Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: coverity warnings (Y2K38_SAFETY and OOB access)
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 25 Sep 2023 13:51:51 +0200 (CEST)
On Mon, 25 Sep 2023, Sergey Bronnikov via curl-library wrote:
> 1. 1568154 Use of 32-bit time_t
> The time value stored in this integer will represent a different, but
> possibly valid, time.
> In Curl_hostcache_prune: A 64-bit time_t value is stored in a smaller
> width integer. (CWE-197)
This is a false positive. The timeout there is the relative time from last use
until now - in seconds - which is likely to always fit in an int, even in the
most extreme cases.
It could possibly be rewritten to aovid triggering Coverity.
> 2. 1568144 Out-of-bounds access
> Access of memory not owned by this buffer may cause crashes or incorrect
> computations.
> In Curl_sock_assign_addr: Out-of-bounds access to a buffer (CWE-119)
>
> Relevant part of source code, ./lib/cf-socket.c:250:
>
> <snipped>
>
> dest->addrlen = ai->ai_addrlen;
>
> if(dest->addrlen > sizeof(struct Curl_sockaddr_storage))
> dest->addrlen = sizeof(struct Curl_sockaddr_storage);
> memcpy(&dest->sa_addr, ai->ai_addr, dest->addrlen);
>
> ^^^^^^^^
This is a false positive. Because 'dest->sa_addr' is here is part of a union,
where the only other union member is a 'struct Curl_sockaddr_storage' and thus
it will not overwrite memory outside the struct.
This too could be rewritten to avoid the warning, but would probably instead
need more typecasts.
Date: Mon, 25 Sep 2023 13:51:51 +0200 (CEST)
On Mon, 25 Sep 2023, Sergey Bronnikov via curl-library wrote:
> 1. 1568154 Use of 32-bit time_t
> The time value stored in this integer will represent a different, but
> possibly valid, time.
> In Curl_hostcache_prune: A 64-bit time_t value is stored in a smaller
> width integer. (CWE-197)
This is a false positive. The timeout there is the relative time from last use
until now - in seconds - which is likely to always fit in an int, even in the
most extreme cases.
It could possibly be rewritten to aovid triggering Coverity.
> 2. 1568144 Out-of-bounds access
> Access of memory not owned by this buffer may cause crashes or incorrect
> computations.
> In Curl_sock_assign_addr: Out-of-bounds access to a buffer (CWE-119)
>
> Relevant part of source code, ./lib/cf-socket.c:250:
>
> <snipped>
>
> dest->addrlen = ai->ai_addrlen;
>
> if(dest->addrlen > sizeof(struct Curl_sockaddr_storage))
> dest->addrlen = sizeof(struct Curl_sockaddr_storage);
> memcpy(&dest->sa_addr, ai->ai_addr, dest->addrlen);
>
> ^^^^^^^^
This is a false positive. Because 'dest->sa_addr' is here is part of a union,
where the only other union member is a 'struct Curl_sockaddr_storage' and thus
it will not overwrite memory outside the struct.
This too could be rewritten to avoid the warning, but would probably instead
need more typecasts.
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-09-25