emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity
e65cc6aebc
shadow/libmisc
History
Iker Pedrosa e65cc6aebc Fix covscan RESOURCE_LEAK 
Error: RESOURCE_LEAK (CWE-772): [#def1]
shadow-4.8.1/lib/commonio.c:320: alloc_fn: Storage is returned from allocation function "fopen_set_perms".
shadow-4.8.1/lib/commonio.c:320: var_assign: Assigning: "bkfp" = storage returned from "fopen_set_perms(backup, "w", &sb)".
shadow-4.8.1/lib/commonio.c:329: noescape: Resource "bkfp" is not freed or pointed-to in "putc".
shadow-4.8.1/lib/commonio.c:334: noescape: Resource "bkfp" is not freed or pointed-to in "fflush".
shadow-4.8.1/lib/commonio.c:339: noescape: Resource "bkfp" is not freed or pointed-to in "fileno".
shadow-4.8.1/lib/commonio.c:342: leaked_storage: Variable "bkfp" going out of scope leaks the storage it points to.
  340|   	    || (fclose (bkfp) != 0)) {
  341|   		/* FIXME: unlink the backup file? */
  342|-> 		return -1;
  343|   	}
  344|

Error: RESOURCE_LEAK (CWE-772): [#def2]
shadow-4.8.1/libmisc/addgrps.c:69: alloc_fn: Storage is returned from allocation function "malloc".
shadow-4.8.1/libmisc/addgrps.c:69: var_assign: Assigning: "grouplist" = storage returned from "malloc(i * 4UL)".
shadow-4.8.1/libmisc/addgrps.c:73: noescape: Resource "grouplist" is not freed or pointed-to in "getgroups". [Note: The source code implementation of the function has been overridden by a builtin model.]
shadow-4.8.1/libmisc/addgrps.c:126: leaked_storage: Variable "grouplist" going out of scope leaks the storage it points to.
  124|   	}
  125|
  126|-> 	return 0;
  127|   }
  128|   #else				/* HAVE_SETGROUPS && !USE_PAM */

Error: RESOURCE_LEAK (CWE-772): [#def3]
shadow-4.8.1/libmisc/chowntty.c:62: alloc_fn: Storage is returned from allocation function "getgr_nam_gid".
shadow-4.8.1/libmisc/chowntty.c:62: var_assign: Assigning: "grent" = storage returned from "getgr_nam_gid(getdef_str("TTYGROUP"))".
shadow-4.8.1/libmisc/chowntty.c:98: leaked_storage: Variable "grent" going out of scope leaks the storage it points to.
   96|   	 */
   97|   #endif
   98|-> }
   99|

Error: RESOURCE_LEAK (CWE-772): [#def4]
shadow-4.8.1/libmisc/copydir.c:742: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.]
shadow-4.8.1/libmisc/copydir.c:742: var_assign: Assigning: "ifd" = handle returned from "open(src, 0)".
shadow-4.8.1/libmisc/copydir.c:748: leaked_handle: Handle variable "ifd" going out of scope leaks the handle.
  746|   #ifdef WITH_SELINUX
  747|   	if (set_selinux_file_context (dst, NULL) != 0) {
  748|-> 		return -1;
  749|   	}
  750|   #endif				/* WITH_SELINUX */

Error: RESOURCE_LEAK (CWE-772): [#def5]
shadow-4.8.1/libmisc/copydir.c:751: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.]
shadow-4.8.1/libmisc/copydir.c:751: var_assign: Assigning: "ofd" = handle returned from "open(dst, 577, statp->st_mode & 0xfffU)".
shadow-4.8.1/libmisc/copydir.c:752: noescape: Resource "ofd" is not freed or pointed-to in "fchown_if_needed".
shadow-4.8.1/libmisc/copydir.c:775: leaked_handle: Handle variable "ofd" going out of scope leaks the handle.
  773|   	   ) {
  774|   		(void) close (ifd);
  775|-> 		return -1;
  776|   	}
  777|

Error: RESOURCE_LEAK (CWE-772): [#def7]
shadow-4.8.1/libmisc/idmapping.c:188: alloc_fn: Storage is returned from allocation function "xmalloc".
shadow-4.8.1/libmisc/idmapping.c:188: var_assign: Assigning: "buf" = storage returned from "xmalloc(bufsize)".
shadow-4.8.1/libmisc/idmapping.c:188: var_assign: Assigning: "pos" = "buf".
shadow-4.8.1/libmisc/idmapping.c:213: noescape: Resource "buf" is not freed or pointed-to in "write".
shadow-4.8.1/libmisc/idmapping.c:219: leaked_storage: Variable "pos" going out of scope leaks the storage it points to.
shadow-4.8.1/libmisc/idmapping.c:219: leaked_storage: Variable "buf" going out of scope leaks the storage it points to.
  217|   	}
  218|   	close(fd);
  219|-> }

Error: RESOURCE_LEAK (CWE-772): [#def8]
shadow-4.8.1/libmisc/list.c:211: alloc_fn: Storage is returned from allocation function "xstrdup".
shadow-4.8.1/libmisc/list.c:211: var_assign: Assigning: "members" = storage returned from "xstrdup(comma)".
shadow-4.8.1/libmisc/list.c:217: var_assign: Assigning: "cp" = "members".
shadow-4.8.1/libmisc/list.c:218: noescape: Resource "cp" is not freed or pointed-to in "strchr".
shadow-4.8.1/libmisc/list.c:244: leaked_storage: Variable "cp" going out of scope leaks the storage it points to.
shadow-4.8.1/libmisc/list.c:244: leaked_storage: Variable "members" going out of scope leaks the storage it points to.
  242|   	if ('\0' == *members) {
  243|   		*array = (char *) 0;
  244|-> 		return array;
  245|   	}
  246|

Error: RESOURCE_LEAK (CWE-772): [#def11]
shadow-4.8.1/libmisc/myname.c:61: alloc_fn: Storage is returned from allocation function "xgetpwnam".
shadow-4.8.1/libmisc/myname.c:61: var_assign: Assigning: "pw" = storage returned from "xgetpwnam(cp)".
shadow-4.8.1/libmisc/myname.c:67: leaked_storage: Variable "pw" going out of scope leaks the storage it points to.
   65|   	}
   66|
   67|-> 	return xgetpwuid (ruid);
   68|   }
   69|

Error: RESOURCE_LEAK (CWE-772): [#def12]
shadow-4.8.1/libmisc/user_busy.c:260: alloc_fn: Storage is returned from allocation function "opendir".
shadow-4.8.1/libmisc/user_busy.c:260: var_assign: Assigning: "task_dir" = storage returned from "opendir(task_path)".
shadow-4.8.1/libmisc/user_busy.c:262: noescape: Resource "task_dir" is not freed or pointed-to in "readdir".
shadow-4.8.1/libmisc/user_busy.c:278: leaked_storage: Variable "task_dir" going out of scope leaks the storage it points to.
  276|   					         _("%s: user %s is currently used by process %d\n"),
  277|   					         Prog, name, pid);
  278|-> 					return 1;
  279|   				}
  280|   			}

Error: RESOURCE_LEAK (CWE-772): [#def20]
shadow-4.8.1/src/newgrp.c:162: alloc_fn: Storage is returned from allocation function "xgetspnam".
shadow-4.8.1/src/newgrp.c:162: var_assign: Assigning: "spwd" = storage returned from "xgetspnam(pwd->pw_name)".
shadow-4.8.1/src/newgrp.c:234: leaked_storage: Variable "spwd" going out of scope leaks the storage it points to.
  232|   	}
  233|
  234|-> 	return;
  235|
  236|   failure:

Error: RESOURCE_LEAK (CWE-772): [#def21]
shadow-4.8.1/src/passwd.c:530: alloc_fn: Storage is returned from allocation function "xstrdup".
shadow-4.8.1/src/passwd.c:530: var_assign: Assigning: "cp" = storage returned from "xstrdup(crypt_passwd)".
shadow-4.8.1/src/passwd.c:551: noescape: Resource "cp" is not freed or pointed-to in "strlen".
shadow-4.8.1/src/passwd.c:554: noescape: Resource "cp" is not freed or pointed-to in "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.]
shadow-4.8.1/src/passwd.c:555: overwrite_var: Overwriting "cp" in "cp = newpw" leaks the storage that "cp" points to.
  553|   		strcpy (newpw, "!");
  554|   		strcat (newpw, cp);
  555|-> 		cp = newpw;
  556|   	}
  557|   	return cp;
2021-06-24 09:18:35 +02:00
..
.indent.pro
addgrps.c Fix covscan RESOURCE_LEAK 2021-06-24 09:18:35 +02:00
age.c * libmisc/env.c, libmisc/age.c: Added splint annotations. 2009-04-23 17:33:21 +00:00
audit_help.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
basename.c Miscellaneous: 2011-09-18 21:02:43 +00:00
btrfs.c silence compiler warnings 2020-01-12 07:31:26 -06:00
chkname.c chkname.c, pwck.c, useradd.c, usermod.c, newusers.c: Allow names that do not conform to standards 2019-10-04 18:40:41 -05:00
chkname.h Updated copyright dates. 2008-05-25 23:31:10 +00:00
chowndir.c * libmisc/chowndir.c: Add splint annotations. 2011-08-14 14:00:14 +00:00
chowntty.c Fix covscan RESOURCE_LEAK 2021-06-24 09:18:35 +02:00
cleanup_group.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
cleanup_user.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
cleanup.c * lib/prototypes.h, libmisc/cleanup.c, lib/spawn.c, src/chage.c: 2011-10-18 20:23:33 +00:00
console.c Fix some issues found in Coverity scan. 2018-10-10 12:22:04 +02:00
copydir.c Fix covscan RESOURCE_LEAK 2021-06-24 09:18:35 +02:00
entry.c Make sure every source files are distributed with a copyright and license. 2008-04-27 00:40:09 +00:00
env.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
failure.c * libmisc/limits.c: Avoid implicit conversion of integer to 2010-08-22 19:13:53 +00:00
failure.h spelling: cumulative 2017-10-22 18:33:13 +00:00
find_new_gid.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
find_new_sub_gids.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
find_new_sub_uids.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
find_new_uid.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
getdate.h * libmisc/limits.c: Avoid implicit conversion of integer to 2010-08-22 19:13:53 +00:00
getdate.y spelling: gratuitously 2017-10-22 19:17:02 +00:00
getgr_nam_gid.c * lib/prototypes.h, libmisc/getgr_nam_gid.c: getgr_nam_gid() 2011-08-14 13:16:26 +00:00
getrange.c * libmisc/get_gid.c, libmisc/get_uid.c, libmisc/Makefile.am, 2009-03-08 20:26:56 +00:00
gettime.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
hushed.c * libmisc/limits.c: Avoid implicit conversion of integer to 2010-08-22 19:13:53 +00:00
idmapping.c Fix covscan RESOURCE_LEAK 2021-06-24 09:18:35 +02:00
idmapping.h subids: support nsswitch 2021-04-16 21:02:37 -05:00
isexpired.c * libmisc/isexpired.c: Added parenthesis. 2011-06-16 21:25:36 +00:00
limits.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
list.c Fix covscan RESOURCE_LEAK 2021-06-24 09:18:35 +02:00
log.c * lib/prototypes.h: Replace HAVE_UTMPX_H by USE_UTMPX. 2009-04-27 20:15:09 +00:00
loginprompt.c * libmisc/salt.c (SHA_salt_rounds): It is statically ensured that 2011-09-18 20:41:38 +00:00
mail.c * libmisc/mail.c, libmisc/copydir.c: Added missing include of 2009-04-27 20:09:18 +00:00
Makefile.am try again to fix libmisc sharing problem 2021-04-11 17:42:04 -05:00
motd.c * libmisc/console.c, libmisc/motd.c, libmisc/setupenv.c, 2010-08-21 15:32:53 +00:00
myname.c Fix covscan RESOURCE_LEAK 2021-06-24 09:18:35 +02:00
obscure.c Add yescrypt support 2021-02-01 22:11:10 +01:00
pam_pass_non_interactive.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
pam_pass.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
prefix_flag.c usermod, newusers, prefix: enforce absolute paths for homedir 2021-06-01 22:12:24 -05:00
pwd2spwd.c Make the sp_lstchg shadow field reproducible (re. #71) 2019-03-31 16:00:01 +01:00
pwd_init.c Make sure every source files are distributed with a copyright and license. 2008-04-27 00:40:09 +00:00
pwdcheck.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
remove_tree.c Integrate review comments from Julien Cristau 2010-09-05 15:34:42 +00:00
rlogin.c * lib/exitcodes.h: Define E_SUCCESS as EXIT_SUCCESS. Added FIXMEs. 2009-04-30 21:08:49 +00:00
root_flag.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
salt.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
setugid.c Updated copyrights. 2010-08-22 13:04:54 +00:00
setupenv.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
shell.c * libmisc/limits.c: Avoid implicit conversion of integer to 2010-08-22 19:13:53 +00:00
strtoday.c spelling: cumulative 2017-10-22 18:33:13 +00:00
sub.c Fix typo in comment. 2013-08-04 15:56:32 +02:00
sulog.c Updated copyrights. 2010-08-22 13:04:54 +00:00
ttytype.c * libmisc/limits.c: Avoid implicit conversion of integer to 2010-08-22 19:13:53 +00:00
tz.c Updated copyrights. 2010-08-22 13:04:54 +00:00
ulimit.c * libmisc/limits.c: Add brackets and parenthesis. 2008-06-15 21:59:41 +00:00
user_busy.c Fix covscan RESOURCE_LEAK 2021-06-24 09:18:35 +02:00
utmp.c Support systems that only have utmpx 2018-06-24 00:13:12 -05:00
valid.c crypt() in glibc/eglibc 2.17 now fails if passed 2013-07-28 18:41:11 +02:00
xgetgrgid.c * libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetgrnam.c, 2009-06-11 21:33:00 +00:00
xgetgrnam.c * libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetgrnam.c, 2009-06-11 21:33:00 +00:00
xgetpwnam.c * libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetgrnam.c, 2009-06-11 21:33:00 +00:00
xgetpwuid.c * libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetgrnam.c, 2009-06-11 21:33:00 +00:00
xgetspnam.c * libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetgrnam.c, 2009-06-11 21:33:00 +00:00
xgetXXbyYY.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
xmalloc.c libsubid: don't print error messages on stderr by default 2021-05-15 12:38:55 -05:00
yesno.c * libmisc/yesno.c: Ignore the return value of puts. 2009-04-23 11:14:56 +00:00