ima-evm-utils-1.6.2-7.fc44

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1]
ima-evm-utils-1.6.2/src/evmctl.c:194:19: warning[-Wanalyzer-malloc-leak]: leak of ‘file2bin(inkey, 0, & len)’
ima-evm-utils-1.6.2/src/evmctl.c:1077:12: enter_function: entry to ‘cmd_import’
ima-evm-utils-1.6.2/src/evmctl.c:1117:12: branch_true: following ‘true’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:1118:34: branch_true: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1120:20: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:1122:23: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1122:23: call_function: calling ‘file2bin’ from ‘cmd_import’
ima-evm-utils-1.6.2/src/evmctl.c:1122:23: return_function: returning to ‘cmd_import’ from ‘file2bin’
ima-evm-utils-1.6.2/src/evmctl.c:1123:20: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:1127:17: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1127:17: throw: if ‘calc_keyid_v2’ throws an exception...
ima-evm-utils-1.6.2/src/evmctl.c:194:19: danger: ‘file2bin(inkey, 0, & len)’ leaks here; was allocated at [(16)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/15)
#  192|   	size_t len;
#  193|   	unsigned char *data;
#  194|-> 	char name[strlen(file) + (ext ? strlen(ext) : 0) + 2];
#  195|   	struct stat stats;
#  196|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def2]
ima-evm-utils-1.6.2/src/evmctl.c:194:19: warning[-Wanalyzer-malloc-leak]: leak of ‘file2bin(keyfile, 0, & keylen)’
ima-evm-utils-1.6.2/src/evmctl.c:1199:12: enter_function: entry to ‘calc_evm_hmac’
ima-evm-utils-1.6.2/src/evmctl.c:1222:15: call_function: calling ‘file2bin’ from ‘calc_evm_hmac’
ima-evm-utils-1.6.2/src/evmctl.c:1222:15: return_function: returning to ‘calc_evm_hmac’ from ‘file2bin’
ima-evm-utils-1.6.2/src/evmctl.c:1223:12: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:1228:13: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1228:12: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:1234:9: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1235:12: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:1238:13: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1238:12: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:1243:13: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1243:12: branch_true: following ‘true’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:1248:26: branch_true: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1248:26: throw: if ‘open’ throws an exception...
ima-evm-utils-1.6.2/src/evmctl.c:194:19: danger: ‘file2bin(keyfile, 0, & keylen)’ leaks here; was allocated at [(12)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/11)
#  192|   	size_t len;
#  193|   	unsigned char *data;
#  194|-> 	char name[strlen(file) + (ext ? strlen(ext) : 0) + 2];
#  195|   	struct stat stats;
#  196|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def3]
ima-evm-utils-1.6.2/src/evmctl.c:317:9: warning[-Wanalyzer-malloc-leak]: leak of ‘popen(&path, "r")’
ima-evm-utils-1.6.2/src/evmctl.c:1199:12: enter_function: entry to ‘calc_evm_hmac’
ima-evm-utils-1.6.2/src/evmctl.c:1222:15: call_function: calling ‘file2bin’ from ‘calc_evm_hmac’
ima-evm-utils-1.6.2/src/evmctl.c:1222:15: return_function: returning to ‘calc_evm_hmac’ from ‘file2bin’
ima-evm-utils-1.6.2/src/evmctl.c:1223:12: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:1228:13: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1228:12: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:1234:9: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1235:12: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:1238:13: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1238:12: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:1243:13: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1265:12: branch_false: following ‘false’ branch (when ‘list_size > 0’)...
ima-evm-utils-1.6.2/src/evmctl.c:1271:16: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1272:12: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:1278:16: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1279:12: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:1284:15: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1285:12: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:1290:14: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1345:12: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:1349:14: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1349:12: branch_true: following ‘true’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:1350:23: branch_true: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1350:23: call_function: calling ‘get_uuid’ from ‘calc_evm_hmac’
#  315|   
#  316|   	len = fread(_uuid, 1, sizeof(_uuid), fp);
#  317|-> 	pclose(fp);
#  318|   	if (len != sizeof(_uuid))
#  319|   		goto err;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def4]
ima-evm-utils-1.6.2/src/evmctl.c:1468:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(path, 0)’
ima-evm-utils-1.6.2/src/evmctl.c:1462:14: acquire_resource: opened here
ima-evm-utils-1.6.2/src/evmctl.c:1463:12: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:1468:9: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1468:9: danger: ‘open(path, 0)’ leaks here; was opened at [(1)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/0)
# 1466|   	}
# 1467|   
# 1468|-> 	close(fd);
# 1469|   
# 1470|   	return 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def5]
ima-evm-utils-1.6.2/src/evmctl.c:1774:14: warning[-Wanalyzer-malloc-leak]: leak of ‘banks’
ima-evm-utils-1.6.2/src/evmctl.c:1782:30: enter_function: entry to ‘init_tpm_banks’
ima-evm-utils-1.6.2/src/evmctl.c:1789:17: acquire_memory: allocated here
ima-evm-utils-1.6.2/src/evmctl.c:1790:12: branch_false: following ‘false’ branch (when ‘banks’ is non-NULL)...
ima-evm-utils-1.6.2/src/evmctl.c:1796:9: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1797:21: branch_true: following ‘true’ branch (when ‘i <= 1’)...
ima-evm-utils-1.6.2/src/evmctl.c:1797:21: branch_true: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1798:29: branch_true: following ‘true’ branch (when ‘j <= 17’)...
ima-evm-utils-1.6.2/src/evmctl.c:1799:55: branch_true: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1799:28: branch_true: following ‘true’ branch (when the strings are equal)...
ima-evm-utils-1.6.2/src/evmctl.c:1800:53: branch_true: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:1800:33: call_function: calling ‘set_bank_info’ from ‘init_tpm_banks’
# 1772|   
# 1773|   	bank->algo_name = algo_name;
# 1774|-> 	md = EVP_get_digestbyname(bank->algo_name);
# 1775|   	if (!md)
# 1776|   		return;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def6]
ima-evm-utils-1.6.2/src/evmctl.c:2016:25: warning[-Wanalyzer-file-leak]: leak of FILE ‘fp’
ima-evm-utils-1.6.2/src/evmctl.c:2026:12: enter_function: entry to ‘read_sysfs_pcrs’
ima-evm-utils-1.6.2/src/evmctl.c:2031:14: acquire_resource: opened here
ima-evm-utils-1.6.2/src/evmctl.c:2032:12: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:2039:18: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2039:18: call_function: calling ‘read_one_bank’ from ‘read_sysfs_pcrs’
# 2014|   		sprintf(pcr_str, "PCR-%2.2d", i);
# 2015|   		if (!strncmp(p, pcr_str, 6))
# 2016|-> 			hex2bin(tpm_bank->pcr[i++], p + 7, tpm_bank->digest_size);
# 2017|   		result = 0;
# 2018|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def7]
ima-evm-utils-1.6.2/src/evmctl.c:2016:25: warning[-Wanalyzer-malloc-leak]: leak of ‘fp’
ima-evm-utils-1.6.2/src/evmctl.c:2026:12: enter_function: entry to ‘read_sysfs_pcrs’
ima-evm-utils-1.6.2/src/evmctl.c:2031:14: acquire_memory: allocated here
ima-evm-utils-1.6.2/src/evmctl.c:2032:12: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:2039:18: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2039:18: call_function: calling ‘read_one_bank’ from ‘read_sysfs_pcrs’
# 2014|   		sprintf(pcr_str, "PCR-%2.2d", i);
# 2015|   		if (!strncmp(p, pcr_str, 6))
# 2016|-> 			hex2bin(tpm_bank->pcr[i++], p + 7, tpm_bank->digest_size);
# 2017|   		result = 0;
# 2018|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def8]
ima-evm-utils-1.6.2/src/evmctl.c:2067:35: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(&file_name, "r")’
ima-evm-utils-1.6.2/src/evmctl.c:2057:21: branch_true: following ‘true’ branch (when ‘i <= 23’)...
ima-evm-utils-1.6.2/src/evmctl.c:2058:17: branch_true: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2060:22: acquire_resource: opened here
ima-evm-utils-1.6.2/src/evmctl.c:2061:20: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:2067:35: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2068:20: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:2073:51: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2073:17: throw: if ‘hex2bin’ throws an exception...
ima-evm-utils-1.6.2/src/evmctl.c:2067:35: danger: ‘fopen(&file_name, "r")’ leaks here; was opened at [(3)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/2)
# 2065|   		}
# 2066|   
# 2067|-> 		p = fgets(digest, tpm_bank->digest_size * 2 + 1, fp);
# 2068|   		if (!p) {
# 2069|   			fclose(fp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def9]
ima-evm-utils-1.6.2/src/evmctl.c:2067:35: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(&file_name, "r")’
ima-evm-utils-1.6.2/src/evmctl.c:2057:21: branch_true: following ‘true’ branch (when ‘i <= 23’)...
ima-evm-utils-1.6.2/src/evmctl.c:2058:17: branch_true: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2060:22: acquire_memory: allocated here
ima-evm-utils-1.6.2/src/evmctl.c:2061:20: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:2067:35: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2068:20: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:2073:51: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2073:17: throw: if ‘hex2bin’ throws an exception...
ima-evm-utils-1.6.2/src/evmctl.c:2067:35: danger: ‘fopen(&file_name, "r")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/2)
# 2065|   		}
# 2066|   
# 2067|-> 		p = fgets(digest, tpm_bank->digest_size * 2 + 1, fp);
# 2068|   		if (!p) {
# 2069|   			fclose(fp);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def10]
ima-evm-utils-1.6.2/src/evmctl.c:2157:50: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "r")’
ima-evm-utils-1.6.2/src/evmctl.c:2107:12: enter_function: entry to ‘read_file_pcrs’
ima-evm-utils-1.6.2/src/evmctl.c:2118:21: branch_true: following ‘true’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:2119:21: branch_true: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2120:20: branch_false: following ‘false’ branch (when ‘p’ is NULL)...
ima-evm-utils-1.6.2/src/evmctl.c:2130:17: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2130:29: branch_true: following ‘true’ branch (when ‘j < num_banks’)...
ima-evm-utils-1.6.2/src/evmctl.c:2131:46: branch_true: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2131:28: branch_true: following ‘true’ branch (when the strings are equal)...
ima-evm-utils-1.6.2/src/evmctl.c:2136:20: branch_true: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2136:20: branch_false: following ‘false’ branch (when ‘bank >= 0’)...
ima-evm-utils-1.6.2/src/evmctl.c:2141:21: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2141:20: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:2146:22: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2146:20: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:2151:22: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2151:22: acquire_resource: opened here
ima-evm-utils-1.6.2/src/evmctl.c:2152:20: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:2157:50: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2157:26: call_function: calling ‘read_one_bank’ from ‘read_file_pcrs’
# 2155|   		}
# 2156|   
# 2157|-> 		result = read_one_bank(&tpm_banks[bank], fp);
# 2158|   		fclose(fp);
# 2159|   		if (result < 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def11]
ima-evm-utils-1.6.2/src/evmctl.c:2157:50: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "r")’
ima-evm-utils-1.6.2/src/evmctl.c:2107:12: enter_function: entry to ‘read_file_pcrs’
ima-evm-utils-1.6.2/src/evmctl.c:2118:21: branch_true: following ‘true’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:2119:21: branch_true: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2120:20: branch_false: following ‘false’ branch (when ‘p’ is NULL)...
ima-evm-utils-1.6.2/src/evmctl.c:2130:17: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2130:29: branch_true: following ‘true’ branch (when ‘j < num_banks’)...
ima-evm-utils-1.6.2/src/evmctl.c:2131:46: branch_true: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2131:28: branch_true: following ‘true’ branch (when the strings are equal)...
ima-evm-utils-1.6.2/src/evmctl.c:2136:20: branch_true: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2136:20: branch_false: following ‘false’ branch (when ‘bank >= 0’)...
ima-evm-utils-1.6.2/src/evmctl.c:2141:21: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2141:20: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:2146:22: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2146:20: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:2151:22: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2151:22: acquire_memory: allocated here
ima-evm-utils-1.6.2/src/evmctl.c:2152:20: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:2157:50: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2157:26: call_function: calling ‘read_one_bank’ from ‘read_file_pcrs’
# 2155|   		}
# 2156|   
# 2157|-> 		result = read_one_bank(&tpm_banks[bank], fp);
# 2158|   		fclose(fp);
# 2159|   		if (result < 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def12]
ima-evm-utils-1.6.2/src/evmctl.c:2541:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(file, "r")’
ima-evm-utils-1.6.2/src/evmctl.c:2529:12: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:2532:14: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2532:12: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:2537:14: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2537:14: acquire_resource: opened here
ima-evm-utils-1.6.2/src/evmctl.c:2538:12: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:2541:13: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2544:14: throw: if ‘EVP_get_digestbyname’ throws an exception...
ima-evm-utils-1.6.2/src/evmctl.c:2541:13: danger: ‘fopen(file, "r")’ leaks here; was opened at [(5)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/4)
# 2539|   		return 1;
# 2540|   
# 2541|-> 	if (imaevm_params.verbose > LOG_INFO)
# 2542|   		log_info("Reading the TPM 1.2 event log (%s)\n", file);
# 2543|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def13]
ima-evm-utils-1.6.2/src/evmctl.c:2541:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(file, "r")’
ima-evm-utils-1.6.2/src/evmctl.c:2529:12: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:2532:14: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2532:12: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:2537:14: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2537:14: acquire_memory: allocated here
ima-evm-utils-1.6.2/src/evmctl.c:2538:12: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:2541:13: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:2544:14: throw: if ‘EVP_get_digestbyname’ throws an exception...
ima-evm-utils-1.6.2/src/evmctl.c:2541:13: danger: ‘fopen(file, "r")’ leaks here; was allocated at [(5)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/4)
# 2539|   		return 1;
# 2540|   
# 2541|-> 	if (imaevm_params.verbose > LOG_INFO)
# 2542|   		log_info("Reading the TPM 1.2 event log (%s)\n", file);
# 2543|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def14]
ima-evm-utils-1.6.2/src/evmctl.c:3002:17: warning[-Wanalyzer-malloc-leak]: leak of ‘password’
ima-evm-utils-1.6.2/src/evmctl.c:2990:20: acquire_memory: allocated here
ima-evm-utils-1.6.2/src/evmctl.c:2991:12: branch_false: following ‘false’ branch (when ‘password’ is non-NULL)...
ima-evm-utils-1.6.2/src/evmctl.c:2996:9: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:3001:12: branch_true: following ‘true’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:3002:17: branch_true: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:3002:17: throw: if ‘perror’ throws an exception...
ima-evm-utils-1.6.2/src/evmctl.c:3002:17: danger: ‘password’ leaks here; was allocated at [(1)](sarif:/runs/0/results/42/codeFlows/0/threadFlows/0/locations/0)
# 3000|   
# 3001|   	if (tcsetattr(fileno(stdin), TCSANOW, &tmp_flags) != 0) {
# 3002|-> 		perror("tcsetattr");
# 3003|   		free(password);
# 3004|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def15]
ima-evm-utils-1.6.2/src/evmctl.c:3012:17: warning[-Wanalyzer-malloc-leak]: leak of ‘password’
ima-evm-utils-1.6.2/src/evmctl.c:2990:20: acquire_memory: allocated here
ima-evm-utils-1.6.2/src/evmctl.c:2991:12: branch_false: following ‘false’ branch (when ‘password’ is non-NULL)...
ima-evm-utils-1.6.2/src/evmctl.c:2996:9: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:3001:12: branch_false: following ‘false’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:3007:9: branch_false: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:3011:12: branch_true: following ‘true’ branch...
ima-evm-utils-1.6.2/src/evmctl.c:3012:17: branch_true: ...to here
ima-evm-utils-1.6.2/src/evmctl.c:3012:17: throw: if ‘perror’ throws an exception...
ima-evm-utils-1.6.2/src/evmctl.c:3012:17: danger: ‘password’ leaks here; was allocated at [(1)](sarif:/runs/0/results/43/codeFlows/0/threadFlows/0/locations/0)
# 3010|   	/* restore terminal */
# 3011|   	if (tcsetattr(fileno(stdin), TCSANOW, &flags) != 0) {
# 3012|-> 		perror("tcsetattr");
# 3013|   		free(password);
# 3014|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def16]
ima-evm-utils-1.6.2/src/libimaevm.c:152:21: warning[-Wanalyzer-file-leak]: leak of FILE 'fopen(file, "r")'
ima-evm-utils-1.6.2/src/libimaevm.c:770:5: enter_function: entry to 'ima_verify_signature2'
ima-evm-utils-1.6.2/src/libimaevm.c:778:12: branch_false: following 'false' branch...
ima-evm-utils-1.6.2/src/libimaevm.c:783:12: branch_false: ...to here
ima-evm-utils-1.6.2/src/libimaevm.c:789:12: branch_false: following 'false' branch...
ima-evm-utils-1.6.2/src/libimaevm.c:794:21: branch_false: ...to here
ima-evm-utils-1.6.2/src/libimaevm.c:794:21: call_function: calling 'imaevm_hash_algo_by_id' from 'ima_verify_signature2'
ima-evm-utils-1.6.2/src/libimaevm.c:794:21: return_function: returning to 'ima_verify_signature2' from 'imaevm_hash_algo_by_id'
ima-evm-utils-1.6.2/src/libimaevm.c:800:12: branch_false: following 'false' branch...
ima-evm-utils-1.6.2/src/libimaevm.c:805:19: branch_false: ...to here
ima-evm-utils-1.6.2/src/libimaevm.c:805:19: call_function: calling 'ima_calc_hash2' from 'ima_verify_signature2'
#  150|   	for (size = stats.st_size; size; size -= len) {
#  151|   		len = MIN(size, bs);
#  152|-> 		if (fread(data, len, 1, fp) != 1) {
#  153|   			if (ferror(fp)) {
#  154|   				log_err("fread() failed\n\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def17]
ima-evm-utils-1.6.2/src/libimaevm.c:152:21: warning[-Wanalyzer-malloc-leak]: leak of 'fopen(file, "r")'
ima-evm-utils-1.6.2/src/libimaevm.c:770:5: enter_function: entry to 'ima_verify_signature2'
ima-evm-utils-1.6.2/src/libimaevm.c:778:12: branch_false: following 'false' branch...
ima-evm-utils-1.6.2/src/libimaevm.c:783:12: branch_false: ...to here
ima-evm-utils-1.6.2/src/libimaevm.c:789:12: branch_false: following 'false' branch...
ima-evm-utils-1.6.2/src/libimaevm.c:794:21: branch_false: ...to here
ima-evm-utils-1.6.2/src/libimaevm.c:794:21: call_function: calling 'imaevm_hash_algo_by_id' from 'ima_verify_signature2'
ima-evm-utils-1.6.2/src/libimaevm.c:794:21: return_function: returning to 'ima_verify_signature2' from 'imaevm_hash_algo_by_id'
ima-evm-utils-1.6.2/src/libimaevm.c:800:12: branch_false: following 'false' branch...
ima-evm-utils-1.6.2/src/libimaevm.c:805:19: branch_false: ...to here
ima-evm-utils-1.6.2/src/libimaevm.c:805:19: call_function: calling 'ima_calc_hash2' from 'ima_verify_signature2'
#  150|   	for (size = stats.st_size; size; size -= len) {
#  151|   		len = MIN(size, bs);
#  152|-> 		if (fread(data, len, 1, fp) != 1) {
#  153|   			if (ferror(fp)) {
#  154|   				log_err("fread() failed\n\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def18]
ima-evm-utils-1.6.2/src/libimaevm.c:159:22: warning[-Wanalyzer-malloc-leak]: leak of 'data'
ima-evm-utils-1.6.2/src/libimaevm.c:770:5: enter_function: entry to 'ima_verify_signature2'
ima-evm-utils-1.6.2/src/libimaevm.c:778:12: branch_false: following 'false' branch...
ima-evm-utils-1.6.2/src/libimaevm.c:783:12: branch_false: ...to here
ima-evm-utils-1.6.2/src/libimaevm.c:789:12: branch_false: following 'false' branch...
ima-evm-utils-1.6.2/src/libimaevm.c:794:21: branch_false: ...to here
ima-evm-utils-1.6.2/src/libimaevm.c:794:21: call_function: calling 'imaevm_hash_algo_by_id' from 'ima_verify_signature2'
ima-evm-utils-1.6.2/src/libimaevm.c:794:21: return_function: returning to 'ima_verify_signature2' from 'imaevm_hash_algo_by_id'
ima-evm-utils-1.6.2/src/libimaevm.c:800:12: branch_false: following 'false' branch...
ima-evm-utils-1.6.2/src/libimaevm.c:805:19: branch_false: ...to here
ima-evm-utils-1.6.2/src/libimaevm.c:805:19: call_function: calling 'ima_calc_hash2' from 'ima_verify_signature2'
#  157|   			break;
#  158|   		}
#  159|-> 		if (!EVP_DigestUpdate(ctx, data, len)) {
#  160|   			log_err("EVP_DigestUpdate() failed\n");
#  161|   			err = 1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def19]
ima-evm-utils-1.6.2/src/libimaevm.c:394:1: warning[-Wanalyzer-malloc-leak]: leak of 'entry'
ima-evm-utils-1.6.2/src/libimaevm.c:733:5: enter_function: entry to 'imaevm_verify_hash'
ima-evm-utils-1.6.2/src/libimaevm.c:738:12: branch_false: following 'false' branch...
ima-evm-utils-1.6.2/src/libimaevm.c:753:19: branch_false: ...to here
ima-evm-utils-1.6.2/src/libimaevm.c:753:19: branch_true: following 'true' branch...
ima-evm-utils-1.6.2/src/libimaevm.c:754:24: branch_true: ...to here
ima-evm-utils-1.6.2/src/libimaevm.c:754:24: call_function: calling 'verify_hash_v2' from 'imaevm_verify_hash'
#  392|   	log_err("key %d: %x (unknown keyid)\n", i, __be32_to_cpup(&keyid));
#  393|   	return 0;
#  394|-> }
#  395|   
#  396|   void imaevm_free_public_keys(struct public_key_entry *public_keys)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def20]
ima-evm-utils-1.6.2/src/libimaevm.c:961:14: warning[-Wanalyzer-file-leak]: leak of FILE 'fopen(certfile, "r")'
ima-evm-utils-1.6.2/src/libimaevm.c:957:20: acquire_resource: opened here
ima-evm-utils-1.6.2/src/libimaevm.c:957:12: branch_false: following 'false' branch...
ima-evm-utils-1.6.2/src/libimaevm.c:961:14: branch_false: ...to here
ima-evm-utils-1.6.2/src/libimaevm.c:961:14: throw: if 'PEM_read_X509' throws an exception...
ima-evm-utils-1.6.2/src/libimaevm.c:961:14: danger: 'fopen(certfile, "r")' leaks here; was opened at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  959|   		return -1;
#  960|   	}
#  961|-> 	if (!PEM_read_X509(fp, &x, NULL, NULL)) {
#  962|   		if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) {
#  963|   			ERR_clear_error();

Error: GCC_ANALYZER_WARNING (CWE-401): [#def21]
ima-evm-utils-1.6.2/src/libimaevm.c:961:14: warning[-Wanalyzer-malloc-leak]: leak of 'fopen(certfile, "r")'
ima-evm-utils-1.6.2/src/libimaevm.c:957:20: acquire_memory: allocated here
ima-evm-utils-1.6.2/src/libimaevm.c:957:12: branch_false: following 'false' branch...
ima-evm-utils-1.6.2/src/libimaevm.c:961:14: branch_false: ...to here
ima-evm-utils-1.6.2/src/libimaevm.c:961:14: throw: if 'PEM_read_X509' throws an exception...
ima-evm-utils-1.6.2/src/libimaevm.c:961:14: danger: 'fopen(certfile, "r")' leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  959|   		return -1;
#  960|   	}
#  961|-> 	if (!PEM_read_X509(fp, &x, NULL, NULL)) {
#  962|   		if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) {
#  963|   			ERR_clear_error();

Error: GCC_ANALYZER_WARNING (CWE-775): [#def22]
ima-evm-utils-1.6.2/src/libimaevm.c:1150:24: warning[-Wanalyzer-file-leak]: leak of FILE 'fopen(keyfile, "r")'
ima-evm-utils-1.6.2/src/libimaevm.c:1128:12: branch_false: following 'false' branch...
ima-evm-utils-1.6.2/src/libimaevm.c:1145:22: branch_false: ...to here
ima-evm-utils-1.6.2/src/libimaevm.c:1145:22: acquire_resource: opened here
ima-evm-utils-1.6.2/src/libimaevm.c:1146:20: branch_false: following 'false' branch...
ima-evm-utils-1.6.2/src/libimaevm.c:1150:24: branch_false: ...to here
ima-evm-utils-1.6.2/src/libimaevm.c:1150:24: throw: if 'PEM_read_PrivateKey' throws an exception...
ima-evm-utils-1.6.2/src/libimaevm.c:1150:24: danger: 'fopen(keyfile, "r")' leaks here; was opened at [(3)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/2)
# 1148|   			return NULL;
# 1149|   		}
# 1150|-> 		pkey = PEM_read_PrivateKey(fp, NULL, NULL, (void *)keypass);
# 1151|   		if (!pkey) {
# 1152|   			log_err("Failed to PEM_read_PrivateKey key file: %s\n",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def23]
ima-evm-utils-1.6.2/src/libimaevm.c:1150:24: warning[-Wanalyzer-malloc-leak]: leak of 'fopen(keyfile, "r")'
ima-evm-utils-1.6.2/src/libimaevm.c:1128:12: branch_false: following 'false' branch...
ima-evm-utils-1.6.2/src/libimaevm.c:1145:22: branch_false: ...to here
ima-evm-utils-1.6.2/src/libimaevm.c:1145:22: acquire_memory: allocated here
ima-evm-utils-1.6.2/src/libimaevm.c:1146:20: branch_false: following 'false' branch...
ima-evm-utils-1.6.2/src/libimaevm.c:1150:24: branch_false: ...to here
ima-evm-utils-1.6.2/src/libimaevm.c:1150:24: throw: if 'PEM_read_PrivateKey' throws an exception...
ima-evm-utils-1.6.2/src/libimaevm.c:1150:24: danger: 'fopen(keyfile, "r")' leaks here; was allocated at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
# 1148|   			return NULL;
# 1149|   		}
# 1150|-> 		pkey = PEM_read_PrivateKey(fp, NULL, NULL, (void *)keypass);
# 1151|   		if (!pkey) {
# 1152|   			log_err("Failed to PEM_read_PrivateKey key file: %s\n",
Scan Properties

analyzer-version-clippy	1.92.0
analyzer-version-cppcheck	2.19.1
analyzer-version-gcc	16.0.0
analyzer-version-gcc-analyzer	16.0.0
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-26.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	ima-evm-utils-1.6.2-7.fc44
store-results-to	/tmp/tmpqf1k9s5q/ima-evm-utils-1.6.2-7.fc44.tar.xz
time-created	2026-01-08 17:03:57
time-finished	2026-01-08 17:05:34
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpqf1k9s5q/ima-evm-utils-1.6.2-7.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpqf1k9s5q/ima-evm-utils-1.6.2-7.fc44.src.rpm'
tool-version	csmock-3.8.3.20251215.161544.g62de9a5-1.el9