audit-4.0.1-1.fc41

List of Defects

Error: GCC_ANALYZER_WARNING (CWE-476): [#def1]
audit-4.0.1/audisp/audispd-llist.c: scope_hint: In function 'plist_append'
audit-4.0.1/audisp/audispd-llist.c:82:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'newnode'
#   80|   		if (pp)
#   81|   			memcpy(pp, p, sizeof(struct plugin_conf));
#   82|-> 		newnode->p = pp;
#   83|   	} else
#   84|   		newnode->p = NULL;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def2]
audit-4.0.1/audisp/audispd-llist.c:84:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'newnode'
#   82|   		newnode->p = pp;
#   83|   	} else
#   84|-> 		newnode->p = NULL;
#   85|   
#   86|   	newnode->next = 0;

Error: CLANG_WARNING: [#def3]
audit-4.0.1/audisp/audispd-pconfig.c:227:4: warning[unix.Malloc]: Potential leak of memory pointed to by 'nv.values'
#  225|   		}
#  226|   		if (nv.values == NULL) {
#  227|-> 			fclose(f);
#  228|   			return 1;
#  229|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
audit-4.0.1/audisp/audispd-pconfig.c: scope_hint: In function 'load_pconfig'
audit-4.0.1/audisp/audispd-pconfig.c:228:32: warning[-Wanalyzer-malloc-leak]: leak of 'nv.values'
audit-4.0.1/audisp/audispd-pconfig.c:29: included_from: Included from here.
#  226|   		if (nv.values == NULL) {
#  227|   			fclose(f);
#  228|-> 			return 1;
#  229|   		}
#  230|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def5]
audit-4.0.1/audisp/audispd-pconfig.c: scope_hint: In function 'nv_split'
audit-4.0.1/audisp/audispd-pconfig.c:329:28: warning[-Wanalyzer-malloc-leak]: leak of 'nv.values'
#  327|   	/* get the value part */
#  328|   	while ((ptr = strtok_r(NULL, " ", &saved)) != NULL) {
#  329|-> 		nv->values = realloc(nv->values, (nv->nvalues + 1) * sizeof(char *));
#  330|   		if (nv->values == NULL) {
#  331|   			return 1;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def6]
audit-4.0.1/audisp/audispd-pconfig.c: scope_hint: In function 'args_parser'
audit-4.0.1/audisp/audispd-pconfig.c:451:33: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL '*config.args'
#  449|   
#  450|   	for (int i = 0; i < nv->nvalues; i++) {
#  451|-> 		config->args[i] = strdup(nv->values[nv->nvalues - i - 1]);
#  452|   	}
#  453|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def7]
audit-4.0.1/audisp/audispd.c: scope_hint: In function 'safe_exec'
audit-4.0.1/audisp/audispd.c:421:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'dup2(*conf.plug_pipe[0], 0)'
#  419|   
#  420|   	/* Set up comm with child */
#  421|-> 	if (dup2(conf->plug_pipe[0], 0) < 0) {
#  422|   		close(conf->plug_pipe[0]);
#  423|   		close(conf->plug_pipe[1]);

Error: CLANG_WARNING: [#def8]
audit-4.0.1/audisp/audispd.c:565:7: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
#  563|   					}
#  564|   					if (!stop && start_one_plugin(conf)) {
#  565|-> 						rc = write_to_plugin(e, v, len,
#  566|   								     conf);
#  567|   						audit_msg(LOG_NOTICE,

Error: CLANG_WARNING: [#def9]
audit-4.0.1/audisp/plugins/filter/audisp-filter.c:294:12: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  292|   
#  293|   	/* open the file */
#  294|-> 	if ((fd = open(config.config_file, O_RDONLY)) < 0) {
#  295|   		if (errno != ENOENT) {
#  296|   			syslog(LOG_ERR, "Error opening config file (%s)", strerror(errno));

Error: CLANG_WARNING: [#def10]
audit-4.0.1/audisp/plugins/filter/audisp-filter.c:451:3: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  449|   		close(pipefd[0]);
#  450|   
#  451|-> 		execve(config.binary, config.binary_args, NULL);
#  452|   		syslog(LOG_ERR, "%s: execve failed (%s)", argv[0], strerror(errno));
#  453|   		exit(1);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def11]
audit-4.0.1/audisp/plugins/remote/audisp-remote.c: scope_hint: In function ‘negotiate_credentials’
audit-4.0.1/audisp/plugins/remote/audisp-remote.c:926:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘config.krb5_principal’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_sprintf’ must be non-null
#  924|   		config.krb5_principal = (char *) malloc (strlen (name) + 1
#  925|   					+ strlen (config.remote_server) + 1);
#  926|-> 		sprintf((char *)config.krb5_principal, "%s@%s",
#  927|   			name, config.remote_server);
#  928|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def12]
audit-4.0.1/audisp/plugins/remote/audisp-remote.c: scope_hint: In function ‘init_sock’
audit-4.0.1/audisp/plugins/remote/audisp-remote.c:1124:26: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘socket(*runp.ai_family, *runp.ai_socktype, *runp.ai_protocol)’
# 1122|   		sock = socket(runp->ai_family, runp->ai_socktype,
# 1123|   					runp->ai_protocol);
# 1124|-> 		if (sock < 0) {
# 1125|   			if (!quiet)
# 1126|   				syslog(LOG_ERR, "Error creating socket: %s",

Error: GCC_ANALYZER_WARNING (CWE-476): [#def13]
audit-4.0.1/audisp/plugins/remote/audisp-remote.c: scope_hint: In function ‘send_msg_gss’
audit-4.0.1/audisp/plugins/remote/audisp-remote.c:1330:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘utok.value’
# 1328|   	utok.value = malloc (utok.length);
# 1329|   
# 1330|-> 	memcpy (utok.value, header, AUDIT_RMW_HEADER_SIZE);
# 1331|   
# 1332|   	if (msg != NULL && mlen > 0)

Error: CLANG_WARNING: [#def14]
audit-4.0.1/audisp/plugins/zos-remote/zos-remote-ldap.c:434:17: warning[unix.Malloc]: Potential leak of memory pointed to by 'response.itemList'
#  432|           rc = decode_response(&response, bv_response);
#  433|           if (rc != ICTX_SUCCESS) {
#  434|->                 log_err("Error decoding extended operation response");
#  435|                   goto free_bv;
#  436|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def15]
audit-4.0.1/auparse/auparse.c: scope_hint: In function 'au_lol_create'
audit-4.0.1/auparse/auparse.c:161:9: warning[-Wanalyzer-malloc-leak]: leak of '<return-value>'
#  159|   
#  160|   	lol->limit = ARRAY_LIMIT;
#  161|-> 	memset(lol->array, 0x00, sz);
#  162|   
#  163|   	return lol->array;

Error: CLANG_WARNING: [#def16]
audit-4.0.1/auparse/auparse.c:525:17: warning[deadcode.DeadStores]: Although the value stored to 'buf' is used in the enclosing expression, the value is never actually read from 'buf'
#  523|   				goto bad_exit;
#  524|   			size = 0;
#  525|-> 			for (n = 0; (buf = bb[n]); n++) {
#  526|   				len = strlen(bb[n]);
#  527|   				if (bb[n][len-1] != '\n') {

Error: CLANG_WARNING: [#def17]
audit-4.0.1/auparse/auparse.c:1517:7: warning[core.NullDereference]: Access to field 'status' results in a dereference of a null pointer (loaded from variable 'cur')
# 1515|   	for (i = 0; i <= au->au_lo->maxi; i++) {
# 1516|   		au_lolnode *cur = &au->au_lo->array[i];
# 1517|-> 		if (cur->status == EBS_EMPTY && cur->l) {
# 1518|   #ifdef	LOL_EVENTS_DEBUG01
# 1519|   			if (debug) {

Error: GCC_ANALYZER_WARNING (CWE-688): [#def18]
audit-4.0.1/auparse/data_buf.c: scope_hint: In function 'databuf_print'
audit-4.0.1/auparse/data_buf.c:149:9: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
audit-4.0.1/auparse/data_buf.c: scope_hint: In function 'databuf_print'
audit-4.0.1/auparse/data_buf.c:36: included_from: Included from here.
/usr/include/stdio.h:745:15: note: argument 1 of 'fwrite' must be non-null
#  147|       if (print_data) {
#  148|           printf(" [");
#  149|->         fwrite(databuf_beg(db), 1, db->len, stdout);
#  150|           printf("]");
#  151|       }

Error: GCC_ANALYZER_WARNING (CWE-688): [#def19]
audit-4.0.1/auparse/data_buf.c: scope_hint: In function 'databuf_append.part.0'
audit-4.0.1/auparse/data_buf.c:232:5: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
audit-4.0.1/auparse/data_buf.c: scope_hint: In function 'databuf_append.part.0'
<built-in>: note: argument 1 of '__builtin_memmove' must be non-null
#  230|   #endif
#  231|       /* pointers all set up and room available, move the data and update */
#  232|->     memmove(databuf_end(db), src, src_size);
#  233|       db->len = new_size;
#  234|       db->max_len = MAX(db->max_len, new_size);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def20]
audit-4.0.1/auparse/ellist.c: scope_hint: In function '_audit_c2x'
audit-4.0.1/auparse/ellist.c:77:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'ptr'
#   75|   
#   76|   	for (i=0; i<size; i++) {
#   77|-> 		*ptr++ = hex[(buf[i] & 0xF0)>>4]; /* Upper nibble */
#   78|   		*ptr++ = hex[buf[i] & 0x0F];      /* Lower nibble */
#   79|   	}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def21]
audit-4.0.1/auparse/ellist.c:80:14: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'ptr'
#   78|   		*ptr++ = hex[buf[i] & 0x0F];      /* Lower nibble */
#   79|   	}
#   80|-> 	*ptr = 0;
#   81|   	return final;
#   82|   }

Error: CPPCHECK_WARNING (CWE-401): [#def22]
audit-4.0.1/auparse/ellist.c:316: error[memleak]: Memory leak: n.name
#  314|   									 == 0)
#  315|   								free(buf);
#  316|-> 							return -1;
#  317|   						}
#  318|   						if (tmpctx[0]) {

Error: GCC_ANALYZER_WARNING (CWE-688): [#def23]
audit-4.0.1/auparse/interpret.c: scope_hint: In function 'print_proctitle'
audit-4.0.1/auparse/interpret.c:981:16: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'ptr' where non-null expected
audit-4.0.1/auparse/interpret.c:996:32: note: in expansion of macro 'STRCHR'
audit-4.0.1/auparse/interpret.c:996:32: note: in expansion of macro 'STRCHR'
audit-4.0.1/auparse/interpret.c:37: included_from: Included from here.
/usr/include/string.h:120:14: note: argument 1 of 'rawmemchr' must be non-null
#  979|   // rawmemchr is faster. Let's use it if we have it.
#  980|   #ifdef HAVE_RAWMEMCHR
#  981|-> #define STRCHR rawmemchr
#  982|   #else
#  983|   #define STRCHR strchr

Error: GCC_ANALYZER_WARNING (CWE-835): [#def24]
audit-4.0.1/auparse/lru.c: scope_hint: In function 'destroy_queue'
audit-4.0.1/auparse/lru.c:119:21: warning[-Wanalyzer-infinite-loop]: infinite loop
#  117|   #endif
#  118|   
#  119|-> 	while (queue->count)
#  120|   		dequeue(queue);
#  121|   

Error: GCC_ANALYZER_WARNING (CWE-416): [#def25]
audit-4.0.1/auparse/lru.c: scope_hint: In function 'remove_node'
audit-4.0.1/auparse/lru.c:220:17: warning[-Wanalyzer-use-after-free]: use after 'free' of 'node'
#  218|   	// If we are at the beginning
#  219|   	sanity_check_queue(queue, "1 remove_node");
#  220|-> 	if (node->prev == NULL) {
#  221|   		queue->front = node->next;
#  222|   		if (queue->front)

Error: CLANG_WARNING: [#def26]
audit-4.0.1/auparse/lru.c:263:2: warning[unix.Malloc]: Use of memory after it is freed
#  261|   		return;
#  262|   
#  263|-> 	remove_node(queue, queue->end);
#  264|   
#  265|   //	if (queue->cleanup)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def27]
audit-4.0.1/auparse/normalize-llist.c: scope_hint: In function 'cllist_append'
audit-4.0.1/auparse/normalize-llist.c:70:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'newnode'
#   68|   	newnode = malloc(sizeof(data_node));
#   69|   
#   70|-> 	newnode->num = num;
#   71|   	newnode->data = data;
#   72|   	newnode->next = NULL;

Error: CLANG_WARNING: [#def28]
audit-4.0.1/auparse/normalize.c:933:5: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
#  931|   			{
#  932|   				const char *k;
#  933|-> 				rc = auparse_first_record(au);
#  934|   				k = auparse_find_field(au, "key");
#  935|   				if (k && strcmp(k, "(null)")) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def29]
audit-4.0.1/auparse/nvlist.c: scope_hint: In function 'nvlist_append'
audit-4.0.1/auparse/nvlist.c:68:26: warning[-Wanalyzer-malloc-leak]: leak of '*l.array'
audit-4.0.1/auparse/nvlist.c: scope_hint: In function 'nvlist_append'
#   66|   
#   67|   	if (l->cnt == l->size) {
#   68|-> 		l->array = realloc(l->array, l->size * sizeof(nvnode) * 2);
#   69|   		memset(l->array + l->size, 0, sizeof(nvnode) * l->size);
#   70|   		l->size = l->size * 2;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def30]
audit-4.0.1/bindings/python/auparse_python.c: scope_hint: In function 'AuParser_init'
audit-4.0.1/bindings/python/auparse_python.c:339:97: warning[-Wanalyzer-malloc-leak]: leak of 'fp'
audit-4.0.1/bindings/python/auparse_python.c:462:19: note: in expansion of macro 'PYFILE_ASFILE'
audit-4.0.1/bindings/python/auparse_python.c:462:19: note: in expansion of macro 'PYFILE_ASFILE'
#  337|       }
#  338|   
#  339|->     if (! PyArg_ParseTupleAndKeywords(args, kwds, "|iO", kwlist, &source_type, &source)) return -1; 
#  340|   
#  341|       switch (source_type) {

Error: CLANG_WARNING: [#def31]
audit-4.0.1/bindings/swig/python3/audit_wrap.c:4243:13: warning[unix.Malloc]: Potential leak of memory pointed to by 'result'
# 4241|     if (!SWIG_Python_UnpackTuple(args, "new_audit_status", 0, 0, 0)) SWIG_fail;
# 4242|     result = (struct audit_status *)calloc(1, sizeof(struct audit_status));
# 4243|->   resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_audit_status, SWIG_POINTER_NEW |  0 );
# 4244|     return resultobj;
# 4245|   fail:

Error: CLANG_WARNING: [#def32]
audit-4.0.1/bindings/swig/python3/audit_wrap.c:4507:13: warning[unix.Malloc]: Potential leak of memory pointed to by 'result'
# 4505|     if (!SWIG_Python_UnpackTuple(args, "new_audit_features", 0, 0, 0)) SWIG_fail;
# 4506|     result = (struct audit_features *)calloc(1, sizeof(struct audit_features));
# 4507|->   resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_audit_features, SWIG_POINTER_NEW |  0 );
# 4508|     return resultobj;
# 4509|   fail:

Error: CLANG_WARNING: [#def33]
audit-4.0.1/bindings/swig/python3/audit_wrap.c:4663:13: warning[unix.Malloc]: Potential leak of memory pointed to by 'result'
# 4661|     if (!SWIG_Python_UnpackTuple(args, "new_audit_tty_status", 0, 0, 0)) SWIG_fail;
# 4662|     result = (struct audit_tty_status *)calloc(1, sizeof(struct audit_tty_status));
# 4663|->   resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_audit_tty_status, SWIG_POINTER_NEW |  0 );
# 4664|     return resultobj;
# 4665|   fail:

Error: CLANG_WARNING: [#def34]
audit-4.0.1/bindings/swig/python3/audit_wrap.c:5171:13: warning[unix.Malloc]: Potential leak of memory pointed to by 'result'
# 5169|     if (!SWIG_Python_UnpackTuple(args, "new_audit_rule_data", 0, 0, 0)) SWIG_fail;
# 5170|     result = (struct audit_rule_data *)calloc(1, sizeof(struct audit_rule_data));
# 5171|->   resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_audit_rule_data, SWIG_POINTER_NEW |  0 );
# 5172|     return resultobj;
# 5173|   fail:

Error: CLANG_WARNING: [#def35]
audit-4.0.1/common/audit-fgets.c:93:17: warning[core.NullDereference]: Array access (from variable 'current') results in a null pointer dereference
#   91|   			eof = 1;
#   92|   		else
#   93|-> 			current[len] = 0;
#   94|   		current += len;
#   95|   

Error: CLANG_WARNING: [#def36]
audit-4.0.1/lib/audit_logging.c:298:26: warning[unix.cstring.BadSizeArg]: Potential buffer overflow. Replace with 'sizeof(addrbuf) - strlen(addrbuf) - 1' or use a safer 'strlcat' API
#  296|   		_resolve_addr(addrbuf, hostname);
#  297|   	else
#  298|-> 		strncat(addrbuf, addr, sizeof(addrbuf)-1);
#  299|   
#  300|   	/* Fill in exec name if needed */

Error: CLANG_WARNING: [#def37]
audit-4.0.1/lib/audit_logging.c:376:26: warning[unix.cstring.BadSizeArg]: Potential buffer overflow. Replace with 'sizeof(addrbuf) - strlen(addrbuf) - 1' or use a safer 'strlcat' API
#  374|   		_resolve_addr(addrbuf, hostname);
#  375|   	else
#  376|-> 		strncat(addrbuf, addr, sizeof(addrbuf)-1);
#  377|   
#  378|   	/* Fill in exec name if needed */

Error: CLANG_WARNING: [#def38]
audit-4.0.1/lib/audit_logging.c:459:26: warning[unix.cstring.BadSizeArg]: Potential buffer overflow. Replace with 'sizeof(addrbuf) - strlen(addrbuf) - 1' or use a safer 'strlcat' API
#  457|   		_resolve_addr(addrbuf, host);
#  458|   	else
#  459|-> 		strncat(addrbuf, addr, sizeof(addrbuf)-1);
#  460|   
#  461|   	/* Fill in exec name if needed */

Error: CLANG_WARNING: [#def39]
audit-4.0.1/lib/audit_logging.c:555:26: warning[unix.cstring.BadSizeArg]: Potential buffer overflow. Replace with 'sizeof(addrbuf) - strlen(addrbuf) - 1' or use a safer 'strlcat' API
#  553|   		_resolve_addr(addrbuf, hostname);
#  554|   	else
#  555|-> 		strncat(addrbuf, addr, sizeof(addrbuf)-1);
#  556|   
#  557|   	if (exename[0] == 0)

Error: CLANG_WARNING: [#def40]
audit-4.0.1/lib/audit_logging.c:640:26: warning[unix.cstring.BadSizeArg]: Potential buffer overflow. Replace with 'sizeof(addrbuf) - strlen(addrbuf) - 1' or use a safer 'strlcat' API
#  638|   		_resolve_addr(addrbuf, host);
#  639|   	else
#  640|-> 		strncat(addrbuf, addr, sizeof(addrbuf)-1);
#  641|   
#  642|   	if (pgname == NULL || strlen(pgname) == 0) {

Error: COMPILER_WARNING (CWE-681): [#def41]
audit-4.0.1/lib/gen_tables.c:89:22: warning[-Woverflow]: overflow in conversion from ‘long long unsigned int’ to ‘int’ changes value from ‘4294967296’ to ‘0’
audit-4.0.1/auparse/clone-flagtab.h:47:1: note: in expansion of macro ‘_S’
#   87|   /* The mapping to store. */
#   88|   static struct value values[] = {
#   89|-> #define _S(VAL, S) { (VAL), (S), 0, 0 },
#   90|   #include TABLE_H
#   91|   #undef _S

Error: COMPILER_WARNING (CWE-681): [#def42]
audit-4.0.1/lib/gen_tables.c:89:22: warning[-Woverflow]: overflow in conversion from ‘long long unsigned int’ to ‘int’ changes value from ‘8589934592’ to ‘0’
audit-4.0.1/auparse/clone-flagtab.h:48:1: note: in expansion of macro ‘_S’
#   87|   /* The mapping to store. */
#   88|   static struct value values[] = {
#   89|-> #define _S(VAL, S) { (VAL), (S), 0, 0 },
#   90|   #include TABLE_H
#   91|   #undef _S

Error: COMPILER_WARNING: [#def43]
audit-4.0.1/lib/libaudit.c: scope_hint: In function 'audit_add_watch_dir'
audit-4.0.1/lib/libaudit.c:804:17: warning[-Wuse-after-free]: pointer 'rule_19' may be used after 'realloc'
#  804 |                 free(rule);
#      |                 ^~~~~~~~~~
audit-4.0.1/lib/libaudit.c:802:18: note: call to 'realloc' here
#  802 |         *rulep = realloc(rule, len + sizeof(*rule));
#      |                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  802|   	*rulep = realloc(rule, len + sizeof(*rule));
#  803|   	if (*rulep == NULL) {
#  804|-> 		free(rule);
#  805|   		audit_msg(LOG_ERR, "Cannot realloc memory!");
#  806|   		return -1;

Error: GCC_ANALYZER_WARNING (CWE-465): [#def44]
audit-4.0.1/lib/libaudit.c: scope_hint: In function 'audit_rule_fieldpair_data'
audit-4.0.1/lib/libaudit.c:1770:28: warning[-Wanalyzer-deref-before-check]: check of 'rule' for NULL after already dereferencing it
# 1768|   			rule->buflen += vlen;
# 1769|   			*rulep = realloc(rule, sizeof(*rule) + rule->buflen);
# 1770|-> 			if (*rulep == NULL) {
# 1771|   				free(rule);
# 1772|   				audit_msg(LOG_ERR, "Cannot realloc memory!");

Error: COMPILER_WARNING: [#def45]
audit-4.0.1/lib/libaudit.c: scope_hint: In function 'audit_rule_fieldpair_data'
audit-4.0.1/lib/libaudit.c:1771:33: warning[-Wuse-after-free]: pointer 'rule_335' may be used after 'realloc'
# 1771 |                                 free(rule);
#      |                                 ^~~~~~~~~~
audit-4.0.1/lib/libaudit.c:1769:34: note: call to 'realloc' here
# 1769 |                         *rulep = realloc(rule, sizeof(*rule) + rule->buflen);
#      |                                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1769|   			*rulep = realloc(rule, sizeof(*rule) + rule->buflen);
# 1770|   			if (*rulep == NULL) {
# 1771|-> 				free(rule);
# 1772|   				audit_msg(LOG_ERR, "Cannot realloc memory!");
# 1773|   				return -3;

Error: CLANG_WARNING: [#def46]
audit-4.0.1/lib/netlink.c:107:6: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
#  105|   		return -EPROTO;
#  106|   	}
#  107|-> 	if (nladdr.nl_pid) {
#  108|   		audit_msg(LOG_ERR, 
#  109|   			"Spoofed packet received on audit netlink socket");

Error: GCC_ANALYZER_WARNING (CWE-476): [#def47]
audit-4.0.1/src/auditctl-llist.c: scope_hint: In function ‘list_append’
audit-4.0.1/src/auditctl-llist.c:72:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘newnode’
#   70|   		if (rr) 
#   71|   			memcpy(rr, r, sz);
#   72|-> 		newnode->r = rr;
#   73|   	} else
#   74|   		newnode->r = NULL;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def48]
audit-4.0.1/src/auditctl-llist.c:74:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘newnode’
#   72|   		newnode->r = rr;
#   73|   	} else
#   74|-> 		newnode->r = NULL;
#   75|   
#   76|   	newnode->size = sz;

Error: CLANG_WARNING: [#def49]
audit-4.0.1/src/auditctl.c:625:2: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
#  623|   			long_opts, &lidx)) != EOF) {
#  624|   	int flags = AUDIT_FILTER_UNSET;
#  625|-> 	rc = 10;	// Init to something impossible to see if unused.
#  626|           switch (c) {
#  627|           case 'h':

Error: GCC_ANALYZER_WARNING (CWE-476): [#def50]
audit-4.0.1/src/auditctl.c: scope_hint: In function ‘fileopt’
audit-4.0.1/src/auditctl.c:1394:29: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘fields’
audit-4.0.1/src/auditctl.c:32: included_from: Included from here.
# 1392|   		i = 0;
# 1393|   		fields = malloc(nf * sizeof(char *));
# 1394|-> 		fields[i++] = "auditctl";
# 1395|   		fields[i++] = ptr;
# 1396|   		while( (ptr=audit_strsplit(NULL)) && (i < nf-1)) {

Error: CLANG_WARNING: [#def51]
audit-4.0.1/src/auditctl.c:1642:9: warning[deadcode.DeadStores]: Although the value stored to 'retval' is used in the enclosing expression, the value is never actually read from 'retval'
# 1640|   			}
# 1641|   
# 1642|-> 			if ((retval = audit_print_reply(&rep, fd)) == 0)
# 1643|   				break;
# 1644|   			else

Error: GCC_ANALYZER_WARNING (CWE-688): [#def52]
audit-4.0.1/src/auditd-config.c: scope_hint: In function ‘load_config’
audit-4.0.1/src/auditd-config.c:363:14: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘config_file’ where non-null expected
audit-4.0.1/src/auditd-config.c:33: included_from: Included from here.
/usr/include/fcntl.h:209:12: note: argument 1 of ‘open’ must be non-null
#  361|   	if (allow_links == 0)
#  362|   		mode |= O_NOFOLLOW;
#  363|-> 	rc = open(config_file, mode);
#  364|   	if (rc < 0) {
#  365|   		if (errno != ENOENT) {

Error: CLANG_WARNING: [#def53]
audit-4.0.1/src/auditd-listen.c:109:22: warning[core.UndefinedBinaryOperatorResult]: The left operand of '==' is a garbage value
#  107|   	unsigned int rc;
#  108|   
#  109|-> 	if (addr->ss_family == AF_INET)
#  110|   		rc = ntohs(((struct  sockaddr_in *)addr)->sin_port);
#  111|   	else if (addr->ss_family == AF_INET6)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def54]
audit-4.0.1/src/auditd-listen.c: scope_hint: In function ‘client_ack.part.0’
audit-4.0.1/src/auditd-listen.c:515:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘utok.value’
#  513|   		utok.value = malloc(utok.length + 1);
#  514|   
#  515|-> 		memcpy(utok.value, header, AUDIT_RMW_HEADER_SIZE);
#  516|   		memcpy(utok.value+AUDIT_RMW_HEADER_SIZE, msg, mlen);
#  517|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def55]
audit-4.0.1/src/auditd-sendmail.c: scope_hint: In function ‘sendmail’
audit-4.0.1/src/auditd-sendmail.c:94:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘safe_popen(&pid,  mail_acct)’
#   92|   	}
#   93|   	if (*pid) {       /* Parent */
#   94|-> 		close(pipe_fd[0]);	// adjust pipe
#   95|   		return pipe_fd[1];
#   96|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def56]
audit-4.0.1/src/auditd.c: scope_hint: In function ‘become_daemon’
audit-4.0.1/src/auditd.c:423:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 0)’
#  421|   				return -1;
#  422|   			}
#  423|-> 			if ((dup2(nfd, 0) < 0) || (dup2(nfd, 1) < 0) ||
#  424|   							(dup2(nfd, 2) < 0)) {
#  425|   				audit_msg(LOG_ERR,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def57]
audit-4.0.1/src/auditd.c:423:48: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 1)’
#  421|   				return -1;
#  422|   			}
#  423|-> 			if ((dup2(nfd, 0) < 0) || (dup2(nfd, 1) < 0) ||
#  424|   							(dup2(nfd, 2) < 0)) {
#  425|   				audit_msg(LOG_ERR,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def58]
audit-4.0.1/src/auditd.c:423:70: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 2)’
#  421|   				return -1;
#  422|   			}
#  423|-> 			if ((dup2(nfd, 0) < 0) || (dup2(nfd, 1) < 0) ||
#  424|   							(dup2(nfd, 2) < 0)) {
#  425|   				audit_msg(LOG_ERR,

Error: GCC_ANALYZER_WARNING (CWE-688): [#def59]
audit-4.0.1/src/aureport.c: scope_hint: In function ‘process_logs’
audit-4.0.1/src/aureport.c:184:15: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘config.log_file’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
#  182|   
#  183|   	/* for each file */
#  184|-> 	len = strlen(config.log_file) + 16;
#  185|   	filename = malloc(len);
#  186|   	if (!filename) {

Error: CLANG_WARNING: [#def60]
audit-4.0.1/src/aureport.c:280:2: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  278|   		free(entries);
#  279|   	} while (ret == 0);
#  280|-> 	fclose(log_fd);
#  281|   	// This is the per file action items
#  282|   	very_last_event.sec = last_event.sec;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def61]
audit-4.0.1/src/ausearch-avc.c: scope_hint: In function ‘alist_append’
audit-4.0.1/src/ausearch-avc.c:72:35: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘newnode’
#   70|   
#   71|   	if (node->scontext)
#   72|-> 		newnode->scontext = node->scontext;
#   73|   	else
#   74|   		newnode->scontext = NULL;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def62]
audit-4.0.1/src/ausearch-avc.c:74:35: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘newnode’
#   72|   		newnode->scontext = node->scontext;
#   73|   	else
#   74|-> 		newnode->scontext = NULL;
#   75|   
#   76|   	if (node->tcontext)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def63]
audit-4.0.1/src/ausearch-int.c: scope_hint: In function ‘ilist_append’
audit-4.0.1/src/ausearch-int.c:50:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘newnode’
#   48|   	newnode = malloc(sizeof(int_node));
#   49|   
#   50|-> 	newnode->num = num;
#   51|   	newnode->hits = hits;
#   52|   	newnode->aux1 = aux;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def64]
audit-4.0.1/src/ausearch-llist.c: scope_hint: In function ‘list_append’
audit-4.0.1/src/ausearch-llist.c:112:34: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘newnode’
#  110|   
#  111|   	if (node->message)
#  112|-> 		newnode->message = node->message;
#  113|   	else
#  114|   		newnode->message = NULL;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def65]
audit-4.0.1/src/ausearch-llist.c:114:34: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘newnode’
#  112|   		newnode->message = node->message;
#  113|   	else
#  114|-> 		newnode->message = NULL;
#  115|   
#  116|   	newnode->interp = node->interp;

Error: GCC_ANALYZER_WARNING (CWE-688): [#def66]
audit-4.0.1/src/ausearch-lol.c: scope_hint: In function ‘lol_create’
audit-4.0.1/src/ausearch-lol.c:50:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘*lo.array’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memset’ must be non-null
#   48|   	lo->limit = ARRAY_LIMIT;
#   49|   	lo->array = (lolnode *)malloc(size);
#   50|-> 	memset(lo->array, 0, size);
#   51|   }
#   52|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def67]
audit-4.0.1/src/ausearch-lookup.c: scope_hint: In function ‘unescape’
audit-4.0.1/src/ausearch-lookup.c:312:15: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘str’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
#  310|   	 * bigger than what we are putting there.
#  311|   	 */
#  312|-> 	len = strlen(str);
#  313|   	if (len < 2) {
#  314|   		free(str);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def68]
audit-4.0.1/src/ausearch-nvpair.c: scope_hint: In function ‘search_list_append’
audit-4.0.1/src/ausearch-nvpair.c:41:23: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘newnode’
#   39|   	nvnode* newnode = malloc(sizeof(nvnode));
#   40|   
#   41|-> 	newnode->name = node->name;
#   42|   	newnode->val = node->val;
#   43|   	newnode->next = NULL;

Error: CLANG_WARNING: [#def69]
audit-4.0.1/src/ausearch-parse.c:489:9: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  487|   		if (term == NULL)
#  488|   			term = n->message;
#  489|-> 		str = strstr(term, "res=");
#  490|   		if (str != NULL) {
#  491|   			ptr = str + 4;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def70]
audit-4.0.1/src/ausearch-parse.c: scope_hint: In function ‘common_path_parser’
audit-4.0.1/src/ausearch-parse.c:725:36: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘sn.str’
#  723|   			sn.hits = 1;
#  724|   			// Attempt to rebuild path if relative
#  725|-> 			if ((sn.str[0] == '.') && ((sn.str[1] == '.') ||
#  726|   				(sn.str[1] == '/')) && s->cwd) {
#  727|   				char *tmp = malloc(PATH_MAX);

Error: CLANG_WARNING: [#def71]
audit-4.0.1/src/ausearch-parse.c:1451:9: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 1449|   		if (term == NULL)
# 1450|   			term = n->message;
# 1451|-> 		str = strstr(term, "res=");
# 1452|   		if (str != NULL) {
# 1453|   			ptr = str + 4;

Error: CLANG_WARNING: [#def72]
audit-4.0.1/src/ausearch-parse.c:1470:9: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 1468|   		if (term == NULL)
# 1469|   			term = n->message;
# 1470|-> 		str = strstr(term, "new ses=");
# 1471|   		if (str == NULL) {
# 1472|   			// The 3.14 kernel changed it to the next line

Error: CPPCHECK_WARNING (CWE-401): [#def73]
audit-4.0.1/src/ausearch-parse.c:1737: error[memleak]: Memory leak: sn.str
# 1735|   							strdup(un->sun_path+1);
# 1736|   						else
# 1737|-> 							return 6;
# 1738|   
# 1739|   						sn.key = NULL;

Error: CLANG_WARNING: [#def74]
audit-4.0.1/src/ausearch-time.c:334:23: warning[unix.cstring.BadSizeArg]: Potential buffer overflow. Replace with 'sizeof(tmp_t) - strlen(tmp_t) - 1' or use a safer 'strlcat' API
#  332|   		} else {
#  333|   			tmp_t[0]=0;
#  334|-> 			strncat(tmp_t, ti, sizeof(tmp_t)-1);
#  335|   		}
#  336|   		ret = strptime(tmp_t, "%X", &d);

Error: CLANG_WARNING: [#def75]
audit-4.0.1/src/ausearch-time.c:414:23: warning[unix.cstring.BadSizeArg]: Potential buffer overflow. Replace with 'sizeof(tmp_t) - strlen(tmp_t) - 1' or use a safer 'strlcat' API
#  412|   		} else {
#  413|   			tmp_t[0]=0;
#  414|-> 			strncat(tmp_t, ti, sizeof(tmp_t)-1);
#  415|   		}
#  416|   		ret = strptime(tmp_t, "%X", &d);

Error: CLANG_WARNING: [#def76]
audit-4.0.1/src/ausearch.c:495:5: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  493|   				list_clear(entries);
#  494|   				free(entries);
#  495|-> 				fclose(log_fd);
#  496|   				return 10;
#  497|   			}

Error: CLANG_WARNING: [#def77]
audit-4.0.1/src/ausearch.c:511:5: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  509|   				list_clear(entries);
#  510|   				free(entries);
#  511|-> 				fclose(log_fd);
#  512|   				return 4;	/* no memory */
#  513|   			}

Error: CLANG_WARNING: [#def78]
audit-4.0.1/src/ausearch.c:519:2: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  517|   		free(entries);
#  518|   	} while (ret == 0);
#  519|-> 	fclose(log_fd);
#  520|   
#  521|   	return 0;

Error: CPPCHECK_WARNING (CWE-190): [#def79]
audit-4.0.1/src/libev/ev.c:1517: error[integerOverflow]: Signed integer overflow for expression '14-24'.
# 1515|   
# 1516|         /* too small, will be zero */
# 1517|->       if (e < (14 - 24)) /* might not be sharp, but is good enough */
# 1518|           return s;
# 1519|   

Error: COMPILER_WARNING: [#def80]
audit-4.0.1/src/libev/ev.c:2146:31: warning: 'ev_default_loop_ptr' initialized and declared 'extern'
# 2144|   
# 2145|     static struct ev_loop default_loop_struct;
# 2146|->   EV_API_DECL struct ev_loop *ev_default_loop_ptr = 0; /* needs to be initialised to make it a definition despite extern */
# 2147|   
# 2148|   #else

Error: CLANG_WARNING: [#def81]
audit-4.0.1/src/libev/ev.c:3300:17: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 3298|             && !enable_secure ()
# 3299|             && getenv ("LIBEV_FLAGS"))
# 3300|->         flags = atoi (getenv ("LIBEV_FLAGS"));
# 3301|   
# 3302|         ev_rt_now          = ev_time ();

Error: GCC_ANALYZER_WARNING (CWE-401): [#def82]
audit-4.0.1/tools/aulast/aulast.c: scope_hint: In function ‘process_bootup’
audit-4.0.1/tools/aulast/aulast.c:449:21: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("reboot")’
#  447|   	cur->start = start;
#  448|   	cur->name = strdup("reboot");
#  449|-> 	cur->term = strdup("system boot");
#  450|   	if (kernel)
#  451|   		cur->host = strdup(kernel);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def83]
audit-4.0.1/tools/aulast/aulast.c:450:13: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("system boot")’
#  448|   	cur->name = strdup("reboot");
#  449|   	cur->term = strdup("system boot");
#  450|-> 	if (kernel)
#  451|   		cur->host = strdup(kernel);
#  452|   	cur->result = 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def84]
audit-4.0.1/tools/aulastlog/aulastlog-llist.c: scope_hint: In function ‘list_append’
audit-4.0.1/tools/aulastlog/aulastlog-llist.c:50:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘newnode’
#   48|   	newnode = malloc(sizeof(lnode));
#   49|   
#   50|-> 	newnode->sec = node->sec;
#   51|   	newnode->uid = node->uid;
#   52|   	newnode->name = strdup(node->name);

Scan Properties

analyzer-version-clang18.1.3
analyzer-version-cppcheck2.13.0
analyzer-version-gcc14.0.1
analyzer-version-gcc-analyzer14.0.1
analyzer-version-shellcheck0.10.0
enabled-pluginsclang, cppcheck, gcc, shellcheck
exit-code0
hostip-172-16-1-247.us-west-2.compute.internal
mock-configfedora-41-x86_64
project-nameaudit-4.0.1-1.fc41
store-results-to/tmp/tmpmf0jbig2/audit-4.0.1-1.fc41.tar.xz
time-created2024-04-22 10:46:23
time-finished2024-04-22 10:49:33
toolcsmock
tool-args'/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmpmf0jbig2/audit-4.0.1-1.fc41.tar.xz' '--gcc-analyze' '/tmp/tmpmf0jbig2/audit-4.0.1-1.fc41.src.rpm'
tool-versioncsmock-3.5.3-1.el9