Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Coverity CID :219601] Untrusted value as argument in samples/net/sockets/coap_server/src/coap-server.c #33066

Closed
zephyrbot opened this issue Mar 7, 2021 · 1 comment
Assignees
Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug

Comments

@zephyrbot
Copy link
Collaborator

Static code scan issues found in file:

https://github.com/zephyrproject-rtos/zephyr/tree/bd97359a5338b2542d19011b6d6aa1d8d1b9cc3f/samples/net/sockets/coap_server/src/coap-server.c

Category: Insecure data handling
Function: large_create_post
Component: Samples
CID: 219601

Details:

https://github.com/zephyrproject-rtos/zephyr/blob/bd97359a5338b2542d19011b6d6aa1d8d1b9cc3f/samples/net/sockets/coap_server/src/coap-server.c

Please fix or provide comments in coverity using the link:

https://scan9.coverity.com/reports.htm#v32951/p12996.

Note: This issue was created automatically. Priority was set based on classification
of the file affected and the impact field in coverity. Assignees were set using the CODEOWNERS file.

@zephyrbot zephyrbot added bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug labels Mar 7, 2021
@rlubos
Copy link
Contributor

rlubos commented Mar 8, 2021

Another false positive.

Calling function coap_header_get_id taints argument *request->data, which in order taints the token value. The taint spreads on the dynamically allocated data buffer which results in the final Passing tainted expression *data to k_free, which uses it as an offset. complain.

As mentioned in some other report, any message ID value is a good one, and token value (actually only token length matters) is verified when coap packet is initially parsed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug
Projects
None yet
Development

No branches or pull requests

5 participants