static analysis finding (mostly oqs) #2090
Description
Are you using SoftEther VPN 5.x?
- Yes, I'm using SoftEther VPN 5.x, not 4.x.
Version
No response
Component
Other
Operating system & version
linux
Architecture or Hardware model
No response
Steps to reproduce
coverity recently updated their definitions, mostly they triggered OQS components.
as I see in current OQS components, at least few findings are already addressed
@siddharth-narayan can you please verify and guide submodules update if that is appropriate ?
** CID 454529: Resource leaks (RESOURCE_LEAK)
/src/Mayaqua/3rdparty/oqs-provider/oqsprov/oqsprov_keys.c: 1583 in oqsx_key_new()
________________________________________________________________________________________________________
*** CID 454529: Resource leaks (RESOURCE_LEAK)
/src/Mayaqua/3rdparty/oqs-provider/oqsprov/oqsprov_keys.c: 1583 in oqsx_key_new()
1577 CRYPTO_THREAD_lock_free(ret->lock);
1578 #endif
1579 OPENSSL_free(ret->tls_name);
1580 OPENSSL_free(ret->propq);
1581 OPENSSL_free(ret->comp_privkey);
1582 OPENSSL_free(ret->comp_pubkey);
>>> CID 454529: Resource leaks (RESOURCE_LEAK)
>>> Freeing "ret" without freeing its pointer field "pubkeylen_cmp" leaks the storage that "pubkeylen_cmp" points to.
1583 OPENSSL_free(ret);
1584 return NULL;
1585 }
1586
1587 void oqsx_key_free(OQSX_KEY *key)
1588 {
** CID 454528: Resource leaks (RESOURCE_LEAK)
/src/Mayaqua/3rdparty/oqs-provider/oqsprov/oqsprov_keys.c: 1583 in oqsx_key_new()
________________________________________________________________________________________________________
*** CID 454528: Resource leaks (RESOURCE_LEAK)
/src/Mayaqua/3rdparty/oqs-provider/oqsprov/oqsprov_keys.c: 1583 in oqsx_key_new()
1577 CRYPTO_THREAD_lock_free(ret->lock);
1578 #endif
1579 OPENSSL_free(ret->tls_name);
1580 OPENSSL_free(ret->propq);
1581 OPENSSL_free(ret->comp_privkey);
1582 OPENSSL_free(ret->comp_pubkey);
>>> CID 454528: Resource leaks (RESOURCE_LEAK)
>>> Freeing "ret" without freeing its pointer field "privkeylen_cmp" leaks the storage that "privkeylen_cmp" points to.
1583 OPENSSL_free(ret);
1584 return NULL;
1585 }
1586
1587 void oqsx_key_free(OQSX_KEY *key)
1588 {
** CID 454527: Error handling issues (CHECKED_RETURN)
/src/Cedar/Admin.c: 475 in AdminWebHandleFileRequest()
________________________________________________________________________________________________________
*** CID 454527: Error handling issues (CHECKED_RETURN)
/src/Cedar/Admin.c: 475 in AdminWebHandleFileRequest()
469 StrCat(url2, sizeof(url2), "/");
470 ret = AdminWebSend302Redirect(s, url2, query_string, h);
471 }
472 else if (is_index_file == false && EndWith(url, "/"))
473 {
474 char url2[MAX_PATH];
>>> CID 454527: Error handling issues (CHECKED_RETURN)
>>> Calling "TrimEndWith" without checking return value (as is done elsewhere 8 out of 9 times).
475 TrimEndWith(url2, sizeof(url2), url, "/");
476 ret = AdminWebSend302Redirect(s, url2, query_string, h);
477 }
478 else
479 {
480 BUF *b2 = AdminWebProcessServerSideInclude(b, filename, 0);
✔️ Expected Behavior
submodules update
❌ Actual Behavior
No response
Anything else?
No response