Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Coverity CID :219658] Untrusted value as argument in samples/net/sockets/coap_client/src/coap-client.c #33031

Closed
zephyrbot opened this issue Mar 7, 2021 · 1 comment
Closed

[Coverity CID :219658] Untrusted value as argument in samples/net/sockets/coap_client/src/coap-client.c #33031

zephyrbot opened this issue Mar 7, 2021 · 1 comment
Assignees
@pfalcon @jukkar @tbursztyka @rlubos
Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug

Comments

@zephyrbot
Copy link
Collaborator

Static code scan issues found in file:

https://github.com/zephyrproject-rtos/zephyr/tree/bd97359a5338b2542d19011b6d6aa1d8d1b9cc3f/samples/net/sockets/coap_client/src/coap-client.c#L298

Category: Insecure data handling
Function: process_large_coap_reply
Component: Samples
CID: 219658

Details:

https://github.com/zephyrproject-rtos/zephyr/blob/bd97359a5338b2542d19011b6d6aa1d8d1b9cc3f/samples/net/sockets/coap_client/src/coap-client.c

301             goto end;
302         }
303    
304         ret = 0;
305    
306     end:
>>>     CID 219658:    (TAINTED_SCALAR)
>>>     Passing tainted expression "*data" to "k_free", which uses it as an offset.
307         k_free(data);
308    
309         return ret;
310     }
311    
312     static int send_large_coap_request(void)
287         ret = coap_packet_parse(&reply, data, rcvd, NULL, 0);
288         if (ret < 0) {
289             LOG_ERR("Invalid data received");
290             goto end;
291         }
292    
>>>     CID 219658:    (TAINTED_SCALAR)
>>>     Passing tainted expression "*reply.data" to "coap_update_from_block", which uses it as an offset.
293         ret = coap_update_from_block(&reply, &blk_ctx);
294         if (ret < 0) {
295             goto end;
296         }
297    
298         last_block = coap_next_block(&reply, &blk_ctx);
292    
293         ret = coap_update_from_block(&reply, &blk_ctx);
294         if (ret < 0) {
295             goto end;
296         }
297    
>>>     CID 219658:    (TAINTED_SCALAR)
>>>     Passing tainted expression "*reply.data" to "coap_next_block", which uses it as an offset.
298         last_block = coap_next_block(&reply, &blk_ctx);
299         if (!last_block) {
300             ret = 1;
301             goto end;
302         }
303

Please fix or provide comments in coverity using the link:

https://scan9.coverity.com/reports.htm#v32951/p12996.

Note: This issue was created automatically. Priority was set based on classification
of the file affected and the impact field in coverity. Assignees were set using the CODEOWNERS file.
@zephyrbot zephyrbot added bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug labels Mar 7, 2021
@rlubos
Copy link
Contributor

rlubos commented Mar 9, 2021

Same as #33040.

@rlubos rlubos closed this as completed Mar 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pfalcon pfalcon

@jukkar jukkar

@tbursztyka tbursztyka

@rlubos rlubos

Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@pfalcon @jukkar @tbursztyka @rlubos @zephyrbot