Error: SHELLCHECK_WARNING (CWE-563): [#def1] /usr/share/doc/wpa_supplicant/examples/p2p-action-udhcp.sh:3:1: warning[SC2034]: IFNAME appears unused. Verify use (or export if used externally). # 1| #!/bin/sh # 2| # 3|-> IFNAME=$1 # 4| CMD=$2 # 5| Error: SHELLCHECK_WARNING (CWE-563): [#def2] /usr/share/doc/wpa_supplicant/examples/p2p-action.sh:3:1: warning[SC2034]: IFNAME appears unused. Verify use (or export if used externally). # 1| #!/bin/sh # 2| # 3|-> IFNAME=$1 # 4| CMD=$2 # 5| Error: GCC_ANALYZER_WARNING (CWE-476): [#def3] wpa_supplicant-2.11/src/utils/list.h:43:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_nl80211.c:10732:12: enter_function: entry to ‘driver_nl80211_if_remove’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_nl80211.c:10736:16: call_function: calling ‘wpa_driver_nl80211_if_remove’ from ‘driver_nl80211_if_remove’ # 41| static inline void dl_list_del(struct dl_list *item) # 42| { # 43|-> item->next->prev = item->prev; # 44| item->prev->next = item->next; # 45| item->next = NULL; Error: GCC_ANALYZER_WARNING (CWE-415): [#def4] wpa_supplicant-2.11/src/utils/os.h:589:16: warning[-Wanalyzer-double-free]: double-‘free’ of ‘bssid’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14184:8: enter_function: entry to ‘wpa_supplicant_global_ctrl_iface_process’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14192:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14193:29: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14194:20: branch_true: following ‘true’ branch (when ‘pos’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14195:26: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14196:32: call_function: calling ‘wpas_global_ctrl_iface_ifname’ from ‘wpa_supplicant_global_ctrl_iface_process’ # 587| if (size && nmemb > (~(size_t) 0) / size) # 588| return NULL; # 589|-> return os_realloc(ptr, nmemb * size); # 590| } # 591| Error: GCC_ANALYZER_WARNING (CWE-415): [#def5] wpa_supplicant-2.11/src/utils/os.h:589:16: warning[-Wanalyzer-double-free]: double-‘free’ of ‘ssid’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14184:8: enter_function: entry to ‘wpa_supplicant_global_ctrl_iface_process’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14192:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14193:29: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14194:20: branch_true: following ‘true’ branch (when ‘pos’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14195:26: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14196:32: call_function: calling ‘wpas_global_ctrl_iface_ifname’ from ‘wpa_supplicant_global_ctrl_iface_process’ # 587| if (size && nmemb > (~(size_t) 0) / size) # 588| return NULL; # 589|-> return os_realloc(ptr, nmemb * size); # 590| } # 591| Error: COMPILER_WARNING (CWE-563): [#def6] wpa_supplicant-2.11/src/utils/os_unix.c:26: included_from: Included from here. wpa_supplicant-2.11/src/utils/os.h: scope_hint: In function ‘testing_set_fail_pattern’ wpa_supplicant-2.11/src/utils/os.h:698:49: warning[-Wunused-parameter]: unused parameter ‘is_alloc’ # 698 | static inline int testing_set_fail_pattern(bool is_alloc, char *patterns) # | ~~~~~^~~~~~~~ # 696| #define TEST_FAIL() 0 # 697| #define TEST_FAIL_TAG(tag) 0 # 698|-> static inline int testing_set_fail_pattern(bool is_alloc, char *patterns) # 699| { # 700| return -1; Error: COMPILER_WARNING (CWE-563): [#def7] wpa_supplicant-2.11/src/utils/os.h:698:65: warning[-Wunused-parameter]: unused parameter ‘patterns’ # 698 | static inline int testing_set_fail_pattern(bool is_alloc, char *patterns) # | ~~~~~~^~~~~~~~ # 696| #define TEST_FAIL() 0 # 697| #define TEST_FAIL_TAG(tag) 0 # 698|-> static inline int testing_set_fail_pattern(bool is_alloc, char *patterns) # 699| { # 700| return -1; Error: COMPILER_WARNING (CWE-563): [#def8] wpa_supplicant-2.11/src/utils/os.h: scope_hint: In function ‘testing_get_fail_pattern’ wpa_supplicant-2.11/src/utils/os.h:703:49: warning[-Wunused-parameter]: unused parameter ‘is_alloc’ # 703 | static inline int testing_get_fail_pattern(bool is_alloc, char *buf, # | ~~~~~^~~~~~~~ # 701| } # 702| # 703|-> static inline int testing_get_fail_pattern(bool is_alloc, char *buf, # 704| size_t buflen) # 705| { Error: COMPILER_WARNING (CWE-563): [#def9] wpa_supplicant-2.11/src/utils/os.h:703:65: warning[-Wunused-parameter]: unused parameter ‘buf’ # 703 | static inline int testing_get_fail_pattern(bool is_alloc, char *buf, # | ~~~~~~^~~ # 701| } # 702| # 703|-> static inline int testing_get_fail_pattern(bool is_alloc, char *buf, # 704| size_t buflen) # 705| { Error: COMPILER_WARNING (CWE-563): [#def10] wpa_supplicant-2.11/src/utils/os.h:704:51: warning[-Wunused-parameter]: unused parameter ‘buflen’ # 704 | size_t buflen) # | ~~~~~~~^~~~~~ # 702| # 703| static inline int testing_get_fail_pattern(bool is_alloc, char *buf, # 704|-> size_t buflen) # 705| { # 706| return -1; Error: COMPILER_WARNING (CWE-590): [#def11] wpa_supplicant-2.11/src/utils/wpabuf.c:202:17: warning[-Wfree-nonheap-object]: ‘free’ called on pointer ‘_1186’ with nonzero offset 32 # 202 | os_free(buf->buf); # | ^ wpa_supplicant-2.11/src/utils/os_unix.c:486:16: note: returned from ‘calloc’ # 486 | return calloc(1, size); # | ^ # 200| return; # 201| if (buf->flags & WPABUF_FLAG_EXT_DATA) # 202|-> os_free(buf->buf); # 203| os_free(buf); # 204| #endif /* WPA_TRACE */ Error: COMPILER_WARNING (CWE-590): [#def12] wpa_supplicant-2.11/src/utils/wpabuf.c:202:17: warning[-Wfree-nonheap-object]: ‘free’ called on pointer ‘_154’ with nonzero offset 32 # 202 | os_free(buf->buf); # | ^ wpa_supplicant-2.11/src/utils/os_unix.c:486:16: note: returned from ‘calloc’ # 486 | return calloc(1, size); # | ^ # 200| return; # 201| if (buf->flags & WPABUF_FLAG_EXT_DATA) # 202|-> os_free(buf->buf); # 203| os_free(buf); # 204| #endif /* WPA_TRACE */ Error: COMPILER_WARNING (CWE-590): [#def13] wpa_supplicant-2.11/src/utils/wpabuf.c:202:17: warning[-Wfree-nonheap-object]: ‘free’ called on pointer ‘_157’ with nonzero offset 32 # 202 | os_free(buf->buf); # | ^ wpa_supplicant-2.11/src/utils/os_unix.c:486:16: note: returned from ‘calloc’ # 486 | return calloc(1, size); # | ^ # 200| return; # 201| if (buf->flags & WPABUF_FLAG_EXT_DATA) # 202|-> os_free(buf->buf); # 203| os_free(buf); # 204| #endif /* WPA_TRACE */ Error: COMPILER_WARNING (CWE-590): [#def14] wpa_supplicant-2.11/src/utils/wpabuf.c:202:17: warning[-Wfree-nonheap-object]: ‘free’ called on pointer ‘_258’ with nonzero offset 32 # 202 | os_free(buf->buf); # | ^ wpa_supplicant-2.11/src/utils/os_unix.c:486:16: note: returned from ‘calloc’ # 486 | return calloc(1, size); # | ^ # 200| return; # 201| if (buf->flags & WPABUF_FLAG_EXT_DATA) # 202|-> os_free(buf->buf); # 203| os_free(buf); # 204| #endif /* WPA_TRACE */ Error: COMPILER_WARNING (CWE-590): [#def15] wpa_supplicant-2.11/src/utils/wpabuf.c:202:17: warning[-Wfree-nonheap-object]: ‘free’ called on pointer ‘_29’ with nonzero offset 32 # 202 | os_free(buf->buf); # | ^ wpa_supplicant-2.11/src/utils/os_unix.c:486:16: note: returned from ‘calloc’ # 486 | return calloc(1, size); # | ^ # 200| return; # 201| if (buf->flags & WPABUF_FLAG_EXT_DATA) # 202|-> os_free(buf->buf); # 203| os_free(buf); # 204| #endif /* WPA_TRACE */ Error: COMPILER_WARNING (CWE-590): [#def16] wpa_supplicant-2.11/src/utils/wpabuf.c:202:17: warning[-Wfree-nonheap-object]: ‘free’ called on pointer ‘_310’ with nonzero offset 32 # 202 | os_free(buf->buf); # | ^ wpa_supplicant-2.11/src/utils/os_unix.c:486:16: note: returned from ‘calloc’ # 486 | return calloc(1, size); # | ^ # 200| return; # 201| if (buf->flags & WPABUF_FLAG_EXT_DATA) # 202|-> os_free(buf->buf); # 203| os_free(buf); # 204| #endif /* WPA_TRACE */ Error: COMPILER_WARNING (CWE-590): [#def17] wpa_supplicant-2.11/src/utils/wpabuf.c:202:17: warning[-Wfree-nonheap-object]: ‘free’ called on pointer ‘_401’ with nonzero offset 32 # 202 | os_free(buf->buf); # | ^ wpa_supplicant-2.11/src/utils/os_unix.c:486:16: note: returned from ‘calloc’ # 486 | return calloc(1, size); # | ^ # 200| return; # 201| if (buf->flags & WPABUF_FLAG_EXT_DATA) # 202|-> os_free(buf->buf); # 203| os_free(buf); # 204| #endif /* WPA_TRACE */ Error: COMPILER_WARNING (CWE-590): [#def18] wpa_supplicant-2.11/src/utils/wpabuf.c:202:17: warning[-Wfree-nonheap-object]: ‘free’ called on pointer ‘_515’ with nonzero offset 32 # 202 | os_free(buf->buf); # | ^ wpa_supplicant-2.11/src/utils/os_unix.c:486:16: note: returned from ‘calloc’ # 486 | return calloc(1, size); # | ^ # 200| return; # 201| if (buf->flags & WPABUF_FLAG_EXT_DATA) # 202|-> os_free(buf->buf); # 203| os_free(buf); # 204| #endif /* WPA_TRACE */ Error: COMPILER_WARNING (CWE-590): [#def19] wpa_supplicant-2.11/src/utils/wpabuf.c:202:17: warning[-Wfree-nonheap-object]: ‘free’ called on pointer ‘_624’ with nonzero offset 32 # 202 | os_free(buf->buf); # | ^ wpa_supplicant-2.11/src/utils/os_unix.c:486:16: note: returned from ‘calloc’ # 486 | return calloc(1, size); # | ^ # 200| return; # 201| if (buf->flags & WPABUF_FLAG_EXT_DATA) # 202|-> os_free(buf->buf); # 203| os_free(buf); # 204| #endif /* WPA_TRACE */ Error: COMPILER_WARNING (CWE-590): [#def20] wpa_supplicant-2.11/src/utils/wpabuf.c:202:17: warning[-Wfree-nonheap-object]: ‘free’ called on pointer ‘_682’ with nonzero offset 32 # 202 | os_free(buf->buf); # | ^ wpa_supplicant-2.11/src/utils/os_unix.c:486:16: note: returned from ‘calloc’ # 486 | return calloc(1, size); # | ^ # 200| return; # 201| if (buf->flags & WPABUF_FLAG_EXT_DATA) # 202|-> os_free(buf->buf); # 203| os_free(buf); # 204| #endif /* WPA_TRACE */ Error: GCC_ANALYZER_WARNING (CWE-476): [#def21] wpa_supplicant-2.11/src/utils/wpabuf.h:60:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘adv_proto’ wpa_supplicant-2.11/wpa_supplicant/../src/ap/dpp_hostapd.c:1254:13: enter_function: entry to ‘hostapd_dpp_gas_resp_cb’ wpa_supplicant-2.11/wpa_supplicant/../src/ap/dpp_hostapd.c:1265:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/ap/dpp_hostapd.c:1269:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/ap/dpp_hostapd.c:1269:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/ap/dpp_hostapd.c:1269:13: branch_false: following ‘false’ branch (when ‘status_code == 0’)... wpa_supplicant-2.11/wpa_supplicant/../src/ap/dpp_hostapd.c:1275:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/ap/dpp_hostapd.c:1275:9: call_function: calling ‘wpa_hexdump_buf’ from ‘hostapd_dpp_gas_resp_cb’ wpa_supplicant-2.11/wpa_supplicant/../src/ap/dpp_hostapd.c:1275:9: return_function: returning to ‘hostapd_dpp_gas_resp_cb’ from ‘wpa_hexdump_buf’ wpa_supplicant-2.11/wpa_supplicant/../src/ap/dpp_hostapd.c:1277:9: call_function: calling ‘wpa_hexdump_buf’ from ‘hostapd_dpp_gas_resp_cb’ wpa_supplicant-2.11/wpa_supplicant/../src/ap/dpp_hostapd.c:1277:9: return_function: returning to ‘hostapd_dpp_gas_resp_cb’ from ‘wpa_hexdump_buf’ wpa_supplicant-2.11/wpa_supplicant/../src/ap/dpp_hostapd.c:1280:13: call_function: inlined call to ‘wpabuf_len’ from ‘hostapd_dpp_gas_resp_cb’ # 58| static inline size_t wpabuf_len(const struct wpabuf *buf) # 59| { # 60|-> return buf->used; # 61| } # 62| Error: GCC_ANALYZER_WARNING (CWE-476): [#def22] wpa_supplicant-2.11/src/utils/wpabuf.h:60:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘in_decrypted’ wpa_supplicant-2.11/wpa_supplicant/../src/eap_peer/eap_fast.c:1537:24: enter_function: entry to ‘eap_fast_process’ wpa_supplicant-2.11/wpa_supplicant/../src/eap_peer/eap_fast.c:1552:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/eap_peer/eap_fast.c:1555:15: call_function: inlined call to ‘wpabuf_head’ from ‘eap_fast_process’ wpa_supplicant-2.11/wpa_supplicant/../src/eap_peer/eap_fast.c:1568:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/eap_peer/eap_fast.c:1569:14: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/eap_peer/eap_fast.c:1568:13: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/eap_peer/eap_fast.c:1571:23: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/eap_peer/eap_fast.c:1571:23: call_function: calling ‘eap_fast_decrypt’ from ‘eap_fast_process’ # 58| static inline size_t wpabuf_len(const struct wpabuf *buf) # 59| { # 60|-> return buf->used; # 61| } # 62| Error: GCC_ANALYZER_WARNING (CWE-476): [#def23] wpa_supplicant-2.11/src/utils/wpabuf.h:60:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘query_resp’ wpa_supplicant-2.11/wpa_supplicant/../src/common/gas_server.c:166:1: enter_function: entry to ‘gas_server_rx_initial_req’ wpa_supplicant-2.11/wpa_supplicant/../src/common/gas_server.c:182:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/common/gas_server.c:189:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/common/gas_server.c:200:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/common/gas_server.c:204:25: call_function: inlined call to ‘WPA_GET_LE16’ from ‘gas_server_rx_initial_req’ wpa_supplicant-2.11/wpa_supplicant/../src/common/gas_server.c:206:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/common/gas_server.c:211:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/common/gas_server.c:222:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/common/gas_server.c:225:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/common/gas_server.c:226:9: branch_true: following ‘true’ branch (when ‘handler != gas’)... wpa_supplicant-2.11/wpa_supplicant/../src/common/gas_server.c:228:21: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/common/gas_server.c:245:17: call_function: calling ‘wpa_hexdump_buf’ from ‘gas_server_rx_initial_req’ wpa_supplicant-2.11/wpa_supplicant/../src/common/gas_server.c:245:17: return_function: returning to ‘gas_server_rx_initial_req’ from ‘wpa_hexdump_buf’ wpa_supplicant-2.11/wpa_supplicant/../src/common/gas_server.c:247:20: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/common/gas_server.c:252:20: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/common/gas_server.c:256:17: call_function: calling ‘gas_server_send_resp’ from ‘gas_server_rx_initial_req’ # 58| static inline size_t wpabuf_len(const struct wpabuf *buf) # 59| { # 60|-> return buf->used; # 61| } # 62| Error: GCC_ANALYZER_WARNING (CWE-476): [#def24] wpa_supplicant-2.11/src/utils/wpabuf.h:95:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘reqData’ wpa_supplicant-2.11/wpa_supplicant/../src/eap_peer/eap_aka.c:1464:24: enter_function: entry to ‘eap_aka_process’ wpa_supplicant-2.11/wpa_supplicant/../src/eap_peer/eap_aka.c:1476:9: call_function: calling ‘wpa_hexdump_buf’ from ‘eap_aka_process’ wpa_supplicant-2.11/wpa_supplicant/../src/eap_peer/eap_aka.c:1476:9: return_function: returning to ‘eap_aka_process’ from ‘wpa_hexdump_buf’ wpa_supplicant-2.11/wpa_supplicant/../src/eap_peer/eap_aka.c:1477:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/eap_peer/eap_aka.c:1484:49: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/eap_peer/eap_aka.c:1486:12: branch_false: following ‘false’ branch... # 93| static inline const void * wpabuf_head(const struct wpabuf *buf) # 94| { # 95|-> return buf->buf; # 96| } # 97| Error: GCC_ANALYZER_WARNING (CWE-476): [#def25] wpa_supplicant-2.11/src/utils/wpabuf.h:110:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘in_decrypted’ wpa_supplicant-2.11/wpa_supplicant/../src/eap_peer/eap_peap.c:792:12: enter_function: entry to ‘eap_peap_decrypt’ wpa_supplicant-2.11/wpa_supplicant/../src/eap_peer/eap_peap.c:807:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/eap_peer/eap_peap.c:808:17: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/eap_peer/eap_peap.c:846:9: call_function: calling ‘wpa_hexdump_buf’ from ‘eap_peap_decrypt’ wpa_supplicant-2.11/wpa_supplicant/../src/eap_peer/eap_peap.c:846:9: return_function: returning to ‘eap_peap_decrypt’ from ‘wpa_hexdump_buf’ wpa_supplicant-2.11/wpa_supplicant/../src/eap_peer/eap_peap.c:849:15: call_function: inlined call to ‘wpabuf_mhead’ from ‘eap_peap_decrypt’ # 108| static inline void * wpabuf_mhead(struct wpabuf *buf) # 109| { # 110|-> return buf->buf; # 111| } # 112| Error: GCC_ANALYZER_WARNING (CWE-457): [#def26] wpa_supplicant-2.11/src/utils/wpabuf.h:176:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘data’ wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_build.c:482:12: enter_function: entry to ‘p2p_buf_add_service_info’ wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_build.c:496:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_build.c:502:12: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_build.c:502:12: branch_false: following ‘false’ branch (when ‘svc_len <= 255’)... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_build.c:509:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_build.c:509:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_build.c:510:36: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_build.c:512:20: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_build.c:517:29: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_build.c:528:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_build.c:534:24: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_build.c:541:20: branch_true: following ‘true’ branch... branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_build.c:542:25: call_function: inlined call to ‘wpabuf_put_data’ from ‘p2p_buf_add_service_info’ # 174| { # 175| if (data) # 176|-> os_memcpy(wpabuf_put(buf, len), data, len); # 177| } # 178| Error: GCC_ANALYZER_WARNING (CWE-775): [#def27] wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2063:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*<unknown>.sock’ wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2027:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2033:16: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2034:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2039:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2054:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2057:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2057:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2063:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2063:12: danger: ‘*<unknown>.sock’ leaks here # 2061| } # 2062| # 2063|-> if (connect(conn->sock, (struct sockaddr *) &saddr, addrlen) < 0) { # 2064| if (errno != EINPROGRESS) { # 2065| wpa_printf(MSG_DEBUG, "DPP: Failed to connect: %s", Error: GCC_ANALYZER_WARNING (CWE-775): [#def28] wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2432:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*(struct dpp_global *)eloop_ctx.relay_sock’ # 2430| # 2431| fd = accept(dpp->relay_sock, (struct sockaddr *) &addr, &addr_len); # 2432|-> if (fd < 0) { # 2433| wpa_printf(MSG_DEBUG, # 2434| "DPP: Failed to accept new connection: %s", Error: GCC_ANALYZER_WARNING (CWE-775): [#def29] wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2438:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2432:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2439:46: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2438:9: danger: leaks here # 2436| return; # 2437| } # 2438|-> wpa_printf(MSG_DEBUG, "DPP: Connection from %s:%d", # 2439| inet_ntoa(addr.sin_addr), ntohs(addr.sin_port)); # 2440| Error: GCC_ANALYZER_WARNING (CWE-416): [#def30] wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2638:25: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘conn’ wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2604:13: enter_function: entry to ‘dpp_tcp_send_conn_status_msg’ wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2619:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2624:15: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2624:15: call_function: calling ‘dpp_tcp_send_msg’ from ‘dpp_tcp_send_conn_status_msg’ wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2624:15: return_function: returning to ‘dpp_tcp_send_conn_status_msg’ from ‘dpp_tcp_send_msg’ wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2627:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2634:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2634:9: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2635:20: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2635:20: branch_true: following ‘true’ branch (when ‘c == conn’)... wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2638:25: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/common/dpp_tcp.c:2638:25: danger: use after ‘free’ of ‘conn’; freed at [(19)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/18) # 2636| /* This exchange will be terminated in the TX status # 2637| * handler */ # 2638|-> conn->on_tcp_tx_complete_remove = 1; # 2639| break; # 2640| } Error: GCC_ANALYZER_WARNING (CWE-775): [#def31] wpa_supplicant-2.11/wpa_supplicant/../src/common/wpa_ctrl.c:151:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*<unknown>.s’ wpa_supplicant-2.11/wpa_supplicant/../src/common/wpa_ctrl.c:94:19: enter_function: entry to ‘wpa_ctrl_open2’ wpa_supplicant-2.11/wpa_supplicant/../src/common/wpa_ctrl.c:104:12: branch_false: following ‘false’ branch (when ‘ctrl_path’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/../src/common/wpa_ctrl.c:107:16: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/common/wpa_ctrl.c:108:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/common/wpa_ctrl.c:111:19: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/common/wpa_ctrl.c:112:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/common/wpa_ctrl.c:117:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/common/wpa_ctrl.c:120:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/common/wpa_ctrl.c:151:12: danger: ‘*<unknown>.s’ leaks here # 149| fchmod(ctrl->s, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); # 150| #endif /* ANDROID */ # 151|-> if (bind(ctrl->s, (struct sockaddr *) &ctrl->local, # 152| sizeof(ctrl->local)) < 0) { # 153| if (errno == EADDRINUSE && tries < 2) { Error: GCC_ANALYZER_WARNING (CWE-775): [#def32] wpa_supplicant-2.11/wpa_supplicant/../src/common/wpa_ctrl.c:208:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*<unknown>.s’ wpa_supplicant-2.11/wpa_supplicant/../src/common/wpa_ctrl.c:94:19: enter_function: entry to ‘wpa_ctrl_open2’ wpa_supplicant-2.11/wpa_supplicant/../src/common/wpa_ctrl.c:104:12: branch_false: following ‘false’ branch (when ‘ctrl_path’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/../src/common/wpa_ctrl.c:107:16: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/common/wpa_ctrl.c:108:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/common/wpa_ctrl.c:111:19: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/common/wpa_ctrl.c:112:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/common/wpa_ctrl.c:117:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/common/wpa_ctrl.c:151:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/common/wpa_ctrl.c:208:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/common/wpa_ctrl.c:208:9: danger: ‘*<unknown>.s’ leaks here # 206| #endif /* ANDROID */ # 207| # 208|-> ctrl->dest.sun_family = AF_UNIX; # 209| if (os_strncmp(ctrl_path, "@abstract:", 10) == 0) { # 210| ctrl->dest.sun_path[0] = '\0'; Error: GCC_ANALYZER_WARNING (CWE-775): [#def33] wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_macsec_linux.c:1566:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*drv.common.sock’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_macsec_linux.c:1540:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_macsec_linux.c:1546:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_macsec_linux.c:1546:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_macsec_linux.c:1552:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_macsec_linux.c:1554:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_macsec_linux.c:1560:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_macsec_linux.c:1566:12: danger: ‘*drv.common.sock’ leaks here # 1564| addr.sll_ifindex); # 1565| # 1566|-> if (bind(drv->common.sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) # 1567| { # 1568| wpa_printf(MSG_ERROR, "bind: %s", strerror(errno)); Error: GCC_ANALYZER_WARNING (CWE-401): [#def34] wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_nl80211_scan.c:892:9: warning[-Wanalyzer-malloc-leak]: leak of ‘*res.res’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_nl80211_scan.c:870:12: enter_function: entry to ‘bss_info_handler’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_nl80211_scan.c:877:13: call_function: calling ‘nl80211_parse_bss_info’ from ‘bss_info_handler’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_nl80211_scan.c:877:13: return_function: returning to ‘bss_info_handler’ from ‘nl80211_parse_bss_info’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_nl80211_scan.c:878:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_nl80211_scan.c:881:12: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_nl80211_scan.c:881:12: branch_false: following ‘false’ branch (when ‘res’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_nl80211_scan.c:885:42: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_nl80211_scan.c:885:15: call_function: inlined call to ‘os_realloc_array’ from ‘bss_info_handler’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_nl80211_scan.c:887:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_nl80211_scan.c:891:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_nl80211_scan.c:892:9: danger: ‘*res.res’ leaks here; was allocated at [(44)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/43) # 890| } # 891| tmp[res->num++] = r; # 892|-> res->res = tmp; # 893| # 894| return NL_SKIP; Error: GCC_ANALYZER_WARNING (CWE-457): [#def35] wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:452:36: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘((u8 *)((char *)&iwe_buf + offsetof(struct iw_event, u)))[7]’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:422:16: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:425:17: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:428:20: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:432:20: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:433:22: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:452:36: danger: use of uninitialized value ‘((u8 *)((char *)&iwe_buf + offsetof(struct iw_event, u)))[7]’ here # 450| wpa_printf(MSG_DEBUG, "Wireless event: new AP: " # 451| MACSTR, # 452|-> MAC2STR((u8 *) iwe->u.ap_addr.sa_data)); # 453| if (is_zero_ether_addr( # 454| (const u8 *) iwe->u.ap_addr.sa_data) || Error: GCC_ANALYZER_WARNING (CWE-457): [#def36] wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1209:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*iwe.u.mode’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1504:27: enter_function: entry to ‘wpa_driver_wext_get_scan_results’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1515:19: call_function: calling ‘wpa_driver_wext_giwscan’ from ‘wpa_driver_wext_get_scan_results’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1515:19: return_function: returning to ‘wpa_driver_wext_get_scan_results’ from ‘wpa_driver_wext_giwscan’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1516:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1521:15: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1522:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1528:15: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1531:16: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1534:17: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1535:20: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1539:20: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1543:25: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1561:25: call_function: calling ‘wext_get_scan_mode’ from ‘wpa_driver_wext_get_scan_results’ # 1207| struct wext_scan_data *res) # 1208| { # 1209|-> if (iwe->u.mode == IW_MODE_ADHOC) # 1210| res->res.caps |= IEEE80211_CAP_IBSS; # 1211| else if (iwe->u.mode == IW_MODE_MASTER || iwe->u.mode == IW_MODE_INFRA) Error: GCC_ANALYZER_WARNING (CWE-457): [#def37] wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1237:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*iwe.u.freq.e’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1504:27: enter_function: entry to ‘wpa_driver_wext_get_scan_results’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1515:19: call_function: calling ‘wpa_driver_wext_giwscan’ from ‘wpa_driver_wext_get_scan_results’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1515:19: return_function: returning to ‘wpa_driver_wext_get_scan_results’ from ‘wpa_driver_wext_giwscan’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1516:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1521:15: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1522:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1528:15: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1531:16: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1534:17: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1535:20: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1539:20: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1543:25: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1567:25: call_function: calling ‘wext_get_scan_freq’ from ‘wpa_driver_wext_get_scan_results’ # 1235| int divi = 1000000, i; # 1236| # 1237|-> if (iwe->u.freq.e == 0) { # 1238| /* # 1239| * Some drivers do not report frequency, but a channel. Error: GCC_ANALYZER_WARNING (CWE-457): [#def38] wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1277:25: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*iwe.u.qual.qual’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1504:27: enter_function: entry to ‘wpa_driver_wext_get_scan_results’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1515:19: call_function: calling ‘wpa_driver_wext_giwscan’ from ‘wpa_driver_wext_get_scan_results’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1515:19: return_function: returning to ‘wpa_driver_wext_get_scan_results’ from ‘wpa_driver_wext_giwscan’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1516:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1521:15: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1522:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1528:15: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1531:16: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1534:17: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1535:20: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1539:20: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1543:25: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1570:25: call_function: calling ‘wext_get_scan_qual’ from ‘wpa_driver_wext_get_scan_results’ # 1275| struct wext_scan_data *res) # 1276| { # 1277|-> res->res.qual = iwe->u.qual.qual; # 1278| res->res.noise = iwe->u.qual.noise; # 1279| res->res.level = iwe->u.qual.level; Error: GCC_ANALYZER_WARNING (CWE-457): [#def39] wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1557:25: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*(unsigned char (*)[6])((char *)&iwe_buf + offsetof(struct iw_event, u) + 2)’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1504:27: enter_function: entry to ‘wpa_driver_wext_get_scan_results’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1515:19: call_function: calling ‘wpa_driver_wext_giwscan’ from ‘wpa_driver_wext_get_scan_results’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1515:19: return_function: returning to ‘wpa_driver_wext_get_scan_results’ from ‘wpa_driver_wext_giwscan’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1516:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1521:15: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1522:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1528:15: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1531:16: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1534:17: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1535:20: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1539:20: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1543:25: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1552:28: branch_false: following ‘false’ branch (when ‘first != 0’)... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1555:25: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wext.c:1557:25: danger: use of uninitialized value ‘*(unsigned char (*)[6])((char *)&iwe_buf + offsetof(struct iw_event, u) + 2)’ here # 1555| os_free(data.ie); # 1556| os_memset(&data, 0, sizeof(data)); # 1557|-> os_memcpy(data.res.bssid, # 1558| iwe->u.ap_addr.sa_data, ETH_ALEN); # 1559| break; Error: GCC_ANALYZER_WARNING (CWE-775): [#def40] wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:203:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*drv.common.sock’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:177:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:183:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:183:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:189:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:191:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:197:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:203:12: danger: ‘*drv.common.sock’ leaks here # 201| addr.sll_ifindex); # 202| # 203|-> if (bind(drv->common.sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) # 204| { # 205| wpa_printf(MSG_ERROR, "bind: %s", strerror(errno)); Error: GCC_ANALYZER_WARNING (CWE-775): [#def41] wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:273:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*drv.dhcp_sock’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:177:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:183:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:183:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:189:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:191:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:197:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:203:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:210:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:210:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:217:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:219:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:225:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:225:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:230:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:233:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:239:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:239:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:245:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:250:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:256:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:256:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:263:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:265:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:273:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired.c:273:12: danger: ‘*drv.dhcp_sock’ leaks here # 271| } # 272| # 273|-> if (bind(drv->dhcp_sock, (struct sockaddr *) &addr2, # 274| sizeof(struct sockaddr)) == -1) { # 275| wpa_printf(MSG_ERROR, "bind: %s", strerror(errno)); Error: GCC_ANALYZER_WARNING (CWE-775): [#def42] wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired_common.c:39:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired_common.c:219:5: enter_function: entry to ‘driver_wired_init_common’ wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired_common.c:228:27: acquire_resource: datagram socket created here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired_common.c:229:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired_common.c:235:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/drivers/driver_wired_common.c:235:13: call_function: calling ‘driver_wired_get_ifflags’ from ‘driver_wired_init_common’ # 37| # 38| s = socket(PF_INET, SOCK_DGRAM, 0); # 39|-> if (s < 0) { # 40| wpa_printf(MSG_ERROR, "socket: %s", strerror(errno)); # 41| return -1; Error: GCC_ANALYZER_WARNING (CWE-126): [#def43] wpa_supplicant-2.11/wpa_supplicant/../src/eap_common/eap_pwd_common.c:72:25: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read wpa_supplicant-2.11/wpa_supplicant/../src/eap_common/eap_pwd_common.c:330:5: enter_function: entry to ‘compute_keys’ wpa_supplicant-2.11/wpa_supplicant/../src/eap_common/eap_pwd_common.c:345:12: branch_false: following ‘false’ branch (when ‘cruft’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/../src/eap_common/eap_pwd_common.c:352:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/eap_common/eap_pwd_common.c:354:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/eap_common/eap_pwd_common.c:358:9: call_function: inlined call to ‘eap_pwd_h_update’ from ‘compute_keys’ wpa_supplicant-2.11/wpa_supplicant/../src/eap_common/eap_pwd_common.c:359:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/eap_common/eap_pwd_common.c:365:9: call_function: inlined call to ‘eap_pwd_h_update’ from ‘compute_keys’ wpa_supplicant-2.11/wpa_supplicant/../src/eap_common/eap_pwd_common.c:366:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/eap_common/eap_pwd_common.c:372:9: call_function: inlined call to ‘eap_pwd_h_update’ from ‘compute_keys’ wpa_supplicant-2.11/wpa_supplicant/../src/eap_common/eap_pwd_common.c:377:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/eap_common/eap_pwd_common.c:382:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/eap_common/eap_pwd_common.c:382:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/eap_common/eap_pwd_common.c:387:9: call_function: inlined call to ‘eap_pwd_h_update’ from ‘compute_keys’ wpa_supplicant-2.11/wpa_supplicant/../src/eap_common/eap_pwd_common.c:394:13: call_function: calling ‘eap_pwd_kdf’ from ‘compute_keys’ # 70| return -1; # 71| if ((len + mdlen) > resultbytelen) # 72|-> os_memcpy(result + len, digest, resultbytelen - len); # 73| else # 74| os_memcpy(result + len, digest, mdlen); Error: GCC_ANALYZER_WARNING (CWE-476): [#def44] wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:760:56: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘req_fcap’ wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:590:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:595:30: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:603:20: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:610:23: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:611:20: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:622:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:624:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:626:23: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:626:20: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:633:21: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:725:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:730:14: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:730:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:733:22: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:733:20: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:740:28: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:741:20: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:746:17: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:760:56: danger: dereference of NULL ‘req_fcap’ # 758| # 759| resp_fcap.cpt = p2ps_own_preferred_cpt(p2ps_adv->cpt_priority, # 760|-> req_fcap->cpt); # 761| # 762| p2p_dbg(p2p, "cpt: service:0x%x remote:0x%x result:0x%x", Error: GCC_ANALYZER_WARNING (CWE-476): [#def45] wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:916:48: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘req_fcap’ wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:590:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:595:30: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:603:20: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:610:23: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:611:20: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:622:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:624:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:626:23: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:626:20: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:633:21: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:725:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:730:14: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:730:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:862:14: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:883:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:886:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:886:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:891:12: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:891:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:894:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:895:14: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:894:13: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:901:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:901:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:902:14: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:901:13: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:907:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/../src/p2p/p2p_pd.c:916:48: danger: dereference of NULL ‘req_fcap’ # 914| # 915| resp_fcap.cpt = p2ps_own_preferred_cpt(p2p->p2ps_prov->cpt_priority, # 916|-> req_fcap->cpt); # 917| # 918| p2p_dbg(p2p, "cpt: local:0x%x remote:0x%x result:0x%x", Error: GCC_ANALYZER_WARNING (CWE-666): [#def46] wpa_supplicant-2.11/wpa_supplicant/../src/radius/radius_client.c:1692:13: warning[-Wanalyzer-fd-phase-mismatch]: ‘connect’ on file descriptor ‘sel_sock’ in wrong phase wpa_supplicant-2.11/wpa_supplicant/../src/radius/radius_client.c:1765:13: enter_function: entry to ‘radius_retry_primary_timer’ wpa_supplicant-2.11/wpa_supplicant/../src/radius/radius_client.c:1771:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/radius/radius_client.c:1775:21: call_function: calling ‘radius_change_server’ from ‘radius_retry_primary_timer’ # 1690| } # 1691| # 1692|-> if (connect(sel_sock, addr, addrlen) < 0) { # 1693| if (nserv->tls && errno == EINPROGRESS) { # 1694| wpa_printf(MSG_DEBUG, Error: GCC_ANALYZER_WARNING (CWE-479): [#def47] wpa_supplicant-2.11/wpa_supplicant/../src/utils/eloop.c:974:9: warning[-Wanalyzer-unsafe-call-within-signal-handler]: call to ‘exit’ from within signal handler wpa_supplicant-2.11/wpa_supplicant/../src/utils/eloop.c:979:13: enter_function: entry to ‘eloop_handle_signal’ wpa_supplicant-2.11/wpa_supplicant/../src/utils/eloop.c:984:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/../src/utils/eloop.c:967:13: enter_function: entry to ‘eloop_handle_alarm’ wpa_supplicant-2.11/wpa_supplicant/../src/utils/eloop.c:974:9: danger: call to ‘exit’ from within signal handler # 972| "prevents clean shutdown.\n" # 973| "Killing program forcefully.\n"); # 974|-> exit(1); # 975| } # 976| #endif /* CONFIG_NATIVE_WINDOWS */ Error: GCC_ANALYZER_WARNING: [#def48] wpa_supplicant-2.11/wpa_supplicant/../src/wps/wps_registrar.c:271:17: warning[-Wanalyzer-overlapping-buffers]: overlapping buffers passed as arguments to ‘memcpy’ wpa_supplicant-2.11/wpa_supplicant/../src/wps/wps_registrar.c:990:5: enter_function: entry to ‘wps_registrar_unlock_pin’ wpa_supplicant-2.11/wpa_supplicant/../src/wps/wps_registrar.c:999:40: call_function: calling ‘wps_registrar_invalidate_pin’ from ‘wps_registrar_unlock_pin’ # 269| } # 270| for (; i + 1 < WPS_MAX_AUTHORIZED_MACS; i++) # 271|-> os_memcpy(reg->authorized_macs[i], reg->authorized_macs[i + 1], # 272| ETH_ALEN); # 273| os_memset(reg->authorized_macs[WPS_MAX_AUTHORIZED_MACS - 1], 0, Error: GCC_ANALYZER_WARNING (CWE-465): [#def49] wpa_supplicant-2.11/wpa_supplicant/config.c:4723:24: warning[-Wanalyzer-deref-before-check]: check of ‘ssid’ for NULL after already dereferencing it wpa_supplicant-2.11/wpa_supplicant/config.c:4719:24: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/config.c:4720:24: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/config.c:4723:24: danger: pointer ‘ssid’ is checked for NULL here but it was already dereferenced at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) # 4721| wpa_printf(MSG_DEBUG, "Priority group %d", # 4722| ssid->priority); # 4723|-> while (ssid) { # 4724| wpa_printf(MSG_DEBUG, " id=%d ssid='%s'", # 4725| ssid->id, Error: GCC_ANALYZER_WARNING (CWE-415): [#def50] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:139:33: warning[-Wanalyzer-double-free]: double-‘free’ of ‘ssid’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14184:8: enter_function: entry to ‘wpa_supplicant_global_ctrl_iface_process’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14192:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14193:29: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14194:20: branch_true: following ‘true’ branch (when ‘pos’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14195:26: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14196:32: call_function: calling ‘wpas_global_ctrl_iface_ifname’ from ‘wpa_supplicant_global_ctrl_iface_process’ # 137| res = hwaddr_aton2(pos, addr); # 138| if (res < 0) { # 139|-> os_free(ssid); # 140| os_free(bssid); # 141| wpa_printf(MSG_DEBUG, "Invalid disallow_aps " Error: GCC_ANALYZER_WARNING (CWE-415): [#def51] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:140:33: warning[-Wanalyzer-double-free]: double-‘free’ of ‘bssid’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14184:8: enter_function: entry to ‘wpa_supplicant_global_ctrl_iface_process’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14192:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14193:29: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14194:20: branch_true: following ‘true’ branch (when ‘pos’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14195:26: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14196:32: call_function: calling ‘wpas_global_ctrl_iface_ifname’ from ‘wpa_supplicant_global_ctrl_iface_process’ # 138| if (res < 0) { # 139| os_free(ssid); # 140|-> os_free(bssid); # 141| wpa_printf(MSG_DEBUG, "Invalid disallow_aps " # 142| "BSSID value '%s'", pos); Error: GCC_ANALYZER_WARNING (CWE-401): [#def52] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:143:40: warning[-Wanalyzer-malloc-leak]: leak of ‘bssid’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14184:8: enter_function: entry to ‘wpa_supplicant_global_ctrl_iface_process’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14202:17: call_function: calling ‘wpas_global_ctrl_iface_redir’ from ‘wpa_supplicant_global_ctrl_iface_process’ # 141| wpa_printf(MSG_DEBUG, "Invalid disallow_aps " # 142| "BSSID value '%s'", pos); # 143|-> return -1; # 144| } # 145| pos += res; Error: GCC_ANALYZER_WARNING (CWE-415): [#def53] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:148:33: warning[-Wanalyzer-double-free]: double-‘free’ of ‘ssid’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14184:8: enter_function: entry to ‘wpa_supplicant_global_ctrl_iface_process’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14192:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14193:29: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14194:20: branch_true: following ‘true’ branch (when ‘pos’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14195:26: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14196:32: call_function: calling ‘wpas_global_ctrl_iface_ifname’ from ‘wpa_supplicant_global_ctrl_iface_process’ # 146| n = os_realloc_array(bssid, count + 1, ETH_ALEN); # 147| if (n == NULL) { # 148|-> os_free(ssid); # 149| os_free(bssid); # 150| return -1; Error: GCC_ANALYZER_WARNING (CWE-415): [#def54] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:170:33: warning[-Wanalyzer-double-free]: double-‘free’ of ‘bssid’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14184:8: enter_function: entry to ‘wpa_supplicant_global_ctrl_iface_process’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14192:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14193:29: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14194:20: branch_true: following ‘true’ branch (when ‘pos’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14195:26: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14196:32: call_function: calling ‘wpas_global_ctrl_iface_ifname’ from ‘wpa_supplicant_global_ctrl_iface_process’ # 168| if (ns == NULL) { # 169| os_free(ssid); # 170|-> os_free(bssid); # 171| return -1; # 172| } Error: GCC_ANALYZER_WARNING (CWE-415): [#def55] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:180:33: warning[-Wanalyzer-double-free]: double-‘free’ of ‘bssid’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14184:8: enter_function: entry to ‘wpa_supplicant_global_ctrl_iface_process’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14192:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14193:29: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14194:20: branch_true: following ‘true’ branch (when ‘pos’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14195:26: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14196:32: call_function: calling ‘wpas_global_ctrl_iface_ifname’ from ‘wpa_supplicant_global_ctrl_iface_process’ # 178| (end - pos) / 2) < 0) { # 179| os_free(ssid); # 180|-> os_free(bssid); # 181| wpa_printf(MSG_DEBUG, "Invalid disallow_aps " # 182| "SSID value '%s'", pos); Error: GCC_ANALYZER_WARNING (CWE-415): [#def56] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:194:25: warning[-Wanalyzer-double-free]: double-‘free’ of ‘ssid’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14184:8: enter_function: entry to ‘wpa_supplicant_global_ctrl_iface_process’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14192:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14193:29: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14194:20: branch_true: following ‘true’ branch (when ‘pos’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14195:26: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14196:32: call_function: calling ‘wpas_global_ctrl_iface_ifname’ from ‘wpa_supplicant_global_ctrl_iface_process’ # 192| wpa_printf(MSG_DEBUG, "Unexpected disallow_aps value " # 193| "'%s'", pos); # 194|-> os_free(ssid); # 195| os_free(bssid); # 196| return -1; Error: GCC_ANALYZER_WARNING (CWE-415): [#def57] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:195:25: warning[-Wanalyzer-double-free]: double-‘free’ of ‘bssid’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14184:8: enter_function: entry to ‘wpa_supplicant_global_ctrl_iface_process’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14192:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14193:29: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14194:20: branch_true: following ‘true’ branch (when ‘pos’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14195:26: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14196:32: call_function: calling ‘wpas_global_ctrl_iface_ifname’ from ‘wpa_supplicant_global_ctrl_iface_process’ # 193| "'%s'", pos); # 194| os_free(ssid); # 195|-> os_free(bssid); # 196| return -1; # 197| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def58] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:680:17: warning[-Wanalyzer-malloc-leak]: leak of ‘*wpa_s.dpp_configurator_params’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14184:8: enter_function: entry to ‘wpa_supplicant_global_ctrl_iface_process’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14202:17: call_function: calling ‘wpas_global_ctrl_iface_redir’ from ‘wpa_supplicant_global_ctrl_iface_process’ # 678| wpa_s->dpp_configurator_params = os_strdup(value); # 679| #ifdef CONFIG_DPP2 # 680|-> dpp_controller_set_params(wpa_s->dpp, value); # 681| #endif /* CONFIG_DPP2 */ # 682| } else if (os_strcasecmp(cmd, "dpp_init_max_tries") == 0) { Error: GCC_ANALYZER_WARNING (CWE-471): [#def59] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:6137:17: warning[-Wanalyzer-write-to-string-literal]: write to string literal wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14184:8: enter_function: entry to ‘wpa_supplicant_global_ctrl_iface_process’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14192:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14193:29: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14194:20: branch_true: following ‘true’ branch (when ‘pos’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14195:26: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14196:32: call_function: calling ‘wpas_global_ctrl_iface_ifname’ from ‘wpa_supplicant_global_ctrl_iface_process’ # 6135| if (!term) # 6136| break; # 6137|-> *term = '\0'; # 6138| pos = os_strstr(term + 1, "seek="); # 6139| if (pos) Error: GCC_ANALYZER_WARNING (CWE-415): [#def60] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:9437:9: warning[-Wanalyzer-double-free]: double-‘free’ of ‘manual_scan_freqs’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14184:8: enter_function: entry to ‘wpa_supplicant_global_ctrl_iface_process’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14192:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14193:29: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14194:20: branch_true: following ‘true’ branch (when ‘pos’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14195:26: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface.c:14196:32: call_function: calling ‘wpas_global_ctrl_iface_ifname’ from ‘wpa_supplicant_global_ctrl_iface_process’ # 9435| # 9436| done: # 9437|-> os_free(manual_scan_freqs); # 9438| os_free(ssid); # 9439| } Error: GCC_ANALYZER_WARNING (CWE-775): [#def61] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:621:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*priv.sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:501:12: enter_function: entry to ‘wpas_ctrl_iface_open_sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:514:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:525:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:600:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:606:22: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:607:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:612:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:617:17: call_function: calling ‘wpa_supplicant_ctrl_iface_path’ from ‘wpas_ctrl_iface_open_sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:617:17: return_function: returning to ‘wpas_ctrl_iface_open_sock’ from ‘wpa_supplicant_ctrl_iface_path’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:618:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:620:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:621:12: danger: ‘*priv.sock’ leaks here # 619| goto fail; # 620| os_strlcpy(addr.sun_path, fname, sizeof(addr.sun_path)); # 621|-> if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) { # 622| wpa_printf(MSG_DEBUG, "ctrl_iface bind(PF_UNIX) failed: %s", # 623| strerror(errno)); Error: GCC_ANALYZER_WARNING (CWE-775): [#def62] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:624:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*priv.sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:501:12: enter_function: entry to ‘wpas_ctrl_iface_open_sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:514:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:525:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:600:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:606:22: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:607:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:612:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:617:17: call_function: calling ‘wpa_supplicant_ctrl_iface_path’ from ‘wpas_ctrl_iface_open_sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:617:17: return_function: returning to ‘wpas_ctrl_iface_open_sock’ from ‘wpa_supplicant_ctrl_iface_path’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:618:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:620:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:621:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:623:37: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:624:20: danger: ‘*priv.sock’ leaks here # 622| wpa_printf(MSG_DEBUG, "ctrl_iface bind(PF_UNIX) failed: %s", # 623| strerror(errno)); # 624|-> if (connect(priv->sock, (struct sockaddr *) &addr, # 625| sizeof(addr)) < 0) { # 626| wpa_printf(MSG_DEBUG, "ctrl_iface exists, but does not" Error: GCC_ANALYZER_WARNING (CWE-775): [#def63] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:635:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*priv.sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:501:12: enter_function: entry to ‘wpas_ctrl_iface_open_sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:514:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:525:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:600:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:606:22: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:607:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:612:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:617:17: call_function: calling ‘wpa_supplicant_ctrl_iface_path’ from ‘wpas_ctrl_iface_open_sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:617:17: return_function: returning to ‘wpas_ctrl_iface_open_sock’ from ‘wpa_supplicant_ctrl_iface_path’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:618:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:620:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:621:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:623:37: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:624:20: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:626:25: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:629:28: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:635:29: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:635:28: danger: ‘*priv.sock’ leaks here # 633| goto fail; # 634| } # 635|-> if (bind(priv->sock, (struct sockaddr *) &addr, # 636| sizeof(addr)) < 0) { # 637| wpa_printf(MSG_ERROR, "supp-ctrl-iface-init: bind(PF_UNIX): %s", Error: GCC_ANALYZER_WARNING (CWE-775): [#def64] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:641:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*priv.sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:501:12: enter_function: entry to ‘wpas_ctrl_iface_open_sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:514:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:525:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:600:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:606:22: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:607:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:612:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:617:17: call_function: calling ‘wpa_supplicant_ctrl_iface_path’ from ‘wpas_ctrl_iface_open_sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:617:17: return_function: returning to ‘wpas_ctrl_iface_open_sock’ from ‘wpa_supplicant_ctrl_iface_path’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:618:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:620:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:621:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:623:37: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:624:20: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:626:25: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:629:28: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:635:29: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:635:28: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:641:25: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:641:25: danger: ‘*priv.sock’ leaks here # 639| goto fail; # 640| } # 641|-> wpa_printf(MSG_DEBUG, "Successfully replaced leftover " # 642| "ctrl_iface socket '%s'", fname); # 643| } else { Error: GCC_ANALYZER_WARNING (CWE-775): [#def65] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:654:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*priv.sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:501:12: enter_function: entry to ‘wpas_ctrl_iface_open_sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:514:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:525:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:564:12: branch_true: following ‘true’ branch (when ‘gid_str’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:565:23: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:566:20: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:574:31: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:575:28: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:586:13: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:593:12: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:593:12: branch_true: following ‘true’ branch (when ‘gid_set != 0’)... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:594:13: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:593:13: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:600:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:600:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:606:22: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:607:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:612:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:617:17: call_function: calling ‘wpa_supplicant_ctrl_iface_path’ from ‘wpas_ctrl_iface_open_sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:617:17: return_function: returning to ‘wpas_ctrl_iface_open_sock’ from ‘wpa_supplicant_ctrl_iface_path’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:618:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:620:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:621:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:654:12: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:654:12: branch_true: following ‘true’ branch (when ‘gid_set != 0’)... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:654:24: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:654:24: danger: ‘*priv.sock’ leaks here # 652| } # 653| # 654|-> if (gid_set && lchown(fname, -1, gid) < 0) { # 655| wpa_printf(MSG_ERROR, "lchown[ctrl_interface=%s,gid=%d]: %s", # 656| fname, (int) gid, strerror(errno)); Error: GCC_ANALYZER_WARNING (CWE-775): [#def66] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:660:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*priv.sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:501:12: enter_function: entry to ‘wpas_ctrl_iface_open_sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:514:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:525:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:600:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:606:22: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:607:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:612:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:617:17: call_function: calling ‘wpa_supplicant_ctrl_iface_path’ from ‘wpas_ctrl_iface_open_sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:617:17: return_function: returning to ‘wpas_ctrl_iface_open_sock’ from ‘wpa_supplicant_ctrl_iface_path’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:618:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:620:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:621:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:654:12: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:654:12: branch_false: following ‘false’ branch (when ‘gid_set == 0’)... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:660:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:660:13: danger: ‘*priv.sock’ leaks here # 658| } # 659| # 660|-> if (chmod(fname, S_IRWXU | S_IRWXG) < 0) { # 661| wpa_printf(MSG_ERROR, "chmod[ctrl_interface=%s]: %s", # 662| fname, strerror(errno)); Error: GCC_ANALYZER_WARNING (CWE-775): [#def67] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1231:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*priv.sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1216:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1221:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1227:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1229:17: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1231:20: danger: ‘*priv.sock’ leaks here # 1229| os_strlcpy(addr.sun_path + 1, ctrl + 10, # 1230| sizeof(addr.sun_path) - 1); # 1231|-> if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < # 1232| 0) { # 1233| wpa_printf(MSG_ERROR, "supp-global-ctrl-iface-init: " Error: GCC_ANALYZER_WARNING (CWE-775): [#def68] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1238:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*priv.sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1216:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1221:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1227:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1229:17: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1231:20: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1238:17: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1238:17: danger: ‘*priv.sock’ leaks here # 1236| goto fail; # 1237| } # 1238|-> wpa_printf(MSG_DEBUG, "Using Abstract control socket '%s'", # 1239| ctrl + 10); # 1240| goto havesock; Error: GCC_ANALYZER_WARNING (CWE-775): [#def69] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1244:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*priv.sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1216:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1221:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1227:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1243:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1244:12: danger: ‘*priv.sock’ leaks here # 1242| # 1243| os_strlcpy(addr.sun_path, ctrl, sizeof(addr.sun_path)); # 1244|-> if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) { # 1245| wpa_printf(MSG_INFO, "supp-global-ctrl-iface-init(%s) (will try fixup): bind(PF_UNIX): %s", # 1246| ctrl, strerror(errno)); Error: GCC_ANALYZER_WARNING (CWE-775): [#def70] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1247:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*priv.sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1216:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1221:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1227:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1243:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1244:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1246:43: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1247:20: danger: ‘*priv.sock’ leaks here # 1245| wpa_printf(MSG_INFO, "supp-global-ctrl-iface-init(%s) (will try fixup): bind(PF_UNIX): %s", # 1246| ctrl, strerror(errno)); # 1247|-> if (connect(priv->sock, (struct sockaddr *) &addr, # 1248| sizeof(addr)) < 0) { # 1249| wpa_printf(MSG_DEBUG, "ctrl_iface exists, but does not" Error: GCC_ANALYZER_WARNING (CWE-775): [#def71] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1258:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*priv.sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1216:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1221:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1227:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1243:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1244:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1246:43: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1247:20: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1249:25: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1252:28: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1258:29: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1258:28: danger: ‘*priv.sock’ leaks here # 1256| goto fail; # 1257| } # 1258|-> if (bind(priv->sock, (struct sockaddr *) &addr, # 1259| sizeof(addr)) < 0) { # 1260| wpa_printf(MSG_ERROR, "supp-glb-iface-init: bind(PF_UNIX;%s): %s", Error: GCC_ANALYZER_WARNING (CWE-775): [#def72] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1264:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*priv.sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1216:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1221:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1227:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1243:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1244:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1246:43: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1247:20: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1249:25: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1252:28: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1258:29: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1258:28: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1264:25: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1264:25: danger: ‘*priv.sock’ leaks here # 1262| goto fail; # 1263| } # 1264|-> wpa_printf(MSG_DEBUG, "Successfully replaced leftover " # 1265| "ctrl_iface socket '%s'", # 1266| ctrl); Error: GCC_ANALYZER_WARNING (CWE-775): [#def73] wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1277:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*priv.sock’ wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1216:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1221:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1227:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1243:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1244:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1277:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/ctrl_iface_unix.c:1277:9: danger: ‘*priv.sock’ leaks here # 1275| } # 1276| # 1277|-> wpa_printf(MSG_DEBUG, "Using UNIX control socket '%s'", ctrl); # 1278| # 1279| if (global->params.ctrl_interface_group) { Error: GCC_ANALYZER_WARNING (CWE-122): [#def74] wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_dict_helpers.c:826:17: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_dict_helpers.c:913:20: enter_function: entry to ‘_wpa_dbus_dict_entry_get_array’ wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_dict_helpers.c:934:27: call_function: calling ‘_wpa_dbus_dict_entry_get_string_array’ from ‘_wpa_dbus_dict_entry_get_array’ # 824| while (count > 0) { # 825| count--; # 826|-> os_free(buffer[count]); # 827| } # 828| os_free(buffer); Error: GCC_ANALYZER_WARNING (CWE-401): [#def75] wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:816:25: warning[-Wanalyzer-malloc-leak]: leak of ‘peer_object_path’ wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:785:15: enter_function: entry to ‘wpas_dbus_handler_p2p_invite’ wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:801:14: call_function: calling ‘wpa_dbus_p2p_check_enabled’ from ‘wpas_dbus_handler_p2p_invite’ wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:801:14: return_function: returning to ‘wpas_dbus_handler_p2p_invite’ from ‘wpa_dbus_p2p_check_enabled’ wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:801:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:804:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:806:12: branch_false: following ‘false’ branch... branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:809:16: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:810:22: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:810:20: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:813:21: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:813:20: branch_true: following ‘true’ branch (when the strings are equal)... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:814:21: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:813:21: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:815:44: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:815:44: acquire_memory: allocated here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:809:16: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:810:22: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:810:20: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:813:21: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:813:20: branch_true: following ‘true’ branch (when the strings are equal)... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:814:21: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:813:21: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:815:44: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:816:25: danger: ‘peer_object_path’ leaks here; was allocated at [(21)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/20) # 814| entry.type == DBUS_TYPE_OBJECT_PATH) { # 815| peer_object_path = os_strdup(entry.str_value); # 816|-> wpa_dbus_dict_entry_clear(&entry); # 817| } else if (os_strcmp(entry.key, "persistent_group_object") == # 818| 0 && Error: GCC_ANALYZER_WARNING (CWE-401): [#def76] wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:822:25: warning[-Wanalyzer-malloc-leak]: leak of ‘pg_object_path’ wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:785:15: enter_function: entry to ‘wpas_dbus_handler_p2p_invite’ wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:801:14: call_function: calling ‘wpa_dbus_p2p_check_enabled’ from ‘wpas_dbus_handler_p2p_invite’ wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:801:14: return_function: returning to ‘wpas_dbus_handler_p2p_invite’ from ‘wpa_dbus_p2p_check_enabled’ wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:801:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:804:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:806:12: branch_false: following ‘false’ branch... branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:809:16: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:810:22: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:810:20: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:813:21: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:817:27: branch_true: following ‘true’ branch (when the strings are equal)... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:819:28: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:817:28: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:820:42: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:820:42: acquire_memory: allocated here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:809:16: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:810:22: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:810:20: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:813:21: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:817:27: branch_true: following ‘true’ branch (when the strings are equal)... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:819:28: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:817:28: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:820:42: branch_true: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_p2p.c:822:25: danger: ‘pg_object_path’ leaks here; was allocated at [(21)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/20) # 820| pg_object_path = os_strdup(entry.str_value); # 821| persistent = 1; # 822|-> wpa_dbus_dict_entry_clear(&entry); # 823| } else { # 824| wpa_dbus_dict_entry_clear(&entry); Error: GCC_ANALYZER_WARNING (CWE-401): [#def77] wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:445:24: warning[-Wanalyzer-malloc-leak]: leak of ‘new_methods’ wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:443:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:447:23: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:447:23: acquire_memory: allocated here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:448:12: branch_false: following ‘false’ branch (when ‘new_methods’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:451:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:445:24: danger: ‘new_methods’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) # 443| if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_STRING, # 444| &methods)) # 445|-> return FALSE; # 446| # 447| new_methods = os_strdup(methods); Error: GCC_ANALYZER_WARNING (CWE-401): [#def78] wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:499:24: warning[-Wanalyzer-malloc-leak]: leak of ‘devname’ wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:497:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:501:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:501:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:504:19: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:504:19: acquire_memory: allocated here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:505:12: branch_false: following ‘false’ branch (when ‘devname’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:508:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:499:24: danger: ‘devname’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4) # 497| if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_STRING, # 498| &methods)) # 499|-> return FALSE; # 500| # 501| if (os_strlen(methods) > WPS_DEV_NAME_MAX_LEN) Error: GCC_ANALYZER_WARNING (CWE-401): [#def79] wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:555:24: warning[-Wanalyzer-malloc-leak]: leak of ‘manufacturer’ wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:553:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:557:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:557:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:560:24: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:560:24: acquire_memory: allocated here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:561:12: branch_false: following ‘false’ branch (when ‘manufacturer’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:564:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:555:24: danger: ‘manufacturer’ leaks here; was allocated at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4) # 553| if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_STRING, # 554| &methods)) # 555|-> return FALSE; # 556| # 557| if (os_strlen(methods) > WPS_MANUFACTURER_MAX_LEN) Error: GCC_ANALYZER_WARNING (CWE-401): [#def80] wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:611:24: warning[-Wanalyzer-malloc-leak]: leak of ‘model_name’ wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:609:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:613:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:613:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:616:22: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:616:22: acquire_memory: allocated here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:617:12: branch_false: following ‘false’ branch (when ‘model_name’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:619:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:611:24: danger: ‘model_name’ leaks here; was allocated at [(5)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/4) # 609| if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_STRING, # 610| &methods)) # 611|-> return FALSE; # 612| # 613| if (os_strlen(methods) > WPS_MODEL_NAME_MAX_LEN) Error: GCC_ANALYZER_WARNING (CWE-401): [#def81] wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:666:24: warning[-Wanalyzer-malloc-leak]: leak of ‘model_number’ wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:664:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:668:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:668:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:671:24: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:671:24: acquire_memory: allocated here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:672:12: branch_false: following ‘false’ branch (when ‘model_number’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:675:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:666:24: danger: ‘model_number’ leaks here; was allocated at [(5)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/4) # 664| if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_STRING, # 665| &methods)) # 666|-> return FALSE; # 667| # 668| if (os_strlen(methods) > WPS_MODEL_NUMBER_MAX_LEN) Error: GCC_ANALYZER_WARNING (CWE-401): [#def82] wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:723:24: warning[-Wanalyzer-malloc-leak]: leak of ‘serial_number’ wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:721:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:725:13: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:725:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:728:25: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:728:25: acquire_memory: allocated here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:729:12: branch_false: following ‘false’ branch (when ‘serial_number’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:731:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_handlers_wps.c:723:24: danger: ‘serial_number’ leaks here; was allocated at [(5)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/4) # 721| if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_STRING, # 722| &methods)) # 723|-> return FALSE; # 724| # 725| if (os_strlen(methods) > WPS_SERIAL_NUMBER_MAX_LEN) Error: GCC_ANALYZER_WARNING (CWE-126): [#def83] wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_introspect.c:33:21: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_introspect.c:253:15: enter_function: entry to ‘wpa_dbus_introspect’ wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_introspect.c:261:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_introspect.c:264:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_introspect.c:269:9: call_function: calling ‘add_properties_interface’ from ‘wpa_dbus_introspect’ wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_introspect.c:269:9: return_function: returning to ‘wpa_dbus_introspect’ from ‘add_properties_interface’ wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_introspect.c:270:9: call_function: calling ‘add_wpas_interfaces’ from ‘wpa_dbus_introspect’ # 31| # 32| dl_list_for_each(iface, list, struct interfaces, list) { # 33|-> if (os_strcmp(iface->dbus_interface, dbus_interface) == 0) # 34| return iface; /* already in the list */ # 35| } Error: GCC_ANALYZER_WARNING (CWE-126): [#def84] wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_introspect.c:105:25: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_introspect.c:253:15: enter_function: entry to ‘wpa_dbus_introspect’ wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_introspect.c:261:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_introspect.c:264:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_introspect.c:269:9: call_function: calling ‘add_properties_interface’ from ‘wpa_dbus_introspect’ wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_introspect.c:269:9: return_function: returning to ‘wpa_dbus_introspect’ from ‘add_properties_interface’ wpa_supplicant-2.11/wpa_supplicant/dbus/dbus_new_introspect.c:270:9: call_function: calling ‘add_wpas_interfaces’ from ‘wpa_dbus_introspect’ # 103| iface = add_interface(list, dsc->dbus_interface); # 104| if (iface) # 105|-> add_entry(iface->xml, "method", dsc->dbus_method, # 106| dsc->args, 1); # 107| } Error: GCC_ANALYZER_WARNING (CWE-775): [#def85] wpa_supplicant-2.11/wpa_supplicant/wpa_gui-qt4/../../src/common/wpa_ctrl.c:151:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*<unknown>.s’ wpa_supplicant-2.11/wpa_supplicant/wpa_gui-qt4/../../src/common/wpa_ctrl.c:94:19: enter_function: entry to ‘wpa_ctrl_open2’ wpa_supplicant-2.11/wpa_supplicant/wpa_gui-qt4/../../src/common/wpa_ctrl.c:104:12: branch_false: following ‘false’ branch (when ‘ctrl_path’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/wpa_gui-qt4/../../src/common/wpa_ctrl.c:107:16: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/wpa_gui-qt4/../../src/common/wpa_ctrl.c:108:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/wpa_gui-qt4/../../src/common/wpa_ctrl.c:111:19: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/wpa_gui-qt4/../../src/common/wpa_ctrl.c:112:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/wpa_gui-qt4/../../src/common/wpa_ctrl.c:117:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/wpa_gui-qt4/../../src/common/wpa_ctrl.c:120:12: branch_true: following ‘true’ branch... wpa_supplicant-2.11/wpa_supplicant/wpa_gui-qt4/../../src/common/wpa_ctrl.c:151:12: danger: ‘*<unknown>.s’ leaks here # 149| fchmod(ctrl->s, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); # 150| #endif /* ANDROID */ # 151|-> if (bind(ctrl->s, (struct sockaddr *) &ctrl->local, # 152| sizeof(ctrl->local)) < 0) { # 153| if (errno == EADDRINUSE && tries < 2) { Error: GCC_ANALYZER_WARNING (CWE-775): [#def86] wpa_supplicant-2.11/wpa_supplicant/wpa_gui-qt4/../../src/common/wpa_ctrl.c:208:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*<unknown>.s’ wpa_supplicant-2.11/wpa_supplicant/wpa_gui-qt4/../../src/common/wpa_ctrl.c:94:19: enter_function: entry to ‘wpa_ctrl_open2’ wpa_supplicant-2.11/wpa_supplicant/wpa_gui-qt4/../../src/common/wpa_ctrl.c:104:12: branch_false: following ‘false’ branch (when ‘ctrl_path’ is non-NULL)... wpa_supplicant-2.11/wpa_supplicant/wpa_gui-qt4/../../src/common/wpa_ctrl.c:107:16: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/wpa_gui-qt4/../../src/common/wpa_ctrl.c:108:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/wpa_gui-qt4/../../src/common/wpa_ctrl.c:111:19: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/wpa_gui-qt4/../../src/common/wpa_ctrl.c:112:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/wpa_gui-qt4/../../src/common/wpa_ctrl.c:117:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/wpa_gui-qt4/../../src/common/wpa_ctrl.c:151:12: branch_false: following ‘false’ branch... wpa_supplicant-2.11/wpa_supplicant/wpa_gui-qt4/../../src/common/wpa_ctrl.c:208:9: branch_false: ...to here wpa_supplicant-2.11/wpa_supplicant/wpa_gui-qt4/../../src/common/wpa_ctrl.c:208:9: danger: ‘*<unknown>.s’ leaks here # 206| #endif /* ANDROID */ # 207| # 208|-> ctrl->dest.sun_family = AF_UNIX; # 209| if (os_strncmp(ctrl_path, "@abstract:", 10) == 0) { # 210| ctrl->dest.sun_path[0] = '\0';
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-144.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | wpa_supplicant-2.11-6.fc43 |
| store-results-to | /tmp/tmp_7lh70ea/wpa_supplicant-2.11-6.fc43.tar.xz |
| time-created | 2025-04-25 16:13:18 |
| time-finished | 2025-04-25 16:16:31 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmp_7lh70ea/wpa_supplicant-2.11-6.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp_7lh70ea/wpa_supplicant-2.11-6.fc43.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |