[cgmanager-devel] New Defects reported by Coverity Scan for cgmanager

scan-admin at coverity.com scan-admin at coverity.com
Wed Jan 15 14:55:23 UTC 2014 

Hi,


Please find the latest report on new defect(s) introduced to cgmanager found with Coverity Scan.

Defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 1155356:  Logically dead code  (DEADCODE)
/chowncgroup.c: 283 in main()

** CID 1155355:  Logically dead code  (DEADCODE)
/movepid.c: 277 in main()

** CID 1155354:  Dereference after null check  (FORWARD_NULL)
/access_checks.c: 67 in get_nih_io_creds()

** CID 1155353:  String not null terminated  (STRING_NULL)
/cgmanager-proxy.c: 302 in get_pid_scm_reader()

** CID 1155352:  String not null terminated  (STRING_NULL)
/getpidcgroup.c: 253 in main()


________________________________________________________________________________________________________
*** CID 1155356:  Logically dead code  (DEADCODE)
/chowncgroup.c: 283 in main()
277     		exitval = 0;
278     
279     out:
280     	if (message)
281     		dbus_message_unref(message);
282     	if (reply)
>>>     CID 1155356:  Logically dead code  (DEADCODE)
>>>     Execution cannot reach this statement "dbus_message_unref(reply);".
283     		dbus_message_unref(reply);
284     	dbus_connection_unref (conn);
285     
286     	exit(exitval);

________________________________________________________________________________________________________
*** CID 1155355:  Logically dead code  (DEADCODE)
/movepid.c: 277 in main()
271     		exitval = 0;
272     
273     out:
274     	if (message)
275     		dbus_message_unref(message);
276     	if (reply)
>>>     CID 1155355:  Logically dead code  (DEADCODE)
>>>     Execution cannot reach this statement "dbus_message_unref(reply);".
277     		dbus_message_unref(reply);
278     	dbus_connection_unref (conn);
279     
280     	exit(exitval);

________________________________________________________________________________________________________
*** CID 1155354:  Dereference after null check  (FORWARD_NULL)
/access_checks.c: 67 in get_nih_io_creds()
61     	if (!msg) {
62     		nih_error("failed reading msg for ucred");
63     		return false;
64     	}
65     	struct cmsghdr *cmsg = msg->control[0];
66     	if (!cmsg) nih_error("cmsg null");
>>>     CID 1155354:  Dereference after null check  (FORWARD_NULL)
>>>     Dereferencing null pointer "cmsg".
67     	if (cmsg->cmsg_level != SOL_SOCKET) nih_error("level %d sock %d", cmsg->cmsg_level, SOL_SOCKET);
68     	if (!cmsg || cmsg->cmsg_level != SOL_SOCKET ||
69     			cmsg->cmsg_len != CMSG_LEN (sizeof(*ucred)) ||
70     			cmsg->cmsg_type != SCM_CREDENTIALS) {
71     		nih_error("non-scm control message");
72     		return false;

________________________________________________________________________________________________________
*** CID 1155353:  String not null terminated  (STRING_NULL)
/cgmanager-proxy.c: 302 in get_pid_scm_reader()
296     	}
297     	nih_info (_("Client fd is: %d (pid=%d, uid=%d, gid=%d)"),
298     		  data->fd, data->rcred.pid, data->rcred.uid, data->rcred.gid);
299     	nih_info (_("Victim is pid=%d"), vcred.pid);
300     
301     	if (!get_pid_cgroup_main(data, controller, data->rcred, vcred, &output))
>>>     CID 1155353:  String not null terminated  (STRING_NULL)
>>>     Passing unterminated string "output" to "strlen(char const *)", which expects a null-terminated string.
302     		ret = write(data->fd, output, strlen(output));
303     	else
304     		ret = write(data->fd, &vcred, 0);  // kick the client
305     	if (ret < 0)
306     		nih_error("getPidCgroupScm: Error writing final result to client");
307     out:

________________________________________________________________________________________________________
*** CID 1155352:  String not null terminated  (STRING_NULL)
/getpidcgroup.c: 253 in main()
247     		nih_error("Error sending pid over SCM_CREDENTIAL");
248     		goto out;
249     	}
250     	char output[MAXPATHLEN];
251     	memset(output, 0, MAXPATHLEN);
252     	if (read(sv[0], output, MAXPATHLEN) <= 0) {
>>>     CID 1155352:  String not null terminated  (STRING_NULL)
>>>     Passing unterminated string "output" to "printf(char const * restrict, ...)".
253     		printf("%s\n", output);
254     		exitval = 0;
255     	} else
256     		nih_error("Server returned an error");
257     	close(sv[0]);
258     	close(sv[1]);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/1082?tab=Overview

To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py

More information about the cgmanager-devel mailing list