From: Jiri Popelka <jpopelka@redhat.com>
To: netfilter-devel@vger.kernel.org
Cc: Jiri Popelka <jpopelka@redhat.com>
Subject: [PATCH 0/8] Possible problems found by static analysis of code
Date: Fri, 10 Jun 2011 15:25:54 +0200 [thread overview]
Message-ID: <1307712362-17727-1-git-send-email-jpopelka@redhat.com> (raw)
We had analyzed the iptables-1.4.10 code with Coverity.
Coverity is commercial enterprise level tool for
static analysis (analysis based only on compiling of sources,
not based on running of binary) of the code.
As a result I have the following patches that should fix some possible problems.
There's a respective part(s) of the Coverity error log in each commit comment.
You could also find this link useful:
https://www.securecoding.cert.org/confluence/display/seccode/Coverity+Prevent
Jiri Popelka (8):
iptables: Coverity: DEADCODE
iptables: Coverity: FORWARD_NULL
iptables: Coverity: NEGATIVE_RETURNS
iptables: Coverity: REVERSE_INULL
iptables: Coverity: UNINIT
iptables: Coverity: VARARGS
iptables: Coverity: OVERRUN_STATIC
iptables: Coverity: RESOURCE_LEAK
extensions/libip6t_REJECT.c | 13 +++++++------
extensions/libipt_REJECT.c | 11 ++++++-----
extensions/libxt_multiport.c | 2 --
extensions/libxt_sctp.c | 2 +-
iptables/ip6tables-restore.c | 3 +--
iptables/ip6tables.c | 5 ++++-
iptables/iptables-restore.c | 5 ++---
iptables/iptables-xml.c | 6 +++---
iptables/iptables.c | 8 ++++++--
iptables/xtables.c | 15 +++++++++++----
libipq/libipq.c | 1 -
libiptc/libiptc.c | 8 +++-----
12 files changed, 44 insertions(+), 35 deletions(-)
--
1.7.5.2
next reply other threads:[~2011-06-10 13:26 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-10 13:25 Jiri Popelka [this message]
2011-06-10 13:25 ` [PATCH 1/8] iptables: Coverity: DEADCODE Jiri Popelka
2011-06-22 13:49 ` Jan Engelhardt
2011-06-10 13:25 ` [PATCH 2/8] iptables: Coverity: FORWARD_NULL Jiri Popelka
2011-06-10 13:25 ` [PATCH 3/8] iptables: Coverity: NEGATIVE_RETURNS Jiri Popelka
2011-06-22 13:55 ` Jan Engelhardt
2011-06-10 13:25 ` [PATCH 4/8] iptables: Coverity: REVERSE_INULL Jiri Popelka
2011-06-22 13:58 ` Jan Engelhardt
2011-06-10 13:25 ` [PATCH 5/8] iptables: Coverity: UNINIT Jiri Popelka
2011-06-10 13:26 ` [PATCH 6/8] iptables: Coverity: VARARGS Jiri Popelka
2011-06-22 13:59 ` Jan Engelhardt
2011-06-10 13:26 ` [PATCH 7/8] iptables: Coverity: OVERRUN_STATIC Jiri Popelka
2011-06-10 21:10 ` Jan Engelhardt
2011-06-10 13:26 ` [PATCH 8/8] iptables: Coverity: RESOURCE_LEAK Jiri Popelka
2011-06-22 16:09 ` Jan Engelhardt
2011-06-10 16:04 ` [PATCH 0/8] Possible problems found by static analysis of code Pablo Neira Ayuso
2011-06-11 13:40 ` Jozsef Kadlecsik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1307712362-17727-1-git-send-email-jpopelka@redhat.com \
--to=jpopelka@redhat.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).