nftables-1.1.3-1.fc43

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1]
nftables-1.1.3/src/parser_bison.c:7927:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'yyss'
nftables-1.1.3/src/parser_bison.c:7882:6: branch_true: following 'true' branch...
nftables-1.1.3/src/parser_bison.c:7888:34: branch_true: ...to here
nftables-1.1.3/src/parser_bison.c:7914:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')...
nftables-1.1.3/src/parser_bison.c:7916:7: branch_false: ...to here
nftables-1.1.3/src/parser_bison.c:7925:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)...
nftables-1.1.3/src/parser_bison.c:7927:9: branch_false: ...to here
nftables-1.1.3/src/parser_bison.c:7927:9: danger: use of uninitialized value 'yyss' here
# 7925|           if (! yyptr)
# 7926|             YYNOMEM;
# 7927|->         YYSTACK_RELOCATE (yyss_alloc, yyss);
# 7928|           YYSTACK_RELOCATE (yyvs_alloc, yyvs);
# 7929|           YYSTACK_RELOCATE (yyls_alloc, yyls);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def2]
nftables-1.1.3/src/parser_bison.c:8058:3: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '*<unknown>'
nftables-1.1.3/src/parser_bison.c:7882:6: branch_false: following 'false' branch...
nftables-1.1.3/src/parser_bison.c:7951:6: branch_false: ...to here
nftables-1.1.3/src/parser_bison.c:7951:6: branch_false: following 'false' branch (when 'yystate != 2')...
nftables-1.1.3/src/parser_bison.c:7954:3: branch_false: ...to here
nftables-1.1.3/src/parser_bison.c:7966:6: branch_true: following 'true' branch (when 'yyn == -1824')...
nftables-1.1.3/src/parser_bison.c:7967:5: branch_true: ...to here
nftables-1.1.3/src/parser_bison.c:8038:6: branch_false: following 'false' branch (when 'yyn != 0')...
nftables-1.1.3/src/parser_bison.c:8040:3: branch_false: ...to here
nftables-1.1.3/src/parser_bison.c:8058:3: danger: use of uninitialized value '*<unknown>' here
# 8056|        unconditionally makes the parser a bit smaller, and it avoids a
# 8057|        GCC warning that YYVAL may be used uninitialized.  */
# 8058|->   yyval = yyvsp[1-yylen];
# 8059|   
# 8060|     /* Default location. */

Error: GCC_ANALYZER_WARNING (CWE-457): [#def3]
nftables-1.1.3/src/parser_json.c:3589:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'family'
nftables-1.1.3/src/parser_json.c:3564:20: enter_function: entry to 'json_parse_cmd_add_flowtable'
nftables-1.1.3/src/parser_json.c:3574:13: call_function: calling 'json_unpack_err' from 'json_parse_cmd_add_flowtable'
nftables-1.1.3/src/parser_json.c:3574:13: return_function: returning to 'json_parse_cmd_add_flowtable' from 'json_unpack_err'
nftables-1.1.3/src/parser_json.c:3574:12: branch_false: following 'false' branch...
nftables-1.1.3/src/parser_json.c:3579:12: branch_false: ...to here
nftables-1.1.3/src/parser_json.c:3589:13: danger: use of uninitialized value 'family' here
# 3587|   	}
# 3588|   
# 3589|-> 	if (parse_family(family, &h.family)) {
# 3590|   		json_error(ctx, "Unknown family '%s'.", family);
# 3591|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def4]
nftables-1.1.3/src/payload.c:882:57: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
nftables-1.1.3/src/payload.c:855:13: enter_function: entry to 'payload_may_dependency_kill'
nftables-1.1.3/src/payload.c:858:28: call_function: calling 'payload_dependency_get' from 'payload_may_dependency_kill'
nftables-1.1.3/src/payload.c:858:28: return_function: returning to 'payload_may_dependency_kill' from 'payload_dependency_get'
nftables-1.1.3/src/payload.c:882:20: branch_true: following 'true' branch...
nftables-1.1.3/src/payload.c:882:57: branch_true: ...to here
nftables-1.1.3/src/payload.c:882:57: danger: dereference of NULL 'payload_dependency_get(ctx, *expr.<Ue0a0>.payload.base)'
#  880|   		 * for stacked protocols if we only have protcol type matches.
#  881|   		 */
#  882|-> 		if (dep->left->etype == EXPR_PAYLOAD && dep->op == OP_EQ &&
#  883|   		    expr->payload.base == dep->left->payload.base) {
#  884|   			if (expr->flags & EXPR_F_PROTOCOL)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def5]
nftables-1.1.3/src/rule.c:2293:13: warning[-Wanalyzer-null-dereference]: dereference of NULL 'table'
nftables-1.1.3/src/rule.c:2602:5: enter_function: entry to 'do_command'
nftables-1.1.3/src/rule.c:2619:24: call_function: calling 'do_command_list' from 'do_command'
# 2291|   	const char *family = family2str(table->handle.family);
# 2292|   
# 2293|-> 	if (table->has_xt_stmts)
# 2294|   		fprintf(octx->error_fp,
# 2295|   			"# Warning: table %s %s is managed by iptables-nft, do not touch!\n",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
nftables-1.1.3/src/scanner.c:8759:12: warning[-Wanalyzer-malloc-leak]: leak of 'malloc(64)'
nftables-1.1.3/src/scanner.c:8742:21: enter_function: entry to 'nft__create_buffer'
nftables-1.1.3/src/scanner.c:8749:31: call_function: inlined call to 'nft_alloc' from 'nft__create_buffer'
nftables-1.1.3/src/scanner.c:8750:12: branch_false: following 'false' branch...
nftables-1.1.3/src/scanner.c:8753:9: branch_false: ...to here
nftables-1.1.3/src/scanner.c:8759:12: danger: 'malloc(64)' leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
# 8757|   	 */
# 8758|   	b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2) , yyscanner );
# 8759|-> 	if ( ! b->yy_ch_buf )
# 8760|   		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
# 8761|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def7]
nftables-1.1.3/src/scanner.c:8813:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'b'
nftables-1.1.3/src/scanner.c:8658:10: enter_function: entry to 'nft_restart'
nftables-1.1.3/src/scanner.c:8666:9: call_function: calling 'nft_ensure_buffer_stack' from 'nft_restart'
nftables-1.1.3/src/scanner.c:8666:9: return_function: returning to 'nft_restart' from 'nft_ensure_buffer_stack'
nftables-1.1.3/src/scanner.c:8668:13: call_function: calling 'nft__create_buffer' from 'nft_restart'
nftables-1.1.3/src/scanner.c:8668:13: return_function: returning to 'nft_restart' from 'nft__create_buffer'
nftables-1.1.3/src/scanner.c:8671:9: branch_false: following 'false' branch...
nftables-1.1.3/src/scanner.c:8671:9: branch_false: ...to here
nftables-1.1.3/src/scanner.c:8671:9: call_function: calling 'nft__init_buffer' from 'nft_restart'
# 8811|   
# 8812|   /* %if-c-only */
# 8813|-> 	b->yy_input_file = file;
# 8814|   /* %endif */
# 8815|   /* %if-c++-only */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
nftables-1.1.3/src/scanner.c:8964:17: warning[-Wanalyzer-malloc-leak]: leak of 'malloc(8)'
nftables-1.1.3/src/scanner.l:1173:5: enter_function: entry to 'scanner_read_file'
nftables-1.1.3/src/scanner.l:1176:16: call_function: calling 'include_file' from 'scanner_read_file'
# 8962|   		memset(yyg->yy_buffer_stack, 0, num_to_alloc * sizeof(struct yy_buffer_state*));
# 8963|   
# 8964|-> 		yyg->yy_buffer_stack_max = num_to_alloc;
# 8965|   		yyg->yy_buffer_stack_top = 0;
# 8966|   		return;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def9]
nftables-1.1.3/src/scanner.c:9038:16: warning[-Wanalyzer-malloc-leak]: leak of '<return-value>'
nftables-1.1.3/src/scanner.l:1257:6: enter_function: entry to 'scanner_push_buffer'
nftables-1.1.3/src/scanner.l:1270:13: call_function: calling 'nft__scan_string' from 'scanner_push_buffer'
# 9036|   {
# 9037|       
# 9038|-> 	return yy_scan_bytes( yystr, (int) strlen(yystr) , yyscanner);
# 9039|   }
# 9040|   /* %endif */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def10]
nftables-1.1.3/src/scanner.c:9038:16: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
nftables-1.1.3/src/scanner.l:1257:6: enter_function: entry to 'scanner_push_buffer'
nftables-1.1.3/src/scanner.l:1270:13: call_function: calling 'nft__scan_string' from 'scanner_push_buffer'
# 9036|   {
# 9037|       
# 9038|-> 	return yy_scan_bytes( yystr, (int) strlen(yystr) , yyscanner);
# 9039|   }
# 9040|   /* %endif */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def11]
nftables-1.1.3/src/scanner.c:9066:32: warning[-Wanalyzer-malloc-leak]: leak of 'malloc(n)'
nftables-1.1.3/src/scanner.c:9050:17: enter_function: entry to 'nft__scan_bytes'
nftables-1.1.3/src/scanner.c:9059:24: call_function: inlined call to 'nft_alloc' from 'nft__scan_bytes'
nftables-1.1.3/src/scanner.c:9060:12: branch_false: following 'false' branch...
 branch_false: ...to here
nftables-1.1.3/src/scanner.c:9068:13: call_function: calling 'nft__scan_buffer' from 'nft__scan_bytes'
# 9064|   		buf[i] = yybytes[i];
# 9065|   
# 9066|-> 	buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
# 9067|   
# 9068|   	b = yy_scan_buffer( buf, n , yyscanner);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def12]
nftables-1.1.3/src/scanner.c:9305:5: warning[-Wanalyzer-null-dereference]: dereference of NULL 'scanner'
nftables-1.1.3/src/scanner.l:1275:7: enter_function: entry to 'scanner_init'
nftables-1.1.3/src/scanner.l:1279:9: call_function: calling 'nft_lex_init_extra' from 'scanner_init'
nftables-1.1.3/src/scanner.l:1279:9: return_function: returning to 'scanner_init' from 'nft_lex_init_extra'
nftables-1.1.3/src/scanner.l:1280:9: call_function: inlined call to 'nft_set_out' from 'scanner_init'
# 9303|   {
# 9304|       struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
# 9305|->     yyout = _out_str ;
# 9306|   }
# 9307|   

Scan Properties