From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.3 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 928F1C4338F for ; Mon, 16 Aug 2021 19:57:40 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id AAF2A60EE0 for ; Mon, 16 Aug 2021 19:57:39 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org AAF2A60EE0 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=konsulko.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id E371E8060B; Mon, 16 Aug 2021 21:57:36 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=konsulko.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=konsulko.com header.i=@konsulko.com header.b="C5bjFzux"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 60004807F3; Mon, 16 Aug 2021 21:57:35 +0200 (CEST) Received: from mail-qv1-xf35.google.com (mail-qv1-xf35.google.com [IPv6:2607:f8b0:4864:20::f35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id BA9508023C for ; Mon, 16 Aug 2021 21:57:30 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=konsulko.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=trini@konsulko.com Received: by mail-qv1-xf35.google.com with SMTP id jv8so2393279qvb.3 for ; Mon, 16 Aug 2021 12:57:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; h=date:from:to:subject:message-id:mime-version:content-disposition :user-agent; bh=65FnRjiTyF5fSR/Im2KrmwZHZ6mIwd8by4vu1fWmyI8=; b=C5bjFzuxU5PgZwe6odscSIOf3aRWArev72unfjSkqlknHKzVeTpqzBQiT1dJxXFNnq E8bnsid0hh4gOb5U4UcZ1sPb9vYaqFwcKgLElM9Eg7neeq04c/oZdzsoTHSdi17mm2bl i+2jtgBIjEgxvuzUI62gVWhEpU2PLFUeCLzuo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:mime-version :content-disposition:user-agent; bh=65FnRjiTyF5fSR/Im2KrmwZHZ6mIwd8by4vu1fWmyI8=; b=mQ0DUo4VHQVpcM5IeGgQLduwmPwwUiWHp7FMrCZoO0Igk369Xs97vXAkVJyCddnEnl wnL8+DLPrvPK5FO39UubrWbvqD4GuoRXRK6oBbhnKqITJDkaaATjn5vGbfBKJVg7ZvAy +zlOiGRXT727Fr6F5hzIbEC8FFueceIshlM7WD0HS1fsGJ9/U16oWA1gd6Ap6dAzol8G mLeotkzbAxCAWNH+Hw+ULPSCb+o2z+e/RMU3wNZIV869fKO7iSKBqE6boR7wRS1EnUDp HJ7x4TsST3dOHx96Op/HEdOMuqJ2NhQDZh80/6hTzhmR1nQ2r2jkHueoiE10arqAxfgX KJPA== X-Gm-Message-State: AOAM531YvKFC0HgZDkHwpohl3phlilSpojFmuIHEj5Zw0hoROhG1V9wN HwZMHWCp07e4uoTD0qNgmzYtAtt9ZA0N17U4 X-Google-Smtp-Source: ABdhPJyxzmgU/j9DBfBP3o2aUTYGP9OKghd3fh2HVAuNR+tAH0XEdkXbnjQO1w0aKb27uqVpUBxavw== X-Received: by 2002:a05:6214:508:: with SMTP id v8mr373506qvw.33.1629143849268; Mon, 16 Aug 2021 12:57:29 -0700 (PDT) Received: from bill-the-cat (2603-6081-7b01-cbda-052e-d62b-d66a-f817.res6.spectrum.com. [2603:6081:7b01:cbda:52e:d62b:d66a:f817]) by smtp.gmail.com with ESMTPSA id p19sm141926qtx.10.2021.08.16.12.57.28 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Mon, 16 Aug 2021 12:57:28 -0700 (PDT) Date: Mon, 16 Aug 2021 15:57:26 -0400 From: Tom Rini To: u-boot@lists.denx.de, Simon Glass , Pali =?iso-8859-1?Q?Roh=E1r?= , Alexandru Gagniuc Subject: [scan-admin@coverity.com: New Defects reported by Coverity Scan for Das U-Boot] Message-ID: <20210816195726.GD858@bill-the-cat> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="77juosrL+unDT9wJ" Content-Disposition: inline X-Clacks-Overhead: GNU Terry Pratchett User-Agent: Mutt/1.9.4 (2018-02-28) X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean --77juosrL+unDT9wJ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hey all, Can people please take a look? I can mark as intentional anything that really is intentional, thanks. ----- Forwarded message from scan-admin@coverity.com ----- Date: Mon, 16 Aug 2021 18:33:32 +0000 (UTC) =46rom: scan-admin@coverity.com To: tom.rini@gmail.com Subject: New Defects reported by Coverity Scan for Das U-Boot Hi, Please find the latest report on new defect(s) introduced to Das U-Boot fou= nd with Coverity Scan. 7 new defect(s) introduced to Das U-Boot found with Coverity Scan. 3 defect(s), reported by Coverity Scan earlier, were marked fixed in the re= cent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 7 of 7 defect(s) ** CID 338491: Null pointer dereferences (NULL_RETURNS) /tools/kwbimage.c: 1066 in export_pub_kak_hash() ___________________________________________________________________________= _____________________________ *** CID 338491: Null pointer dereferences (NULL_RETURNS) /tools/kwbimage.c: 1066 in export_pub_kak_hash() 1060 int res; 1061 =20 1062 hashf =3D fopen("pub_kak_hash.txt", "w"); 1063 =20 1064 res =3D kwb_export_pubkey(kak, &secure_hdr->kak, hashf, "KAK"); 1065 =20 >>> CID 338491: Null pointer dereferences (NULL_RETURNS) >>> Dereferencing a pointer that might be "NULL" "hashf" when calling "= fclose". 1066 fclose(hashf); 1067 =20 1068 return res < 0 ? 1 : 0; 1069 } 1070 =20 1071 int kwb_sign_csk_with_kak(struct image_tool_params *params, ** CID 338490: Control flow issues (DEADCODE) /drivers/tpm/sandbox_common.c: 34 in sb_tpm_index_to_seq() ___________________________________________________________________________= _____________________________ *** CID 338490: Control flow issues (DEADCODE) /drivers/tpm/sandbox_common.c: 34 in sb_tpm_index_to_seq() 28 case FWMP_NV_INDEX: 29 return NV_SEQ_FWMP; 30 case MRC_REC_HASH_NV_INDEX: 31 return NV_SEQ_REC_HASH; 32 case 0: 33 return NV_SEQ_GLOBAL_LOCK; >>> CID 338490: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "case TPM_NV_INDEX_LOCK:". 34 case TPM_NV_INDEX_LOCK: 35 return NV_SEQ_ENABLE_LOCKING; 36 } 37 =20 38 printf("Invalid nv index %#x\n", index); 39 return -1; ** CID 338489: Control flow issues (DEADCODE) /drivers/tpm/tpm2_tis_sandbox.c: 652 in sandbox_tpm2_xfer() ___________________________________________________________________________= _____________________________ *** CID 338489: Control flow issues (DEADCODE) /drivers/tpm/tpm2_tis_sandbox.c: 652 in sandbox_tpm2_xfer() 646 =20 647 for (i =3D 0; i < SANDBOX_TPM_PCR_NB; i++) 648 if (pcr_map & BIT(i)) 649 pcr_index =3D i; 650 =20 651 if (pcr_index >=3D SANDBOX_TPM_PCR_NB) { >>> CID 338489: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "printf("Invalid index %d, s= =2E..". 652 printf("Invalid index %d, sandbox TPM handles up to %d PCR(s)\n", 653 pcr_index, SANDBOX_TPM_PCR_NB); 654 rc =3D TPM2_RC_VALUE; 655 return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc); 656 } 657 =20 ** CID 338488: Memory - illegal accesses (NEGATIVE_RETURNS) /tools/kwbimage.c: 1093 in kwb_sign_csk_with_kak() ___________________________________________________________________________= _____________________________ *** CID 338488: Memory - illegal accesses (NEGATIVE_RETURNS) /tools/kwbimage.c: 1093 in kwb_sign_csk_with_kak() 1087 if (export_pub_kak_hash(kak, secure_hdr)) 1088 return 1; 1089 =20 1090 if (kwb_import_pubkey(&kak_pub, &secure_hdr->kak, "KAK") < 0) 1091 return 1; 1092 =20 >>> CID 338488: Memory - illegal accesses (NEGATIVE_RETURNS) >>> Using variable "csk_idx" as an index to array "secure_hdr->csk". 1093 if (kwb_export_pubkey(csk, &secure_hdr->csk[csk_idx], NULL, "CSK"= ) < 0) 1094 return 1; 1095 =20 1096 if (kwb_sign_and_verify(kak, &secure_hdr->csk, 1097 sizeof(secure_hdr->csk) + 1098 sizeof(secure_hdr->csksig), ** CID 338487: Null pointer dereferences (FORWARD_NULL) ___________________________________________________________________________= _____________________________ *** CID 338487: Null pointer dereferences (FORWARD_NULL) /test/dm/ecdsa.c: 34 in dm_test_ecdsa_verify() 28 struct image_sign_info info =3D { 29 .checksum =3D &algo, 30 }; 31 =20 32 ut_assertok(uclass_get(UCLASS_ECDSA, &ucp)); 33 ut_assertnonnull(ucp); >>> CID 338487: Null pointer dereferences (FORWARD_NULL) >>> Passing "&info" to "ecdsa_verify", which dereferences null "info.fd= t_blob". 34 ut_asserteq(-ENODEV, ecdsa_verify(&info, NULL, 0, NULL, 0)); 35 =20 36 return 0; 37 } ** CID 338486: Null pointer dereferences (NULL_RETURNS) /tools/kwbimage.c: 836 in kwb_dump_fuse_cmds() ___________________________________________________________________________= _____________________________ *** CID 338486: Null pointer dereferences (NULL_RETURNS) /tools/kwbimage.c: 836 in kwb_dump_fuse_cmds() 830 return 0; 831 =20 832 if (!strcmp(e->name, "a38x")) { 833 FILE *out =3D fopen("kwb_fuses_a38x.txt", "w+"); 834 =20 835 kwb_dump_fuse_cmds_38x(out, sec_hdr); >>> CID 338486: Null pointer dereferences (NULL_RETURNS) >>> Dereferencing a pointer that might be "NULL" "out" when calling "fc= lose". 836 fclose(out); 837 goto done; 838 } 839 =20 840 ret =3D -ENOSYS; 841 =20 ** CID 338485: Security best practices violations (STRING_OVERFLOW) /test/str_ut.c: 126 in run_strtoull() ___________________________________________________________________________= _____________________________ *** CID 338485: Security best practices violations (STRING_OVERFLOW) /test/str_ut.c: 126 in run_strtoull() 120 bool upper) 121 { 122 char out[TEST_STR_SIZE]; 123 char *endp; 124 unsigned long long val; 125 =20 >>> CID 338485: Security best practices violations (STRING_OVERFLOW) >>> You might overrun the 200-character fixed-size string "out" by copy= ing "str" without checking the length. 126 strcpy(out, str); 127 if (upper) 128 str_to_upper(out, out, -1); 129 =20 130 val =3D simple_strtoull(out, &endp, base); 131 ut_asserteq(expect_val, val); ___________________________________________________________________________= _____________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.n= et/ls/click?upn=3DHRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoA22WlOQ-2By3= ieUvdbKmOyw68TMVT4Kip-2BBzfOGWXJ5yIiYplmPF9KAnKIja4Zd7tU-3Dpne1_EEm8SbLgSDs= aDZif-2Bv7ch8WqhKpLoKErHi4nXpwDNTsGY-2Fdp5hfqC-2B6ss-2FtTgTZdxyWngwdNCSBcWa= oglYsMi33qZ6o4IvlPo1NMZ6HKzSbi0k3YdDAC-2BTUaeXbDEnIRwEUtXC7QvseJgqoTO7Dy-2F= biEUFH4xtjfmqCkZmTJb3YVLV9-2Ba99V6cQv2l1vnfXAACur8TFDo8g-2FsXRbmip9nw-3D-3D To manage Coverity Scan email notifications for "tom.rini@gmail.com", cli= ck https://u15810271.ct.sendgrid.net/ls/click?upn=3DHRESupC-2F2Czv4BOaCWWCy= 7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxWeIHzDeopm-2BEWQ6S6K-2FtUHv9ZTk8= qZbuzkkz9sa-2BJFw4elYDyedRVZOC-2ButxjBZdouVmTGuWB6Aj6G7lm7t25-2Biv1B-2B9082= pHzCCex2kqMs-3DZz5A_EEm8SbLgSDsaDZif-2Bv7ch8WqhKpLoKErHi4nXpwDNTsGY-2Fdp5hf= qC-2B6ss-2FtTgTZdXwxIYMpdS4H155aON0dxh2JciN9BuG3rKCbVzTcBZLXOvfO7Si-2FBGSpo= JNCavkeTT3AGnasDLWxyxFydCRuDUJa2tYQzp6QhBJbaTuEIeds3Dm8aBmYjPfgEtJGmGgn084O= EX2dKxosO7FhRlH0u8A-3D-3D ----- End forwarded message ----- --=20 Tom --77juosrL+unDT9wJ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmEawx8ACgkQFHw5/5Y0 tyykdwv8Di+751uH+J+m/P//cviLSYQykqfEy82Nw5qcjp2/DHfxII2mdFvlqPdQ vVULDqhVlvCuMqlpLkBHTzqXT5zHbAH5KZNDfEc34v4RvIaogMUs0pJwvHiO1mQe e0ILJCq30uwY9oE481rOTBc2os5WbHPt4nuPsf5l2w4ILKufiwvlmMlCkBYNN3+K NK5gb2kBpX9zN2SBpWLGSv1HFcWECJVxtgO5asZiv+vQ9414u2OjGwTN+p8sJOnJ hHUioaY0B9Skq6ci2KAN2GX7jgaHI8ZnHUgK7gNbaADRIXZn+tqWy6nV0xFBWI4l BltBtAfYHYleLs3tI6E9cHA5L/eioHNc9jah+0BmF1uQ+Nx+ElzI2C20AbdEknej 0W/OBESstPfSzAu8OIqSMTPR846CQm/ttD7vmLSf0+DkfWYJWxr4ek2hgJVV1jom ZoUG0yX9RuyF0YmU9n+5yxbzmrRglpeTc1dsBWCnozMiGOl0fE+d+zxLx6AgsChR e2O69AGC =WtYE -----END PGP SIGNATURE----- --77juosrL+unDT9wJ--