Re: [Bug-wget] Fwd: New Defects reported by Coverity Scan for GNU Wget

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Fwd: New Defects reported by Coverity Scan for GNU Wget

From:	Darshit Shah
Subject:	Re: [Bug-wget] Fwd: New Defects reported by Coverity Scan for GNU Wget
Date:	Wed, 19 Nov 2014 19:22:00 +0530
User-agent:	Mutt/1.5.23 (2014-03-12)

On 11/19, Tim Rühsen wrote:

On Wednesday 19 November 2014 18:17:15 Darshit Shah wrote:

I just ran the latest HEAD of our repository through Coverity's static
analysis engine.

Here is the report it returned.

Anyone who wishes to look at the full reports, please send a request
through coverity and I'll grant you permissions.


We should use random() if available... (I'll make up a patch)
About random number security:
http://www.onlamp.com/pub/a/onlamp/excerpt/PUIS3_chap16/index4.html?page=2

Agreed. While random_number() is not being used for any cryptography relatedthings here, it *is* being used for Digest Authentication. We should make itatleast a bit more secure.

ftp-basic.c already fixed, patch comes within the next hour.

Great to hear that!
I was going to look into it, but I'll leave it to you then

http.c seems to be a false positive (looking at the current git code).


Yes, it is a false positive.

The static analyzer failed to realize that options[4] is &algorithm and henceit'll be assigned a value during the execution of the while() loop on line 3802.

I haven't yet figured out how to write coverity's modeling files for explicitlymarking such code paths as false positives.

There's also quite a few more issues that coverity has identified in the past. Alot of them seem to be similar false positives. I'm going to go through as manyof them as I can.

Tim



---------- Forwarded message ----------
From:  <address@hidden>
Date: Wed, Nov 19, 2014 at 6:13 PM
Subject: New Defects reported by Coverity Scan for GNU Wget
To: address@hidden



Hi,

Please find the latest report on new defect(s) introduced to GNU Wget
found with Coverity Scan.

4 new defect(s) introduced to GNU Wget found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in
the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)


** CID 1230447:  Don't call  (DC.WEAK_CRYPTO)
/src/utils.c: 1890 in random_float()

** CID 1255317:  Don't call  (DC.WEAK_CRYPTO)
/src/utils.c: 1855 in random_number()

** CID 1255316:  Logically dead code  (DEADCODE)
/src/ftp-basic.c: 792 in ftp_epsv()

** CID 1255315:  Logically dead code  (DEADCODE)
/src/http.c: 3822 in digest_authentication_encode()


____________________________________________________________________________
____________________________ *** CID 1230447:  Don't call  (DC.WEAK_CRYPTO)
/src/utils.c: 1890 in random_float()

____________________________________________________________________________
____________________________ *** CID 1255317:  Don't call  (DC.WEAK_CRYPTO)
/src/utils.c: 1855 in random_number()

____________________________________________________________________________
____________________________ *** CID 1255316:  Logically dead code
(DEADCODE)
/src/ftp-basic.c: 792 in ftp_epsv()
786       /* Finally, get the port number */
787       tport = 0;
788       for (i = 1; c_isdigit (*s); s++)
789         {
790           if (i > 5)
791             {

>>>     CID 1255316:  Logically dead code  (DEADCODE)
>>>     Execution cannot reach this statement: "free(respline);".

792               xfree (respline);
793               return FTPINVPASV;
794             }
795           tport = (*s - '0') + 10 * tport;
796         }
797

____________________________________________________________________________
____________________________ *** CID 1255315:  Logically dead code
(DEADCODE)
/src/http.c: 3822 in digest_authentication_encode()
3816       if (qop != NULL && strcmp(qop,"auth"))
3817         {
3818           logprintf (LOG_NOTQUIET, _("Unsupported quality of
protection '%s'.\n"), qop);
3819           xfree_null (qop); /* force freeing mem and return */
3820           qop = NULL;
3821         }

>>>     CID 1255315:  Logically dead code  (DEADCODE)
>>>     Execution cannot reach the expression "strcmp(algorithm, "MD5")"
>>>     inside this statement: "if (algorithm != NULL && st...".
3822       else if (algorithm != NULL && strcmp (algorithm,"MD5") &&
strcmp (algorithm,"MD5-sess"))
3823         {
3824           logprintf (LOG_NOTQUIET, _("Unsupported algorithm
'%s'.\n"), algorithm);
3825           xfree_null (qop); /* force freeing mem and return */
3826           qop = NULL;
3827         }


____________________________________________________________________________
____________________________ To view the defects in Coverity Scan visit,
http://scan.coverity.com/projects/555?tab=overview

To unsubscribe from the email notification for new defects,
http://scan5.coverity.com/cgi-bin/unsubscribe.py



--- end quoted text ---

--
Thanking You,
Darshit Shah

pgpOx1D6ZP2A1.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] Fwd: New Defects reported by Coverity Scan for GNU Wget, Darshit Shah, 2014/11/19
- Re: [Bug-wget] Fwd: New Defects reported by Coverity Scan for GNU Wget, Tim Ruehsen, 2014/11/19
  - Re: [Bug-wget] Fwd: New Defects reported by Coverity Scan for GNU Wget, Darshit Shah <=
- Re: [Bug-wget] [PATCH] Patch for Coverity reports, Tim Ruehsen, 2014/11/19
  - Re: [Bug-wget] [PATCH] Patch for Coverity reports, Darshit Shah, 2014/11/19
    - Re: [Bug-wget] [PATCH] Patch for Coverity reports, Tim Ruehsen, 2014/11/19

Prev by Date: Re: [Bug-wget] Fwd: New Defects reported by Coverity Scan for GNU Wget
Next by Date: Re: [Bug-wget] [PATCH] Patch for Coverity reports
Previous by thread: Re: [Bug-wget] Fwd: New Defects reported by Coverity Scan for GNU Wget
Next by thread: Re: [Bug-wget] [PATCH] Patch for Coverity reports
Index(es):
- Date
- Thread