[mosh-devel] Fwd: New Defects reported by Coverity Scan for keithw/mosh
Anthony Naddeo
anthony.naddeo at gmail.com
Tue Jun 9 20:40:05 EDT 2015
unsubscribe
On Tue, Jun 9, 2015 at 12:11 PM Keith Winstein <keithw at mit.edu> wrote:
> FYI -- our Coverity scan report.
>
> ---------- Forwarded message ----------
> From: <scan-admin at coverity.com>
> Date: Tue, Jun 9, 2015 at 7:20 AM
> Subject: New Defects reported by Coverity Scan for keithw/mosh
> To: keithw at mit.edu
>
>
>
> Hi,
>
> Please find the latest report on new defect(s) introduced to keithw/mosh
> found with Coverity Scan.
>
> 6 new defect(s) introduced to keithw/mosh found with Coverity Scan.
> 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the
> recent build analyzed by Coverity Scan.
>
> New defect(s) Reported-by: Coverity Scan
> Showing 6 of 6 defect(s)
>
>
> ** CID 111991: Error handling issues (UNCAUGHT_EXCEPT)
> /src/examples/benchmark.cc: 65 in main()
>
>
>
> ________________________________________________________________________________________________________
> *** CID 111991: Error handling issues (UNCAUGHT_EXCEPT)
> /src/examples/benchmark.cc: 65 in main()
> 59 #include "fatal_assert.h"
> 60
> 61 const int ITERATIONS = 100000;
> 62
> 63 using namespace Terminal;
> 64
> >>> CID 111991: Error handling issues (UNCAUGHT_EXCEPT)
> >>> In function "main(int, char **)" an exception of type
> "std::runtime_error" is thrown and never caught.
> 65 int main( int argc, char **argv )
> 66 {
> 67 int fbmod = 0;
> 68 int width = 80, height = 24;
> 69 int iterations = ITERATIONS;
> 70 if (argc > 1) iterations = atoi(argv[1]);
>
> ** CID 111990: Error handling issues (UNCAUGHT_EXCEPT)
> /src/examples/benchmark.cc: 65 in main()
>
>
>
> ________________________________________________________________________________________________________
> *** CID 111990: Error handling issues (UNCAUGHT_EXCEPT)
> /src/examples/benchmark.cc: 65 in main()
> 59 #include "fatal_assert.h"
> 60
> 61 const int ITERATIONS = 100000;
> 62
> 63 using namespace Terminal;
> 64
> >>> CID 111990: Error handling issues (UNCAUGHT_EXCEPT)
> >>> In function "main(int, char **)" an exception of type
> "std::invalid_argument" is thrown and never caught.
> 65 int main( int argc, char **argv )
> 66 {
> 67 int fbmod = 0;
> 68 int width = 80, height = 24;
> 69 int iterations = ITERATIONS;
> 70 if (argc > 1) iterations = atoi(argv[1]);
>
> ** CID 111989: Error handling issues (UNCAUGHT_EXCEPT)
> /src/examples/termemu.cc: 75 in main()
>
>
>
> ________________________________________________________________________________________________________
> *** CID 111989: Error handling issues (UNCAUGHT_EXCEPT)
> /src/examples/termemu.cc: 75 in main()
> 69 #include "select.h"
> 70
> 71 const size_t buf_size = 16384;
> 72
> 73 static void emulate_terminal( int fd );
> 74
> >>> CID 111989: Error handling issues (UNCAUGHT_EXCEPT)
> >>> In function "main(int, char **)" an exception of type
> "std::runtime_error" is thrown and never caught.
> 75 int main( int argc, char *argv[] )
> 76 {
> 77 int master;
> 78 struct termios saved_termios, raw_termios, child_termios;
> 79
> 80 set_native_locale();
>
> ** CID 111988: Insecure data handling (TAINTED_STRING)
> /src/frontend/mosh-server.cc: 790 in chdir_homedir()()
>
>
>
> ________________________________________________________________________________________________________
> *** CID 111988: Insecure data handling (TAINTED_STRING)
> /src/frontend/mosh-server.cc: 790 in chdir_homedir()()
> 784 perror( "getpwuid" );
> 785 return; /* non-fatal */
> 786 }
> 787 home = pw->pw_dir;
> 788 }
> 789
> >>> CID 111988: Insecure data handling (TAINTED_STRING)
> >>> Passing tainted string "home" to "chdir", which cannot accept
> tainted data.
> 790 if ( chdir( home ) < 0 ) {
> 791 perror( "chdir" );
> 792 }
> 793
> 794 if ( setenv( "PWD", home, 1 ) < 0 ) {
> 795 perror( "setenv" );
>
> ** CID 111987: (TAINTED_STRING)
> /src/examples/termemu.cc: 138 in main()
> /src/examples/termemu.cc: 138 in main()
> /src/examples/termemu.cc: 138 in main()
> /src/examples/termemu.cc: 138 in main()
>
>
>
> ________________________________________________________________________________________________________
> *** CID 111987: (TAINTED_STRING)
> /src/examples/termemu.cc: 138 in main()
> 132 my_argv[ 0 ] = strdup( pw->pw_shell );
> 133 }
> 134 assert( my_argv[ 0 ] );
> 135 my_argv[ 1 ] = NULL;
> 136 argv = my_argv;
> 137 }
> >>> CID 111987: (TAINTED_STRING)
> >>> Passing tainted string "*argv" to "execvp", which cannot accept
> tainted data.
> 138 if ( execvp( argv[ 0 ], argv ) < 0 ) {
> 139 perror( "execve" );
> 140 exit( 1 );
> 141 }
> 142 exit( 0 );
> 143 } else {
> /src/examples/termemu.cc: 138 in main()
> 132 my_argv[ 0 ] = strdup( pw->pw_shell );
> 133 }
> 134 assert( my_argv[ 0 ] );
> 135 my_argv[ 1 ] = NULL;
> 136 argv = my_argv;
> 137 }
> >>> CID 111987: (TAINTED_STRING)
> >>> Passing tainted string "argv[0]" to "execvp", which cannot accept
> tainted data.
> 138 if ( execvp( argv[ 0 ], argv ) < 0 ) {
> 139 perror( "execve" );
> 140 exit( 1 );
> 141 }
> 142 exit( 0 );
> 143 } else {
> /src/examples/termemu.cc: 138 in main()
> 132 my_argv[ 0 ] = strdup( pw->pw_shell );
> 133 }
> 134 assert( my_argv[ 0 ] );
> 135 my_argv[ 1 ] = NULL;
> 136 argv = my_argv;
> 137 }
> >>> CID 111987: (TAINTED_STRING)
> >>> Passing tainted string "*argv" to "execvp", which cannot accept
> tainted data.
> 138 if ( execvp( argv[ 0 ], argv ) < 0 ) {
> 139 perror( "execve" );
> 140 exit( 1 );
> 141 }
> 142 exit( 0 );
> 143 } else {
> /src/examples/termemu.cc: 138 in main()
> 132 my_argv[ 0 ] = strdup( pw->pw_shell );
> 133 }
> 134 assert( my_argv[ 0 ] );
> 135 my_argv[ 1 ] = NULL;
> 136 argv = my_argv;
> 137 }
> >>> CID 111987: (TAINTED_STRING)
> >>> Passing tainted string "argv[0]" to "execvp", which cannot accept
> tainted data.
> 138 if ( execvp( argv[ 0 ], argv ) < 0 ) {
> 139 perror( "execve" );
> 140 exit( 1 );
> 141 }
> 142 exit( 0 );
> 143 } else {
>
> ** CID 111986: Insecure data handling (TAINTED_SCALAR)
> /src/examples/benchmark.cc: 86 in main()
>
>
>
> ________________________________________________________________________________________________________
> *** CID 111986: Insecure data handling (TAINTED_SCALAR)
> /src/examples/benchmark.cc: 86 in main()
> 80 Complete local_terminal( width, height );
> 81
> 82 /* Adopt native locale */
> 83 set_native_locale();
> 84 fatal_assert( is_utf8_locale() );
> 85
> >>> CID 111986: Insecure data handling (TAINTED_SCALAR)
> >>> Using tainted variable "iterations" as a loop boundary.
> 86 for ( int i = 0; i < iterations; i++ ) {
> 87 /* type a character */
> 88 overlays.get_prediction_engine().new_user_byte( i + 'x',
> *local_framebuffer );
> 89
> 90 /* fetch target state */
> 91 *new_state = local_terminal.get_fb();
>
>
> _______________________________________________
> mosh-devel mailing list
> mosh-devel at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mosh-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mosh-devel/attachments/20150609/07cfe7b6/attachment.html
More information about the mosh-devel
mailing list