emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity
c82ed0c15e
shadow/lib
History
Iker Pedrosa e65cc6aebc Fix covscan RESOURCE_LEAK 
Error: RESOURCE_LEAK (CWE-772): [#def1]
shadow-4.8.1/lib/commonio.c:320: alloc_fn: Storage is returned from allocation function "fopen_set_perms".
shadow-4.8.1/lib/commonio.c:320: var_assign: Assigning: "bkfp" = storage returned from "fopen_set_perms(backup, "w", &sb)".
shadow-4.8.1/lib/commonio.c:329: noescape: Resource "bkfp" is not freed or pointed-to in "putc".
shadow-4.8.1/lib/commonio.c:334: noescape: Resource "bkfp" is not freed or pointed-to in "fflush".
shadow-4.8.1/lib/commonio.c:339: noescape: Resource "bkfp" is not freed or pointed-to in "fileno".
shadow-4.8.1/lib/commonio.c:342: leaked_storage: Variable "bkfp" going out of scope leaks the storage it points to.
  340|   	    || (fclose (bkfp) != 0)) {
  341|   		/* FIXME: unlink the backup file? */
  342|-> 		return -1;
  343|   	}
  344|

Error: RESOURCE_LEAK (CWE-772): [#def2]
shadow-4.8.1/libmisc/addgrps.c:69: alloc_fn: Storage is returned from allocation function "malloc".
shadow-4.8.1/libmisc/addgrps.c:69: var_assign: Assigning: "grouplist" = storage returned from "malloc(i * 4UL)".
shadow-4.8.1/libmisc/addgrps.c:73: noescape: Resource "grouplist" is not freed or pointed-to in "getgroups". [Note: The source code implementation of the function has been overridden by a builtin model.]
shadow-4.8.1/libmisc/addgrps.c:126: leaked_storage: Variable "grouplist" going out of scope leaks the storage it points to.
  124|   	}
  125|
  126|-> 	return 0;
  127|   }
  128|   #else				/* HAVE_SETGROUPS && !USE_PAM */

Error: RESOURCE_LEAK (CWE-772): [#def3]
shadow-4.8.1/libmisc/chowntty.c:62: alloc_fn: Storage is returned from allocation function "getgr_nam_gid".
shadow-4.8.1/libmisc/chowntty.c:62: var_assign: Assigning: "grent" = storage returned from "getgr_nam_gid(getdef_str("TTYGROUP"))".
shadow-4.8.1/libmisc/chowntty.c:98: leaked_storage: Variable "grent" going out of scope leaks the storage it points to.
   96|   	 */
   97|   #endif
   98|-> }
   99|

Error: RESOURCE_LEAK (CWE-772): [#def4]
shadow-4.8.1/libmisc/copydir.c:742: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.]
shadow-4.8.1/libmisc/copydir.c:742: var_assign: Assigning: "ifd" = handle returned from "open(src, 0)".
shadow-4.8.1/libmisc/copydir.c:748: leaked_handle: Handle variable "ifd" going out of scope leaks the handle.
  746|   #ifdef WITH_SELINUX
  747|   	if (set_selinux_file_context (dst, NULL) != 0) {
  748|-> 		return -1;
  749|   	}
  750|   #endif				/* WITH_SELINUX */

Error: RESOURCE_LEAK (CWE-772): [#def5]
shadow-4.8.1/libmisc/copydir.c:751: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.]
shadow-4.8.1/libmisc/copydir.c:751: var_assign: Assigning: "ofd" = handle returned from "open(dst, 577, statp->st_mode & 0xfffU)".
shadow-4.8.1/libmisc/copydir.c:752: noescape: Resource "ofd" is not freed or pointed-to in "fchown_if_needed".
shadow-4.8.1/libmisc/copydir.c:775: leaked_handle: Handle variable "ofd" going out of scope leaks the handle.
  773|   	   ) {
  774|   		(void) close (ifd);
  775|-> 		return -1;
  776|   	}
  777|

Error: RESOURCE_LEAK (CWE-772): [#def7]
shadow-4.8.1/libmisc/idmapping.c:188: alloc_fn: Storage is returned from allocation function "xmalloc".
shadow-4.8.1/libmisc/idmapping.c:188: var_assign: Assigning: "buf" = storage returned from "xmalloc(bufsize)".
shadow-4.8.1/libmisc/idmapping.c:188: var_assign: Assigning: "pos" = "buf".
shadow-4.8.1/libmisc/idmapping.c:213: noescape: Resource "buf" is not freed or pointed-to in "write".
shadow-4.8.1/libmisc/idmapping.c:219: leaked_storage: Variable "pos" going out of scope leaks the storage it points to.
shadow-4.8.1/libmisc/idmapping.c:219: leaked_storage: Variable "buf" going out of scope leaks the storage it points to.
  217|   	}
  218|   	close(fd);
  219|-> }

Error: RESOURCE_LEAK (CWE-772): [#def8]
shadow-4.8.1/libmisc/list.c:211: alloc_fn: Storage is returned from allocation function "xstrdup".
shadow-4.8.1/libmisc/list.c:211: var_assign: Assigning: "members" = storage returned from "xstrdup(comma)".
shadow-4.8.1/libmisc/list.c:217: var_assign: Assigning: "cp" = "members".
shadow-4.8.1/libmisc/list.c:218: noescape: Resource "cp" is not freed or pointed-to in "strchr".
shadow-4.8.1/libmisc/list.c:244: leaked_storage: Variable "cp" going out of scope leaks the storage it points to.
shadow-4.8.1/libmisc/list.c:244: leaked_storage: Variable "members" going out of scope leaks the storage it points to.
  242|   	if ('\0' == *members) {
  243|   		*array = (char *) 0;
  244|-> 		return array;
  245|   	}
  246|

Error: RESOURCE_LEAK (CWE-772): [#def11]
shadow-4.8.1/libmisc/myname.c:61: alloc_fn: Storage is returned from allocation function "xgetpwnam".
shadow-4.8.1/libmisc/myname.c:61: var_assign: Assigning: "pw" = storage returned from "xgetpwnam(cp)".
shadow-4.8.1/libmisc/myname.c:67: leaked_storage: Variable "pw" going out of scope leaks the storage it points to.
   65|   	}
   66|
   67|-> 	return xgetpwuid (ruid);
   68|   }
   69|

Error: RESOURCE_LEAK (CWE-772): [#def12]
shadow-4.8.1/libmisc/user_busy.c:260: alloc_fn: Storage is returned from allocation function "opendir".
shadow-4.8.1/libmisc/user_busy.c:260: var_assign: Assigning: "task_dir" = storage returned from "opendir(task_path)".
shadow-4.8.1/libmisc/user_busy.c:262: noescape: Resource "task_dir" is not freed or pointed-to in "readdir".
shadow-4.8.1/libmisc/user_busy.c:278: leaked_storage: Variable "task_dir" going out of scope leaks the storage it points to.
  276|   					         _("%s: user %s is currently used by process %d\n"),
  277|   					         Prog, name, pid);
  278|-> 					return 1;
  279|   				}
  280|   			}

Error: RESOURCE_LEAK (CWE-772): [#def20]
shadow-4.8.1/src/newgrp.c:162: alloc_fn: Storage is returned from allocation function "xgetspnam".
shadow-4.8.1/src/newgrp.c:162: var_assign: Assigning: "spwd" = storage returned from "xgetspnam(pwd->pw_name)".
shadow-4.8.1/src/newgrp.c:234: leaked_storage: Variable "spwd" going out of scope leaks the storage it points to.
  232|   	}
  233|
  234|-> 	return;
  235|
  236|   failure:

Error: RESOURCE_LEAK (CWE-772): [#def21]
shadow-4.8.1/src/passwd.c:530: alloc_fn: Storage is returned from allocation function "xstrdup".
shadow-4.8.1/src/passwd.c:530: var_assign: Assigning: "cp" = storage returned from "xstrdup(crypt_passwd)".
shadow-4.8.1/src/passwd.c:551: noescape: Resource "cp" is not freed or pointed-to in "strlen".
shadow-4.8.1/src/passwd.c:554: noescape: Resource "cp" is not freed or pointed-to in "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.]
shadow-4.8.1/src/passwd.c:555: overwrite_var: Overwriting "cp" in "cp = newpw" leaks the storage that "cp" points to.
  553|   		strcpy (newpw, "!");
  554|   		strcat (newpw, cp);
  555|-> 		cp = newpw;
  556|   	}
  557|   	return cp;
2021-06-24 09:18:35 +02:00
..
.indent.pro [svn-upgrade] Integrating new upstream version, shadow (4.0.8) 2007-10-07 11:46:07 +00:00
commonio.c Fix covscan RESOURCE_LEAK 2021-06-24 09:18:35 +02:00
commonio.h struct commonio_db[selinux]: do not use deprecated type security_context_t 2021-05-06 16:58:10 +02:00
defines.h gettime: Use secure_getenv over getenv. 2019-03-31 16:00:01 +01:00
encrypt.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
exitcodes.h * lib/exitcodes.h: Define E_SUCCESS as EXIT_SUCCESS. Added FIXMEs. 2009-04-30 21:08:49 +00:00
faillog.h Make sure every source files are distributed with a copyright and license. 2008-04-27 00:40:09 +00:00
fields.c * lib/fields.c: Fixed typo from 2010-02-15. field insteadof cp 2011-07-08 19:56:18 +00:00
fputsx.c * lib/fputsx.c: Compare the result of fgets() with the provided 2009-06-12 20:20:45 +00:00
get_gid.c * libmisc/getgr_nam_gid.c, lib/get_gid.c, lib/get_pid.c, 2009-04-30 21:12:33 +00:00
get_pid.c * libmisc/getgr_nam_gid.c, lib/get_gid.c, lib/get_pid.c, 2009-04-30 21:12:33 +00:00
get_uid.c * libmisc/getgr_nam_gid.c, lib/get_gid.c, lib/get_pid.c, 2009-04-30 21:12:33 +00:00
getdef.c Merge pull request #335 from hallyn/2021-05-08/stderr 2021-05-16 21:44:22 -05:00
getdef.h add --prefix option 2017-03-01 22:51:09 +01:00
getlong.c * lib/getlong.c: Do not check for NULL string but empty string. 2009-04-24 23:27:12 +00:00
getulong.c Simplify getulong 2016-08-03 11:51:07 -05:00
groupio.c Use the lckpwdf() again if prefix is not set 2019-05-02 14:33:06 +02:00
groupio.h * lib/commonio.c, lib/commonio.h, lib/groupio.c, lib/groupio.h, 2009-04-23 21:19:02 +00:00
groupmem.c add -U option to groupadd and groupmod 2020-08-09 22:11:33 -05:00
gshadow_.h * lib/gshadow_.h: Fix typo in comment. 2011-08-14 13:16:54 +00:00
gshadow.c 2010-02-14 Michael Bunk <mb@computer-leipzig.com> 2010-03-10 22:30:03 +00:00
lockpw.c Make sure every source files are distributed with a copyright and license. 2008-04-27 00:40:09 +00:00
Makefile.am subids: support nsswitch 2021-04-16 21:02:37 -05:00
nscd.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
nscd.h * configure.in, lib/nscd.h, lib/nscd.c: Added --with-nscd flag to 2008-08-30 18:30:36 +00:00
nss.c fix newusers when nss provides subids 2021-05-23 08:16:16 -05:00
pam_defs.h * README, NEWS, configure.in, lib/pam_defs.h, src/login.c: Add 2008-07-21 21:14:06 +00:00
port.c * libmisc/console.c, libmisc/hushed.c, libmisc/yesno.c, 2008-06-13 18:11:09 +00:00
port.h Make sure every source files are distributed with a copyright and license. 2008-04-27 00:40:09 +00:00
prototypes.h fix newusers when nss provides subids 2021-05-23 08:16:16 -05:00
pwauth.c Review 52a38d5509 2013-08-04 00:27:53 +02:00
pwauth.h * libmisc/find_new_gid.c, libmisc/find_new_uid.c, 2009-04-23 17:43:27 +00:00
pwio.c Use the lckpwdf() again if prefix is not set 2019-05-02 14:33:06 +02:00
pwio.h * lib/commonio.c, lib/commonio.h, lib/groupio.c, lib/groupio.h, 2009-04-23 21:19:02 +00:00
pwmem.c Clear passwords on __gr_dup/__pw_dup errors. 2015-07-11 13:00:13 +02:00
run_part.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
run_part.h Adding run-parts style for pre and post useradd/del 2020-06-10 00:26:55 -05:00
selinux.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
semanage.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
sgetgrent.c lib/sgetgrent.c: change to warn when data remains 2019-10-04 18:30:41 -05:00
sgetpwent.c sgetpwent.c/sgetgrent.c: check for additional data at end of line 2019-10-04 18:30:38 -05:00
sgetspent.c Remove unused variable 'cpp' 2020-04-25 12:10:39 +02:00
sgroupio.c Use the lckpwdf() again if prefix is not set 2019-05-02 14:33:06 +02:00
sgroupio.h * lib/sgroupio.h: Harmonize splint annotations of sgr_locate() 2009-09-07 18:59:03 +00:00
shadow.c Remove unused 'buf' in shadow.c 2020-04-25 12:23:10 +02:00
shadowio.c Use the lckpwdf() again if prefix is not set 2019-05-02 14:33:06 +02:00
shadowio.h Update _COMMONIO_H and _SHADOWIO_H to drop leading underscore 2016-12-21 12:45:50 -06:00
shadowmem.c Add splint annotations. 2013-08-13 19:13:45 +02:00
spawn.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
sssd.c lib/sssd: redirect warning message to file 2020-10-02 16:09:42 +02:00
sssd.h Flush sssd caches in addition to nscd caches 2018-09-13 14:20:02 +02:00
subordinateio.c fix newusers when nss provides subids 2021-05-23 08:16:16 -05:00
subordinateio.h fix newusers when nss provides subids 2021-05-23 08:16:16 -05:00
tcbfuncs.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
tcbfuncs.h * lib/tcbfuncs.h: Re-indent. 2010-03-18 19:23:00 +00:00
utent.c * lib/utent.c (getutline): Remove getutline(). This function is 2010-03-23 08:56:52 +00:00