[mosh-devel] Fwd: New Defects reported by Coverity Scan for keithw/mosh

Keith Winstein keithw at mit.edu
Tue Jun 9 15:10:58 EDT 2015 

FYI -- our Coverity scan report.

---------- Forwarded message ----------
From: <scan-admin at coverity.com>
Date: Tue, Jun 9, 2015 at 7:20 AM
Subject: New Defects reported by Coverity Scan for keithw/mosh
To: keithw at mit.edu



Hi,

Please find the latest report on new defect(s) introduced to keithw/mosh
found with Coverity Scan.

6 new defect(s) introduced to keithw/mosh found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 111991:  Error handling issues  (UNCAUGHT_EXCEPT)
/src/examples/benchmark.cc: 65 in main()


________________________________________________________________________________________________________
*** CID 111991:  Error handling issues  (UNCAUGHT_EXCEPT)
/src/examples/benchmark.cc: 65 in main()
59     #include "fatal_assert.h"
60
61     const int ITERATIONS = 100000;
62
63     using namespace Terminal;
64
>>>     CID 111991:  Error handling issues  (UNCAUGHT_EXCEPT)
>>>     In function "main(int, char **)" an exception of type
"std::runtime_error" is thrown and never caught.
65     int main( int argc, char **argv )
66     {
67       int fbmod = 0;
68       int width = 80, height = 24;
69       int iterations = ITERATIONS;
70       if (argc > 1) iterations = atoi(argv[1]);

** CID 111990:  Error handling issues  (UNCAUGHT_EXCEPT)
/src/examples/benchmark.cc: 65 in main()


________________________________________________________________________________________________________
*** CID 111990:  Error handling issues  (UNCAUGHT_EXCEPT)
/src/examples/benchmark.cc: 65 in main()
59     #include "fatal_assert.h"
60
61     const int ITERATIONS = 100000;
62
63     using namespace Terminal;
64
>>>     CID 111990:  Error handling issues  (UNCAUGHT_EXCEPT)
>>>     In function "main(int, char **)" an exception of type
"std::invalid_argument" is thrown and never caught.
65     int main( int argc, char **argv )
66     {
67       int fbmod = 0;
68       int width = 80, height = 24;
69       int iterations = ITERATIONS;
70       if (argc > 1) iterations = atoi(argv[1]);

** CID 111989:  Error handling issues  (UNCAUGHT_EXCEPT)
/src/examples/termemu.cc: 75 in main()


________________________________________________________________________________________________________
*** CID 111989:  Error handling issues  (UNCAUGHT_EXCEPT)
/src/examples/termemu.cc: 75 in main()
69     #include "select.h"
70
71     const size_t buf_size = 16384;
72
73     static void emulate_terminal( int fd );
74
>>>     CID 111989:  Error handling issues  (UNCAUGHT_EXCEPT)
>>>     In function "main(int, char **)" an exception of type
"std::runtime_error" is thrown and never caught.
75     int main( int argc, char *argv[] )
76     {
77       int master;
78       struct termios saved_termios, raw_termios, child_termios;
79
80       set_native_locale();

** CID 111988:  Insecure data handling  (TAINTED_STRING)
/src/frontend/mosh-server.cc: 790 in chdir_homedir()()


________________________________________________________________________________________________________
*** CID 111988:  Insecure data handling  (TAINTED_STRING)
/src/frontend/mosh-server.cc: 790 in chdir_homedir()()
784           perror( "getpwuid" );
785           return; /* non-fatal */
786         }
787         home = pw->pw_dir;
788       }
789
>>>     CID 111988:  Insecure data handling  (TAINTED_STRING)
>>>     Passing tainted string "home" to "chdir", which cannot accept
tainted data.
790       if ( chdir( home ) < 0 ) {
791         perror( "chdir" );
792       }
793
794       if ( setenv( "PWD", home, 1 ) < 0 ) {
795         perror( "setenv" );

** CID 111987:    (TAINTED_STRING)
/src/examples/termemu.cc: 138 in main()
/src/examples/termemu.cc: 138 in main()
/src/examples/termemu.cc: 138 in main()
/src/examples/termemu.cc: 138 in main()


________________________________________________________________________________________________________
*** CID 111987:    (TAINTED_STRING)
/src/examples/termemu.cc: 138 in main()
132             my_argv[ 0 ] = strdup( pw->pw_shell );
133           }
134           assert( my_argv[ 0 ] );
135           my_argv[ 1 ] = NULL;
136           argv = my_argv;
137         }
>>>     CID 111987:    (TAINTED_STRING)
>>>     Passing tainted string "*argv" to "execvp", which cannot accept
tainted data.
138         if ( execvp( argv[ 0 ], argv ) < 0 ) {
139           perror( "execve" );
140           exit( 1 );
141         }
142         exit( 0 );
143       } else {
/src/examples/termemu.cc: 138 in main()
132             my_argv[ 0 ] = strdup( pw->pw_shell );
133           }
134           assert( my_argv[ 0 ] );
135           my_argv[ 1 ] = NULL;
136           argv = my_argv;
137         }
>>>     CID 111987:    (TAINTED_STRING)
>>>     Passing tainted string "argv[0]" to "execvp", which cannot accept
tainted data.
138         if ( execvp( argv[ 0 ], argv ) < 0 ) {
139           perror( "execve" );
140           exit( 1 );
141         }
142         exit( 0 );
143       } else {
/src/examples/termemu.cc: 138 in main()
132             my_argv[ 0 ] = strdup( pw->pw_shell );
133           }
134           assert( my_argv[ 0 ] );
135           my_argv[ 1 ] = NULL;
136           argv = my_argv;
137         }
>>>     CID 111987:    (TAINTED_STRING)
>>>     Passing tainted string "*argv" to "execvp", which cannot accept
tainted data.
138         if ( execvp( argv[ 0 ], argv ) < 0 ) {
139           perror( "execve" );
140           exit( 1 );
141         }
142         exit( 0 );
143       } else {
/src/examples/termemu.cc: 138 in main()
132             my_argv[ 0 ] = strdup( pw->pw_shell );
133           }
134           assert( my_argv[ 0 ] );
135           my_argv[ 1 ] = NULL;
136           argv = my_argv;
137         }
>>>     CID 111987:    (TAINTED_STRING)
>>>     Passing tainted string "argv[0]" to "execvp", which cannot accept
tainted data.
138         if ( execvp( argv[ 0 ], argv ) < 0 ) {
139           perror( "execve" );
140           exit( 1 );
141         }
142         exit( 0 );
143       } else {

** CID 111986:  Insecure data handling  (TAINTED_SCALAR)
/src/examples/benchmark.cc: 86 in main()


________________________________________________________________________________________________________
*** CID 111986:  Insecure data handling  (TAINTED_SCALAR)
/src/examples/benchmark.cc: 86 in main()
80       Complete local_terminal( width, height );
81
82       /* Adopt native locale */
83       set_native_locale();
84       fatal_assert( is_utf8_locale() );
85
>>>     CID 111986:  Insecure data handling  (TAINTED_SCALAR)
>>>     Using tainted variable "iterations" as a loop boundary.
86       for ( int i = 0; i < iterations; i++ ) {
87         /* type a character */
88         overlays.get_prediction_engine().new_user_byte( i + 'x',
*local_framebuffer );
89
90         /* fetch target state */
91         *new_state = local_terminal.get_fb();
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mosh-devel/attachments/20150609/349b6a37/attachment.html

More information about the mosh-devel mailing list