<div dir="ltr">unsubscribe<br></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Jun 9, 2015 at 12:11 PM Keith Winstein <<a href="mailto:keithw@mit.edu">keithw@mit.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">FYI -- our Coverity scan report.<div><div><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername"></b> <span dir="ltr"><<a href="mailto:scan-admin@coverity.com" target="_blank">scan-admin@coverity.com</a>></span><br>Date: Tue, Jun 9, 2015 at 7:20 AM<br>Subject: New Defects reported by Coverity Scan for keithw/mosh<br>To: <a href="mailto:keithw@mit.edu" target="_blank">keithw@mit.edu</a><br><br><br><br>
Hi,<br>
<br>
Please find the latest report on new defect(s) introduced to keithw/mosh found with Coverity Scan.<br>
<br>
6 new defect(s) introduced to keithw/mosh found with Coverity Scan.<br>
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.<br>
<br>
New defect(s) Reported-by: Coverity Scan<br>
Showing 6 of 6 defect(s)<br>
<br>
<br>
** CID 111991: Error handling issues (UNCAUGHT_EXCEPT)<br>
/src/examples/benchmark.cc: 65 in main()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 111991: Error handling issues (UNCAUGHT_EXCEPT)<br>
/src/examples/benchmark.cc: 65 in main()<br>
59 #include "fatal_assert.h"<br>
60<br>
61 const int ITERATIONS = 100000;<br>
62<br>
63 using namespace Terminal;<br>
64<br>
>>> CID 111991: Error handling issues (UNCAUGHT_EXCEPT)<br>
>>> In function "main(int, char **)" an exception of type "std::runtime_error" is thrown and never caught.<br>
65 int main( int argc, char **argv )<br>
66 {<br>
67 int fbmod = 0;<br>
68 int width = 80, height = 24;<br>
69 int iterations = ITERATIONS;<br>
70 if (argc > 1) iterations = atoi(argv[1]);<br>
<br>
** CID 111990: Error handling issues (UNCAUGHT_EXCEPT)<br>
/src/examples/benchmark.cc: 65 in main()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 111990: Error handling issues (UNCAUGHT_EXCEPT)<br>
/src/examples/benchmark.cc: 65 in main()<br>
59 #include "fatal_assert.h"<br>
60<br>
61 const int ITERATIONS = 100000;<br>
62<br>
63 using namespace Terminal;<br>
64<br>
>>> CID 111990: Error handling issues (UNCAUGHT_EXCEPT)<br>
>>> In function "main(int, char **)" an exception of type "std::invalid_argument" is thrown and never caught.<br>
65 int main( int argc, char **argv )<br>
66 {<br>
67 int fbmod = 0;<br>
68 int width = 80, height = 24;<br>
69 int iterations = ITERATIONS;<br>
70 if (argc > 1) iterations = atoi(argv[1]);<br>
<br>
** CID 111989: Error handling issues (UNCAUGHT_EXCEPT)<br>
/src/examples/termemu.cc: 75 in main()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 111989: Error handling issues (UNCAUGHT_EXCEPT)<br>
/src/examples/termemu.cc: 75 in main()<br>
69 #include "select.h"<br>
70<br>
71 const size_t buf_size = 16384;<br>
72<br>
73 static void emulate_terminal( int fd );<br>
74<br>
>>> CID 111989: Error handling issues (UNCAUGHT_EXCEPT)<br>
>>> In function "main(int, char **)" an exception of type "std::runtime_error" is thrown and never caught.<br>
75 int main( int argc, char *argv[] )<br>
76 {<br>
77 int master;<br>
78 struct termios saved_termios, raw_termios, child_termios;<br>
79<br>
80 set_native_locale();<br>
<br>
** CID 111988: Insecure data handling (TAINTED_STRING)<br>
/src/frontend/mosh-server.cc: 790 in chdir_homedir()()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 111988: Insecure data handling (TAINTED_STRING)<br>
/src/frontend/mosh-server.cc: 790 in chdir_homedir()()<br>
784 perror( "getpwuid" );<br>
785 return; /* non-fatal */<br>
786 }<br>
787 home = pw->pw_dir;<br>
788 }<br>
789<br>
>>> CID 111988: Insecure data handling (TAINTED_STRING)<br>
>>> Passing tainted string "home" to "chdir", which cannot accept tainted data.<br>
790 if ( chdir( home ) < 0 ) {<br>
791 perror( "chdir" );<br>
792 }<br>
793<br>
794 if ( setenv( "PWD", home, 1 ) < 0 ) {<br>
795 perror( "setenv" );<br>
<br>
** CID 111987: (TAINTED_STRING)<br>
/src/examples/termemu.cc: 138 in main()<br>
/src/examples/termemu.cc: 138 in main()<br>
/src/examples/termemu.cc: 138 in main()<br>
/src/examples/termemu.cc: 138 in main()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 111987: (TAINTED_STRING)<br>
/src/examples/termemu.cc: 138 in main()<br>
132 my_argv[ 0 ] = strdup( pw->pw_shell );<br>
133 }<br>
134 assert( my_argv[ 0 ] );<br>
135 my_argv[ 1 ] = NULL;<br>
136 argv = my_argv;<br>
137 }<br>
>>> CID 111987: (TAINTED_STRING)<br>
>>> Passing tainted string "*argv" to "execvp", which cannot accept tainted data.<br>
138 if ( execvp( argv[ 0 ], argv ) < 0 ) {<br>
139 perror( "execve" );<br>
140 exit( 1 );<br>
141 }<br>
142 exit( 0 );<br>
143 } else {<br>
/src/examples/termemu.cc: 138 in main()<br>
132 my_argv[ 0 ] = strdup( pw->pw_shell );<br>
133 }<br>
134 assert( my_argv[ 0 ] );<br>
135 my_argv[ 1 ] = NULL;<br>
136 argv = my_argv;<br>
137 }<br>
>>> CID 111987: (TAINTED_STRING)<br>
>>> Passing tainted string "argv[0]" to "execvp", which cannot accept tainted data.<br>
138 if ( execvp( argv[ 0 ], argv ) < 0 ) {<br>
139 perror( "execve" );<br>
140 exit( 1 );<br>
141 }<br>
142 exit( 0 );<br>
143 } else {<br>
/src/examples/termemu.cc: 138 in main()<br>
132 my_argv[ 0 ] = strdup( pw->pw_shell );<br>
133 }<br>
134 assert( my_argv[ 0 ] );<br>
135 my_argv[ 1 ] = NULL;<br>
136 argv = my_argv;<br>
137 }<br>
>>> CID 111987: (TAINTED_STRING)<br>
>>> Passing tainted string "*argv" to "execvp", which cannot accept tainted data.<br>
138 if ( execvp( argv[ 0 ], argv ) < 0 ) {<br>
139 perror( "execve" );<br>
140 exit( 1 );<br>
141 }<br>
142 exit( 0 );<br>
143 } else {<br>
/src/examples/termemu.cc: 138 in main()<br>
132 my_argv[ 0 ] = strdup( pw->pw_shell );<br>
133 }<br>
134 assert( my_argv[ 0 ] );<br>
135 my_argv[ 1 ] = NULL;<br>
136 argv = my_argv;<br>
137 }<br>
>>> CID 111987: (TAINTED_STRING)<br>
>>> Passing tainted string "argv[0]" to "execvp", which cannot accept tainted data.<br>
138 if ( execvp( argv[ 0 ], argv ) < 0 ) {<br>
139 perror( "execve" );<br>
140 exit( 1 );<br>
141 }<br>
142 exit( 0 );<br>
143 } else {<br>
<br>
** CID 111986: Insecure data handling (TAINTED_SCALAR)<br>
/src/examples/benchmark.cc: 86 in main()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 111986: Insecure data handling (TAINTED_SCALAR)<br>
/src/examples/benchmark.cc: 86 in main()<br>
80 Complete local_terminal( width, height );<br>
81<br>
82 /* Adopt native locale */<br>
83 set_native_locale();<br>
84 fatal_assert( is_utf8_locale() );<br>
85<br>
>>> CID 111986: Insecure data handling (TAINTED_SCALAR)<br>
>>> Using tainted variable "iterations" as a loop boundary.<br>
86 for ( int i = 0; i < iterations; i++ ) {<br>
87 /* type a character */<br>
88 overlays.get_prediction_engine().new_user_byte( i + 'x', *local_framebuffer );<br>
89<br>
90 /* fetch target state */<br>
91 *new_state = local_terminal.get_fb();<br>
<br>
<br></div></div></div></div>
_______________________________________________<br>
mosh-devel mailing list<br>
<a href="mailto:mosh-devel@mit.edu" target="_blank">mosh-devel@mit.edu</a><br>
<a href="http://mailman.mit.edu/mailman/listinfo/mosh-devel" target="_blank">http://mailman.mit.edu/mailman/listinfo/mosh-devel</a><br>
</blockquote></div>