Actions
Bug #3864
closedplugin: coverity issues
Affected Versions:
Effort:
Difficulty:
Label:
Description
** CID 1465665: API usage errors (ALLOC_FREE_MISMATCH) /src/util-plugin.c: 82 in SCPluginsLoad() ________________________________________________________________________________________________________ *** CID 1465665: API usage errors (ALLOC_FREE_MISMATCH) /src/util-plugin.c: 82 in SCPluginsLoad() 76 while ((entry = readdir(dir)) != NULL) { 77 if (strstr(entry->d_name, ".so") != NULL) { 78 snprintf(path, sizeof(path), "%s/%s", plugin->val, entry->d_name); 79 InitPlugin(path); 80 } 81 } >>> CID 1465665: API usage errors (ALLOC_FREE_MISMATCH) >>> Calling "free" frees "dir" using "free" but it should have been freed using "closedir". 82 free(dir); 83 } else { 84 InitPlugin(plugin->val); 85 } 86 } 87 ** CID 1465664: Memory - illegal accesses (USE_AFTER_FREE) /src/output-json.c: 1276 in OutputJsonInitCtx() ________________________________________________________________________________________________________ *** CID 1465664: Memory - illegal accesses (USE_AFTER_FREE) /src/output-json.c: 1276 in OutputJsonInitCtx() 1270 1271 json_ctx->file_ctx->type = json_ctx->json_out; 1272 } 1273 1274 SCLogDebug("returning output_ctx %p", output_ctx); 1275 >>> CID 1465664: Memory - illegal accesses (USE_AFTER_FREE) >>> Using freed pointer "output_ctx". 1276 result.ctx = output_ctx; 1277 result.ok = true; 1278 return result; 1279 } 1280 1281 static void OutputJsonDeInitCtx(OutputCtx *output_ctx) ** CID 1465662: Security best practices violations (TOCTOU) /src/util-plugin.c: 62 in SCPluginsLoad() ________________________________________________________________________________________________________ *** CID 1465662: Security best practices violations (TOCTOU) /src/util-plugin.c: 62 in SCPluginsLoad() 56 if (conf == NULL) { 57 return; 58 } 59 ConfNode *plugin = NULL; 60 TAILQ_FOREACH(plugin, &conf->head, next) { 61 struct stat statbuf; >>> CID 1465662: Security best practices violations (TOCTOU) >>> Calling function "stat" to perform check on "plugin->val". 62 if (stat(plugin->val, &statbuf) == -1) { 63 SCLogError(SC_ERR_STAT, "Bad plugin path: %s: %s", 64 plugin->val, strerror(errno)); 65 continue; 66 } 67 if (S_ISDIR(statbuf.st_mode)) { ** CID 1465661: Resource leaks (RESOURCE_LEAK) /src/util-plugin.c: 51 in InitPlugin() ________________________________________________________________________________________________________ *** CID 1465661: Resource leaks (RESOURCE_LEAK) /src/util-plugin.c: 51 in InitPlugin() 45 BUG_ON(plugin->Init == NULL); 46 SCLogNotice("Initializing plugin %s; author=%s; license=%s", 47 plugin->name, plugin->author, plugin->license); 48 (*plugin->Init)(); 49 } 50 } >>> CID 1465661: Resource leaks (RESOURCE_LEAK) >>> Variable "lib" going out of scope leaks the storage it points to. 51 } 52 53 void SCPluginsLoad(const char *capture_plugin_name, const char *capture_plugin_args) 54 { 55 ConfNode *conf = ConfGetNode("plugins"); 56 if (conf == NULL) {
Updated by Jason Ish about 4 years ago
** CID 1465662: Security best practices violations (TOCTOU) /src/util-plugin.c: 62 in SCPluginsLoad() ________________________________________________________________________________________________________ *** CID 1465662: Security best practices violations (TOCTOU) /src/util-plugin.c: 62 in SCPluginsLoad() 56 if (conf == NULL) { 57 return; 58 } 59 ConfNode *plugin = NULL; 60 TAILQ_FOREACH(plugin, &conf->head, next) { 61 struct stat statbuf; >>> CID 1465662: Security best practices violations (TOCTOU) >>> Calling function "stat" to perform check on "plugin->val". 62 if (stat(plugin->val, &statbuf) == -1) { 63 SCLogError(SC_ERR_STAT, "Bad plugin path: %s: %s", 64 plugin->val, strerror(errno)); 65 continue; 66 } 67 if (S_ISDIR(statbuf.st_mode)) {
Can we declare this a false positive. I get what they are checking for, but this code properly checks the return values so we should not run into any issues.
Updated by Jason Ish about 4 years ago
- Status changed from Assigned to In Review
Updated by Victor Julien about 4 years ago
- Status changed from In Review to Closed
toctuo issue suppressed with https://github.com/OISF/suricata/pull/5325/commits/797a1282566b62c2a3fa9c2bb5443adc316ee594
other issues fixed by https://github.com/OISF/suricata/pull/5312
Actions