Loading...

Type: Bug
Resolution: Done
Priority: Normal
Fix Version/s: None
Affects Version/s: rhel-9.4
Component/s: cyrus-sasl
Labels:
None

Regression:
None
Severity:
None

Pool Team:

rhel-sst-idm-ipa
Sub-System Group:

ssg_idm

Story Points:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Products:

Red Hat Enterprise Linux
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Static code analysis was done and uncovered a few issues that warrant further investigation. There is some duplication in this list.

---------------------------------

{{Error: OVERRUN (CWE-119):
cyrus-sasl-2.1.27/lib/common.c:2288: cond_at_most: Checking "i >= 1025" implies that "i" may be up to 1024 on the false branch.
cyrus-sasl-2.1.27/lib/common.c:2287: incr: Incrementing "i". The value of "i" may now be up to 1025.
cyrus-sasl-2.1.27/lib/common.c:2292: overrun-local: Overrunning array "hbuf" of 1025 bytes at byte offset 1025 using index "i" (which evaluates to 1025).

2290| hbuf[i] = addr[i];
2291| }
2292|-> hbuf[i] = '\0';
2293|
2294| if (addr[i] == ';')}}

---------------------------------

{{"Error: RESOURCE_LEAK (CWE-772):
cyrus-sasl-2.1.27/saslauthd/auth_krb5.c:386: alloc_arg: ""krb5_init_context"" allocates memory that is stored into ""context"".
cyrus-sasl-2.1.27/saslauthd/auth_krb5.c:393: leaked_storage: Variable ""context"" going out of scope leaks the storage it points to.

391| if (form_principal_name(user, service, realm, principalbuf, sizeof (principalbuf))) { # 392| syslog(LOG_ERR, ""auth_krb5: form_principal_name""); # 393|-> return strdup(""NO saslauthd principal name error""); # 394| }
395| "
}}
---------------------------------

{{"Error: RESOURCE_LEAK (CWE-772):
cyrus-sasl-2.1.27/saslauthd/auth_krb5.c:396: alloc_arg: ""krb5_parse_name"" allocates memory that is stored into ""auth_user"".
cyrus-sasl-2.1.27/saslauthd/auth_krb5.c:404: leaked_storage: Variable ""auth_user"" going out of scope leaks the storage it points to.

402| if (krbtf_name(tfname, sizeof (tfname)) != 0) { # 403| syslog(LOG_ERR, ""auth_krb5: could not generate ticket file name""); # 404|-> return strdup(""NO saslauthd internal error""); # 405| }
406| "}}

---------------------------------

{{"Error: RESOURCE_LEAK (CWE-772):
cyrus-sasl-2.1.27/saslauthd/auth_krb5.c:386: alloc_arg: ""krb5_init_context"" allocates memory that is stored into ""context"".
cyrus-sasl-2.1.27/saslauthd/auth_krb5.c:396: noescape: Resource ""context"" is not freed or pointed-to in ""krb5_parse_name"".
cyrus-sasl-2.1.27/saslauthd/auth_krb5.c:404: leaked_storage: Variable ""context"" going out of scope leaks the storage it points to.

402| if (krbtf_name(tfname, sizeof (tfname)) != 0) { # 403| syslog(LOG_ERR, ""auth_krb5: could not generate ticket file name""); # 404|-> return strdup(""NO saslauthd internal error""); # 405| }
406| "}}

---------------------------------

{{Error: OVERRUN (CWE-119):
cyrus-sasl-2.1.27/saslauthd/testsaslauthd.c:224: cond_at_least: Checking "count < 2" implies that "count" is at least 2 on the false branch.
cyrus-sasl-2.1.27/saslauthd/testsaslauthd.c:230: cond_at_least: Checking "1024 < count" implies that "count" is at least 1025 on the true branch.
cyrus-sasl-2.1.27/saslauthd/testsaslauthd.c:230: assignment: Assigning: "count" = "(1024 < count) ? 1024UL : count". The value of "count" is now 1024.
cyrus-sasl-2.1.27/saslauthd/testsaslauthd.c:236: overrun-local: Overrunning array "response" of 1024 bytes at byte offset 1024 using index "count" (which evaluates to 1024).

234| return -1;
235| }
236|-> response[count] = '\0';
237|
238| close(s);}}

---------------------------------

{{"Error: RESOURCE_LEAK (CWE-772):
cyrus-sasl-2.1.27/saslauthd/auth_krb5.c:386: alloc_arg: ""krb5_init_context"" allocates memory that is stored into ""context"".
cyrus-sasl-2.1.27/saslauthd/auth_krb5.c:393: leaked_storage: Variable ""context"" going out of scope leaks the storage it points to.

391| if (form_principal_name(user, service, realm, principalbuf, sizeof (principalbuf))) { # 392| syslog(LOG_ERR, ""auth_krb5: form_principal_name""); # 393|-> return strdup(""NO saslauthd principal name error""); # 394| }
395| "}}

---------------------------------

{{"Error: RESOURCE_LEAK (CWE-772):
cyrus-sasl-2.1.27/saslauthd/auth_krb5.c:396: alloc_arg: ""krb5_parse_name"" allocates memory that is stored into ""auth_user"".
cyrus-sasl-2.1.27/saslauthd/auth_krb5.c:404: leaked_storage: Variable ""auth_user"" going out of scope leaks the storage it points to.

402| if (krbtf_name(tfname, sizeof (tfname)) != 0) { # 403| syslog(LOG_ERR, ""auth_krb5: could not generate ticket file name""); # 404|-> return strdup(""NO saslauthd internal error""); # 405| }
406| "}}

---------------------------------

{{"Error: RESOURCE_LEAK (CWE-772):
cyrus-sasl-2.1.27/saslauthd/auth_krb5.c:386: alloc_arg: ""krb5_init_context"" allocates memory that is stored into ""context"".
cyrus-sasl-2.1.27/saslauthd/auth_krb5.c:396: noescape: Resource ""context"" is not freed or pointed-to in ""krb5_parse_name"".
cyrus-sasl-2.1.27/saslauthd/auth_krb5.c:404: leaked_storage: Variable ""context"" going out of scope leaks the storage it points to.

402| if (krbtf_name(tfname, sizeof (tfname)) != 0) { # 403| syslog(LOG_ERR, ""auth_krb5: could not generate ticket file name""); # 404|-> return strdup(""NO saslauthd internal error""); # 405| }
406| "}}
---------------------------------

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates