|
 |
d77ab8 |
From 88971a0a5660805f71ba8696e9291eaee822d996 Mon Sep 17 00:00:00 2001
|
|
|
d77ab8 |
From: Tomas Hozza <thozza@redhat.com>
|
|
|
d77ab8 |
Date: Fri, 8 Feb 2013 15:12:32 +0100
|
|
|
d77ab8 |
Subject: [PATCH 1/4] OVERRUN (CWE-119)
|
|
|
d77ab8 |
|
|
|
d77ab8 |
Coverity output:
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:392: cond_true: Condition "*q", taking
|
|
|
d77ab8 |
true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:393: cond_false: Condition
|
|
|
d77ab8 |
"!(*__ctype_b_loc()[(int)*q] & 2048 /* (unsigned short)_ISdigit */)",
|
|
|
d77ab8 |
taking false branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:394: if_end: End of if statement
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:394: loop: Jumping back to the beginning
|
|
|
d77ab8 |
of the loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:392: loop_begin: Jumped back to beginning
|
|
|
d77ab8 |
of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:392: cond_false: Condition "*q", taking
|
|
|
d77ab8 |
false branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:394: loop_end: Reached end of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:396: alias: Assigning: "p" = "pbuf". "p"
|
|
|
d77ab8 |
now points to byte 0 of "pbuf" (which consists of 15 bytes).
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:397: switch: Switch case value "11"
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:398: switch_case: Reached case "11"
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:399: ptr_incr: Incrementing "p". "p" now
|
|
|
d77ab8 |
points to byte 1 of "pbuf" (which consists of 15 bytes).
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:400: ptr_incr: Incrementing "p". "p" now
|
|
|
d77ab8 |
points to byte 2 of "pbuf" (which consists of 15 bytes).
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:401: ptr_incr: Incrementing "p". "p" now
|
|
|
d77ab8 |
points to byte 3 of "pbuf" (which consists of 15 bytes).
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:404: ptr_incr: Incrementing "p". "p" now
|
|
|
d77ab8 |
points to byte 4 of "pbuf" (which consists of 15 bytes).
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:405: ptr_incr: Incrementing "p". "p" now
|
|
|
d77ab8 |
points to byte 5 of "pbuf" (which consists of 15 bytes).
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:406: ptr_incr: Incrementing "p". "p" now
|
|
|
d77ab8 |
points to byte 6 of "pbuf" (which consists of 15 bytes).
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:407: ptr_incr: Incrementing "p". "p" now
|
|
|
d77ab8 |
points to byte 7 of "pbuf" (which consists of 15 bytes).
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:410: ptr_incr: Incrementing "p". "p" now
|
|
|
d77ab8 |
points to byte 8 of "pbuf" (which consists of 15 bytes).
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:411: ptr_incr: Incrementing "p". "p" now
|
|
|
d77ab8 |
points to byte 9 of "pbuf" (which consists of 15 bytes).
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:412: ptr_incr: Incrementing "p". "p" now
|
|
|
d77ab8 |
points to byte 10 of "pbuf" (which consists of 15 bytes).
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:413: break: Breaking from switch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:421: switch_end: Reached end of switch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:422: cond_true: Condition "len != 4",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:423: ptr_incr: Incrementing "p". "p" now
|
|
|
d77ab8 |
points to byte 11 of "pbuf" (which consists of 15 bytes).
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:424: ptr_incr: Incrementing "p". "p" now
|
|
|
d77ab8 |
points to byte 12 of "pbuf" (which consists of 15 bytes).
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:426: ptr_incr: Incrementing "p". "p" now
|
|
|
d77ab8 |
points to byte 13 of "pbuf" (which consists of 15 bytes).
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:427: ptr_incr: Incrementing "p". "p" now
|
|
|
d77ab8 |
points to byte 14 of "pbuf" (which consists of 15 bytes).
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:428: ptr_incr: Incrementing "p". "p" now
|
|
|
d77ab8 |
points to byte 15 of "pbuf" (which consists of 15 bytes).
|
|
|
d77ab8 |
bsd-finger-0.17/finger/util.c:429: overrun-local: Overrunning array of
|
|
|
d77ab8 |
15 bytes at byte offset 15 by dereferencing pointer "p".
|
|
|
d77ab8 |
|
|
|
d77ab8 |
Signed-off-by: Tomas Hozza <thozza@redhat.com>
|
|
|
d77ab8 |
---
|
|
|
d77ab8 |
finger/util.c | 2 +-
|
|
|
d77ab8 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
d77ab8 |
|
|
|
d77ab8 |
diff --git a/finger/util.c b/finger/util.c
|
|
|
d77ab8 |
index a9c3b5d..ee44541 100644
|
|
|
d77ab8 |
--- a/finger/util.c
|
|
|
d77ab8 |
+++ b/finger/util.c
|
|
|
d77ab8 |
@@ -386,7 +386,7 @@ prphone(const char *num)
|
|
|
d77ab8 |
char *p;
|
|
|
d77ab8 |
const char *q;
|
|
|
d77ab8 |
int len;
|
|
|
d77ab8 |
- static char pbuf[15];
|
|
|
d77ab8 |
+ static char pbuf[16];
|
|
|
d77ab8 |
|
|
|
d77ab8 |
/* don't touch anything if the user has their own formatting */
|
|
|
d77ab8 |
for (q = num; *q; ++q)
|
|
|
d77ab8 |
--
|
|
|
d77ab8 |
1.8.1.2
|
|
|
d77ab8 |
|
|
|
d77ab8 |
|
|
|
d77ab8 |
From 93a36eb8d32b0cbe3034e3742b128eb81934875c Mon Sep 17 00:00:00 2001
|
|
|
d77ab8 |
From: Tomas Hozza <thozza@redhat.com>
|
|
|
d77ab8 |
Date: Fri, 8 Feb 2013 15:19:34 +0100
|
|
|
d77ab8 |
Subject: [PATCH 2/4] RESOURCE_LEAK (CWE-772)
|
|
|
d77ab8 |
|
|
|
d77ab8 |
Coverity output:
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:293: cond_false: Condition "setlocale(6,
|
|
|
d77ab8 |
"") != NULL", taking false branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:294: if_end: End of if statement
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:296: alloc_fn: Storage is returned from
|
|
|
d77ab8 |
allocation function "calloc(size_t, size_t)".
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:296: var_assign: Assigning: "used" =
|
|
|
d77ab8 |
storage returned from "calloc(argc, 4UL)".
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:297: cond_false: Condition "!used",
|
|
|
d77ab8 |
taking false branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:300: if_end: End of if statement
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:303: cond_true: Condition "i < argc",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:304: cond_true: Condition
|
|
|
d77ab8 |
"!__coverity_strchr(argv[i], 64)", taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:306: continue: Continuing loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:313: loop: Looping back
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:303: cond_true: Condition "i < argc",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:304: cond_true: Condition
|
|
|
d77ab8 |
"!__coverity_strchr(argv[i], 64)", taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:306: continue: Continuing loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:313: loop: Looping back
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:303: cond_false: Condition "i < argc",
|
|
|
d77ab8 |
taking false branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:313: loop_end: Reached end of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:316: cond_true: Condition "dolocal",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:316: noescape: Resource "used" is not
|
|
|
d77ab8 |
freed or pointed-to in function "do_local(int, char **, int *)".
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:251:51: noescape: "do_local(int, char
|
|
|
d77ab8 |
**, int *)" does not free or save its pointer parameter "used".
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:319: cond_false: Condition "pn", taking
|
|
|
d77ab8 |
false branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:323: loop_end: Reached end of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:325: cond_true: Condition "entries ==
|
|
|
d77ab8 |
0", taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:326: leaked_storage: Variable "used"
|
|
|
d77ab8 |
going out of scope leaks the storage it points to.
|
|
|
d77ab8 |
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:293: cond_false: Condition "setlocale(6,
|
|
|
d77ab8 |
"") != NULL", taking false branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:294: if_end: End of if statement
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:296: alloc_fn: Storage is returned from
|
|
|
d77ab8 |
allocation function "calloc(size_t, size_t)".
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:296: var_assign: Assigning: "used" =
|
|
|
d77ab8 |
storage returned from "calloc(argc, 4UL)".
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:297: cond_false: Condition "!used",
|
|
|
d77ab8 |
taking false branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:300: if_end: End of if statement
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:303: cond_true: Condition "i < argc",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:304: cond_true: Condition
|
|
|
d77ab8 |
"!__coverity_strchr(argv[i], 64)", taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:306: continue: Continuing loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:313: loop: Looping back
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:303: cond_true: Condition "i < argc",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:304: cond_true: Condition
|
|
|
d77ab8 |
"!__coverity_strchr(argv[i], 64)", taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:306: continue: Continuing loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:313: loop: Looping back
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:303: cond_false: Condition "i < argc",
|
|
|
d77ab8 |
taking false branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:313: loop_end: Reached end of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:316: cond_true: Condition "dolocal",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:316: noescape: Resource "used" is not
|
|
|
d77ab8 |
freed or pointed-to in function "do_local(int, char **, int *)".
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:251:51: noescape: "do_local(int, char
|
|
|
d77ab8 |
**, int *)" does not free or save its pointer parameter "used".
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:319: cond_true: Condition "pn", taking
|
|
|
d77ab8 |
true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:321: cond_false: Condition "pn->next",
|
|
|
d77ab8 |
taking false branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:321: cond_true: Condition "entries",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:323: loop: Jumping back to the beginning
|
|
|
d77ab8 |
of the loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:319: loop_begin: Jumped back to
|
|
|
d77ab8 |
beginning of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:319: cond_false: Condition "pn", taking
|
|
|
d77ab8 |
false branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:323: loop_end: Reached end of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:325: cond_false: Condition "entries ==
|
|
|
d77ab8 |
0", taking false branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:326: if_end: End of if statement
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:339: cond_false: Condition "(uptr =
|
|
|
d77ab8 |
getutent()) != NULL", taking false branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:351: loop_end: Reached end of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:352: cond_true: Condition "pn != NULL",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:354: loop: Jumping back to the beginning
|
|
|
d77ab8 |
of the loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:352: loop_begin: Jumped back to
|
|
|
d77ab8 |
beginning of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:352: cond_false: Condition "pn != NULL",
|
|
|
d77ab8 |
taking false branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:354: loop_end: Reached end of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/finger.c:356: leaked_storage: Variable "used"
|
|
|
d77ab8 |
going out of scope leaks the storage it points to.
|
|
|
d77ab8 |
|
|
|
d77ab8 |
Signed-off-by: Tomas Hozza <thozza@redhat.com>
|
|
|
d77ab8 |
---
|
|
|
d77ab8 |
finger/finger.c | 4 ++++
|
|
|
d77ab8 |
1 file changed, 4 insertions(+)
|
|
|
d77ab8 |
|
|
|
d77ab8 |
diff --git a/finger/finger.c b/finger/finger.c
|
|
|
d77ab8 |
index ebf7309..6653e82 100644
|
|
|
d77ab8 |
--- a/finger/finger.c
|
|
|
d77ab8 |
+++ b/finger/finger.c
|
|
|
d77ab8 |
@@ -323,7 +323,10 @@ userlist(int argc, char *argv[])
|
|
|
d77ab8 |
}
|
|
|
d77ab8 |
|
|
|
d77ab8 |
if (entries == 0)
|
|
|
d77ab8 |
+ {
|
|
|
d77ab8 |
+ free(used);
|
|
|
d77ab8 |
return;
|
|
|
d77ab8 |
+ }
|
|
|
d77ab8 |
|
|
|
d77ab8 |
/*
|
|
|
d77ab8 |
* Scan thru the list of users currently logged in, saving
|
|
|
d77ab8 |
@@ -353,4 +356,5 @@ userlist(int argc, char *argv[])
|
|
|
d77ab8 |
enter_lastlog(pn);
|
|
|
d77ab8 |
}
|
|
|
d77ab8 |
endutent();
|
|
|
d77ab8 |
+ free(used);
|
|
|
d77ab8 |
}
|
|
|
d77ab8 |
--
|
|
|
d77ab8 |
1.8.1.2
|
|
|
d77ab8 |
|
|
|
d77ab8 |
|
|
|
d77ab8 |
From bf805902875147e582402fa736022c10edb163bc Mon Sep 17 00:00:00 2001
|
|
|
d77ab8 |
From: Tomas Hozza <thozza@redhat.com>
|
|
|
d77ab8 |
Date: Fri, 8 Feb 2013 15:41:05 +0100
|
|
|
d77ab8 |
Subject: [PATCH 3/4] RESOURCE_LEAK (CWE-772)
|
|
|
d77ab8 |
|
|
|
d77ab8 |
Coverity output:
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:60: alloc_fn: Storage is returned from
|
|
|
d77ab8 |
allocation function "sort(void)".
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:142:2: alloc_fn: Storage is returned
|
|
|
d77ab8 |
from allocation function "malloc(size_t)".
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:142:2: var_assign: Assigning: "list" =
|
|
|
d77ab8 |
"malloc((u_int)(entries * 8UL))".
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:142:2: cond_false: Condition "!(list =
|
|
|
d77ab8 |
(PERSON **)malloc((u_int)(entries * 8UL /* sizeof (PERSON *) */)))",
|
|
|
d77ab8 |
taking false branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:145:2: if_end: End of if statement
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:146:7: var_assign: Assigning: "lp" =
|
|
|
d77ab8 |
"list".
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:146:2: cond_true: Condition "pn !=
|
|
|
d77ab8 |
NULL", taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:147:3: loop: Jumping back to the
|
|
|
d77ab8 |
beginning of the loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:146:2: loop_begin: Jumped back to
|
|
|
d77ab8 |
beginning of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:146:2: cond_false: Condition "pn !=
|
|
|
d77ab8 |
NULL", taking false branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:147:3: loop_end: Reached end of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:148:2: noescape: Resource "list" is not
|
|
|
d77ab8 |
freed or pointed-to in function "qsort(void *, size_t, size_t,
|
|
|
d77ab8 |
__compar_fn_t)".
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:149:2: return_alloc: Returning allocated
|
|
|
d77ab8 |
memory "list".
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:60: var_assign: Assigning: "list" =
|
|
|
d77ab8 |
storage returned from "sort()".
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:76: cond_true: Condition "cnt <
|
|
|
d77ab8 |
entries", taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:79: cond_true: Condition "pn->name",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:80: cond_true: Condition "l > maxlname",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:81: cond_true: Condition "pn->realname",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:82: cond_true: Condition "l > maxrname",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:83: loop: Jumping back to the beginning
|
|
|
d77ab8 |
of the loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:76: loop_begin: Jumped back to beginning
|
|
|
d77ab8 |
of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:76: cond_true: Condition "cnt <
|
|
|
d77ab8 |
entries", taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:79: cond_true: Condition "pn->name",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:80: cond_true: Condition "l > maxlname",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:81: cond_true: Condition "pn->realname",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:82: cond_true: Condition "l > maxrname",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:83: loop: Jumping back to the beginning
|
|
|
d77ab8 |
of the loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:76: loop_begin: Jumped back to beginning
|
|
|
d77ab8 |
of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:76: cond_true: Condition "cnt <
|
|
|
d77ab8 |
entries", taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:79: cond_true: Condition "pn->name",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:80: cond_true: Condition "l > maxlname",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:81: cond_true: Condition "pn->realname",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:82: cond_false: Condition "l >
|
|
|
d77ab8 |
maxrname", taking false branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:82: if_end: End of if statement
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:83: loop: Jumping back to the beginning
|
|
|
d77ab8 |
of the loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:76: loop_begin: Jumped back to beginning
|
|
|
d77ab8 |
of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:76: cond_false: Condition "cnt <
|
|
|
d77ab8 |
entries", taking false branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:83: loop_end: Reached end of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:86: cond_true: Condition "maxlname +
|
|
|
d77ab8 |
maxrname > space", taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:89: cond_true: Condition "maxlname +
|
|
|
d77ab8 |
maxrname < space - 2", taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:93: cond_true: Condition "cnt <
|
|
|
d77ab8 |
entries", taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:95: cond_true: Condition "w != NULL",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:96: cond_true: Condition "pn->realname",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:99: cond_true: Condition "!w->loginat",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:101: goto: Jumping to label "office"
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:120: label: Reached label "office"
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:121: cond_true: Condition "pn->office",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:122: if_fallthrough: Falling through to
|
|
|
d77ab8 |
end of if statement
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:124: if_end: End of if statement
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:125: cond_true: Condition
|
|
|
d77ab8 |
"pn->officephone", taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:126: if_fallthrough: Falling through to
|
|
|
d77ab8 |
end of if statement
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:129: if_end: End of if statement
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:131: cond_true: Condition "w->host[0] !=
|
|
|
d77ab8 |
0", taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:134: loop: Jumping back to the beginning
|
|
|
d77ab8 |
of the loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:95: loop_begin: Jumped back to beginning
|
|
|
d77ab8 |
of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:95: cond_false: Condition "w != NULL",
|
|
|
d77ab8 |
taking false branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:134: loop_end: Reached end of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:135: loop: Jumping back to the beginning
|
|
|
d77ab8 |
of the loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:93: loop_begin: Jumped back to beginning
|
|
|
d77ab8 |
of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:93: cond_true: Condition "cnt <
|
|
|
d77ab8 |
entries", taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:95: cond_true: Condition "w != NULL",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:96: cond_true: Condition "pn->realname",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:99: cond_true: Condition "!w->loginat",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:101: goto: Jumping to label "office"
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:120: label: Reached label "office"
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:121: cond_true: Condition "pn->office",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:122: if_fallthrough: Falling through to
|
|
|
d77ab8 |
end of if statement
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:124: if_end: End of if statement
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:125: cond_true: Condition
|
|
|
d77ab8 |
"pn->officephone", taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:126: if_fallthrough: Falling through to
|
|
|
d77ab8 |
end of if statement
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:129: if_end: End of if statement
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:131: cond_true: Condition "w->host[0] !=
|
|
|
d77ab8 |
0", taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:134: loop: Jumping back to the beginning
|
|
|
d77ab8 |
of the loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:95: loop_begin: Jumped back to beginning
|
|
|
d77ab8 |
of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:95: cond_false: Condition "w != NULL",
|
|
|
d77ab8 |
taking false branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:134: loop_end: Reached end of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:135: loop: Jumping back to the beginning
|
|
|
d77ab8 |
of the loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:93: loop_begin: Jumped back to beginning
|
|
|
d77ab8 |
of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:93: cond_true: Condition "cnt <
|
|
|
d77ab8 |
entries", taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:95: cond_true: Condition "w != NULL",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:96: cond_true: Condition "pn->realname",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:99: cond_true: Condition "!w->loginat",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:101: goto: Jumping to label "office"
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:120: label: Reached label "office"
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:121: cond_true: Condition "pn->office",
|
|
|
d77ab8 |
taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:122: if_fallthrough: Falling through to
|
|
|
d77ab8 |
end of if statement
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:124: if_end: End of if statement
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:125: cond_true: Condition
|
|
|
d77ab8 |
"pn->officephone", taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:126: if_fallthrough: Falling through to
|
|
|
d77ab8 |
end of if statement
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:129: if_end: End of if statement
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:131: cond_true: Condition "w->host[0] !=
|
|
|
d77ab8 |
0", taking true branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:134: loop: Jumping back to the beginning
|
|
|
d77ab8 |
of the loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:95: loop_begin: Jumped back to beginning
|
|
|
d77ab8 |
of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:95: cond_false: Condition "w != NULL",
|
|
|
d77ab8 |
taking false branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:134: loop_end: Reached end of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:135: loop: Jumping back to the beginning
|
|
|
d77ab8 |
of the loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:93: loop_begin: Jumped back to beginning
|
|
|
d77ab8 |
of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:93: cond_false: Condition "cnt <
|
|
|
d77ab8 |
entries", taking false branch
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:135: loop_end: Reached end of loop
|
|
|
d77ab8 |
bsd-finger-0.17/finger/sprint.c:136: leaked_storage: Variable "list"
|
|
|
d77ab8 |
going out of scope leaks the storage it points to.
|
|
|
d77ab8 |
|
|
|
d77ab8 |
Signed-off-by: Tomas Hozza <thozza@redhat.com>
|
|
|
d77ab8 |
---
|
|
|
d77ab8 |
finger/sprint.c | 1 +
|
|
|
d77ab8 |
1 file changed, 1 insertion(+)
|
|
|
d77ab8 |
|
|
|
d77ab8 |
diff --git a/finger/sprint.c b/finger/sprint.c
|
|
|
d77ab8 |
index 0aaa82f..c66584f 100644
|
|
|
d77ab8 |
--- a/finger/sprint.c
|
|
|
d77ab8 |
+++ b/finger/sprint.c
|
|
|
d77ab8 |
@@ -133,6 +133,7 @@ office:
|
|
|
d77ab8 |
xputc('\n');
|
|
|
d77ab8 |
}
|
|
|
d77ab8 |
}
|
|
|
d77ab8 |
+ free(list);
|
|
|
d77ab8 |
}
|
|
|
d77ab8 |
|
|
|
d77ab8 |
static PERSON **sort(void) {
|
|
|
d77ab8 |
--
|
|
|
d77ab8 |
1.8.1.2
|
|
|
d77ab8 |
|
|
|
d77ab8 |
|
|
|
d77ab8 |
From d8638a83edb2ab42adaa8a77f74d350095ce281f Mon Sep 17 00:00:00 2001
|
|
|
d77ab8 |
From: Tomas Hozza <thozza@redhat.com>
|
|
|
d77ab8 |
Date: Fri, 8 Feb 2013 15:58:40 +0100
|
|
|
d77ab8 |
Subject: [PATCH 4/4] DEADCODE (CWE-561)
|
|
|
d77ab8 |
|
|
|
d77ab8 |
Coverity output:
|
|
|
d77ab8 |
bsd-finger-0.17/finger/net.c:173: assignment: Assigning: "ateol" = "1".
|
|
|
d77ab8 |
bsd-finger-0.17/finger/net.c:178: assignment: Assigning: "ateol" = "1".
|
|
|
d77ab8 |
bsd-finger-0.17/finger/net.c:191: const: At condition "ateol", the value
|
|
|
d77ab8 |
of "ateol" must be equal to 1.
|
|
|
d77ab8 |
bsd-finger-0.17/finger/net.c:191: dead_error_condition: The condition
|
|
|
d77ab8 |
"!ateol" cannot be true.
|
|
|
d77ab8 |
bsd-finger-0.17/finger/net.c:191: dead_error_line: Execution cannot
|
|
|
d77ab8 |
reach this statement "xputc(10);".
|
|
|
d77ab8 |
|
|
|
d77ab8 |
Signed-off-by: Tomas Hozza <thozza@redhat.com>
|
|
|
d77ab8 |
---
|
|
|
d77ab8 |
finger/net.c | 5 ++++-
|
|
|
d77ab8 |
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
d77ab8 |
|
|
|
d77ab8 |
diff --git a/finger/net.c b/finger/net.c
|
|
|
d77ab8 |
index d273432..157090f 100644
|
|
|
d77ab8 |
--- a/finger/net.c
|
|
|
d77ab8 |
+++ b/finger/net.c
|
|
|
d77ab8 |
@@ -183,7 +183,10 @@ void netfinger(const char *name) {
|
|
|
d77ab8 |
/* don't print */
|
|
|
d77ab8 |
}
|
|
|
d77ab8 |
else {
|
|
|
d77ab8 |
- if (c == '\n') ateol = 1;
|
|
|
d77ab8 |
+ if (c == '\n')
|
|
|
d77ab8 |
+ ateol = 1;
|
|
|
d77ab8 |
+ else
|
|
|
d77ab8 |
+ ateol = 0;
|
|
|
d77ab8 |
sawret = 0;
|
|
|
d77ab8 |
xputc(c);
|
|
|
d77ab8 |
}
|
|
|
d77ab8 |
--
|
|
|
d77ab8 |
1.8.1.2
|
|
|
d77ab8 |
|