audit-4.0.1-1.fc41
List of Defects
Error: GCC_ANALYZER_WARNING (CWE-476): [#def1]
audit-4.0.1/audisp/audispd-llist.c: scope_hint: In function 'plist_append'
audit-4.0.1/audisp/audispd-llist.c:82:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'newnode'
# 80| if (pp)
# 81| memcpy(pp, p, sizeof(struct plugin_conf));
# 82|-> newnode->p = pp;
# 83| } else
# 84| newnode->p = NULL;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def2]
audit-4.0.1/audisp/audispd-llist.c:84:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'newnode'
# 82| newnode->p = pp;
# 83| } else
# 84|-> newnode->p = NULL;
# 85|
# 86| newnode->next = 0;
Error: CLANG_WARNING: [#def3]
audit-4.0.1/audisp/audispd-pconfig.c:227:4: warning[unix.Malloc]: Potential leak of memory pointed to by 'nv.values'
# 225| }
# 226| if (nv.values == NULL) {
# 227|-> fclose(f);
# 228| return 1;
# 229| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
audit-4.0.1/audisp/audispd-pconfig.c: scope_hint: In function 'load_pconfig'
audit-4.0.1/audisp/audispd-pconfig.c:228:32: warning[-Wanalyzer-malloc-leak]: leak of 'nv.values'
audit-4.0.1/audisp/audispd-pconfig.c:29: included_from: Included from here.
# 226| if (nv.values == NULL) {
# 227| fclose(f);
# 228|-> return 1;
# 229| }
# 230|
Error: GCC_ANALYZER_WARNING (CWE-401): [#def5]
audit-4.0.1/audisp/audispd-pconfig.c: scope_hint: In function 'nv_split'
audit-4.0.1/audisp/audispd-pconfig.c:329:28: warning[-Wanalyzer-malloc-leak]: leak of 'nv.values'
# 327| /* get the value part */
# 328| while ((ptr = strtok_r(NULL, " ", &saved)) != NULL) {
# 329|-> nv->values = realloc(nv->values, (nv->nvalues + 1) * sizeof(char *));
# 330| if (nv->values == NULL) {
# 331| return 1;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def6]
audit-4.0.1/audisp/audispd-pconfig.c: scope_hint: In function 'args_parser'
audit-4.0.1/audisp/audispd-pconfig.c:451:33: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL '*config.args'
# 449|
# 450| for (int i = 0; i < nv->nvalues; i++) {
# 451|-> config->args[i] = strdup(nv->values[nv->nvalues - i - 1]);
# 452| }
# 453|
Error: GCC_ANALYZER_WARNING (CWE-775): [#def7]
audit-4.0.1/audisp/audispd.c: scope_hint: In function 'safe_exec'
audit-4.0.1/audisp/audispd.c:421:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'dup2(*conf.plug_pipe[0], 0)'
# 419|
# 420| /* Set up comm with child */
# 421|-> if (dup2(conf->plug_pipe[0], 0) < 0) {
# 422| close(conf->plug_pipe[0]);
# 423| close(conf->plug_pipe[1]);
Error: CLANG_WARNING: [#def8]
audit-4.0.1/audisp/audispd.c:565:7: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 563| }
# 564| if (!stop && start_one_plugin(conf)) {
# 565|-> rc = write_to_plugin(e, v, len,
# 566| conf);
# 567| audit_msg(LOG_NOTICE,
Error: CLANG_WARNING: [#def9]
audit-4.0.1/audisp/plugins/filter/audisp-filter.c:294:12: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 292|
# 293| /* open the file */
# 294|-> if ((fd = open(config.config_file, O_RDONLY)) < 0) {
# 295| if (errno != ENOENT) {
# 296| syslog(LOG_ERR, "Error opening config file (%s)", strerror(errno));
Error: CLANG_WARNING: [#def10]
audit-4.0.1/audisp/plugins/filter/audisp-filter.c:451:3: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 449| close(pipefd[0]);
# 450|
# 451|-> execve(config.binary, config.binary_args, NULL);
# 452| syslog(LOG_ERR, "%s: execve failed (%s)", argv[0], strerror(errno));
# 453| exit(1);
Error: GCC_ANALYZER_WARNING (CWE-688): [#def11]
audit-4.0.1/audisp/plugins/remote/audisp-remote.c: scope_hint: In function ‘negotiate_credentials’
audit-4.0.1/audisp/plugins/remote/audisp-remote.c:926:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘config.krb5_principal’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_sprintf’ must be non-null
# 924| config.krb5_principal = (char *) malloc (strlen (name) + 1
# 925| + strlen (config.remote_server) + 1);
# 926|-> sprintf((char *)config.krb5_principal, "%s@%s",
# 927| name, config.remote_server);
# 928| }
Error: GCC_ANALYZER_WARNING (CWE-775): [#def12]
audit-4.0.1/audisp/plugins/remote/audisp-remote.c: scope_hint: In function ‘init_sock’
audit-4.0.1/audisp/plugins/remote/audisp-remote.c:1124:26: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘socket(*runp.ai_family, *runp.ai_socktype, *runp.ai_protocol)’
# 1122| sock = socket(runp->ai_family, runp->ai_socktype,
# 1123| runp->ai_protocol);
# 1124|-> if (sock < 0) {
# 1125| if (!quiet)
# 1126| syslog(LOG_ERR, "Error creating socket: %s",
Error: GCC_ANALYZER_WARNING (CWE-476): [#def13]
audit-4.0.1/audisp/plugins/remote/audisp-remote.c: scope_hint: In function ‘send_msg_gss’
audit-4.0.1/audisp/plugins/remote/audisp-remote.c:1330:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘utok.value’
# 1328| utok.value = malloc (utok.length);
# 1329|
# 1330|-> memcpy (utok.value, header, AUDIT_RMW_HEADER_SIZE);
# 1331|
# 1332| if (msg != NULL && mlen > 0)
Error: CLANG_WARNING: [#def14]
audit-4.0.1/audisp/plugins/zos-remote/zos-remote-ldap.c:434:17: warning[unix.Malloc]: Potential leak of memory pointed to by 'response.itemList'
# 432| rc = decode_response(&response, bv_response);
# 433| if (rc != ICTX_SUCCESS) {
# 434|-> log_err("Error decoding extended operation response");
# 435| goto free_bv;
# 436| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def15]
audit-4.0.1/auparse/auparse.c: scope_hint: In function 'au_lol_create'
audit-4.0.1/auparse/auparse.c:161:9: warning[-Wanalyzer-malloc-leak]: leak of '<return-value>'
# 159|
# 160| lol->limit = ARRAY_LIMIT;
# 161|-> memset(lol->array, 0x00, sz);
# 162|
# 163| return lol->array;
Error: CLANG_WARNING: [#def16]
audit-4.0.1/auparse/auparse.c:525:17: warning[deadcode.DeadStores]: Although the value stored to 'buf' is used in the enclosing expression, the value is never actually read from 'buf'
# 523| goto bad_exit;
# 524| size = 0;
# 525|-> for (n = 0; (buf = bb[n]); n++) {
# 526| len = strlen(bb[n]);
# 527| if (bb[n][len-1] != '\n') {
Error: CLANG_WARNING: [#def17]
audit-4.0.1/auparse/auparse.c:1517:7: warning[core.NullDereference]: Access to field 'status' results in a dereference of a null pointer (loaded from variable 'cur')
# 1515| for (i = 0; i <= au->au_lo->maxi; i++) {
# 1516| au_lolnode *cur = &au->au_lo->array[i];
# 1517|-> if (cur->status == EBS_EMPTY && cur->l) {
# 1518| #ifdef LOL_EVENTS_DEBUG01
# 1519| if (debug) {
Error: GCC_ANALYZER_WARNING (CWE-688): [#def18]
audit-4.0.1/auparse/data_buf.c: scope_hint: In function 'databuf_print'
audit-4.0.1/auparse/data_buf.c:149:9: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
audit-4.0.1/auparse/data_buf.c: scope_hint: In function 'databuf_print'
audit-4.0.1/auparse/data_buf.c:36: included_from: Included from here.
/usr/include/stdio.h:745:15: note: argument 1 of 'fwrite' must be non-null
# 147| if (print_data) {
# 148| printf(" [");
# 149|-> fwrite(databuf_beg(db), 1, db->len, stdout);
# 150| printf("]");
# 151| }
Error: GCC_ANALYZER_WARNING (CWE-688): [#def19]
audit-4.0.1/auparse/data_buf.c: scope_hint: In function 'databuf_append.part.0'
audit-4.0.1/auparse/data_buf.c:232:5: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
audit-4.0.1/auparse/data_buf.c: scope_hint: In function 'databuf_append.part.0'
<built-in>: note: argument 1 of '__builtin_memmove' must be non-null
# 230| #endif
# 231| /* pointers all set up and room available, move the data and update */
# 232|-> memmove(databuf_end(db), src, src_size);
# 233| db->len = new_size;
# 234| db->max_len = MAX(db->max_len, new_size);
Error: GCC_ANALYZER_WARNING (CWE-476): [#def20]
audit-4.0.1/auparse/ellist.c: scope_hint: In function '_audit_c2x'
audit-4.0.1/auparse/ellist.c:77:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'ptr'
# 75|
# 76| for (i=0; i<size; i++) {
# 77|-> *ptr++ = hex[(buf[i] & 0xF0)>>4]; /* Upper nibble */
# 78| *ptr++ = hex[buf[i] & 0x0F]; /* Lower nibble */
# 79| }
Error: GCC_ANALYZER_WARNING (CWE-476): [#def21]
audit-4.0.1/auparse/ellist.c:80:14: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'ptr'
# 78| *ptr++ = hex[buf[i] & 0x0F]; /* Lower nibble */
# 79| }
# 80|-> *ptr = 0;
# 81| return final;
# 82| }
Error: CPPCHECK_WARNING (CWE-401): [#def22]
audit-4.0.1/auparse/ellist.c:316: error[memleak]: Memory leak: n.name
# 314| == 0)
# 315| free(buf);
# 316|-> return -1;
# 317| }
# 318| if (tmpctx[0]) {
Error: GCC_ANALYZER_WARNING (CWE-688): [#def23]
audit-4.0.1/auparse/interpret.c: scope_hint: In function 'print_proctitle'
audit-4.0.1/auparse/interpret.c:981:16: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'ptr' where non-null expected
audit-4.0.1/auparse/interpret.c:996:32: note: in expansion of macro 'STRCHR'
audit-4.0.1/auparse/interpret.c:996:32: note: in expansion of macro 'STRCHR'
audit-4.0.1/auparse/interpret.c:37: included_from: Included from here.
/usr/include/string.h:120:14: note: argument 1 of 'rawmemchr' must be non-null
# 979| // rawmemchr is faster. Let's use it if we have it.
# 980| #ifdef HAVE_RAWMEMCHR
# 981|-> #define STRCHR rawmemchr
# 982| #else
# 983| #define STRCHR strchr
Error: GCC_ANALYZER_WARNING (CWE-835): [#def24]
audit-4.0.1/auparse/lru.c: scope_hint: In function 'destroy_queue'
audit-4.0.1/auparse/lru.c:119:21: warning[-Wanalyzer-infinite-loop]: infinite loop
# 117| #endif
# 118|
# 119|-> while (queue->count)
# 120| dequeue(queue);
# 121|
Error: GCC_ANALYZER_WARNING (CWE-416): [#def25]
audit-4.0.1/auparse/lru.c: scope_hint: In function 'remove_node'
audit-4.0.1/auparse/lru.c:220:17: warning[-Wanalyzer-use-after-free]: use after 'free' of 'node'
# 218| // If we are at the beginning
# 219| sanity_check_queue(queue, "1 remove_node");
# 220|-> if (node->prev == NULL) {
# 221| queue->front = node->next;
# 222| if (queue->front)
Error: CLANG_WARNING: [#def26]
audit-4.0.1/auparse/lru.c:263:2: warning[unix.Malloc]: Use of memory after it is freed
# 261| return;
# 262|
# 263|-> remove_node(queue, queue->end);
# 264|
# 265| // if (queue->cleanup)
Error: GCC_ANALYZER_WARNING (CWE-476): [#def27]
audit-4.0.1/auparse/normalize-llist.c: scope_hint: In function 'cllist_append'
audit-4.0.1/auparse/normalize-llist.c:70:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'newnode'
# 68| newnode = malloc(sizeof(data_node));
# 69|
# 70|-> newnode->num = num;
# 71| newnode->data = data;
# 72| newnode->next = NULL;
Error: CLANG_WARNING: [#def28]
audit-4.0.1/auparse/normalize.c:933:5: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 931| {
# 932| const char *k;
# 933|-> rc = auparse_first_record(au);
# 934| k = auparse_find_field(au, "key");
# 935| if (k && strcmp(k, "(null)")) {
Error: GCC_ANALYZER_WARNING (CWE-401): [#def29]
audit-4.0.1/auparse/nvlist.c: scope_hint: In function 'nvlist_append'
audit-4.0.1/auparse/nvlist.c:68:26: warning[-Wanalyzer-malloc-leak]: leak of '*l.array'
audit-4.0.1/auparse/nvlist.c: scope_hint: In function 'nvlist_append'
# 66|
# 67| if (l->cnt == l->size) {
# 68|-> l->array = realloc(l->array, l->size * sizeof(nvnode) * 2);
# 69| memset(l->array + l->size, 0, sizeof(nvnode) * l->size);
# 70| l->size = l->size * 2;
Error: GCC_ANALYZER_WARNING (CWE-401): [#def30]
audit-4.0.1/bindings/python/auparse_python.c: scope_hint: In function 'AuParser_init'
audit-4.0.1/bindings/python/auparse_python.c:339:97: warning[-Wanalyzer-malloc-leak]: leak of 'fp'
audit-4.0.1/bindings/python/auparse_python.c:462:19: note: in expansion of macro 'PYFILE_ASFILE'
audit-4.0.1/bindings/python/auparse_python.c:462:19: note: in expansion of macro 'PYFILE_ASFILE'
# 337| }
# 338|
# 339|-> if (! PyArg_ParseTupleAndKeywords(args, kwds, "|iO", kwlist, &source_type, &source)) return -1;
# 340|
# 341| switch (source_type) {
Error: CLANG_WARNING: [#def31]
audit-4.0.1/bindings/swig/python3/audit_wrap.c:4243:13: warning[unix.Malloc]: Potential leak of memory pointed to by 'result'
# 4241| if (!SWIG_Python_UnpackTuple(args, "new_audit_status", 0, 0, 0)) SWIG_fail;
# 4242| result = (struct audit_status *)calloc(1, sizeof(struct audit_status));
# 4243|-> resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_audit_status, SWIG_POINTER_NEW | 0 );
# 4244| return resultobj;
# 4245| fail:
Error: CLANG_WARNING: [#def32]
audit-4.0.1/bindings/swig/python3/audit_wrap.c:4507:13: warning[unix.Malloc]: Potential leak of memory pointed to by 'result'
# 4505| if (!SWIG_Python_UnpackTuple(args, "new_audit_features", 0, 0, 0)) SWIG_fail;
# 4506| result = (struct audit_features *)calloc(1, sizeof(struct audit_features));
# 4507|-> resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_audit_features, SWIG_POINTER_NEW | 0 );
# 4508| return resultobj;
# 4509| fail:
Error: CLANG_WARNING: [#def33]
audit-4.0.1/bindings/swig/python3/audit_wrap.c:4663:13: warning[unix.Malloc]: Potential leak of memory pointed to by 'result'
# 4661| if (!SWIG_Python_UnpackTuple(args, "new_audit_tty_status", 0, 0, 0)) SWIG_fail;
# 4662| result = (struct audit_tty_status *)calloc(1, sizeof(struct audit_tty_status));
# 4663|-> resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_audit_tty_status, SWIG_POINTER_NEW | 0 );
# 4664| return resultobj;
# 4665| fail:
Error: CLANG_WARNING: [#def34]
audit-4.0.1/bindings/swig/python3/audit_wrap.c:5171:13: warning[unix.Malloc]: Potential leak of memory pointed to by 'result'
# 5169| if (!SWIG_Python_UnpackTuple(args, "new_audit_rule_data", 0, 0, 0)) SWIG_fail;
# 5170| result = (struct audit_rule_data *)calloc(1, sizeof(struct audit_rule_data));
# 5171|-> resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_audit_rule_data, SWIG_POINTER_NEW | 0 );
# 5172| return resultobj;
# 5173| fail:
Error: CLANG_WARNING: [#def35]
audit-4.0.1/common/audit-fgets.c:93:17: warning[core.NullDereference]: Array access (from variable 'current') results in a null pointer dereference
# 91| eof = 1;
# 92| else
# 93|-> current[len] = 0;
# 94| current += len;
# 95|
Error: CLANG_WARNING: [#def36]
audit-4.0.1/lib/audit_logging.c:298:26: warning[unix.cstring.BadSizeArg]: Potential buffer overflow. Replace with 'sizeof(addrbuf) - strlen(addrbuf) - 1' or use a safer 'strlcat' API
# 296| _resolve_addr(addrbuf, hostname);
# 297| else
# 298|-> strncat(addrbuf, addr, sizeof(addrbuf)-1);
# 299|
# 300| /* Fill in exec name if needed */
Error: CLANG_WARNING: [#def37]
audit-4.0.1/lib/audit_logging.c:376:26: warning[unix.cstring.BadSizeArg]: Potential buffer overflow. Replace with 'sizeof(addrbuf) - strlen(addrbuf) - 1' or use a safer 'strlcat' API
# 374| _resolve_addr(addrbuf, hostname);
# 375| else
# 376|-> strncat(addrbuf, addr, sizeof(addrbuf)-1);
# 377|
# 378| /* Fill in exec name if needed */
Error: CLANG_WARNING: [#def38]
audit-4.0.1/lib/audit_logging.c:459:26: warning[unix.cstring.BadSizeArg]: Potential buffer overflow. Replace with 'sizeof(addrbuf) - strlen(addrbuf) - 1' or use a safer 'strlcat' API
# 457| _resolve_addr(addrbuf, host);
# 458| else
# 459|-> strncat(addrbuf, addr, sizeof(addrbuf)-1);
# 460|
# 461| /* Fill in exec name if needed */
Error: CLANG_WARNING: [#def39]
audit-4.0.1/lib/audit_logging.c:555:26: warning[unix.cstring.BadSizeArg]: Potential buffer overflow. Replace with 'sizeof(addrbuf) - strlen(addrbuf) - 1' or use a safer 'strlcat' API
# 553| _resolve_addr(addrbuf, hostname);
# 554| else
# 555|-> strncat(addrbuf, addr, sizeof(addrbuf)-1);
# 556|
# 557| if (exename[0] == 0)
Error: CLANG_WARNING: [#def40]
audit-4.0.1/lib/audit_logging.c:640:26: warning[unix.cstring.BadSizeArg]: Potential buffer overflow. Replace with 'sizeof(addrbuf) - strlen(addrbuf) - 1' or use a safer 'strlcat' API
# 638| _resolve_addr(addrbuf, host);
# 639| else
# 640|-> strncat(addrbuf, addr, sizeof(addrbuf)-1);
# 641|
# 642| if (pgname == NULL || strlen(pgname) == 0) {
Error: COMPILER_WARNING (CWE-681): [#def41]
audit-4.0.1/lib/gen_tables.c:89:22: warning[-Woverflow]: overflow in conversion from ‘long long unsigned int’ to ‘int’ changes value from ‘4294967296’ to ‘0’
audit-4.0.1/auparse/clone-flagtab.h:47:1: note: in expansion of macro ‘_S’
# 87| /* The mapping to store. */
# 88| static struct value values[] = {
# 89|-> #define _S(VAL, S) { (VAL), (S), 0, 0 },
# 90| #include TABLE_H
# 91| #undef _S
Error: COMPILER_WARNING (CWE-681): [#def42]
audit-4.0.1/lib/gen_tables.c:89:22: warning[-Woverflow]: overflow in conversion from ‘long long unsigned int’ to ‘int’ changes value from ‘8589934592’ to ‘0’
audit-4.0.1/auparse/clone-flagtab.h:48:1: note: in expansion of macro ‘_S’
# 87| /* The mapping to store. */
# 88| static struct value values[] = {
# 89|-> #define _S(VAL, S) { (VAL), (S), 0, 0 },
# 90| #include TABLE_H
# 91| #undef _S
Error: COMPILER_WARNING: [#def43]
audit-4.0.1/lib/libaudit.c: scope_hint: In function 'audit_add_watch_dir'
audit-4.0.1/lib/libaudit.c:804:17: warning[-Wuse-after-free]: pointer 'rule_19' may be used after 'realloc'
# 804 | free(rule);
# | ^~~~~~~~~~
audit-4.0.1/lib/libaudit.c:802:18: note: call to 'realloc' here
# 802 | *rulep = realloc(rule, len + sizeof(*rule));
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 802| *rulep = realloc(rule, len + sizeof(*rule));
# 803| if (*rulep == NULL) {
# 804|-> free(rule);
# 805| audit_msg(LOG_ERR, "Cannot realloc memory!");
# 806| return -1;
Error: GCC_ANALYZER_WARNING (CWE-465): [#def44]
audit-4.0.1/lib/libaudit.c: scope_hint: In function 'audit_rule_fieldpair_data'
audit-4.0.1/lib/libaudit.c:1770:28: warning[-Wanalyzer-deref-before-check]: check of 'rule' for NULL after already dereferencing it
# 1768| rule->buflen += vlen;
# 1769| *rulep = realloc(rule, sizeof(*rule) + rule->buflen);
# 1770|-> if (*rulep == NULL) {
# 1771| free(rule);
# 1772| audit_msg(LOG_ERR, "Cannot realloc memory!");
Error: COMPILER_WARNING: [#def45]
audit-4.0.1/lib/libaudit.c: scope_hint: In function 'audit_rule_fieldpair_data'
audit-4.0.1/lib/libaudit.c:1771:33: warning[-Wuse-after-free]: pointer 'rule_335' may be used after 'realloc'
# 1771 | free(rule);
# | ^~~~~~~~~~
audit-4.0.1/lib/libaudit.c:1769:34: note: call to 'realloc' here
# 1769 | *rulep = realloc(rule, sizeof(*rule) + rule->buflen);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1769| *rulep = realloc(rule, sizeof(*rule) + rule->buflen);
# 1770| if (*rulep == NULL) {
# 1771|-> free(rule);
# 1772| audit_msg(LOG_ERR, "Cannot realloc memory!");
# 1773| return -3;
Error: CLANG_WARNING: [#def46]
audit-4.0.1/lib/netlink.c:107:6: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 105| return -EPROTO;
# 106| }
# 107|-> if (nladdr.nl_pid) {
# 108| audit_msg(LOG_ERR,
# 109| "Spoofed packet received on audit netlink socket");
Error: GCC_ANALYZER_WARNING (CWE-476): [#def47]
audit-4.0.1/src/auditctl-llist.c: scope_hint: In function ‘list_append’
audit-4.0.1/src/auditctl-llist.c:72:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘newnode’
# 70| if (rr)
# 71| memcpy(rr, r, sz);
# 72|-> newnode->r = rr;
# 73| } else
# 74| newnode->r = NULL;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def48]
audit-4.0.1/src/auditctl-llist.c:74:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘newnode’
# 72| newnode->r = rr;
# 73| } else
# 74|-> newnode->r = NULL;
# 75|
# 76| newnode->size = sz;
Error: CLANG_WARNING: [#def49]
audit-4.0.1/src/auditctl.c:625:2: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 623| long_opts, &lidx)) != EOF) {
# 624| int flags = AUDIT_FILTER_UNSET;
# 625|-> rc = 10; // Init to something impossible to see if unused.
# 626| switch (c) {
# 627| case 'h':
Error: GCC_ANALYZER_WARNING (CWE-476): [#def50]
audit-4.0.1/src/auditctl.c: scope_hint: In function ‘fileopt’
audit-4.0.1/src/auditctl.c:1394:29: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘fields’
audit-4.0.1/src/auditctl.c:32: included_from: Included from here.
# 1392| i = 0;
# 1393| fields = malloc(nf * sizeof(char *));
# 1394|-> fields[i++] = "auditctl";
# 1395| fields[i++] = ptr;
# 1396| while( (ptr=audit_strsplit(NULL)) && (i < nf-1)) {
Error: CLANG_WARNING: [#def51]
audit-4.0.1/src/auditctl.c:1642:9: warning[deadcode.DeadStores]: Although the value stored to 'retval' is used in the enclosing expression, the value is never actually read from 'retval'
# 1640| }
# 1641|
# 1642|-> if ((retval = audit_print_reply(&rep, fd)) == 0)
# 1643| break;
# 1644| else
Error: GCC_ANALYZER_WARNING (CWE-688): [#def52]
audit-4.0.1/src/auditd-config.c: scope_hint: In function ‘load_config’
audit-4.0.1/src/auditd-config.c:363:14: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘config_file’ where non-null expected
audit-4.0.1/src/auditd-config.c:33: included_from: Included from here.
/usr/include/fcntl.h:209:12: note: argument 1 of ‘open’ must be non-null
# 361| if (allow_links == 0)
# 362| mode |= O_NOFOLLOW;
# 363|-> rc = open(config_file, mode);
# 364| if (rc < 0) {
# 365| if (errno != ENOENT) {
Error: CLANG_WARNING: [#def53]
audit-4.0.1/src/auditd-listen.c:109:22: warning[core.UndefinedBinaryOperatorResult]: The left operand of '==' is a garbage value
# 107| unsigned int rc;
# 108|
# 109|-> if (addr->ss_family == AF_INET)
# 110| rc = ntohs(((struct sockaddr_in *)addr)->sin_port);
# 111| else if (addr->ss_family == AF_INET6)
Error: GCC_ANALYZER_WARNING (CWE-476): [#def54]
audit-4.0.1/src/auditd-listen.c: scope_hint: In function ‘client_ack.part.0’
audit-4.0.1/src/auditd-listen.c:515:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘utok.value’
# 513| utok.value = malloc(utok.length + 1);
# 514|
# 515|-> memcpy(utok.value, header, AUDIT_RMW_HEADER_SIZE);
# 516| memcpy(utok.value+AUDIT_RMW_HEADER_SIZE, msg, mlen);
# 517|
Error: GCC_ANALYZER_WARNING (CWE-775): [#def55]
audit-4.0.1/src/auditd-sendmail.c: scope_hint: In function ‘sendmail’
audit-4.0.1/src/auditd-sendmail.c:94:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘safe_popen(&pid, mail_acct)’
# 92| }
# 93| if (*pid) { /* Parent */
# 94|-> close(pipe_fd[0]); // adjust pipe
# 95| return pipe_fd[1];
# 96| }
Error: GCC_ANALYZER_WARNING (CWE-775): [#def56]
audit-4.0.1/src/auditd.c: scope_hint: In function ‘become_daemon’
audit-4.0.1/src/auditd.c:423:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 0)’
# 421| return -1;
# 422| }
# 423|-> if ((dup2(nfd, 0) < 0) || (dup2(nfd, 1) < 0) ||
# 424| (dup2(nfd, 2) < 0)) {
# 425| audit_msg(LOG_ERR,
Error: GCC_ANALYZER_WARNING (CWE-775): [#def57]
audit-4.0.1/src/auditd.c:423:48: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 1)’
# 421| return -1;
# 422| }
# 423|-> if ((dup2(nfd, 0) < 0) || (dup2(nfd, 1) < 0) ||
# 424| (dup2(nfd, 2) < 0)) {
# 425| audit_msg(LOG_ERR,
Error: GCC_ANALYZER_WARNING (CWE-775): [#def58]
audit-4.0.1/src/auditd.c:423:70: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 2)’
# 421| return -1;
# 422| }
# 423|-> if ((dup2(nfd, 0) < 0) || (dup2(nfd, 1) < 0) ||
# 424| (dup2(nfd, 2) < 0)) {
# 425| audit_msg(LOG_ERR,
Error: GCC_ANALYZER_WARNING (CWE-688): [#def59]
audit-4.0.1/src/aureport.c: scope_hint: In function ‘process_logs’
audit-4.0.1/src/aureport.c:184:15: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘config.log_file’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 182|
# 183| /* for each file */
# 184|-> len = strlen(config.log_file) + 16;
# 185| filename = malloc(len);
# 186| if (!filename) {
Error: CLANG_WARNING: [#def60]
audit-4.0.1/src/aureport.c:280:2: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 278| free(entries);
# 279| } while (ret == 0);
# 280|-> fclose(log_fd);
# 281| // This is the per file action items
# 282| very_last_event.sec = last_event.sec;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def61]
audit-4.0.1/src/ausearch-avc.c: scope_hint: In function ‘alist_append’
audit-4.0.1/src/ausearch-avc.c:72:35: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘newnode’
# 70|
# 71| if (node->scontext)
# 72|-> newnode->scontext = node->scontext;
# 73| else
# 74| newnode->scontext = NULL;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def62]
audit-4.0.1/src/ausearch-avc.c:74:35: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘newnode’
# 72| newnode->scontext = node->scontext;
# 73| else
# 74|-> newnode->scontext = NULL;
# 75|
# 76| if (node->tcontext)
Error: GCC_ANALYZER_WARNING (CWE-476): [#def63]
audit-4.0.1/src/ausearch-int.c: scope_hint: In function ‘ilist_append’
audit-4.0.1/src/ausearch-int.c:50:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘newnode’
# 48| newnode = malloc(sizeof(int_node));
# 49|
# 50|-> newnode->num = num;
# 51| newnode->hits = hits;
# 52| newnode->aux1 = aux;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def64]
audit-4.0.1/src/ausearch-llist.c: scope_hint: In function ‘list_append’
audit-4.0.1/src/ausearch-llist.c:112:34: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘newnode’
# 110|
# 111| if (node->message)
# 112|-> newnode->message = node->message;
# 113| else
# 114| newnode->message = NULL;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def65]
audit-4.0.1/src/ausearch-llist.c:114:34: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘newnode’
# 112| newnode->message = node->message;
# 113| else
# 114|-> newnode->message = NULL;
# 115|
# 116| newnode->interp = node->interp;
Error: GCC_ANALYZER_WARNING (CWE-688): [#def66]
audit-4.0.1/src/ausearch-lol.c: scope_hint: In function ‘lol_create’
audit-4.0.1/src/ausearch-lol.c:50:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘*lo.array’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memset’ must be non-null
# 48| lo->limit = ARRAY_LIMIT;
# 49| lo->array = (lolnode *)malloc(size);
# 50|-> memset(lo->array, 0, size);
# 51| }
# 52|
Error: GCC_ANALYZER_WARNING (CWE-688): [#def67]
audit-4.0.1/src/ausearch-lookup.c: scope_hint: In function ‘unescape’
audit-4.0.1/src/ausearch-lookup.c:312:15: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘str’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 310| * bigger than what we are putting there.
# 311| */
# 312|-> len = strlen(str);
# 313| if (len < 2) {
# 314| free(str);
Error: GCC_ANALYZER_WARNING (CWE-476): [#def68]
audit-4.0.1/src/ausearch-nvpair.c: scope_hint: In function ‘search_list_append’
audit-4.0.1/src/ausearch-nvpair.c:41:23: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘newnode’
# 39| nvnode* newnode = malloc(sizeof(nvnode));
# 40|
# 41|-> newnode->name = node->name;
# 42| newnode->val = node->val;
# 43| newnode->next = NULL;
Error: CLANG_WARNING: [#def69]
audit-4.0.1/src/ausearch-parse.c:489:9: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 487| if (term == NULL)
# 488| term = n->message;
# 489|-> str = strstr(term, "res=");
# 490| if (str != NULL) {
# 491| ptr = str + 4;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def70]
audit-4.0.1/src/ausearch-parse.c: scope_hint: In function ‘common_path_parser’
audit-4.0.1/src/ausearch-parse.c:725:36: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘sn.str’
# 723| sn.hits = 1;
# 724| // Attempt to rebuild path if relative
# 725|-> if ((sn.str[0] == '.') && ((sn.str[1] == '.') ||
# 726| (sn.str[1] == '/')) && s->cwd) {
# 727| char *tmp = malloc(PATH_MAX);
Error: CLANG_WARNING: [#def71]
audit-4.0.1/src/ausearch-parse.c:1451:9: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 1449| if (term == NULL)
# 1450| term = n->message;
# 1451|-> str = strstr(term, "res=");
# 1452| if (str != NULL) {
# 1453| ptr = str + 4;
Error: CLANG_WARNING: [#def72]
audit-4.0.1/src/ausearch-parse.c:1470:9: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 1468| if (term == NULL)
# 1469| term = n->message;
# 1470|-> str = strstr(term, "new ses=");
# 1471| if (str == NULL) {
# 1472| // The 3.14 kernel changed it to the next line
Error: CPPCHECK_WARNING (CWE-401): [#def73]
audit-4.0.1/src/ausearch-parse.c:1737: error[memleak]: Memory leak: sn.str
# 1735| strdup(un->sun_path+1);
# 1736| else
# 1737|-> return 6;
# 1738|
# 1739| sn.key = NULL;
Error: CLANG_WARNING: [#def74]
audit-4.0.1/src/ausearch-time.c:334:23: warning[unix.cstring.BadSizeArg]: Potential buffer overflow. Replace with 'sizeof(tmp_t) - strlen(tmp_t) - 1' or use a safer 'strlcat' API
# 332| } else {
# 333| tmp_t[0]=0;
# 334|-> strncat(tmp_t, ti, sizeof(tmp_t)-1);
# 335| }
# 336| ret = strptime(tmp_t, "%X", &d);
Error: CLANG_WARNING: [#def75]
audit-4.0.1/src/ausearch-time.c:414:23: warning[unix.cstring.BadSizeArg]: Potential buffer overflow. Replace with 'sizeof(tmp_t) - strlen(tmp_t) - 1' or use a safer 'strlcat' API
# 412| } else {
# 413| tmp_t[0]=0;
# 414|-> strncat(tmp_t, ti, sizeof(tmp_t)-1);
# 415| }
# 416| ret = strptime(tmp_t, "%X", &d);
Error: CLANG_WARNING: [#def76]
audit-4.0.1/src/ausearch.c:495:5: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 493| list_clear(entries);
# 494| free(entries);
# 495|-> fclose(log_fd);
# 496| return 10;
# 497| }
Error: CLANG_WARNING: [#def77]
audit-4.0.1/src/ausearch.c:511:5: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 509| list_clear(entries);
# 510| free(entries);
# 511|-> fclose(log_fd);
# 512| return 4; /* no memory */
# 513| }
Error: CLANG_WARNING: [#def78]
audit-4.0.1/src/ausearch.c:519:2: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 517| free(entries);
# 518| } while (ret == 0);
# 519|-> fclose(log_fd);
# 520|
# 521| return 0;
Error: CPPCHECK_WARNING (CWE-190): [#def79]
audit-4.0.1/src/libev/ev.c:1517: error[integerOverflow]: Signed integer overflow for expression '14-24'.
# 1515|
# 1516| /* too small, will be zero */
# 1517|-> if (e < (14 - 24)) /* might not be sharp, but is good enough */
# 1518| return s;
# 1519|
Error: COMPILER_WARNING: [#def80]
audit-4.0.1/src/libev/ev.c:2146:31: warning: 'ev_default_loop_ptr' initialized and declared 'extern'
# 2144|
# 2145| static struct ev_loop default_loop_struct;
# 2146|-> EV_API_DECL struct ev_loop *ev_default_loop_ptr = 0; /* needs to be initialised to make it a definition despite extern */
# 2147|
# 2148| #else
Error: CLANG_WARNING: [#def81]
audit-4.0.1/src/libev/ev.c:3300:17: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 3298| && !enable_secure ()
# 3299| && getenv ("LIBEV_FLAGS"))
# 3300|-> flags = atoi (getenv ("LIBEV_FLAGS"));
# 3301|
# 3302| ev_rt_now = ev_time ();
Error: GCC_ANALYZER_WARNING (CWE-401): [#def82]
audit-4.0.1/tools/aulast/aulast.c: scope_hint: In function ‘process_bootup’
audit-4.0.1/tools/aulast/aulast.c:449:21: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("reboot")’
# 447| cur->start = start;
# 448| cur->name = strdup("reboot");
# 449|-> cur->term = strdup("system boot");
# 450| if (kernel)
# 451| cur->host = strdup(kernel);
Error: GCC_ANALYZER_WARNING (CWE-401): [#def83]
audit-4.0.1/tools/aulast/aulast.c:450:13: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("system boot")’
# 448| cur->name = strdup("reboot");
# 449| cur->term = strdup("system boot");
# 450|-> if (kernel)
# 451| cur->host = strdup(kernel);
# 452| cur->result = 0;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def84]
audit-4.0.1/tools/aulastlog/aulastlog-llist.c: scope_hint: In function ‘list_append’
audit-4.0.1/tools/aulastlog/aulastlog-llist.c:50:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘newnode’
# 48| newnode = malloc(sizeof(lnode));
# 49|
# 50|-> newnode->sec = node->sec;
# 51| newnode->uid = node->uid;
# 52| newnode->name = strdup(node->name);
Scan Properties
| analyzer-version-clang | 18.1.3 |
| analyzer-version-cppcheck | 2.13.0 |
| analyzer-version-gcc | 14.0.1 |
| analyzer-version-gcc-analyzer | 14.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| enabled-plugins | clang, cppcheck, gcc, shellcheck |
| exit-code | 0 |
| host | ip-172-16-1-247.us-west-2.compute.internal |
| mock-config | fedora-41-x86_64 |
| project-name | audit-4.0.1-1.fc41 |
| store-results-to | /tmp/tmpmf0jbig2/audit-4.0.1-1.fc41.tar.xz |
| time-created | 2024-04-22 10:46:23 |
| time-finished | 2024-04-22 10:49:33 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmpmf0jbig2/audit-4.0.1-1.fc41.tar.xz' '--gcc-analyze' '/tmp/tmpmf0jbig2/audit-4.0.1-1.fc41.src.rpm' |
| tool-version | csmock-3.5.3-1.el9 |