| Project Name | CID | Checker | Category | Developer Description |
|---|---|---|---|---|
| Ring | 1369567 | RESOURCE_LEAK | Resource leaks | Each call of the impacted function may consumes many bytes (it's a file path). This function is on a critical section related to the security and our application has an embedded target. An attacker can easily prompt thousand of this calls in a short time to cause a DDoS. Thanks to Coverity for this defect detection. |
848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 |
char* dup = strdup(privateKeyPath_.c_str());
#ifndef WIN32_NATIVE
const char* dir = dirname(dup);
#else
char* dir;
_splitpath(certificatePath_.c_str(), nullptr, dir, nullptr, nullptr);
#endif
struct stat statbuf;
int err = stat(dir, &statbuf);
if (err)
return TlsValidator::CheckResult(CheckValues::UNSUPPORTED, "");
return TlsValidator::CheckResult(
/* READ WRITE EXECUTE */
/* Owner */ ( (statbuf.st_mode & S_IRUSR) /* write is not relevant */ && (statbuf.st_mode & S_IXUSR))
/* Group */ && (!(statbuf.st_mode & S_IRGRP) && !(statbuf.st_mode & S_IWGRP) && !(statbuf.st_mode & S_IXGRP))
/* Other */ && (!(statbuf.st_mode & S_IROTH) && !(statbuf.st_mode & S_IWOTH) && !(statbuf.st_mode & S_IXOTH))
&& S_ISDIR(statbuf.st_mode) ? CheckValues::PASSED:CheckValues::FAILED, "");
}
TlsValidator::CheckResult TlsValidator::publicKeyDirectoryPermissions()
{ |
<< 1. Storage is returned from allocation function "strdup".
<< 2. Assigning: "dup" = storage returned from "strdup(this->certificatePath_.c_str())".
872 873 |
char* dup = strdup(certificatePath_.c_str()); #ifndef WIN32_NATIVE |
<< 3. Passing "dup" as argument 1 to function "dirname", which returns that argument.
<< 4. Resource "dup" is not freed or pointed-to in "dirname".
<< 5. Assigning: "dir" = storage returned from "dirname(dup)".
874 875 876 877 878 879 880 |
const char* dir = dirname(dup); #else char* dir; _splitpath(certificatePath_.c_str(), nullptr, dir, nullptr, nullptr); #endif struct stat statbuf; |
<< 6. Resource "dir" is not freed or pointed-to in "stat".
881 |
int err = stat(dir, &statbuf); |
< 7. Condition "err", taking true branch.
882 |
if (err) |
<< 8. Variable "dir" going out of scope leaks the storage it points to.
<<< CID 1369567: Resource leaks RESOURCE_LEAK <<< 9. Variable "dup" going out of scope leaks the storage it points to.
883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 |
return TlsValidator::CheckResult(CheckValues::UNSUPPORTED, ""); return TlsValidator::CheckResult( /* READ WRITE EXECUTE */ /* Owner */ ( (statbuf.st_mode & S_IRUSR) /* write is not relevant */ && (statbuf.st_mode & S_IXUSR)) /* Group */ && (!(statbuf.st_mode & S_IRGRP) && !(statbuf.st_mode & S_IWGRP) && !(statbuf.st_mode & S_IXGRP)) /* Other */ && (!(statbuf.st_mode & S_IROTH) && !(statbuf.st_mode & S_IWOTH) && !(statbuf.st_mode & S_IXOTH)) && S_ISDIR(statbuf.st_mode) ? CheckValues::PASSED:CheckValues::FAILED, ""); } /** * Certificate should be located in specific path on some operating systems */ TlsValidator::CheckResult TlsValidator::privateKeyStorageLocation() { // TODO return TlsValidator::CheckResult(CheckValues::UNSUPPORTED, ""); } /** * Certificate should be located in specific path on some operating systems */ TlsValidator::CheckResult TlsValidator::publicKeyStorageLocation() { // TODO return TlsValidator::CheckResult(CheckValues::UNSUPPORTED, ""); } |
| 1. alloc_fn | tlsvalidator.cpp:872 | |
| 2. var_assign | tlsvalidator.cpp:872 | |
| 3. identity_transfer | tlsvalidator.cpp:874 | |
| 4. noescape | tlsvalidator.cpp:874 | |
| 5. var_assign | tlsvalidator.cpp:874 | |
| 6. noescape | tlsvalidator.cpp:881 | |
| 8. leaked_storage | tlsvalidator.cpp:883 | |
| 9. leaked_storage | tlsvalidator.cpp:883 |