OpenScanHub - Task log

Task #232 - tang-15-2.fc40/scan-results.err

back to task #232
download

Error: GCC_ANALYZER_WARNING (CWE-476):
tang-15/redhat-linux-build/tests/test-keys.c:21: included_from: Included from here.
tang-15/redhat-linux-build/tests/test-keys.c: scope_hint: In function ‘test_read_keys’
tang-15/redhat-linux-build/tests/test-keys.c:292:15: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
tang-15/tests/test-util.h:36:12: note: in definition of macro ‘ASSERT_WITH_MSG’
tang-15/redhat-linux-build/tests/test-keys.c:292:5: note: in expansion of macro ‘ASSERT’
tang-15/tests/test-util.h:40:5: note: in expansion of macro ‘ASSERT_WITH_MSG’
tang-15/redhat-linux-build/tests/test-keys.c:283:5: note: in expansion of macro ‘ASSERT’
tang-15/tests/test-util.h:40:5: note: in expansion of macro ‘ASSERT_WITH_MSG’
tang-15/redhat-linux-build/tests/test-keys.c:283:5: note: in expansion of macro ‘ASSERT’
tang-15/tests/test-util.h:36:12: note: in definition of macro ‘ASSERT_WITH_MSG’
tang-15/redhat-linux-build/tests/test-keys.c:292:5: note: in expansion of macro ‘ASSERT’
#  290|        * - -bWkGaJi0Zdvxaj4DCp28umLcRA.jwk
#  291|        */
#  292|->     ASSERT(tki->m_keys_count == 2);
#  293|       ASSERT(tki->m_rotated_keys_count == 2);
#  294|       ASSERT(json_array_size(tki->m_keys) == 2);

Error: GCC_ANALYZER_WARNING (CWE-401):
tang-15/src/keys.c: scope_hint: In function ‘find_by_thp’
tang-15/src/keys.c:56:28: warning[-Wanalyzer-malloc-leak]: leak of ‘jwk_thumbprint(json_array_get(keys,  idx), *<unknown>)’
/usr/include/jose/b64.h:27: included_from: Included from here.
tang-15/src/keys.c:26: included_from: Included from here.
#   54|   
#   55|       const char** algs = supported_hashes();
#   56|->     for (size_t a = 0; algs[a]; a++) {
#   57|           if (strcmp(alg, algs[a]) == 0) {
#   58|               return 1;

Error: GCC_ANALYZER_WARNING (CWE-401):
tang-15/redhat-linux-build/tests/test-keys.c:20: included_from: Included from here.
tang-15/src/keys.c: scope_hint: In function ‘create_new_keys’
tang-15/src/keys.c:56:28: warning[-Wanalyzer-malloc-leak]: leak of ‘jwk_thumbprint(jwk_generate(alg[i]), "S256")’
/usr/include/jose/b64.h:27: included_from: Included from here.
tang-15/src/keys.c:26: included_from: Included from here.
tang-15/src/keys.c: scope_hint: In function ‘create_new_keys’
tang-15/src/keys.c: scope_hint: In function ‘create_new_keys’
#   54|   
#   55|       const char** algs = supported_hashes();
#   56|->     for (size_t a = 0; algs[a]; a++) {
#   57|           if (strcmp(alg, algs[a]) == 0) {
#   58|               return 1;

Error: CLANG_WARNING:
tang-15/redhat-linux-build/tests/test-keys.c:20: included_from: Included from here.
tang-15/src/keys.c:270:20: warning[unix.Malloc]: Potential leak of memory pointed to by 'thumbprint'
#  268|                   continue;
#  269|               }
#  270|->             return json_incref(jwk);
#  271|           }
#  272|       }

Error: GCC_ANALYZER_WARNING (CWE-401):
tang-15/src/keys.c: scope_hint: In function ‘load_keys’
tang-15/src/keys.c:359:21: warning[-Wanalyzer-malloc-leak]: leak of ‘new_tang_keys_info()’
#  357|       const char* pattern = ".jwk";
#  358|       while ((d = readdir(dir)) != NULL) {
#  359|->         if (strcmp(d->d_name, ".") == 0 || strcmp(d->d_name, "..") == 0) {
#  360|               continue;
#  361|           }

Error: CLANG_WARNING:
tang-15/src/socket.c:203:3: warning[unix.Malloc]: Potential leak of memory pointed to by 'slist'
#  201|   	r = listen_port(&slist, port);
#  202|   	if (r < 0) {
#  203|-> 		fprintf(stderr, "Could not listen port (%d)\n", port);
#  204|   		return -1;
#  205|   	}

Error: CLANG_WARNING:
tang-15/src/tangd.c:92:9: warning[unix.Malloc]: Potential leak of memory pointed to by 'thp'
#   90|       }
#   91|   
#   92|->     jws = find_jws(tki, thp);
#   93|       if (!jws) {
#   94|           return http_reply(HTTP_STATUS_NOT_FOUND, NULL);

Error: CLANG_WARNING:
tang-15/src/tangd.c:155:9: warning[unix.Malloc]: Potential leak of memory pointed to by 'thp'
#  153|           return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
#  154|   
#  155|->     jwk = find_jwk(tki, thp);
#  156|       if (!jwk)
#  157|           return http_reply(HTTP_STATUS_NOT_FOUND, NULL);

Error: CLANG_WARNING:
tang-15/src/tangd.c:343:9: warning[core.StackAddressEscape]: Address of stack memory associated with local variable 'adv_endpoint' is still referred to by the global variable 's_dispatch' upon returning to the caller.  This will be a dangling reference
#  341|       }
#  342|       if (listen == 0) { /* process one-shot query from stdin */
#  343|->         return process_request(jwkdir, STDIN_FILENO);
#  344|       } else { /* listen and process all incoming connections */
#  345|           return run_service(jwkdir, port, process_request);

Error: CLANG_WARNING:
tang-15/src/tangd.c:343:9: warning[core.StackAddressEscape]: Address of stack memory associated with local variable 'adv_thp_endpoint' is still referred to by the global variable 's_dispatch' upon returning to the caller.  This will be a dangling reference
#  341|       }
#  342|       if (listen == 0) { /* process one-shot query from stdin */
#  343|->         return process_request(jwkdir, STDIN_FILENO);
#  344|       } else { /* listen and process all incoming connections */
#  345|           return run_service(jwkdir, port, process_request);

Error: CLANG_WARNING:
tang-15/src/tangd.c:343:9: warning[core.StackAddressEscape]: Address of stack memory associated with local variable 'rec_endpoint' is still referred to by the global variable 's_dispatch' upon returning to the caller.  This will be a dangling reference
#  341|       }
#  342|       if (listen == 0) { /* process one-shot query from stdin */
#  343|->         return process_request(jwkdir, STDIN_FILENO);
#  344|       } else { /* listen and process all incoming connections */
#  345|           return run_service(jwkdir, port, process_request);

Issues can be reported to the mailing list. User documentation can be found on the wiki.