iptables-1.8.11-1.fc42

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-476): [#def1]
iptables-1.8.11-build/iptables-1.8.11/include/linux/netfilter_ipv4/ip_tables.h:221:29: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘fw’
iptables-1.8.11-build/iptables-1.8.11/iptables/iptables.c: scope_hint: In function ‘print_firewall_line’
#  219|   ipt_get_target(struct ipt_entry *e)
#  220|   {
#  221|-> 	return (void *)e + e->target_offset;
#  222|   }
#  223|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def2]
iptables-1.8.11-build/iptables-1.8.11/include/linux/netfilter_ipv6/ip6_tables.h:261:29: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘fw’
iptables-1.8.11-build/iptables-1.8.11/iptables/ip6tables.c: scope_hint: In function ‘print_firewall_line’
#  259|   ip6t_get_target(struct ip6t_entry *e)
#  260|   {
#  261|-> 	return (void *)e + e->target_offset;
#  262|   }
#  263|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def3]
iptables-1.8.11-build/iptables-1.8.11/iptables/iptables-save.c: scope_hint: In function ‘for_each_table’
iptables-1.8.11-build/iptables-1.8.11/iptables/iptables-save.c:62:20: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(*afinfo.proc_exists, "re")’
#   60|   
#   61|   	while (fgets(tablename, sizeof(tablename), procfile)) {
#   62|-> 		if (tablename[strlen(tablename) - 1] != '\n')
#   63|   			xtables_error(OTHER_PROBLEM,
#   64|   				      "Badly formed tablename `%s'", tablename);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
iptables-1.8.11-build/iptables-1.8.11/iptables/iptables-save.c:62:20: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(*afinfo.proc_exists, "re")’
#   60|   
#   61|   	while (fgets(tablename, sizeof(tablename), procfile)) {
#   62|-> 		if (tablename[strlen(tablename) - 1] != '\n')
#   63|   			xtables_error(OTHER_PROBLEM,
#   64|   				      "Badly formed tablename `%s'", tablename);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def5]
iptables-1.8.11-build/iptables-1.8.11/iptables/iptables-save.c: scope_hint: In function ‘do_iptables_save’
iptables-1.8.11-build/iptables-1.8.11/iptables/iptables-save.c:164:28: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(optarg, "w")’
#  162|   			}
#  163|   			ret = dup2(fileno(file), STDOUT_FILENO);
#  164|-> 			if (ret == -1) {
#  165|   				fprintf(stderr, "Failed to redirect stdout, error: %s\n",
#  166|   					strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
iptables-1.8.11-build/iptables-1.8.11/iptables/iptables-save.c:164:28: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(optarg, "w")’
#  162|   			}
#  163|   			ret = dup2(fileno(file), STDOUT_FILENO);
#  164|-> 			if (ret == -1) {
#  165|   				fprintf(stderr, "Failed to redirect stdout, error: %s\n",
#  166|   					strerror(errno));

Error: CPPCHECK_WARNING (CWE-457): [#def7]
iptables-1.8.11-build/iptables-1.8.11/iptables/nft-cache.c:207: error[uninitvar]: Uninitialized variable: c
#  205|   
#  206|   	hlist_for_each_entry(c, node, chain_name_hlist(h, t, chain), hnode) {
#  207|-> 		if (!strcmp(nftnl_chain_get_str(c->nftnl, NFTNL_CHAIN_NAME),
#  208|   			    chain))
#  209|   			return c;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def8]
iptables-1.8.11-build/iptables-1.8.11/iptables/nft-ruleparse.c: scope_hint: In function ‘nft_parse_range’
iptables-1.8.11-build/iptables-1.8.11/iptables/nft-ruleparse.c:870:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
iptables-1.8.11-build/iptables-1.8.11/iptables/nft-ruleparse.c:30: included_from: Included from here.
#  868|   	sreg = nft_xt_ctx_get_sreg(ctx, reg);
#  869|   
#  870|-> 	switch (sreg->type) {
#  871|   	case NFT_XT_REG_UNDEF:
#  872|   		ctx->errmsg = "range sreg undef";

Error: CPPCHECK_WARNING (CWE-457): [#def9]
iptables-1.8.11-build/iptables-1.8.11/iptables/nft.c:251: error[uninitvar]: Uninitialized variable: nlh->nlmsg_seq
#  249|   		if (ret == -1) {
#  250|   			mnl_err_list_node_add(&h->err_list, errno,
#  251|-> 					      nlh->nlmsg_seq);
#  252|   			err = -1;
#  253|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def10]
iptables-1.8.11-build/iptables-1.8.11/iptables/xtables-save.c: scope_hint: In function ‘xtables_save_main’
iptables-1.8.11-build/iptables-1.8.11/iptables/xtables-save.c:176:28: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(optarg, "w")’
#  174|   			}
#  175|   			ret = dup2(fileno(file), STDOUT_FILENO);
#  176|-> 			if (ret == -1) {
#  177|   				fprintf(stderr, "Failed to redirect stdout, error: %s\n",
#  178|   					strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def11]
iptables-1.8.11-build/iptables-1.8.11/iptables/xtables-save.c:176:28: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(optarg, "w")’
#  174|   			}
#  175|   			ret = dup2(fileno(file), STDOUT_FILENO);
#  176|-> 			if (ret == -1) {
#  177|   				fprintf(stderr, "Failed to redirect stdout, error: %s\n",
#  178|   					strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def12]
iptables-1.8.11-build/iptables-1.8.11/iptables/xtables-save.c:229:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘ret’
#  227|   	default:
#  228|   		fprintf(stderr, "Unknown family %d\n", family);
#  229|-> 		return 1;
#  230|   	}
#  231|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def13]
iptables-1.8.11-build/iptables-1.8.11/libiptc/libip4tc.c:113: included_from: Included from here.
iptables-1.8.11-build/iptables-1.8.11/libiptc/libiptc.c: scope_hint: In function 'iptcc_chain_index_alloc'
iptables-1.8.11-build/iptables-1.8.11/libiptc/libiptc.c:499:9: warning[-Wanalyzer-null-argument]: use of NULL '*h.chain_index' where non-null expected
iptables-1.8.11-build/iptables-1.8.11/libiptc/libiptc.c:2226:1: note: in expansion of macro 'TC_CREATE_CHAIN'
iptables-1.8.11-build/iptables-1.8.11/libiptc/libiptc.c:40: included_from: Included from here.
iptables-1.8.11-build/iptables-1.8.11/libiptc/linux_list.h:16:56: note: in definition of macro 'container_of'
iptables-1.8.11-build/iptables-1.8.11/libiptc/linux_list.h:381:20: note: in expansion of macro 'list_entry'
iptables-1.8.11-build/iptables-1.8.11/libiptc/libiptc.c:867:17: note: in expansion of macro 'list_for_each_entry'
<built-in>: note: argument 1 of '__builtin_memset' must be non-null
#  497|   		return -ENOMEM;
#  498|   	}
#  499|-> 	memset(h->chain_index, 0, array_mem);
#  500|   	h->chain_index_sz = array_elems;
#  501|   

Error: CPPCHECK_WARNING (CWE-457): [#def14]
iptables-1.8.11-build/iptables-1.8.11/libxtables/xtables.c:284: warning[uninitvar]: Uninitialized variables: n.next, n.pprev
#  282|   
#  283|   	for (i = 0; i < NOTARGET_HSIZE; i++) {
#  284|-> 		hlist_for_each_entry_safe(cur, pos, n, &notargets[i], node) {
#  285|   			hlist_del(&cur->node);
#  286|   			free(cur);

Error: CPPCHECK_WARNING (CWE-457): [#def15]
iptables-1.8.11-build/iptables-1.8.11/libxtables/xtables.c:286: warning[uninitvar]: Uninitialized variable: cur
#  284|   		hlist_for_each_entry_safe(cur, pos, n, &notargets[i], node) {
#  285|   			hlist_del(&cur->node);
#  286|-> 			free(cur);
#  287|   		}
#  288|   	}

Error: CPPCHECK_WARNING (CWE-457): [#def16]
iptables-1.8.11-build/iptables-1.8.11/libxtables/xtables.c:308: error[uninitvar]: Uninitialized variable: cur
#  306|   
#  307|   	hlist_for_each_entry(cur, node, &notargets[key], node) {
#  308|-> 		if (!strcmp(name, cur->name))
#  309|   			return cur;
#  310|   	}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def17]
iptables-1.8.11-build/iptables-1.8.11/libxtables/xtoptions.c: scope_hint: In function 'xtopt_parse_hostmask'
iptables-1.8.11-build/iptables-1.8.11/libxtables/xtoptions.c:766:14: warning[-Wanalyzer-null-dereference]: dereference of NULL 'p'
#  764|   	work = xtables_strdup(orig_arg);
#  765|   	p = strchr(work, '/'); /* by def this can't be NULL now */
#  766|-> 	*p++ = '\0';
#  767|   	/*
#  768|   	 * Because xtopt_parse_host and xtopt_parse_plenmask would store

Scan Properties