_use: Using uninitialized value "hbac_ctx".
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=606175">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 850722
: 606175