Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
4 new defect(s) introduced to coreboot found with Coverity Scan. 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 4 of 4 defect(s)
** CID 1390695: (RESOURCE_LEAK) /3rdparty/vboot/host/lib/crossystem.c: 110 in vb2_get_nv_storage() /3rdparty/vboot/host/lib/crossystem.c: 119 in vb2_get_nv_storage()
________________________________________________________________________________________________________ *** CID 1390695: (RESOURCE_LEAK) /3rdparty/vboot/host/lib/crossystem.c: 110 in vb2_get_nv_storage() 104 /* TODO: locking around NV access */ 105 if (!vnc_read) { 106 memset(&cached_ctx, 0, sizeof(cached_ctx)); 107 if (sh && sh->flags & VBSD_NVDATA_V2) 108 cached_ctx.flags |= VB2_CONTEXT_NVDATA_V2; 109 if (0 != vb2_read_nv_storage(&cached_ctx))
CID 1390695: (RESOURCE_LEAK) Variable "sh" going out of scope leaks the storage it points to.
110 return -1; 111 vb2_nv_init(&cached_ctx); 112 113 /* TODO: If vnc.raw_changed, attempt to reopen NVRAM for write 114 * and save the new defaults. If we're able to, log. */ 115 /3rdparty/vboot/host/lib/crossystem.c: 119 in vb2_get_nv_storage() 113 /* TODO: If vnc.raw_changed, attempt to reopen NVRAM for write 114 * and save the new defaults. If we're able to, log. */ 115 116 vnc_read = 1; 117 } 118
CID 1390695: (RESOURCE_LEAK) Variable "sh" going out of scope leaks the storage it points to.
119 return (int)vb2_nv_get(&cached_ctx, param); 120 } 121 122 int vb2_set_nv_storage(enum vb2_nv_param param, int value) 123 { 124 VbSharedDataHeader* sh = VbSharedDataRead();
** CID 1390694: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________ *** CID 1390694: Insecure data handling (TAINTED_SCALAR) /3rdparty/vboot/firmware/lib/tpm_lite/tlcl.c: 215 in StartOSAPSession() 209 sizeof(TPM_NONCE)) != VB2_SUCCESS) { 210 return TPM_E_INTERNAL_ERROR; 211 } 212 213 /* Send OSAP command. */ 214 uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
CID 1390694: Insecure data handling (TAINTED_SCALAR) Passing tainted variable "cmd.buffer" to a tainted sink.
215 uint32_t result = TlclSendReceive(cmd.buffer, response, 216 sizeof(response)); 217 if (result != TPM_SUCCESS) { 218 return result; 219 } 220
** CID 1390693: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________ *** CID 1390693: Insecure data handling (TAINTED_SCALAR) /3rdparty/vboot/firmware/lib/tpm_lite/tlcl.c: 1211 in TlclReadPubek() 1205 return TPM_E_INTERNAL_ERROR; 1206 } 1207 1208 /* The response contains the public endorsement key, so use a large 1209 * response buffer. */ 1210 uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE + TPM_RSA_2048_LEN];
CID 1390693: Insecure data handling (TAINTED_SCALAR) Passing tainted variable "cmd.buffer" to a tainted sink.
1211 uint32_t result = TlclSendReceive(cmd.buffer, response, 1212 sizeof(response)); 1213 if (result != TPM_SUCCESS) { 1214 return result; 1215 } 1216
** CID 1390692: (RESOURCE_LEAK) /3rdparty/vboot/host/lib/crossystem.c: 132 in vb2_set_nv_storage() /3rdparty/vboot/host/lib/crossystem.c: 139 in vb2_set_nv_storage() /3rdparty/vboot/host/lib/crossystem.c: 143 in vb2_set_nv_storage()
________________________________________________________________________________________________________ *** CID 1390692: (RESOURCE_LEAK) /3rdparty/vboot/host/lib/crossystem.c: 132 in vb2_set_nv_storage() 126 127 /* TODO: locking around NV access */ 128 memset(&ctx, 0, sizeof(ctx)); 129 if (sh && sh->flags & VBSD_NVDATA_V2) 130 ctx.flags |= VB2_CONTEXT_NVDATA_V2; 131 if (0 != vb2_read_nv_storage(&ctx))
CID 1390692: (RESOURCE_LEAK) Variable "sh" going out of scope leaks the storage it points to.
132 return -1; 133 vb2_nv_init(&ctx); 134 vb2_nv_set(&ctx, param, (uint32_t)value); 135 136 if (ctx.flags & VB2_CONTEXT_NVDATA_CHANGED) { 137 vnc_read = 0; /3rdparty/vboot/host/lib/crossystem.c: 139 in vb2_set_nv_storage() 133 vb2_nv_init(&ctx); 134 vb2_nv_set(&ctx, param, (uint32_t)value); 135 136 if (ctx.flags & VB2_CONTEXT_NVDATA_CHANGED) { 137 vnc_read = 0; 138 if (0 != vb2_write_nv_storage(&ctx))
CID 1390692: (RESOURCE_LEAK) Variable "sh" going out of scope leaks the storage it points to.
139 return -1; 140 } 141 142 /* Success */ 143 return 0; 144 } /3rdparty/vboot/host/lib/crossystem.c: 143 in vb2_set_nv_storage() 137 vnc_read = 0; 138 if (0 != vb2_write_nv_storage(&ctx)) 139 return -1; 140 } 141 142 /* Success */
CID 1390692: (RESOURCE_LEAK) Variable "sh" going out of scope leaks the storage it points to.
143 return 0; 144 } 145 146 /* 147 * Set a param value, and try to flag it for persistent backup. It's okay if 148 * backup isn't supported (which it isn't, in current designs). It's
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...