[coreboot] New Defects reported by Coverity Scan for coreboot
scan-admin at coverity.com
scan-admin at coverity.com
Fri Apr 27 16:11:01 CEST 2018
Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
4 new defect(s) introduced to coreboot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)
** CID 1390695: (RESOURCE_LEAK)
/3rdparty/vboot/host/lib/crossystem.c: 110 in vb2_get_nv_storage()
/3rdparty/vboot/host/lib/crossystem.c: 119 in vb2_get_nv_storage()
________________________________________________________________________________________________________
*** CID 1390695: (RESOURCE_LEAK)
/3rdparty/vboot/host/lib/crossystem.c: 110 in vb2_get_nv_storage()
104 /* TODO: locking around NV access */
105 if (!vnc_read) {
106 memset(&cached_ctx, 0, sizeof(cached_ctx));
107 if (sh && sh->flags & VBSD_NVDATA_V2)
108 cached_ctx.flags |= VB2_CONTEXT_NVDATA_V2;
109 if (0 != vb2_read_nv_storage(&cached_ctx))
>>> CID 1390695: (RESOURCE_LEAK)
>>> Variable "sh" going out of scope leaks the storage it points to.
110 return -1;
111 vb2_nv_init(&cached_ctx);
112
113 /* TODO: If vnc.raw_changed, attempt to reopen NVRAM for write
114 * and save the new defaults. If we're able to, log. */
115
/3rdparty/vboot/host/lib/crossystem.c: 119 in vb2_get_nv_storage()
113 /* TODO: If vnc.raw_changed, attempt to reopen NVRAM for write
114 * and save the new defaults. If we're able to, log. */
115
116 vnc_read = 1;
117 }
118
>>> CID 1390695: (RESOURCE_LEAK)
>>> Variable "sh" going out of scope leaks the storage it points to.
119 return (int)vb2_nv_get(&cached_ctx, param);
120 }
121
122 int vb2_set_nv_storage(enum vb2_nv_param param, int value)
123 {
124 VbSharedDataHeader* sh = VbSharedDataRead();
** CID 1390694: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1390694: Insecure data handling (TAINTED_SCALAR)
/3rdparty/vboot/firmware/lib/tpm_lite/tlcl.c: 215 in StartOSAPSession()
209 sizeof(TPM_NONCE)) != VB2_SUCCESS) {
210 return TPM_E_INTERNAL_ERROR;
211 }
212
213 /* Send OSAP command. */
214 uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
>>> CID 1390694: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "cmd.buffer" to a tainted sink.
215 uint32_t result = TlclSendReceive(cmd.buffer, response,
216 sizeof(response));
217 if (result != TPM_SUCCESS) {
218 return result;
219 }
220
** CID 1390693: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1390693: Insecure data handling (TAINTED_SCALAR)
/3rdparty/vboot/firmware/lib/tpm_lite/tlcl.c: 1211 in TlclReadPubek()
1205 return TPM_E_INTERNAL_ERROR;
1206 }
1207
1208 /* The response contains the public endorsement key, so use a large
1209 * response buffer. */
1210 uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE + TPM_RSA_2048_LEN];
>>> CID 1390693: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "cmd.buffer" to a tainted sink.
1211 uint32_t result = TlclSendReceive(cmd.buffer, response,
1212 sizeof(response));
1213 if (result != TPM_SUCCESS) {
1214 return result;
1215 }
1216
** CID 1390692: (RESOURCE_LEAK)
/3rdparty/vboot/host/lib/crossystem.c: 132 in vb2_set_nv_storage()
/3rdparty/vboot/host/lib/crossystem.c: 139 in vb2_set_nv_storage()
/3rdparty/vboot/host/lib/crossystem.c: 143 in vb2_set_nv_storage()
________________________________________________________________________________________________________
*** CID 1390692: (RESOURCE_LEAK)
/3rdparty/vboot/host/lib/crossystem.c: 132 in vb2_set_nv_storage()
126
127 /* TODO: locking around NV access */
128 memset(&ctx, 0, sizeof(ctx));
129 if (sh && sh->flags & VBSD_NVDATA_V2)
130 ctx.flags |= VB2_CONTEXT_NVDATA_V2;
131 if (0 != vb2_read_nv_storage(&ctx))
>>> CID 1390692: (RESOURCE_LEAK)
>>> Variable "sh" going out of scope leaks the storage it points to.
132 return -1;
133 vb2_nv_init(&ctx);
134 vb2_nv_set(&ctx, param, (uint32_t)value);
135
136 if (ctx.flags & VB2_CONTEXT_NVDATA_CHANGED) {
137 vnc_read = 0;
/3rdparty/vboot/host/lib/crossystem.c: 139 in vb2_set_nv_storage()
133 vb2_nv_init(&ctx);
134 vb2_nv_set(&ctx, param, (uint32_t)value);
135
136 if (ctx.flags & VB2_CONTEXT_NVDATA_CHANGED) {
137 vnc_read = 0;
138 if (0 != vb2_write_nv_storage(&ctx))
>>> CID 1390692: (RESOURCE_LEAK)
>>> Variable "sh" going out of scope leaks the storage it points to.
139 return -1;
140 }
141
142 /* Success */
143 return 0;
144 }
/3rdparty/vboot/host/lib/crossystem.c: 143 in vb2_set_nv_storage()
137 vnc_read = 0;
138 if (0 != vb2_write_nv_storage(&ctx))
139 return -1;
140 }
141
142 /* Success */
>>> CID 1390692: (RESOURCE_LEAK)
>>> Variable "sh" going out of scope leaks the storage it points to.
143 return 0;
144 }
145
146 /*
147 * Set a param value, and try to flag it for persistent backup. It's okay if
148 * backup isn't supported (which it isn't, in current designs). It's
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbLuoVetFLSjdonCi1EjfHRqWGQvojmmkYaBE-2BPJiTQvQ-3D-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5arVxIr-2BEwmqPG2gghZb-2BUM-2FM-2Bo8Hrhrm2rNTqQ5WlOaHWXzhkZLG83jtBZfNPUhvVG-2BGVrr3ZW-2FuhgbKhNcaV7uXqkAZUKEqSVNP7lu-2FRaXA8h0JtzMEBbhJYjQ5SLA-2F9aF9oSD3xd4kN68vRkVwuuLUYBWHWAnVOydqzKODNKj4GHRtsiLPELjbPszoPSmno-3D
More information about the coreboot
mailing list