Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Coverity CID :219566] Untrusted value as argument in samples/net/sockets/coap_server/src/coap-server.c #33082

Closed
zephyrbot opened this issue Mar 7, 2021 · 1 comment
Closed

[Coverity CID :219566] Untrusted value as argument in samples/net/sockets/coap_server/src/coap-server.c #33082

zephyrbot opened this issue Mar 7, 2021 · 1 comment
Assignees
@pfalcon @jukkar @tbursztyka @rlubos
Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug

Comments

@zephyrbot
Copy link
Collaborator

Static code scan issues found in file:

https://github.com/zephyrproject-rtos/zephyr/tree/bd97359a5338b2542d19011b6d6aa1d8d1b9cc3f/samples/net/sockets/coap_server/src/coap-server.c

Category: Insecure data handling
Function: location_query_post
Component: Samples
CID: 219566

Details:

https://github.com/zephyrproject-rtos/zephyr/blob/bd97359a5338b2542d19011b6d6aa1d8d1b9cc3f/samples/net/sockets/coap_server/src/coap-server.c

Please fix or provide comments in coverity using the link:

https://scan9.coverity.com/reports.htm#v32951/p12996.

Note: This issue was created automatically. Priority was set based on classification
of the file affected and the impact field in coverity. Assignees were set using the CODEOWNERS file.
@zephyrbot zephyrbot added bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug labels Mar 7, 2021
@rlubos
Copy link
Contributor

rlubos commented Mar 8, 2021

This is a false positive.

Coverity reports that Function coap_header_get_id returns tainted data.

This is not the case as any value that fits into uint16_t range is a good one - there's nothing to validate here.

@rlubos rlubos closed this as completed Mar 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pfalcon pfalcon

@jukkar jukkar

@tbursztyka tbursztyka

@rlubos rlubos

Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@pfalcon @jukkar @tbursztyka @rlubos @zephyrbot