Fixed findings

List of Findings

Error: CPPCHECK_WARNING (CWE-823): [#def1]
pam-1.6.1-build/Linux-PAM-1.6.1/examples/tty_conv.c:79: error[arrayIndexOutOfBounds]: Array 'input[512]' accessed at index 512, which is out of bounds.
#   77|       }
#   78|       funlockfile(stdin);
#   79|->     input[i] = '\0';
#   80|   
#   81|       return (strdup(input));

Error: COMPILER_WARNING (CWE-477): [#def2]
pam-1.6.1-build/Linux-PAM-1.6.1/libpam/pam_modutil_searchkey.c: scope_hint: In function ‘econf_search_key’
pam-1.6.1-build/Linux-PAM-1.6.1/libpam/pam_modutil_searchkey.c:33:9: warning[-Wdeprecated-declarations]: ‘econf_readDirs’ is deprecated: Use the econf_readConfig/econf_readConfigWithCallback instead
#   33 |         if (econf_readDirs (&key_file, VENDORDIR, SYSCONFDIR, name, suffix,
#      |         ^~
pam-1.6.1-build/Linux-PAM-1.6.1/libpam/pam_modutil_searchkey.c:17: included_from: Included from here.
/usr/include/libeconf.h:497:1: note: declared here
#  497 | econf_readDirs(econf_file **key_file,
#      | ^~~~~~~~~~~~~~
#   31|   	char *val;
#   32|   
#   33|-> 	if (econf_readDirs (&key_file, VENDORDIR, SYSCONFDIR, name, suffix,
#   34|   			    " \t", "#"))
#   35|   		return NULL;

Error: COMPILER_WARNING (CWE-477): [#def3]
pam-1.6.1-build/Linux-PAM-1.6.1/modules/pam_env/pam_env.c: scope_hint: In function ‘econf_read_file’
pam-1.6.1-build/Linux-PAM-1.6.1/modules/pam_env/pam_env.c:245:7: warning[-Wdeprecated-declarations]: ‘econf_readDirs’ is deprecated: Use the econf_readConfig/econf_readConfigWithCallback instead
pam-1.6.1-build/Linux-PAM-1.6.1/modules/pam_env/pam_env.c:24: included_from: Included from here.
/usr/include/libeconf.h:497:1: note: declared here
#  243|   
#  244|         D(("Read configuration from directory %s and %s", vendor_dir, sysconf_dir));
#  245|->       error = econf_readDirs (&key_file, vendor_dir, sysconf_dir, name, suffix,
#  246|   			      delim, "#");
#  247|         free(vendor_dir);

Error: COMPILER_WARNING (CWE-252): [#def4]
pam-1.6.1-build/Linux-PAM-1.6.1/modules/pam_faillock/main.c: scope_hint: In function ‘do_user’
pam-1.6.1-build/Linux-PAM-1.6.1/modules/pam_faillock/main.c:250:25: warning[-Wunused-result]: ignoring return value of ‘audit_log_acct_message’ declared with attribute ‘warn_unused_result’
#  250 |                         audit_log_acct_message(audit_fd, AUDIT_USER_MGMT, NULL,
#      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  251 |                                 "faillock-reset", user,
#      |                                 ~~~~~~~~~~~~~~~~~~~~~~~
#  252 |                                 pwd != NULL ? pwd->pw_uid : AUDIT_NO_ID,
#      |                                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  253 |                                 NULL, NULL, NULL, rv == 0);
#      |                                 ~~~~~~~~~~~~~~~~~~~~~~~~~~
#  248|   		}
#  249|   		if ((audit_fd=audit_open()) >= 0) {
#  250|-> 			audit_log_acct_message(audit_fd, AUDIT_USER_MGMT, NULL,
#  251|   				"faillock-reset", user,
#  252|   				pwd != NULL ? pwd->pw_uid : AUDIT_NO_ID,

Error: COMPILER_WARNING (CWE-252): [#def5]
pam-1.6.1-build/Linux-PAM-1.6.1/modules/pam_faillock/pam_faillock.c: scope_hint: In function ‘check_tally’
pam-1.6.1-build/Linux-PAM-1.6.1/modules/pam_faillock/pam_faillock.c:256:33: warning[-Wunused-result]: ignoring return value of ‘audit_log_user_message’ declared with attribute ‘warn_unused_result’
#  256 |                                 audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf,
#      |                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  257 |                                         rhost, NULL, tty, 1);
#      |                                         ~~~~~~~~~~~~~~~~~~~~
#  254|   				(void)pam_get_item(pamh, PAM_RHOST, &rhost);
#  255|   				snprintf(buf, sizeof(buf), "op=pam_faillock suid=%u ", opts->uid);
#  256|-> 				audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf,
#  257|   					rhost, NULL, tty, 1);
#  258|   				audit_close(audit_fd);

Error: COMPILER_WARNING (CWE-252): [#def6]
pam-1.6.1-build/Linux-PAM-1.6.1/modules/pam_faillock/pam_faillock.c: scope_hint: In function ‘write_tally’
pam-1.6.1-build/Linux-PAM-1.6.1/modules/pam_faillock/pam_faillock.c:373:17: warning[-Wunused-result]: ignoring return value of ‘audit_log_user_message’ declared with attribute ‘warn_unused_result’
#  373 |                 audit_log_user_message(audit_fd, AUDIT_ANOM_LOGIN_FAILURES, buf,
#      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  374 |                         NULL, NULL, NULL, 1);
#      |                         ~~~~~~~~~~~~~~~~~~~~
#  371|   
#  372|   		snprintf(buf, sizeof(buf), "op=pam_faillock suid=%u ", opts->uid);
#  373|-> 		audit_log_user_message(audit_fd, AUDIT_ANOM_LOGIN_FAILURES, buf,
#  374|   			NULL, NULL, NULL, 1);
#  375|   

Error: COMPILER_WARNING (CWE-252): [#def7]
pam-1.6.1-build/Linux-PAM-1.6.1/modules/pam_faillock/pam_faillock.c:377:25: warning[-Wunused-result]: ignoring return value of ‘audit_log_user_message’ declared with attribute ‘warn_unused_result’
#  377 |                         audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_LOCK, buf,
#      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  378 |                                 NULL, NULL, NULL, 1);
#      |                                 ~~~~~~~~~~~~~~~~~~~~
#  375|   
#  376|   		if (!opts->is_admin || (opts->flags & FAILLOCK_FLAG_DENY_ROOT)) {
#  377|-> 			audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_LOCK, buf,
#  378|   				NULL, NULL, NULL, 1);
#  379|   		}

Scan Properties

analyzer-version-clippy	1.82.0
analyzer-version-cppcheck	2.16.0
analyzer-version-gcc	14.2.1
analyzer-version-gcc-analyzer	15.0.0
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.82.0
diffbase-analyzer-version-cppcheck	2.16.0
diffbase-analyzer-version-gcc	14.2.1
diffbase-analyzer-version-gcc-analyzer	15.0.0
diffbase-analyzer-version-shellcheck	0.10.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-192.us-west-2.compute.internal
diffbase-mock-config	fedora-rawhide-gcc-latest-x86_64
diffbase-project-name	pam-1.7.0-2.fc42
diffbase-store-results-to	/tmp/tmpt7d4uuut/pam-1.7.0-2.fc42.tar.xz
diffbase-time-created	2024-11-13 02:16:04
diffbase-time-finished	2024-11-13 02:22:25
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmpt7d4uuut/pam-1.7.0-2.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpt7d4uuut/pam-1.7.0-2.fc42.src.rpm'
diffbase-tool-version	csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-192.us-west-2.compute.internal
mock-config	fedora-rawhide-gcc-latest-x86_64
project-name	pam-1.6.1-5.fc41
store-results-to	/tmp/tmpg25_e0do/pam-1.6.1-5.fc41.tar.xz
time-created	2024-11-13 02:11:38
time-finished	2024-11-13 02:15:41
title	Fixed findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmpg25_e0do/pam-1.6.1-5.fc41.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpg25_e0do/pam-1.6.1-5.fc41.src.rpm'
tool-version	csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9