Report information
The Basics
Id:
46836
Status:
resolved
Worked:
1 hour (60 minutes)
Users:
tmark: 1 hour (60 minutes)
Priority:
Low/Low
Queue:
dhcp-public
People
Owner:
Thomas Markwalder <tmark@isc.org>
Requestors:
scan-admin@coverity.com(no email address set)
Cc:
AdminCc:
BugTracker
Version Fixed:
4.4.0
Version Found:
4.4.0a1
Versions Affected:
(no value)
Versions Planned:
4.4.0
Priority:
(no value)
Severity:
(no value)
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
(no value)
Area:
bug
Dates
Created:Mon, 11 Dec 2017 19:48:51 -0500
Updated:Mon, 18 Dec 2017 13:52:58 -0500
Closed:Mon, 18 Dec 2017 13:52:57 -0500

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Mon, 11 Dec 2017 19:48:52 -0500 scan-admin@coverity.com - Ticket created
Date: Tue, 12 Dec 2017 00:48:20 +0000 (UTC)
From: scan-admin@coverity.com
To: dhcp-bugs@isc.org
Subject: New Defects reported by Coverity Scan for ISC-DHCP

Hi, Please find the latest report on new defect(s) introduced to ISC-DHCP found with Coverity Scan. 3 new defect(s) introduced to ISC-DHCP found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s) ** CID 1426059: Null pointer dereferences (REVERSE_INULL) /client/dhc6.c: 5146 in do_decline6() ________________________________________________________________________________________________________ *** CID 1426059: Null pointer dereferences (REVERSE_INULL) /client/dhc6.c: 5146 in do_decline6() 5140 5141 decline_done: 5142 /* We here because we've exhausted our retry limits or 5143 * something else has gone wrong with the decline process. 5144 * So let's just toss the existing lease and start over. 5145 */ >>> CID 1426059: Null pointer dereferences (REVERSE_INULL) >>> Null-checking "client->active_lease" suggests that it may be null, but it has already been dereferenced on all paths leading to the check. 5146 if (client->active_lease != NULL) { 5147 dhc6_lease_destroy(&client->active_lease, MDL); 5148 client->active_lease = NULL; 5149 } 5150 5151 start_init6(client); ** CID 1426058: Security best practices violations (STRING_OVERFLOW) /server/ddns.c: 1588 in ddns_fwd_srv_add3() ________________________________________________________________________________________________________ *** CID 1426058: Security best practices violations (STRING_OVERFLOW) /server/ddns.c: 1588 in ddns_fwd_srv_add3() 1582 #if defined (DEBUG_DNS_UPDATES) 1583 log_info ("DDNS: ddns_fwd_srv_add3: %s eresult: %d", 1584 dump_ddns_cb(ddns_cb), eresult); 1585 #endif 1586 1587 /* Construct a printable form of the address for logging */ >>> CID 1426058: Security best practices violations (STRING_OVERFLOW) >>> You might overrun the 46-character fixed-size string "ddns_address" by copying the return value of "piaddr" without checking the length. 1588 strcpy(ddns_address, piaddr(ddns_cb->address)); 1589 1590 switch(eresult) { 1591 case ISC_R_SUCCESS: 1592 log_info("Added new forward map from %.*s to %s", 1593 (int)ddns_cb->fwd_name.len, ** CID 1426057: Control flow issues (DEADCODE) /server/dhcpv6.c: 3297 in shorten_lifetimes() ________________________________________________________________________________________________________ *** CID 1426057: Control flow issues (DEADCODE) /server/dhcpv6.c: 3297 in shorten_lifetimes() 3291 /* shouldn't happen */ 3292 continue; 3293 } 3294 3295 /* If address matches (and for PDs the prefix len matches) 3296 * we assume this is our subopt, so update the lifetimes */ >>> CID 1426057: Control flow issues (DEADCODE) >>> Execution cannot reach the expression "oc->data.data[8] == lease->plen" inside this statement: "if (!memcmp(oc->data.data +...". 3297 if (!memcmp(oc->data.data + addr_offset, &lease->addr, 16) && 3298 (subopt_type != D6O_IA_PD || 3299 (oc->data.data[IASUBOPT_PD_PREFLEN_OFFSET] == 3300 lease->plen))) { 3301 u_int32_t pref_life = getULong(oc->data.data + 3302 pref_offset); ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRab6kucGE8G6mRE1FKR2Ag87FjH5D5EKomg9SJ1sIkWFA-3D-3D_XFX-2BxtADztfMDcW4r2GH7E6TGVT4PiaTwnwuQkVMpYrncv2rcmU4rOCNLS9NuzXfZGkt4o2sutnxwz88J9-2BBp2mL9xwz6PIyP0MUSKiMoziqtS1c7S6GCDs45vXLIN4HtkhEtFEXdHxuuTMQow6wBUGRAdXdHsngYd2uxIXU0R5kWM6usUgIA1f79IdT1qeO9S1xwYP7NSrQgGAu3U-2BRWA-3D-3D To manage Coverity Scan email notifications for "dhcp-bugs@isc.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4VSUMfbZdfDe692MqhPm-2FjBlgt0jMCazKWgh17L1-2BKT8-2FRVwhIiDkSLwzkWTXmM-2F9gyMcfjzFAlSj57xJcTpCQFePWpS-2BYrfumELiSWoXoLY-3D_XFX-2BxtADztfMDcW4r2GH7E6TGVT4PiaTwnwuQkVMpYrncv2rcmU4rOCNLS9NuzXfJ8MLdem39CSthES4jgbrqJM4KPwM5OfpJrSad4IAA0yQT7vEm9b0nXnU-2BtXoG5Y22hIlAlkcmsfQatLfBSxm7QWwE9aUb9pFKgXXR9p7PYPYk6shWpPX0EJx13FmeTuCEcUupgm5meADdBh9qKh3cw-3D-3D
Tue, 12 Dec 2017 06:15:32 -0500 Thomas Markwalder <tmark@isc.org> - Taken
Tue, 12 Dec 2017 06:16:20 -0500 Thomas Markwalder <tmark@isc.org> - Area bug added
Tue, 12 Dec 2017 06:16:20 -0500 Thomas Markwalder <tmark@isc.org> - Versions Planned 4.4.0 added
Tue, 12 Dec 2017 06:16:20 -0500 Thomas Markwalder <tmark@isc.org> - FinalPriority changed from 'Medium' to 'Low'
Tue, 12 Dec 2017 06:16:20 -0500 Thomas Markwalder <tmark@isc.org> - Priority changed from 'Medium' to 'Low'
Tue, 12 Dec 2017 06:16:20 -0500 Thomas Markwalder <tmark@isc.org> - Status changed from 'new' to 'open'
Tue, 12 Dec 2017 06:16:20 -0500 Thomas Markwalder <tmark@isc.org> - Queue changed from #8 to dhcp-public
Tue, 12 Dec 2017 06:16:21 -0500 Thomas Markwalder <tmark@isc.org> - Dependency by #24720: added
Tue, 12 Dec 2017 10:57:33 -0500 Thomas Markwalder <tmark@isc.org> - Version Found 4.4.0a1 added
Tue, 12 Dec 2017 10:57:33 -0500 Thomas Markwalder <tmark@isc.org> - Version Fixed 4.4.0 added
Tue, 12 Dec 2017 10:57:34 -0500 Thomas Markwalder <tmark@isc.org> - Status changed from 'open' to 'review'
Tue, 12 Dec 2017 10:57:34 -0500 Thomas Markwalder <tmark@isc.org> - Untaken
Mon, 18 Dec 2017 10:25:57 -0500 Francis Dupont <Francis_Dupont@isc.org> - Taken
  Mon, 18 Dec 2017 10:36:32 -0500 Francis Dupont <Francis_Dupont@isc.org> - Correspondence added

On Tue Dec 12 15:57:33 2017, tmark wrote: > Corrected coverity issues listed. > > Ready for review. => code OK.
Mon, 18 Dec 2017 10:36:33 -0500 Francis Dupont <Francis_Dupont@isc.org> - Given to Thomas Markwalder <tmark@isc.org>
Mon, 18 Dec 2017 13:52:57 -0500 Thomas Markwalder <tmark@isc.org> - Worked 1 hour (60 minutes) 60 minutes
Mon, 18 Dec 2017 13:52:58 -0500 Thomas Markwalder <tmark@isc.org> - Status changed from 'review' to 'resolved'