Difference between revisions of "5.7.1 Coverity scan"
From Net-SNMP Wiki
(Analyzed most RESOURCE_LEAK issues) |
(resolved all USE_AFTER_FREE isues) |
||
Line 3,189: | Line 3,189: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_dataset.c:470: deref_after_free: Dereferencing freed pointer "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_dataset.c:470: deref_after_free: Dereferencing freed pointer "reginfo". | ||
− | jsafranek: | + | jsafranek: fixed in 5.7+, 5d61e57 |
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,198: | Line 3,198: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/extend.c:199: deref_after_free: Dereferencing freed pointer "reg". | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/extend.c:199: deref_after_free: Dereferencing freed pointer "reg". | ||
− | jsafranek: | + | jsafranek: fixed in 5.7+, c303549 |
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,208: | Line 3,208: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/extend.c:161: deref_after_free: Dereferencing freed pointer "reg". | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/extend.c:161: deref_after_free: Dereferencing freed pointer "reg". | ||
− | jsafranek: | + | jsafranek: fixed in 5.7+, c303549 |
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,218: | Line 3,218: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/extend.c:179: deref_after_free: Dereferencing freed pointer "reg". | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/extend.c:179: deref_after_free: Dereferencing freed pointer "reg". | ||
− | jsafranek: | + | jsafranek: fixed in 5.7+, c303549 |
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,227: | Line 3,227: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrSWInstalledTable.c:167: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrSWInstalledTable.c:167: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. | ||
+ | jsafranek: fixed in 5.5+, 6193676 | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,235: | Line 3,236: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrSWRunPerfTable.c:133: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrSWRunPerfTable.c:133: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. | ||
+ | jsafranek: fixed in 5.5+, 6193676 | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,243: | Line 3,245: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrSWRunTable.c:146: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrSWRunTable.c:146: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. | ||
+ | jsafranek: fixed in 5.5+, 6193676 | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,252: | Line 3,255: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/icmp.c:480: pass_freed_arg: Passing freed pointer "reginfo" as an argument to function "netsnmp_inject_handler". | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/icmp.c:480: pass_freed_arg: Passing freed pointer "reginfo" as an argument to function "netsnmp_inject_handler". | ||
+ | jsafranek: fixed in 5.5+, e0bb09e | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,261: | Line 3,265: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/icmp.c:535: pass_freed_arg: Passing freed pointer "msg_stats_reginfo" as an argument to function "netsnmp_inject_handler". | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/icmp.c:535: pass_freed_arg: Passing freed pointer "msg_stats_reginfo" as an argument to function "netsnmp_inject_handler". | ||
+ | jsafranek: fixed in 5.5+, e0bb09e | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,270: | Line 3,275: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/icmp.c:540: pass_freed_arg: Passing freed pointer "reginfo" as an argument to function "netsnmp_inject_handler". | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/icmp.c:540: pass_freed_arg: Passing freed pointer "reginfo" as an argument to function "netsnmp_inject_handler". | ||
+ | jsafranek: fixed in 5.5+, e0bb09e | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,279: | Line 3,285: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ip.c:168: pass_freed_arg: Passing freed pointer "reginfo" as an argument to function "netsnmp_inject_handler". | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ip.c:168: pass_freed_arg: Passing freed pointer "reginfo" as an argument to function "netsnmp_inject_handler". | ||
+ | jsafranek: fixed in 5.5+, 0bdfef8 | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,294: | Line 3,301: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerDeltaTable.c:65: deref_after_free: Dereferencing freed pointer "reg". | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerDeltaTable.c:65: deref_after_free: Dereferencing freed pointer "reg". | ||
+ | jsafranek: fixed in 5.4+, 22fd0bf | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,304: | Line 3,312: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerExistenceTable.c:65: deref_after_free: Dereferencing freed pointer "reg". | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerExistenceTable.c:65: deref_after_free: Dereferencing freed pointer "reg". | ||
+ | jsafranek: fixed in 5.4+, 22fd0bf | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,312: | Line 3,321: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpAssocLocalAddrTable.c:130: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpAssocLocalAddrTable.c:130: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. | ||
+ | jsafranek: fixed in 5.5+, 6193676 | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,320: | Line 3,330: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpAssocRemAddrTable.c:129: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpAssocRemAddrTable.c:129: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. | ||
+ | jsafranek: fixed in 5.5+, 6193676 | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,328: | Line 3,339: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpAssocTable.c:166: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpAssocTable.c:166: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. | ||
+ | jsafranek: fixed in 5.5+, 6193676 | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,336: | Line 3,348: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpLookupLocalPortTable.c:125: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpLookupLocalPortTable.c:125: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. | ||
+ | jsafranek: fixed in 5.5+, 6193676 | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,344: | Line 3,357: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpLookupRemHostNameTable.c:127: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpLookupRemHostNameTable.c:127: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. | ||
+ | jsafranek: fixed in 5.5+, 6193676 | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,352: | Line 3,366: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpLookupRemIPAddrTable.c:121: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpLookupRemIPAddrTable.c:121: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. | ||
+ | jsafranek: fixed in 5.5+, 6193676 | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,360: | Line 3,375: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpLookupRemPortTable.c:120: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpLookupRemPortTable.c:120: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. | ||
+ | jsafranek: fixed in 5.5+, 6193676 | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,368: | Line 3,384: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpLookupRemPrimIPAddrTable.c:122: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpLookupRemPrimIPAddrTable.c:122: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. | ||
+ | jsafranek: fixed in 5.5+, 6193676 | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,377: | Line 3,394: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars.c:48: pass_freed_arg: Passing freed pointer "reginfo_params" as an argument to function "netsnmp_inject_handler". | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars.c:48: pass_freed_arg: Passing freed pointer "reginfo_params" as an argument to function "netsnmp_inject_handler". | ||
+ | jsafranek: fixed in 5.5+, c2c1121 | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,386: | Line 3,404: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars.c:32: pass_freed_arg: Passing freed pointer "reginfo_stats" as an argument to function "netsnmp_inject_handler". | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars.c:32: pass_freed_arg: Passing freed pointer "reginfo_stats" as an argument to function "netsnmp_inject_handler". | ||
+ | jsafranek: fixed in 5.5+, c2c1121 | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,395: | Line 3,414: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/tcp.c:130: pass_freed_arg: Passing freed pointer "reginfo" as an argument to function "netsnmp_inject_handler". | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/tcp.c:130: pass_freed_arg: Passing freed pointer "reginfo" as an argument to function "netsnmp_inject_handler". | ||
+ | fixed in 5.4+, 7a37f33 | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,404: | Line 3,424: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/tcpTable.c:195: pass_freed_arg: Passing freed pointer "reginfo" as an argument to function "netsnmp_inject_handler". | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/tcpTable.c:195: pass_freed_arg: Passing freed pointer "reginfo" as an argument to function "netsnmp_inject_handler". | ||
+ | fixed in 5.4+, 7871f2b | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,413: | Line 3,434: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/udp.c:91: pass_freed_arg: Passing freed pointer "reginfo" as an argument to function "netsnmp_inject_handler". | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/udp.c:91: pass_freed_arg: Passing freed pointer "reginfo" as an argument to function "netsnmp_inject_handler". | ||
+ | fixed in 5.4+, cf9465f | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,422: | Line 3,444: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/udpTable.c:174: pass_freed_arg: Passing freed pointer "reginfo" as an argument to function "netsnmp_inject_handler". | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/udpTable.c:174: pass_freed_arg: Passing freed pointer "reginfo" as an argument to function "netsnmp_inject_handler". | ||
+ | fixed in 5.4+, af9abd5 | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): | ||
Line 3,427: | Line 3,450: | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/ipAddressPrefixTable/ipAddressPrefixTable_interface.c:595: freed_arg: "free" frees parameter "rowreq_ctx". | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/ipAddressPrefixTable/ipAddressPrefixTable_interface.c:595: freed_arg: "free" frees parameter "rowreq_ctx". | ||
/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/ipAddressPrefixTable/ipAddressPrefixTable_data_access.c:259: deref_after_free: Dereferencing freed pointer "rowreq_ctx". | /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/ipAddressPrefixTable/ipAddressPrefixTable_data_access.c:259: deref_after_free: Dereferencing freed pointer "rowreq_ctx". | ||
+ | jsafranek: fixed in 3c3eeae | ||
Error: USE_AFTER_FREE (CWE-416): | Error: USE_AFTER_FREE (CWE-416): |
Latest revision as of 15:21, 20 January 2012
Contents
- 1 Coverity scan of Fedora 17 Net-SNMP package
- 1.1 ARRAY_VS_SINGLETON
- 1.2 BAD_SIZEOF
- 1.3 BUFFER_SIZE_WARNING
- 1.4 CHECKED_RETURN
- 1.5 CONSTANT_EXPRESSION_RESULT
- 1.6 DEADCODE
- 1.7 EVALUATION_ORDER
- 1.8 FORWARD_NULL
- 1.9 MISSING_BREAK
- 1.10 NEGATIVE_RETURNS
- 1.11 NO_EFFECT
- 1.12 NULL_RETURNS
- 1.13 OVERRUN_DYNAMIC
- 1.14 OVERRUN_STATIC
- 1.15 RESOURCE_LEAK
- 1.16 RETURN_LOCAL
- 1.17 REVERSE_INULL
- 1.18 SECURE_TEMP
- 1.19 SIZECHECK
- 1.20 SIZEOF_MISMATCH
- 1.21 STRING_OVERFLOW
- 1.22 TAINTED_SCALAR
- 1.23 TAINTED_STRING
- 1.24 TOCTOU
- 1.25 UNINIT
- 1.26 UNREACHABLE
- 1.27 UNUSED_VALUE
- 1.28 USE_AFTER_FREE
Coverity scan of Fedora 17 Net-SNMP package
The scan was with security checkers enabled, Coverity version 5.4.1. Net-SNMP was compiled with:
--with-logfile="/var/log/snmpd.log" --with-persistent-directory="/var/lib/net-snmp" --with-libwrap=yes --enable-ipv6 --enable-ucd-snmp-compatibility --with-openssl --with-pic --enable-embedded-perl --enable-as-needed --with-perl-modules="INSTALLDIRS=vendor" --enable-mfd-rewrites --enable-local-smux --with-temp-file-pattern=/var/run/net-snmp/snmp-tmp-XXXXXX --with-transports="DTLSUDP TLSTCP" --with-security-modules=tsm --with-mysql --with-systemd --with-mib-modules="host agentx smux ucd-snmp/diskio tcp-mib udp-mib mibII/mta_sendmail ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable ip-mib/ipAddressPrefixTable/ipAddressPrefixTable ip-mib/ipDefaultRouterTable/ipDefaultRouterTable ip-mib/ipv6ScopeZoneIndexTable ip-mib/ipIfStatsTable sctp-mib rmon-mib etherlike-mib"
The only important patch I have in Fedora's Net-SNMP package is systemd integration, git commits 19499c3c fef6cddfd and 0641e43c6.
ARRAY_VS_SINGLETON
Error: ARRAY_VS_SINGLETON (CWE-119): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/schedule/schedCore.c:261: address_of: Taking address with "&weekday_pattern" yields a singleton pointer. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/schedule/schedCore.c:261: callee_ptr_arith: Passing "&weekday_pattern" to function "_bit_set" which uses it as an array. This might corrupt or misinterpret adjacent memory locations. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/schedule/schedCore.c:139: ptr_arith: Performing pointer arithmetic on "pattern" in expression "pattern + major". jsafranek: false positive, tm_val.tm_wday is guaranted to be <7, i.e. 'major' will be always zero (but the code is really ugly!) Error: ARRAY_VS_SINGLETON (CWE-119): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/schedule/schedCore.c:361: address_of: Taking address with "&entry->schedWeekDay" yields a singleton pointer. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/schedule/schedCore.c:361: callee_ptr_arith: Passing "&entry->schedWeekDay" to function "_bit_set" which uses it as an array. This might corrupt or misinterpret adjacent memory locations. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/schedule/schedCore.c:139: ptr_arith: Performing pointer arithmetic on "pattern" in expression "pattern + major". jsafranek: false positive, tm_val.tm_wday is guaranted to be <7, i.e. 'major' will be always zero (but the code is really ugly!) Error: ARRAY_VS_SINGLETON (CWE-119): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/logmatch.c:289: address_of: Taking address with "&myMatch" yields a singleton pointer. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/logmatch.c:289: callee_ptr_arith: Passing "&myMatch" to function "regexec" which uses it as an array. This might corrupt or misinterpret adjacent memory locations. jsafranek: false positive, regexec(... nmatch=0, pmatch=&myMatch, ...) should not touch myMatch at all magfr: Removed myMatch in a61826ad8ca54661d1d909712503bd3a8b32eed0.
BAD_SIZEOF
Error: BAD_SIZEOF (CWE-467): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/if-mib/ifXTable/ifXTable_interface.c:1831: bad_sizeof: Taking the size of pointer parameter "container" is suspicious. jsafranek: false positive, but really ugly Error: BAD_SIZEOF (CWE-467): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/snmp-notification-mib/snmpNotifyFilterTable/snmpNotifyFilterTable_interface.c:2036: bad_sizeof: Taking the size of pointer parameter "container" is suspicious. jsafranek: false positive, but really ugly Error: BAD_SIZEOF (CWE-467): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agentx/subagent.c:726: bad_sizeof: Taking the size of pointer parameter "s" is suspicious. jsafranek: false positive, but really ugly Error: BAD_SIZEOF (CWE-467): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpnetstat/inet.c:252: bad_sizeof: Taking the size of pointer parameter "root" is suspicious. jsafranek: fixed in 5.5.x Error: BAD_SIZEOF (CWE-467): /builddir/build/BUILD/net-snmp-5.7.1/perl/OID/OID.xs:128: bad_sizeof: Taking the size of pointer parameter "buf" is suspicious. jsafranek: fixed in 5.4.x
BUFFER_SIZE_WARNING
Error: BUFFER_SIZE_WARNING (CWE-170): /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_read_config.c:192: buffer_size_warning: Calling strncpy with a maximum size argument of 2560 bytes on destination array "buf" of size 2560 bytes might leave the destination string unterminated. jsafranek: fixed in 5.4.x Error: BUFFER_SIZE_WARNING (CWE-170): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:538: buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array "syslogname" of size 64 bytes might leave the destination string unterminated. jsafranek: fixed in 5.4.x Error: BUFFER_SIZE_WARNING (CWE-170): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:367: buffer_size_warning: Calling strncpy with a maximum size argument of 1024 bytes on destination array "leftside" of size 1024 bytes might leave the destination string unterminated. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:369: buffer_size_warning: Calling strncpy with a maximum size argument of 1024 bytes on destination array "rightside" of size 1024 bytes might leave the destination string unterminated. jsafranek: fixed in 5.6.x Error: BUFFER_SIZE (CWE-170): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/schedule/schedTable.c:463: buffer_size: You might overrun the 32 byte destination string "entry->schedContextName" by writing the maximum 33 bytes from "0". Error: BUFFER_SIZE_WARNING (CWE-170): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/etherlike-mib/data_access/dot3stats_linux.c:51: buffer_size_warning: Calling strncpy with a maximum size argument of 16 bytes on destination array "list_head->name" of size 16 bytes might leave the destination string unterminated. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/etherlike-mib/data_access/dot3stats_linux.c:73: buffer_size_warning: Calling strncpy with a maximum size argument of 16 bytes on destination array "nameptr2->name" of size 16 bytes might leave the destination string unterminated. Error: BUFFER_SIZE_WARNING (CWE-170): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/etherlike-mib/data_access/dot3stats_linux.c:733: buffer_size_warning: Calling strncpy with a maximum size argument of 32 bytes on destination array "s" of size 32 bytes might leave the destination string unterminated. jsafranek: fixed in 5.5.x Error: BUFFER_SIZE_WARNING (CWE-170): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/fsys/hw_fsys.c:178: buffer_size_warning: Calling strncpy with a maximum size argument of 1025 bytes on destination array "sp->path" of size 1025 bytes might leave the destination string unterminated. jsafranek: fixed in 5.5.x Error: BUFFER_SIZE_WARNING (CWE-170): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/fsys/hw_fsys.c:221: buffer_size_warning: Calling strncpy with a maximum size argument of 1025 bytes on destination array "sp->device" of size 1025 bytes might leave the destination string unterminated. jsafranek: fixed in 5.5.x Error: BUFFER_SIZE_WARNING (CWE-170): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/kernel_linux.c:69: buffer_size_warning: Calling strncpy with a maximum size argument of 1024 bytes on destination array "line_cpy" of size 1024 bytes might leave the destination string unterminated. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/kernel_linux.c:70: buffer_size_warning: Calling strncpy with a maximum size argument of 1024 bytes on destination array "data_cpy" of size 1024 bytes might leave the destination string unterminated. jsafranek: fixed in 5.5.x Error: BUFFER_SIZE_WARNING (CWE-170): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:2135: buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array "fp" of size 64 bytes might leave the destination string unterminated. jsafranek: fixed in 5.6.x Error: BUFFER_SIZE_WARNING (CWE-170): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:2225: buffer_size_warning: Calling strncpy with a maximum size argument of 4096 bytes on destination array "dir" of size 4096 bytes might leave the destination string unterminated. jsafranek: fixed in 5.6.x Error: BUFFER_SIZE_WARNING (CWE-170): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/rmon-mib/data_access/etherstats_linux.c:50: buffer_size_warning: Calling strncpy with a maximum size argument of 16 bytes on destination array "list_head->name" of size 16 bytes might leave the destination string unterminated. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/rmon-mib/data_access/etherstats_linux.c:71: buffer_size_warning: Calling strncpy with a maximum size argument of 16 bytes on destination array "nameptr2->name" of size 16 bytes might leave the destination string unterminated. jsafranek: fixed in 5.5.x Error: BUFFER_SIZE_WARNING (CWE-170): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/rmon-mib/data_access/etherstats_linux.c:241: buffer_size_warning: Calling strncpy with a maximum size argument of 32 bytes on destination array "s" of size 32 bytes might leave the destination string unterminated. jsafranek: fixed in 5.5.x Error: BUFFER_SIZE_WARNING (CWE-170): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/dlmod.c:222: buffer_size_warning: Calling strncpy with a maximum size argument of 65 bytes on destination array "dlm->name" of size 65 bytes might leave the destination string unterminated. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/dlmod.c:229: buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array "dlm->path" of size 256 bytes might leave the destination string unterminated. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/dlmod.c:231: buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array "dlm->path" of size 256 bytes might leave the destination string unterminated. jsafranek: fixed in 5.4.x Error: BUFFER_SIZE_WARNING (CWE-170): /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:3544: buffer_size_warning: Calling strncpy with a maximum size argument of 4096 bytes on destination array "tmp_buf_prefix" of size 4096 bytes might leave the destination string unterminated. /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:3548: buffer_size_warning: Calling strncpy with a maximum size argument of 4096 bytes on destination array "str_buf_prefix" of size 4096 bytes might leave the destination string unterminated. jsafranek: fixed in 5.4.x Error: BUFFER_SIZE_WARNING (CWE-170): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/dir_utils.c:125: buffer_size_warning: Calling strncpy with a maximum size argument of 1024 bytes on destination array "path" of size 1024 bytes might leave the destination string unterminated. jsafranek: fixed in 5.5.x
CHECKED_RETURN
Error: CHECKED_RETURN (CWE-252): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:3205: check_return: Calling function "snmp_strcat" without checking return value (as is done elsewhere 182 out of 209 times). /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:470: example_checked: "snmp_strcat(buf, buf_len, out_len, allow_realloc, (u_char const *)str)" has its value checked in "snmp_strcat(buf, buf_len, out_len, allow_realloc, (u_char const *)str)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:490: example_checked: "snmp_strcat(buf, buf_len, out_len, allow_realloc, (u_char const *)"STRING: ")" has its value checked in "snmp_strcat(buf, buf_len, out_len, allow_realloc, (u_char const *)"STRING: ")". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:553: example_checked: "snmp_strcat(buf, buf_len, out_len, allow_realloc, (u_char const *)intbuf)" has its value checked in "snmp_strcat(buf, buf_len, out_len, allow_realloc, (u_char const *)intbuf)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:560: example_checked: "snmp_strcat(buf, buf_len, out_len, allow_realloc, (u_char const *)intbuf)" has its value checked in "snmp_strcat(buf, buf_len, out_len, allow_realloc, (u_char const *)intbuf)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:567: example_checked: "snmp_strcat(buf, buf_len, out_len, allow_realloc, (u_char const *)intbuf)" has its value checked in "snmp_strcat(buf, buf_len, out_len, allow_realloc, (u_char const *)intbuf)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:3205: unchecked_value: No check of the return value of "snmp_strcat(buf, buf_len, out_len, allow_realloc, tbuf)". Error: CHECKED_RETURN (CWE-252): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:4849: check_return: Calling function "get_token" without checking return value (as is done elsewhere 160 out of 193 times). /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:1882: example_checked: "get_token(fp, token, 128)" has its value checked in "(type = get_token(fp, token, 128)) != 30". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:1898: example_assign: Assigning: "type" = return value from "get_token(fp, token, 128)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:1899: example_checked: "type" has its value checked in "type == 32". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:1900: example_assign: Assigning: "type" = return value from "get_token(fp, token, 128)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:1901: example_checked: "type" has its value checked in "type == 29". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:1903: example_checked: "get_token(fp, token, 128)" has its value checked in "(type = get_token(fp, token, 128)) != 33". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2175: example_checked: "get_token(fp, token, 128)" has its value checked in "(type = get_token(fp, token, 128)) != 0". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:4849: unchecked_value: No check of the return value of "get_token(fp, token, 128)". jsafranek: fixed in 5.4+, 5949f05 Error: CHECKED_RETURN (CWE-252): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:4987: check_return: Calling function "get_token" without checking return value (as is done elsewhere 160 out of 193 times). /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:1882: example_checked: "get_token(fp, token, 128)" has its value checked in "(type = get_token(fp, token, 128)) != 30". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:1898: example_assign: Assigning: "type" = return value from "get_token(fp, token, 128)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:1899: example_checked: "type" has its value checked in "type == 32". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:1900: example_assign: Assigning: "type" = return value from "get_token(fp, token, 128)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:1901: example_checked: "type" has its value checked in "type == 29". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:1903: example_checked: "get_token(fp, token, 128)" has its value checked in "(type = get_token(fp, token, 128)) != 33". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2175: example_checked: "get_token(fp, token, 128)" has its value checked in "(type = get_token(fp, token, 128)) != 0". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:4987: unchecked_value: No check of the return value of "get_token(fp, token, 128)". jsafranek: false positive Error: CHECKED_RETURN (CWE-252): /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/cache_handler.c:246: check_return: Calling function "sprint_realloc_objid" without checking return value (as is done elsewhere 20 out of 22 times). /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:3323: example_checked: "sprint_realloc_objid((u_char **)&buf, &buf_len, &out_len, 0, objid, objidlen)" has its value checked in "sprint_realloc_objid((u_char **)&buf, &buf_len, &out_len, 0, objid, objidlen)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_debug.c:263: example_checked: "sprint_realloc_objid(&buf, &buf_len, &out_len, 1, theoid, len)" has its value checked in "sprint_realloc_objid(&buf, &buf_len, &out_len, 1, theoid, len)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_debug.c:337: example_assign: Assigning: "rc" = return value from "sprint_realloc_objid(&buf, &buf_len, &out_len, 1, theoid, len)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_debug.c:361: example_checked: "rc" has its value checked in "rc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_debug.c:342: example_assign: Assigning: "rc" = return value from "sprint_realloc_objid(&buf, &buf_len, &out_len, 1, theoid, var_subid - 1UL)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_debug.c:344: example_checked: "rc" has its value checked in "rc". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_index.c:638: example_checked: "sprint_realloc_objid(&sbuf, &sbuf_len, &sout_len, 1, idxptr->varbind->name, idxptr->varbind->name_length)" has its value checked in "sprint_realloc_objid(&sbuf, &sbuf_len, &sout_len, 1, idxptr->varbind->name, idxptr->varbind->name_length)". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/cache_handler.c:246: unchecked_value: No check of the return value of "sprint_realloc_objid((u_char **)&buf, &buf_len, &out_len, 1, pos->rootoid, pos->rootoid_len)". jsafranek: false positive Error: CHECKED_RETURN (CWE-252): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1157: check_return: Calling function "register_mib" without checking return value (as is done elsewhere 20 out of 23 times). /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/snmpv3/snmpEngine.c:52: example_checked: "register_mib("snmpv3/snmpEngine", (struct variable *)snmpEngine_variables, sizeof (struct variable2) /*40*/, 4UL, snmpEngine_variables_oid, 9UL)" has its value checked in "register_mib("snmpv3/snmpEngine", (struct variable *)snmpEngine_variables, sizeof (struct variable2) /*40*/, 4UL, snmpEngine_variables_oid, 9UL) != 0". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrh_storage.c:124: example_checked: "register_mib("host/hr_storage", (struct variable *)hrstore_variables, sizeof (struct variable2) /*40*/, 7UL, hrStorageTable_oid, 10UL)" has its value checked in "register_mib("host/hr_storage", (struct variable *)hrstore_variables, sizeof (struct variable2) /*40*/, 7UL, hrStorageTable_oid, 10UL) != 0". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_system.c:198: example_checked: "register_mib("host/hr_system", (struct variable *)hrsystem_variables, sizeof (struct variable2) /*40*/, 7UL, hrsystem_variables_oid, 8UL)" has its value checked in "register_mib("host/hr_system", (struct variable *)hrsystem_variables, sizeof (struct variable2) /*40*/, 7UL, hrsystem_variables_oid, 8UL) != 0". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/diskio.c:202: example_checked: "register_mib("diskio", (struct variable *)diskio_variables, sizeof (struct variable2) /*40*/, 11UL, diskio_variables_oid, 11UL)" has its value checked in "register_mib("diskio", (struct variable *)diskio_variables, sizeof (struct variable2) /*40*/, 11UL, diskio_variables_oid, 11UL) != 0". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:402: example_checked: "register_mib("mibII/ipv6udp", (struct variable *)ipv6udp_variables, sizeof (struct variable2) /*40*/, 1UL, ipv6udp_variables_oid, 8UL)" has its value checked in "register_mib("mibII/ipv6udp", (struct variable *)ipv6udp_variables, sizeof (struct variable2) /*40*/, 1UL, ipv6udp_variables_oid, 8UL) != 0". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1157: unchecked_value: No check of the return value of "register_mib("smux", (struct variable *)smux_variables, sizeof (struct variable2) /*40*/, 1UL, nrptr->sr_name, nrptr->sr_name_len)". jsafranek: fixed in 5.4+, a809fe5 Error: CHECKED_RETURN (CWE-252): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/proxy.c:482: check_return: Calling function "snmp_async_send" without checking return value (as is done elsewhere 10 out of 12 times). /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_trap.c:929: example_assign: Assigning: "result" = return value from "snmp_async_send(sess, pdu, &handle_inform_response, NULL)". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_trap.c:946: example_checked: "result" has its value checked in "result == 0". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agentx/master.c:606: example_assign: Assigning: "result" = return value from "snmp_async_send(ax_session, pdu, agentx_got_response, cb_data)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agentx/master.c:607: example_checked: "result" has its value checked in "result == 0". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agentx/subagent.c:479: example_assign: Assigning: "result" = return value from "snmp_async_send(agentx_callback_sess, internal_pdu, mycallback, retmagic)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agentx/subagent.c:481: example_checked: "result" has its value checked in "result == 0". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agentx/subagent.c:614: example_assign: Assigning: "result" = return value from "snmp_async_send(agentx_callback_sess, pdu, handle_subagent_set_response, asi)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agentx/subagent.c:616: example_checked: "result" has its value checked in "result == 0". /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:1818: example_assign: Assigning: "reqid" = return value from "snmp_async_send(ss, pdu, _bulkwalk_async_cb, (void *)context)". /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:1823: example_checked: "reqid" has its value checked in "reqid == 0". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/proxy.c:482: unchecked_value: No check of the return value of "snmp_async_send(sp->sess, pdu, proxy_got_response, netsnmp_create_delegated_cache(handler, reginfo, reqinfo, requests, (void *)sp))". Error: CHECKED_RETURN (CWE-252): /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:1228: check_return: Calling function "snmp_send" without checking return value (as is done elsewhere 14 out of 15 times). /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:1044: example_checked: "snmp_send(ss, pdu)" has its value checked in "(state->reqid = snmp_send(ss, pdu)) == 0". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_trap.c:943: example_assign: Assigning: "result" = return value from "snmp_send(sess, pdu)". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_trap.c:946: example_checked: "result" has its value checked in "result == 0". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmp_agent.c:1792: example_checked: "snmp_send(asp->session, asp->pdu)" has its value checked in "snmp_send(asp->session, asp->pdu)". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmp_agent.c:1969: example_checked: "snmp_send(asp->session, asp->pdu)" has its value checked in "snmp_send(asp->session, asp->pdu)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agentx/subagent.c:573: example_checked: "snmp_send(smagic->session, pdu)" has its value checked in "snmp_send(smagic->session, pdu)". /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:1228: unchecked_value: No check of the return value of "snmp_send(ss, reply_pdu)". Error: CHECKED_RETURN (CWE-252): /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:1226: check_return: Calling function "snmp_sess_send" without checking return value (as is done elsewhere 8 out of 9 times). /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:1136: example_checked: "snmp_sess_send(sessp, pdu)" has its value checked in "(state->reqid = snmp_sess_send(sessp, pdu)) == 0". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:4272: example_checked: "snmp_sess_send(sessp, pdu2)" has its value checked in "0 == snmp_sess_send(sessp, pdu2)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:2746: example_checked: "snmp_sess_send(sessp, pdu2)" has its value checked in "0 == snmp_sess_send(sessp, pdu2)". /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:285: example_checked: "snmp_sess_send(sessp, act)" has its value checked in "snmp_sess_send(sessp, act) == 0". /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:321: example_checked: "snmp_sess_send(sessp, act)" has its value checked in "snmp_sess_send(sessp, act) == 0". /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:1226: unchecked_value: No check of the return value of "snmp_sess_send(ss, reply_pdu)". Error: CHECKED_RETURN (CWE-252): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/dir_utils.c:243: check_return: Calling function "stat" without checking return value (as is done elsewhere 25 out of 26 times). /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:4892: example_checked: "stat(dirname, &dir_stat)" has its value checked in "stat(dirname, &dir_stat) == 0". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/system.c:1209: example_checked: "stat(buf, &sbuf)" has its value checked in "stat(buf, &sbuf) < 0". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:991: example_checked: "stat(cp, &statbuf)" has its value checked in "stat(cp, &statbuf)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1229: example_checked: "stat(cptr2, &statbuf)" has its value checked in "stat(cptr2, &statbuf) != 0". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1267: example_checked: "stat(configfile, &statbuf)" has its value checked in "stat(configfile, &statbuf) != 0". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/dir_utils.c:243: unchecked_value: No check of the return value of "stat(ns_file->name, ns_file->stats)". Error: CHECKED_RETURN (CWE-252): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:154: check_return: Calling function "snmp_log_options" without checking return value (as is done elsewhere 5 out of 6 times). /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:418: example_checked: "snmp_log_options(optarg, argc, argv)" has its value checked in "snmp_log_options(optarg, argc, argv) < 0". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:676: example_checked: "snmp_log_options(optarg, argc, argv)" has its value checked in "snmp_log_options(optarg, argc, argv) < 0". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:227: example_checked: "snmp_log_options(optarg, argc, argv)" has its value checked in "snmp_log_options(optarg, argc, argv) < 0". /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:484: example_checked: "snmp_log_options(optarg, argc, argv)" has its value checked in "snmp_log_options(optarg, argc, argv) < 0". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:838: example_checked: "snmp_log_options(optarg, argc, argv)" has its value checked in "snmp_log_options(optarg, argc, argv) < 0". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:154: unchecked_value: No check of the return value of "snmp_log_options(cptr, my_argc, my_argv)".
CONSTANT_EXPRESSION_RESULT
Error: CONSTANT_EXPRESSION_RESULT (CWE-569): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/data_access/ipaddress_ioctl.c:233: operator_confusion: entry->flags | 0x10000000 is always 1/true regardless of the values of its operand. This occurs as the logical operand of if. Did you intend to use '&' rather than '|'? jsafranek:Fixed in 5.4+, b2b1c85 Error: CONSTANT_EXPRESSION_RESULT (CWE-569): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpTables_common.c:438: operator_confusion: flags | 1UL is always 1/true regardless of the values of its operand. This occurs as the logical operand of if. Did you intend to use '&' rather than '|'? jsafranek:Fixed in 5.4+, b1a2bcf Error: CONSTANT_EXPRESSION_RESULT (CWE-569): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpTables_common.c:446: operator_confusion: flags | 1UL is always 1/true regardless of the values of its operand. This occurs as the logical operand of if. Did you intend to use '&' rather than '|'? jsafranek:Fixed in 5.4+, b1a2bcf Error: CONSTANT_EXPRESSION_RESULT (CWE-569): /builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:506: result_independent_of_operands: (rval = -1) != 0 is always true regardless of the values of its operands. This occurs as the logical operand of if. jsafranek:Fixed in 5.4+, dab3286 Error: CONSTANT_EXPRESSION_RESULT (CWE-569): /builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:512: result_independent_of_operands: (rval = -1) != 0 is always true regardless of the values of its operands. This occurs as the logical operand of if. jsafranek:Fixed in 5.4+, dab3286 Error: CONSTANT_EXPRESSION_RESULT (CWE-569): /builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:523: result_independent_of_operands: (rval = -1) != 0 is always true regardless of the values of its operands. This occurs as the logical operand of if. jsafranek:Fixed in 5.4+, dab3286 Error: CONSTANT_EXPRESSION_RESULT (CWE-569): /builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:528: result_independent_of_operands: (rval = -1) != 0 is always true regardless of the values of its operands. This occurs as the logical operand of if. jsafranek:Fixed in 5.4+, dab3286 Error: CONSTANT_EXPRESSION_RESULT (CWE-569): /builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:537: result_independent_of_operands: (rval = -1) != 0 is always true regardless of the values of its operands. This occurs as the logical operand of if. jsafranek:Fixed in 5.4+, dab3286 Error: CONSTANT_EXPRESSION_RESULT (CWE-569): /builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:204: result_independent_of_operands: (rval = -1) != 0 is always true regardless of the values of its operands. This occurs as the logical operand of if. jsafranek:Fixed in 5.4+, dab3286 Error: CONSTANT_EXPRESSION_RESULT (CWE-569): /builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:257: result_independent_of_operands: (rval = -1) != 0 is always true regardless of the values of its operands. This occurs as the logical operand of if. jsafranek:Fixed in 5.4+, dab3286 Error: CONSTANT_EXPRESSION_RESULT (CWE-569): /builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:262: result_independent_of_operands: (rval = -1) != 0 is always true regardless of the values of its operands. This occurs as the logical operand of if. jsafranek:Fixed in 5.4+, dab3286 Error: CONSTANT_EXPRESSION_RESULT (CWE-569): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSTCPDomain.c:419: operator_confusion: tlsdata->flags | 1 is always 1/true regardless of the values of its operand. This occurs as the logical first operand of '&&'. Did you intend to use '&' rather than '|'? jsafranek:Fixed in 5.6+, dc6f0e2
DEADCODE
Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:826: dead_error_condition: On this path, the condition "new2" cannot be true. /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:797: const: After this line, the value of "new2" is equal to 0. /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:797: assignment: Assigning: "new2" = "NULL". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:827: dead_error_line: Execution cannot reach this statement "return netsnmp_subtree_load...". jsafranek: false positive Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:826: dead_error_condition: On this path, the condition "value" cannot be false. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:815: cannot_single: After this line (or expression), the value of "value" cannot be 0. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:903: dead_error_line: Execution cannot reach this statement "*vars->val.integer = 0L;". jsafranek: fixed in 5.4+, ebd92e1 Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:812: dead_error_condition: On this path, the condition "0 == enable" cannot be true. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:771: const: After this line, the value of "enable" is equal to 1. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:771: assignment: Assigning: "enable" = "1". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:813: dead_error_line: Execution cannot reach this statement "netsnmp_disable_this_loghan...". jsafranek: false positive (ifdefs) Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:798: dead_error_condition: On this path, the condition "0 == enable" cannot be true. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:798: cannot_single: After this line (or expression), the value of "enable" cannot be 0. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:800: cannot_single: After this line (or expression), the value of "enable" cannot be 0. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:771: const: After this line, the value of "enable" is equal to 1. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:798: const: After this line, the value of "enable" is equal to 1. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:800: const: After this line, the value of "enable" is equal to 1. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:771: assignment: Assigning: "enable" = "1". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:798: equality_cond: Condition "0 == enable" is evaluated as false. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:800: equality_cond: Condition "enable" is evaluated as true. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:799: dead_error_line: Execution cannot reach this statement "netsnmp_disable_this_loghan...". jsafranek: false positive (ifdefs) Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/oid_stash.c:233: dead_error_condition: On this path, the condition "curnode" cannot be false. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/oid_stash.c:214: cannot_single: After this line (or expression), the value of "curnode" cannot be 0. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/oid_stash.c:229: cannot_single: After this line (or expression), the value of "curnode" cannot be 0. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/oid_stash.c:234: dead_error_line: Execution cannot reach this statement "return NULL;". Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/data_access/ipaddress_ioctl.c:245: dead_error_condition: On this path, the condition "NULL == entry" cannot be true. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/data_access/ipaddress_ioctl.c:178: cannot_single: After this line (or expression), the value of "entry" cannot be 0. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/data_access/ipaddress_ioctl.c:246: dead_error_begin: Execution cannot reach this statement "rc = -3;". jsafranek: fixed in 5.5+, 38fd637 Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/data_access/swrun_procfs_status.c:126: dead_error_condition: On this path, the condition "cp" cannot be false. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/data_access/swrun_procfs_status.c:119: cannot_single: After this line (or expression), the value of "cp" cannot be 0. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/data_access/swrun_procfs_status.c:148: dead_error_begin: Execution cannot reach this statement "memcpy(entry->hrSWRunPath, ...". jsafranek: fixed in 5.6+, 2a8a8f2 Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_disk.c:578: dead_error_condition: On this path, the condition "LowIndex == -1" cannot be false. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_disk.c:550: const: After this line, the value of "LowIndex" is equal to -1. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_disk.c:550: assignment: Assigning: "LowIndex" = "-1". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_disk.c:578: dead_error_line: Execution cannot reach this expression "disk_idx < LowIndex" inside statement "if (!exact && result < 0 &&...". jsafranek: false positive (ifdefs) Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_network.c:126: dead_error_condition: On this path, the condition "LowIndex == -1" cannot be false. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_network.c:104: const: After this line, the value of "LowIndex" is equal to -1. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_network.c:104: assignment: Assigning: "LowIndex" = "-1". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_network.c:126: dead_error_line: Execution cannot reach this expression "net_idx < LowIndex" inside statement "if (!exact && result < 0 &&...". jsafranek: false positive (ifdefs) Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_partition.c:179: dead_error_condition: On this path, the condition "LowPartIndex == -1" cannot be false. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_partition.c:120: const: After this line, the value of "LowPartIndex" is equal to -1. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_partition.c:120: assignment: Assigning: "LowPartIndex" = "-1". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_partition.c:183: dead_error_line: Execution cannot reach this statement "if (LowDiskIndex < HRP_Disk...". jsafranek: false positive (ifdefs) Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_print.c:124: dead_error_condition: On this path, the condition "LowIndex == -1" cannot be false. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_print.c:98: const: After this line, the value of "LowIndex" is equal to -1. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_print.c:98: assignment: Assigning: "LowIndex" = "-1". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_print.c:124: dead_error_line: Execution cannot reach this expression "print_idx < LowIndex" inside statement "if (!exact && result < 0 &&...". jsafranek: false positive (ifdefs) Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_proc.c:123: dead_error_condition: On this path, the condition "LowIndex == -1" cannot be false. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_proc.c:97: const: After this line, the value of "LowIndex" is equal to -1. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_proc.c:97: assignment: Assigning: "LowIndex" = "-1". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_proc.c:123: dead_error_line: Execution cannot reach this expression "proc_idx < LowIndex" inside statement "if (!exact && result < 0 &&...". jsafranek: false positive (ifdefs) Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrh_filesys.c:175: dead_error_condition: On this path, the condition "LowIndex == -1" cannot be false. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrh_filesys.c:152: const: After this line, the value of "LowIndex" is equal to -1. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrh_filesys.c:152: assignment: Assigning: "LowIndex" = "-1". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrh_filesys.c:175: dead_error_line: Execution cannot reach this expression "fsys_idx < LowIndex" inside statement "if (!exact && result < 0 &&...". jsafranek: false positive (ifdefs) Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrh_storage.c:264: dead_error_condition: On this path, the condition "LowIndex == -1" cannot be false. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrh_storage.c:184: const: After this line, the value of "LowIndex" is equal to -1. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrh_storage.c:184: assignment: Assigning: "LowIndex" = "-1". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrh_storage.c:264: dead_error_line: Execution cannot reach this expression "storage_idx < LowIndex" inside statement "if (!exact && result < 0 &&...". jsafranek: false positive (ifdefs) Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/inetCidrRouteTable/inetCidrRouteTable.c:2660: dead_error_condition: On this path, the condition "0 != rc" cannot be true. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/inetCidrRouteTable/inetCidrRouteTable.c:2574: const: After this line, the value of "rc" is equal to 0. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/inetCidrRouteTable/inetCidrRouteTable.c:2605: const: After this line, the value of "rc" is equal to 0. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/inetCidrRouteTable/inetCidrRouteTable.c:2574: assignment: Assigning: "rc" = "0". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/inetCidrRouteTable/inetCidrRouteTable.c:2605: new_values: Noticing condition "0 != rc". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/inetCidrRouteTable/inetCidrRouteTable.c:2661: dead_error_line: Execution cannot reach this statement "return rc;". jsafranek: ignoring this 'bug', it's harmless check in generated code Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/inetCidrRouteTable/inetCidrRouteTable_interface.c:932: dead_error_condition: On this path, the condition "0 != rc" cannot be true. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/inetCidrRouteTable/inetCidrRouteTable_interface.c:926: const: After this line, the value of "rc" is equal to 0. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/inetCidrRouteTable/inetCidrRouteTable_interface.c:926: new_values: Noticing condition "0 != rc". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/inetCidrRouteTable/inetCidrRouteTable_interface.c:933: dead_error_line: Execution cannot reach this statement "return rc;". jsafranek: ignoring this 'bug', it's harmless check in generated code Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/ipCidrRouteTable/ipCidrRouteTable_interface.c:746: dead_error_condition: On this path, the condition "0 != rc" cannot be true. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/ipCidrRouteTable/ipCidrRouteTable_interface.c:736: const: After this line, the value of "rc" is equal to 0. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/ipCidrRouteTable/ipCidrRouteTable_interface.c:736: assignment: Assigning: "rc" = "0". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/ipCidrRouteTable/ipCidrRouteTable_interface.c:747: dead_error_line: Execution cannot reach this statement "return rc;". jsafranek: ignoring this 'bug', it's harmless check in generated code Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/ipCidrRouteTable/ipCidrRouteTable_interface.c:755: dead_error_condition: On this path, the condition "0 != rc" cannot be true. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/ipCidrRouteTable/ipCidrRouteTable_interface.c:749: const: After this line, the value of "rc" is equal to 0. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/ipCidrRouteTable/ipCidrRouteTable_interface.c:749: new_values: Noticing condition "0 != rc". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/ipCidrRouteTable/ipCidrRouteTable_interface.c:756: dead_error_line: Execution cannot reach this statement "return rc;". jsafranek: ignoring this 'bug', it's harmless check in generated code Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/ipCidrRouteTable/ipCidrRouteTable_interface.c:782: dead_error_condition: On this path, the condition "0 != rc" cannot be true. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/ipCidrRouteTable/ipCidrRouteTable_interface.c:776: const: After this line, the value of "rc" is equal to 0. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/ipCidrRouteTable/ipCidrRouteTable_interface.c:776: new_values: Noticing condition "0 != rc". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/ipCidrRouteTable/ipCidrRouteTable_interface.c:783: dead_error_line: Execution cannot reach this statement "return rc;". jsafranek: ignoring this 'bug', it's harmless check in generated code Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/inetNetToMediaTable/inetNetToMediaTable.c:1810: dead_error_condition: On this path, the condition "0 != rc" cannot be true. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/inetNetToMediaTable/inetNetToMediaTable.c:1730: const: After this line, the value of "rc" is equal to 0. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/inetNetToMediaTable/inetNetToMediaTable.c:1753: const: After this line, the value of "rc" is equal to 0. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/inetNetToMediaTable/inetNetToMediaTable.c:1730: assignment: Assigning: "rc" = "0". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/inetNetToMediaTable/inetNetToMediaTable.c:1753: new_values: Noticing condition "0 != rc". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/inetNetToMediaTable/inetNetToMediaTable.c:1811: dead_error_line: Execution cannot reach this statement "return rc;". jsafranek: ignoring this 'bug', it's harmless check in generated code Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:437: dead_error_condition: On this path, the condition "var_val_type != 64" cannot be true. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:430: const: After this line, the value of "var_val_type" is equal to 64. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:430: new_values: Noticing condition "var_val_type != 64". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:438: dead_error_begin: Execution cannot reach this statement "snmp_log(3, "not IP address...". jsafranek: fixed in 5.4+, 15f2113 Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:512: dead_error_condition: On this path, the condition "var_val_type != 64" cannot be true. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:505: const: After this line, the value of "var_val_type" is equal to 64. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:505: new_values: Noticing condition "var_val_type != 64". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:513: dead_error_begin: Execution cannot reach this statement "snmp_log(3, "not right5");". jsafranek: fixed in 5.4+, 985dff2 Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/vacm_conf.c:545: dead_error_condition: On this path, the condition "ap" cannot be false. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/vacm_conf.c:541: cannot_single: After this line (or expression), the value of "ap" cannot be 0. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/vacm_conf.c:546: dead_error_begin: Execution cannot reach this statement "config_perror("failed to cr...". jsafranek: fixed in 5.4+, 2fd7818 Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1620: dead_error_condition: On this path, the condition "len == 0UL" cannot be true. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1576: const: After this line, the value of "len" is equal to 1500. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1576: assignment: Assigning: "len" = "1500UL". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1621: dead_error_line: Execution cannot reach this statement "return NULL;". jsafranek: TODO, "len = SMUXMAXPKTSIZE" is highly suspicious Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1645: dead_error_condition: On this path, the condition "len == 0UL" cannot be true. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1576: const: After this line, the value of "len" is equal to 1500. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1576: assignment: Assigning: "len" = "1500UL". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1646: dead_error_line: Execution cannot reach this statement "return NULL;". jsafranek: TODO, "len = SMUXMAXPKTSIZE" is highly suspicious Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/snmp-notification-mib/snmpNotifyFilterTable/snmpNotifyFilterTable.c:1926: dead_error_condition: On this path, the condition "0 != rc" cannot be true. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/snmp-notification-mib/snmpNotifyFilterTable/snmpNotifyFilterTable.c:1848: const: After this line, the value of "rc" is equal to 0. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/snmp-notification-mib/snmpNotifyFilterTable/snmpNotifyFilterTable.c:1865: const: After this line, the value of "rc" is equal to 0. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/snmp-notification-mib/snmpNotifyFilterTable/snmpNotifyFilterTable.c:1848: new_values: Noticing condition "0 != rc". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/snmp-notification-mib/snmpNotifyFilterTable/snmpNotifyFilterTable.c:1865: new_values: Noticing condition "0 != rc". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/snmp-notification-mib/snmpNotifyFilterTable/snmpNotifyFilterTable.c:1927: dead_error_line: Execution cannot reach this statement "return rc;". jsafranek: ignoring this 'bug', it's harmless check in generated code Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/snmp-notification-mib/snmpNotifyFilterTable/snmpNotifyFilterTable_interface.c:817: dead_error_condition: On this path, the condition "0 != rc" cannot be true. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/snmp-notification-mib/snmpNotifyFilterTable/snmpNotifyFilterTable_interface.c:810: const: After this line, the value of "rc" is equal to 0. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/snmp-notification-mib/snmpNotifyFilterTable/snmpNotifyFilterTable_interface.c:810: new_values: Noticing condition "0 != rc". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/snmp-notification-mib/snmpNotifyFilterTable/snmpNotifyFilterTable_interface.c:818: dead_error_line: Execution cannot reach this statement "return rc;". jsafranek: ignoring this 'bug', it's harmless check in generated code Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/tcp-mib/data_access/tcpConn_linux.c:398: dead_error_condition: On this path, the condition "rc < 0" cannot be true. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/tcp-mib/data_access/tcpConn_linux.c:260: const: After this line, the value of "rc" is equal to 0. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/tcp-mib/data_access/tcpConn_linux.c:260: assignment: Assigning: "rc" = "0". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/tcp-mib/data_access/tcpConn_linux.c:399: dead_error_line: Execution cannot reach this statement "return rc;". jsafranek: fixed in 5.4+, a27aa19 Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/udp-mib/udpEndpointTable/udpEndpointTable_data_access.c:242: dead_error_condition: On this path, the condition "NULL == ep_c" cannot be true. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/udp-mib/udpEndpointTable/udpEndpointTable_data_access.c:239: cannot_single: After this line (or expression), the value of "ep_c" cannot be 0. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/udp-mib/udpEndpointTable/udpEndpointTable_data_access.c:243: dead_error_begin: Execution cannot reach this statement "netsnmp_access_udp_endpoint...". jsafranek: fixed in 5.4+, c1526fc Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdf.c:367: dead_error_condition: On this path, the condition "units" cannot be true. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdf.c:367: const: After this line, the value of "units" is equal to 0. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdf.c:326: assignment: Assigning: "units" = "0UL". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdf.c:367: new_values: Noticing condition "units". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdf.c:367: dead_error_line: Execution cannot reach this expression "convert_units(hssize - hsused, units, 1024UL)" inside statement "printf("%-18s %15lu %15lu %...". jsafranek: TODO, 'units' variable is never set to anything useful Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdf.c:367: dead_error_condition: On this path, the condition "units" cannot be true. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdf.c:367: const: After this line, the value of "units" is equal to 0. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdf.c:326: assignment: Assigning: "units" = "0UL". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdf.c:367: new_values: Noticing condition "units". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdf.c:367: dead_error_line: Execution cannot reach this expression "convert_units(hsused, units, 1024UL)" inside statement "printf("%-18s %15lu %15lu %...". jsafranek: TODO, 'units' variable is never set to anything useful Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdf.c:367: dead_error_condition: On this path, the condition "units" cannot be true. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdf.c:326: const: After this line, the value of "units" is equal to 0. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdf.c:367: const: After this line, the value of "units" is equal to 0. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdf.c:326: assignment: Assigning: "units" = "0UL". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdf.c:367: new_values: Noticing condition "units". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdf.c:367: dead_error_line: Execution cannot reach this expression "convert_units(hssize, units, 1024UL)" inside statement "printf("%-18s %15lu %15lu %...". jsafranek: TODO, 'units' variable is never set to anything useful Error: DEADCODE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSTCPDomain.c:266: dead_error_condition: On this path, the condition "rc == -1" cannot be true. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSTCPDomain.c:252: at_least: After this line, the value of "rc" is at least 1. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSTCPDomain.c:252: new_values: Noticing condition "rc <= 0". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSTCPDomain.c:267: dead_error_line: Execution cannot reach this statement "if (SSL_get_error(tlsdata->...". jsafranek: fixed in 5.6+, 04bf3e2
EVALUATION_ORDER
Error: EVALUATION_ORDER: /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:429: write_write_order: In "tmStateRef = tmStateRef = (netsnmp_tmStateReference *)opaque", "tmStateRef" is written in "tmStateRef" (the assignment left-hand side) and written in "tmStateRef = (netsnmp_tmStateReference *)opaque" but the order in which the side effects take place is undefined because there is no intervening sequence point. magfr: Fixed in 5.7+ (230df14f94c3736ff34379a4e281eea353b47f80)
FORWARD_NULL
Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:1178: var_compare_op: Comparing "tptr->reginfo" to null implies that "tptr->reginfo" might be null. /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:1186: var_deref_op: Dereferencing null variable "tptr->reginfo". Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1583: var_compare_op: Comparing "sub" to null implies that "sub" might be null. /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1597: var_deref_op: Dereferencing null variable "sub". jsafranek: fixed in 5.4+, 355c5ab Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:804: assign_zero: Assigning: "vars->val.string" = 0. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:816: var_deref_op: Dereferencing null variable "vars->val.string". jsafranek: fixed in 5.4+, 6feed62 Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:5159: assign_zero: Assigning: "orp" = 0. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:5378: var_deref_op: Dereferencing null variable "orp". jsafranek: false positive? If orp is NULL, isp->requests must equal to rp (it's the first iteration of the for loop), i.e. the code won't reach here. Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:5354: var_compare_op: Comparing "sp->contextEngineID" to null implies that "sp->contextEngineID" might be null. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:5360: var_deref_model: Passing null variable "sp->contextEngineID" to function "memcpy", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.) jsafranek: fixed in 5.4+, b5df1ee TODO: proper cleanup Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:5341: var_compare_op: Comparing "sp->securityEngineID" to null implies that "sp->securityEngineID" might be null. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:5347: var_deref_model: Passing null variable "sp->securityEngineID" to function "memcpy", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.) jsafranek: fixed in 5.4+, b5df1ee TODO: proper cleanup Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:6267: assign_zero: Assigning: "orp" = 0. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:6328: var_deref_op: Dereferencing null variable "orp". jsafranek: false positive? If orp is NULL, isp->requests must equal to rp (it's the first iteration of the for loop), i.e. the code won't reach here. Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:588: var_compare_op: Comparing "cptr" to null implies that "cptr" might be null. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:607: var_deref_model: Passing null variable "cptr" to function "read_config_find_handler", which dereferences it. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:517: deref_parm_in_call: Function "strcasecmp" dereferences parameter "token". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.) /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:618: var_deref_model: Passing null variable "cptr" to function "strlen", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.) jsafranek: fixed in 5.4+, f33d33615 Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_trap.c:769: var_compare_op: Comparing "template_v2pdu" to null implies that "template_v2pdu" might be null. /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_trap.c:808: var_deref_op: Dereferencing null variable "template_v2pdu". jsafranek: fixed in 5.5+, 185272d Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:1841: var_compare_op: Comparing "np" to null implies that "np" might be null. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:1845: var_deref_op: Dereferencing null variable "np". jsafranek: false positive, if np == NULL, orphan_nodes must be NULL too Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/extend.c:393: var_compare_op: Comparing "ereg" to null implies that "ereg" might be null. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/extend.c:411: var_deref_op: Dereferencing null variable "ereg". jsafranek: fixed in 5.4+, 410b71d Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/snmp_agent.c:2313: assign_zero: Assigning: "asp->bulkcache" = 0. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmp_agent.c:2384: var_deref_op: Dereferencing null variable "asp->bulkcache". jsafranek: false positive??? TODO: check Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteEventConf.c:296: var_compare_op: Comparing "cp" to null implies that "cp" might be null. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteEventConf.c:299: var_deref_model: Passing null variable "cp" to function "strtol", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.) jsafranek: fixed in 5.4+, fa6a912 Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:204: assign_zero: Assigning: "dvar" = 0. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:692: alias_transfer: Assigning null: "vp2" = "dvar". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:701: var_deref_op: Dereferencing null variable "vp2". jsafranek: not able to guess, TODO Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:693: assign_zero: Assigning: "vp2_prev" = 0. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:721: var_deref_op: Dereferencing null variable "vp2_prev". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:736: var_deref_op: Dereferencing null variable "vp2_prev". jsafranek: not able to guess, TODO Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:770: var_compare_op: Comparing "vp2" to null implies that "vp2" might be null. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:793: var_deref_op: Dereferencing null variable "vp2". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:802: var_deref_op: Dereferencing null variable "vp2". jsafranek: not able to guess, TODO Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:914: var_compare_op: Comparing "vp2" to null implies that "vp2" might be null. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:933: var_deref_op: Dereferencing null variable "vp2". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:942: var_deref_op: Dereferencing null variable "vp2". jsafranek: not able to guess, TODO Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/if-mib/ifTable/ifTable.c:463: var_compare_op: Comparing "tmp_descr" to null implies that "tmp_descr" might be null. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/if-mib/ifTable/ifTable.c:489: var_deref_model: Passing null variable "tmp_descr" to function "memcpy", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.) jsafranek: false positive, ifDescr_val_ptr_len_ptr is 0 when tmp_descr is NULL Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1334: assign_zero: Assigning: "bestptr" = 0. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1343: var_deref_op: Dereferencing null variable "bestptr". jsafranek: fixed in 5.4+, 5b72a40 Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:366: var_compare_op: Comparing "rptr" to null implies that "rptr" might be null. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:549: var_deref_op: Dereferencing null variable "rptr". jsafranek: fixed in 5.4+, 41cde68 Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/keytools.c:593: var_compare_op: Comparing "newkey" to null implies that "newkey" might be null. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/keytools.c:641: var_deref_model: Passing null variable "newkey" to function "memset", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.) jsafranek: fixed in 5.4+, eed6f5f Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/disk_hw.c:316: var_compare_op: Comparing "entry" to null implies that "entry" might be null. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/disk_hw.c:317: var_deref_op: Dereferencing null variable "entry". jsafranek: TODO, the function is messed up. Fixing this error just enters endless loop ('entry' will be the same) Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/snmp_agent.c:885: assign_zero: Assigning: "addr_string" = 0. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmp_agent.c:921: var_deref_model: Passing null variable "addr_string" to function "strstr", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.) jsafranek: fixed in 5.4+, 5e95ca6 Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/large_fd_set.c:132: var_compare_op: Comparing "exceptfds" to null implies that "exceptfds" might be null. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/large_fd_set.c:138: var_deref_op: Dereferencing null variable "exceptfds". jsafranek: fixed in 5.5+, ba5d529 Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/large_fd_set.c:128: var_compare_op: Comparing "readfds" to null implies that "readfds" might be null. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/large_fd_set.c:138: var_deref_op: Dereferencing null variable "readfds". jsafranek: fixed in 5.5+, ba5d529 Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/large_fd_set.c:130: var_compare_op: Comparing "writefds" to null implies that "writefds" might be null. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/large_fd_set.c:138: var_deref_op: Dereferencing null variable "writefds". jsafranek: fixed in 5.5+, ba5d529 Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:268: var_deref_model: Passing null variable "current_name" to function "get_node", which dereferences it. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:5700: var_assign_parm: Assigning: "cp" = "name". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:5701: deref_var: Dereferencing "cp", which equals a pointer parameter. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:299: var_deref_model: Passing null variable "current_name" to function "read_objid", which dereferences it. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:3037: var_assign_parm: Assigning: "cp" = "input". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:3038: deref_var: Dereferencing "cp", which equals a pointer parameter. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:329: var_compare_op: Comparing "current_name" to null implies that "current_name" might be null. jsafranek: false positive, argc and NULL argument match each other Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:5141: assign_zero: Assigning: "mib_tied_href" = 0. /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:5190: var_deref_op: Dereferencing null variable "mib_tied_href". /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:5281: var_deref_op: Dereferencing null variable "mib_tied_href". /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:5319: var_deref_op: Dereferencing null variable "mib_tied_href". Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:4007: var_compare_op: Comparing "context" to null implies that "context" might be null. /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:4245: var_deref_op: Dereferencing null variable "context". jsafranek: fixed in 5.4+, f88054a Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.c:5539: assign_zero: Assigning: "ss" = 0. /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:4994: var_deref_model: Passing null variable "ss" to function "snmp_sess_read", which dereferences it. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:5849: deref_parm_in_call: Function "snmp_sess_read2" dereferences parameter "sessp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:5862: var_assign_parm: Assigning: "psl" = "sessp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:5863: deref_var: Dereferencing "psl", which equals a pointer parameter. /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:5008: var_deref_model: Passing null variable "ss" to function "snmp_sess_timeout", which dereferences it. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:6264: var_assign_parm: Assigning: "slp" = "sessp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:6273: deref_var: Dereferencing "slp", which equals a pointer parameter. jsafranek; TODO: what if ss is NULL??? Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:715: var_compare_op: Comparing "oid_arr_len" to null implies that "oid_arr_len" might be null. /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:799: var_deref_model: Passing null variable "oid_arr_len" to function "__concat_oid_str", which dereferences it. /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:860: deref_parm: Directly dereferencing parameter "doid_arr_len". jsafranek: fixed in 5.4+, da2d6a70 Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:2337: assign_zero: Assigning: "val_tuple" = 0. /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:2559: var_deref_op: Dereferencing null variable "val_tuple". jsafranek: fixed in 5.4+, da2d6a70 Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:2075: var_compare_op: Comparing "varlist_iter" to null implies that "varlist_iter" might be null. /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:2105: var_deref_op: Dereferencing null variable "varlist_iter". jsafranek: fixed in 5.4+, da2d6a70 Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:802: var_compare_op: Comparing "fp" to null implies that "fp" might be null. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:804: var_deref_model: Passing null variable "fp" to function "fclose", which dereferences it. jsafranek: fixed in 5.6+, fc19b7f Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:1177: var_compare_op: Comparing "key" to null implies that "key" might be null. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:1182: var_deref_op: Dereferencing null variable "key". jsafranek: already fixed in different issue Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:1034: var_compare_op: Comparing "olength" to null implies that "olength" might be null. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:1063: var_deref_op: Dereferencing null variable "olength". jsafranek: fixed in 5.7+, 59884bb Error: FORWARD_NULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSTCPDomain.c:151: var_compare_op: Comparing "t" to null implies that "t" might be null. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSTCPDomain.c:154: var_deref_op: Dereferencing null variable "t". jsafranek: fixed in 5.6+, 7c4d459
MISSING_BREAK
Error: MISSING_BREAK (CWE-484): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:4741: unterminated_case: This case (value 45) is not terminated by a 'break' statement. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:4773: fallthrough: The above case falls through to this one. jsafranek: commented in 5.4+, 6d31c82 Error: MISSING_BREAK (CWE-484): /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_dataset.c:1109: unterminated_case: This case (value 20) is not terminated by a 'break' statement. /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_dataset.c:1111: fallthrough: The above case falls through to this one. jsafranek: commented in 5.4+, 18c126a Error: MISSING_BREAK (CWE-484): /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_dataset.c:1106: unterminated_case: This case (value 48) is not terminated by a 'break' statement. /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_dataset.c:1108: fallthrough: The above case falls through to this one. jsafranek: commented in 5.4+, 18c126a Error: MISSING_BREAK (CWE-484): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:501: unterminated_case: This case (value 7) is not terminated by a 'break' statement. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:524: fallthrough: The above case falls through to this one. jsafranek: fixed in 3130e24 Error: MISSING_BREAK (CWE-484): /builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:171: unterminated_case: This case (value 104) is not terminated by a 'break' statement. /builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:173: fallthrough: The above case falls through to this one. jsafranek: fixed in 5.4+, fb6f80c Error: MISSING_BREAK (CWE-484): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:3151: unterminated_case: This case (value 2) is not terminated by a 'break' statement. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:3153: fallthrough: The above case falls through to this one. jsafranek: commented in 5.4+, d68dcae Error: MISSING_BREAK (CWE-484): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:2719: unterminated_case: This case (value -46) is not terminated by a 'break' statement. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:2730: fallthrough: The above case falls through to this one. jsafranek: fixed in 5.7+, 6665d5f Error: MISSING_BREAK (CWE-484): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSBaseDomain.c:1081: unterminated_case: This case (value 50) is not terminated by a 'break' statement. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSBaseDomain.c:1083: fallthrough: The above case falls through to this one.
jsafranek: fixed in 5.6+, a6648c5
NEGATIVE_RETURNS
Error: NEGATIVE_RETURNS (CWE-687): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/cpu/cpu_linux.c:234: negative_return_fn: Function "open("/proc/vmstat", 0, 0)" returns a negative number. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/cpu/cpu_linux.c:234: var_assign: Assigning: signed variable "vmstatfd" = "open". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/cpu/cpu_linux.c:230: negative_returns: "vmstatfd" is passed to a parameter that cannot be negative. jsafranek: fixed in 5.4+, 92075f5 Error: NEGATIVE_RETURNS (CWE-687): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/cpu/cpu_linux.c:123: negative_return_fn: Function "open("/proc/stat", 0, 0)" returns a negative number. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/cpu/cpu_linux.c:123: var_assign: Assigning: signed variable "statfd" = "open". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/cpu/cpu_linux.c:118: negative_returns: "statfd" is passed to a parameter that cannot be negative. jsafranek: fixed in 5.4+, 92075f5 Error: NEGATIVE_RETURNS (CWE-687): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/if-mib/data_access/interface_linux.c:1044: negative_return_fn: Function "socket(16, 2, 0)" returns a negative number. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/if-mib/data_access/interface_linux.c:1044: var_assign: Assigning: signed variable "fd" = "socket". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/if-mib/data_access/interface_linux.c:1053: negative_returns: "fd" is passed to a parameter that cannot be negative. jsafranek: fixed in 5.5+, b3bc54b Error: NEGATIVE_RETURNS (CWE-687): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsVacmAccessTable.c:178: negative_return_fn: Function "se_find_value_in_slist("vacmviews", atype)" returns a negative number. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:352: negative_return: Calling "se_find_value_in_list", which might return a negative value. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:220: return_negative_constant: Explicitly returning negative value "-2". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:352: return_negative_fn: Returning the return value of "se_find_value_in_list", which might be negative. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsVacmAccessTable.c:178: var_assign: Assigning: signed variable "viewIdx" = "se_find_value_in_slist". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsVacmAccessTable.c:190: negative_returns: Using variable "viewIdx" as an index to array "entry->views". jsafranek: fixed in 5.4+, 670d6fc Error: NEGATIVE_RETURNS (CWE-687): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsVacmAccessTable.c:326: negative_return_fn: Function "se_find_value_in_slist("vacmviews", atype)" returns a negative number. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:352: negative_return: Calling "se_find_value_in_list", which might return a negative value. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:220: return_negative_constant: Explicitly returning negative value "-2". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:352: return_negative_fn: Returning the return value of "se_find_value_in_list", which might be negative. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsVacmAccessTable.c:326: var_assign: Assigning: signed variable "viewIdx" = "se_find_value_in_slist". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsVacmAccessTable.c:333: negative_returns: Using variable "viewIdx" as an index to array "entry->views". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsVacmAccessTable.c:343: negative_returns: Using variable "viewIdx" as an index to array "entry->views". jsafranek: fixed in 5.4+, 670d6fc Error: NEGATIVE_RETURNS (CWE-687): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:425: negative_return_fn: Function "recvfrom(rptr->sr_fd, (void *)buf, 1500UL, 2, __SOCKADDR_ARG({ .__sockaddr__ = NULL}), NULL)" returns a negative number. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:425: var_assign: Assigning: unsigned variable "len" = "recvfrom". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:443: negative_returns: "len" is passed to a parameter that cannot be negative. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_debug.c:372: neg_sink_parm_call: Passing "len" to "sprint_realloc_hexstring", which cannot accept a negative. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:360: parm_loop_bound: Using unsigned parameter "len" in a loop exit test. jsafranek: already fixed Error: NEGATIVE_RETURNS (CWE-687): /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:1056: negative_return_fn: Function "netsnmp_ds_get_int(1, 1)" returns a negative number. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/default_store.c:279: return_negative_constant: Explicitly returning negative value "-1". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:1056: var_assign: Assigning: signed variable "uid" = "netsnmp_ds_get_int". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:1076: negative_returns: "uid" is passed to a parameter that cannot be negative. jsafranek: fixed in 5.4+, 2b6c119 Error: NEGATIVE_RETURNS (CWE-687): /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:1039: negative_return_fn: Function "netsnmp_ds_get_int(1, 2)" returns a negative number. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/default_store.c:279: return_negative_constant: Explicitly returning negative value "-1". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:1039: var_assign: Assigning: signed variable "gid" = "netsnmp_ds_get_int". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:1042: negative_returns: "gid" is passed to a parameter that cannot be negative. jsafranek: fixed in 5.4+, 2b6c119
NO_EFFECT
Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:868: array_null: Comparing an array to null is not useful: "entry->d_name". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:4936: array_null: Comparing an array to null is not useful: "file->d_name != NULL". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/util_funcs.c:1137: array_null: Comparing an array to null is not useful: "temp_node->in6p". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/if-mib/ifXTable/ifXTable_interface.c:1147: unsigned_compare: This less-than-zero comparison of an unsigned value is never true. "var->val_len < 0UL". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/inetCidrRouteTable/inetCidrRouteTable.c:397: array_null: Comparing an array to null is not useful: "NULL == tbl_idx->inetCidrRouteDest". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/inetCidrRouteTable/inetCidrRouteTable.c:453: array_null: Comparing an array to null is not useful: "NULL == tbl_idx->inetCidrRouteNextHop". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/inetCidrRouteTable/inetCidrRouteTable.c:422: array_null: Comparing an array to null is not useful: "NULL == tbl_idx->inetCidrRoutePolicy". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/inetCidrRouteTable/inetCidrRouteTable_interface.c:899: unsigned_compare: This less-than-zero comparison of an unsigned value is never true. "rowreq_ctx->tbl_idx.inetCidrRouteDest_len < 0UL". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/inetCidrRouteTable/inetCidrRouteTable_interface.c:917: unsigned_compare: This less-than-zero comparison of an unsigned value is never true. "rowreq_ctx->tbl_idx.inetCidrRoutePfxLen < 0UL". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/inetCidrRouteTable/inetCidrRouteTable_interface.c:972: unsigned_compare: This less-than-zero comparison of an unsigned value is never true. "rowreq_ctx->tbl_idx.inetCidrRouteNextHop_len < 0UL". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/inetNetToMediaTable/inetNetToMediaTable_interface.c:1162: unsigned_compare: This less-than-zero comparison of an unsigned value is never true. "var->val_len < 0UL". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/inetNetToMediaTable/inetNetToMediaTable_interface.c:810: unsigned_compare: This less-than-zero comparison of an unsigned value is never true. "rowreq_ctx->tbl_idx.inetNetToMediaNetAddress_len < 0UL". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/ipAddressPrefixTable/ipAddressPrefixTable.c:283: array_null: Comparing an array to null is not useful: "NULL == tbl_idx->ipAddressPrefixPrefix". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable_interface.c:740: unsigned_compare: This less-than-zero comparison of an unsigned value is never true. "rowreq_ctx->tbl_idx.ipAddressAddr_len < 0UL". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/ipDefaultRouterTable/ipDefaultRouterTable_data_get.c:134: array_null: Comparing an array to null is not useful: "NULL == tbl_idx->ipDefaultRouterAddress". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/target/target.c:63: array_null: Comparing an array to null is not useful: "targaddrs->tDomain == NULL". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/rmon-mib/etherStatsTable/etherStatsTable_interface.c:1461: unsigned_compare: This less-than-zero comparison of an unsigned value is never true. "var->val_len < 0UL". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/snmp-notification-mib/snmpNotifyFilterTable/snmpNotifyFilterTable.c:342: array_null: Comparing an array to null is not useful: "NULL == tbl_idx->snmpNotifyFilterProfileName". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/snmp-notification-mib/snmpNotifyFilterTable/snmpNotifyFilterTable.c:362: array_null: Comparing an array to null is not useful: "NULL == tbl_idx->snmpNotifyFilterSubtree". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/snmp-notification-mib/snmpNotifyFilterTable/snmpNotifyFilterTable_interface.c:1145: unsigned_compare: This less-than-zero comparison of an unsigned value is never true. "var->val_len < 0UL". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c:348: array_null: Comparing an array to null is not useful: "NULL == tbl_idx->tcpConnectionLocalAddress". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c:381: array_null: Comparing an array to null is not useful: "NULL == tbl_idx->tcpConnectionRemAddress". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c:317: array_null: Comparing an array to null is not useful: "NULL == tbl_idx->tcpListenerLocalAddress". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/dlmod.c:94: array_null: Comparing an array to null is not useful: "dlm->name". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/dlmod.c:94: array_null: Comparing an array to null is not useful: "dlm->path". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/proc.c:309: array_null: Comparing an array to null is not useful: "proc->fixcmd". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/udp-mib/udpEndpointTable/udpEndpointTable.c:246: array_null: Comparing an array to null is not useful: "NULL == tbl_idx->udpEndpointLocalAddress". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/udp-mib/udpEndpointTable/udpEndpointTable.c:277: array_null: Comparing an array to null is not useful: "NULL == tbl_idx->udpEndpointRemoteAddress". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/dir_utils.c:140: array_null: Comparing an array to null is not useful: "file->d_name == NULL". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:2978: array_null: Comparing an array to null is not useful: "session->securityAuthKey != NULL". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:3025: array_null: Comparing an array to null is not useful: "session->securityPrivKey != NULL". Error: NO_EFFECT (CWE-665): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmptsm.c:451: array_null: Comparing an array to null is not useful: "tmStateRef->transportDomain == NULL".
NULL_RETURNS
Error: NULL_RETURNS (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:1370: returned_null: Function "find_sec_mod" returns null (checked 15 out of 16 times). /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_secmod.c:163: return_null: Explicitly returning NULL. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:407: example_checked: "find_sec_mod(newpdu->securityModel)" has its value checked in "(sptr = find_sec_mod(newpdu->securityModel)) != NULL". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:1203: example_checked: "find_sec_mod(session->securityModel)" has its value checked in "(sptr = find_sec_mod(session->securityModel)) != NULL". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:1841: example_checked: "find_sec_mod(slp->session->securityModel)" has its value checked in "(sptr = find_sec_mod(slp->session->securityModel)) != NULL". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:2543: example_assign: Assigning: "sptr" = return value from "find_sec_mod(pdu->securityModel)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:2545: example_checked: "sptr" has its value checked in "sptr". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:2659: example_assign: Assigning: "sptr" = return value from "find_sec_mod(pdu->securityModel)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:2660: example_checked: "sptr" has its value checked in "sptr". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:1370: var_assigned: Assigning: "sptr" = null return value from "find_sec_mod". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:1393: dereference: Dereferencing a null pointer "sptr". jsafranek: fixed in 5.7+, b1eaaf3 Error: NULL_RETURNS (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:895: returned_null: Function "strrchr" returns null (checked 6 out of 7 times). /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:2226: example_assign: Assigning: "pos" = return value from "strrchr(dir, 47)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:2227: example_checked: "pos" has its value checked in "NULL == pos". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrh_filesys.c:333: example_assign: Assigning: "cp1" = return value from "strrchr(filesys, 47)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrh_filesys.c:335: example_checked: "cp1" has its value checked in "cp1 == NULL". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrh_filesys.c:345: example_assign: Assigning: "cp3" = return value from "strrchr(line, 47)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrh_filesys.c:346: example_checked: "cp3" has its value checked in "cp3 == NULL". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpnetstat/main.c:316: example_assign: Assigning: "cp" = return value from "strrchr(argv[0], 47)". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpnetstat/main.c:317: example_checked: "cp" has its value checked in "cp". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrap.c:137: example_assign: Assigning: "prognam" = return value from "strrchr(argv[0], 47)". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrap.c:138: example_checked: "prognam" has its value checked in "prognam". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:895: var_assigned: Assigning: "cp" = null return value from "strrchr". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:896: dereference: Incrementing a pointer which might be null: "cp". jsafranek: fixed in 5.6+, 089bcb3 Error: NULL_RETURNS (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2802: returned_null: Function "fopen" returns null (checked 69 out of 73 times). /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2883: example_assign: Assigning: "fp" = return value from "fopen(cp, "w")". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2884: example_checked: "fp" has its value checked in "fp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:3904: example_checked: "fopen(mp->file, "r")" has its value checked in "(fp = fopen(mp->file, "r")) == NULL". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:4841: example_checked: "fopen(tmpstr, "r")" has its value checked in "(fp = fopen(tmpstr, "r")) == NULL". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:4895: example_checked: "fopen(token, "r")" has its value checked in "(ip = fopen(token, "r")) != NULL". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:4979: example_assign: Assigning: "fp" = return value from "fopen(filename, "r")". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:4980: example_checked: "fp" has its value checked in "fp == NULL". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2802: var_assigned: Assigning: "fp" = null return value from "fopen". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2803: dereference: Dereferencing a pointer that might be null "fp" when calling "fgets". jsafranek: fixed in 5.5+, 299ea9a Error: NULL_RETURNS (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsDebug.c:424: returned_null: Function "netsnmp_extract_iterator_context" returns null (checked 22 out of 24 times). /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_iterator.c:292: null_return: Calling "netsnmp_request_get_list_data" which might return null. /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:1002: null_return: Calling "netsnmp_get_list_data" which might return null. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/data_list.c:171: return_null: Explicitly returning NULL. /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:1002: return_null_fn: Returning the return value of "netsnmp_get_list_data", which might be null. /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_iterator.c:292: return_null_fn: Returning the return value of "netsnmp_request_get_list_data", which might be null. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/icmp.c:1028: example_assign: Assigning: "entry" = return value from "netsnmp_extract_iterator_context(request)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/icmp.c:1029: example_checked: "entry" has its value checked in "entry". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/icmp.c:1095: example_assign: Assigning: "entry" = return value from "netsnmp_extract_iterator_context(request)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/icmp.c:1096: example_checked: "entry" has its value checked in "entry". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsTransactionTable.c:191: example_assign: Assigning: "asp" = return value from "netsnmp_extract_iterator_context(requests)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsTransactionTable.c:194: example_checked: "asp" has its value checked in "asp == NULL". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsModuleTable.c:237: example_assign: Assigning: "tree" = return value from "netsnmp_extract_iterator_context(request)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsModuleTable.c:238: example_checked: "tree" has its value checked in "tree == NULL". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsDebug.c:343: example_assign: Assigning: "debug_entry" = return value from "netsnmp_extract_iterator_context(request)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsDebug.c:345: example_checked: "debug_entry" has its value checked in "debug_entry". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsDebug.c:424: var_assigned: Assigning: "debug_entry" = null return value from "netsnmp_extract_iterator_context". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsDebug.c:426: dereference: Dereferencing a null pointer "debug_entry". jsafranek: fixed in 5.4+, 5d1d0a7 Error: NULL_RETURNS (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsLogging.c:353: returned_null: Function "netsnmp_extract_iterator_context" returns null (checked 22 out of 24 times). /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_iterator.c:292: null_return: Calling "netsnmp_request_get_list_data" which might return null. /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:1002: null_return: Calling "netsnmp_get_list_data" which might return null. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/data_list.c:171: return_null: Explicitly returning NULL. /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:1002: return_null_fn: Returning the return value of "netsnmp_get_list_data", which might be null. /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_iterator.c:292: return_null_fn: Returning the return value of "netsnmp_request_get_list_data", which might be null. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/icmp.c:1028: example_assign: Assigning: "entry" = return value from "netsnmp_extract_iterator_context(request)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/icmp.c:1029: example_checked: "entry" has its value checked in "entry". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/icmp.c:1095: example_assign: Assigning: "entry" = return value from "netsnmp_extract_iterator_context(request)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/icmp.c:1096: example_checked: "entry" has its value checked in "entry". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsTransactionTable.c:191: example_assign: Assigning: "asp" = return value from "netsnmp_extract_iterator_context(requests)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsTransactionTable.c:194: example_checked: "asp" has its value checked in "asp == NULL". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsModuleTable.c:237: example_assign: Assigning: "tree" = return value from "netsnmp_extract_iterator_context(request)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsModuleTable.c:238: example_checked: "tree" has its value checked in "tree == NULL". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsDebug.c:343: example_assign: Assigning: "debug_entry" = return value from "netsnmp_extract_iterator_context(request)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsDebug.c:345: example_checked: "debug_entry" has its value checked in "debug_entry". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsLogging.c:353: var_assigned: Assigning: "logh" = null return value from "netsnmp_extract_iterator_context". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsLogging.c:366: dereference: Dereferencing a null pointer "logh". jsafranek: fixed in 5.4+, 5d1d0a7 Error: NULL_RETURNS (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:322: returned_null: Function "snmp_sess_transport" returns null (checked 4 out of 5 times). /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:7310: return_null: Explicitly returning NULL. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agentx/master.c:246: example_assign: Assigning: "t" = return value from "snmp_sess_transport(s)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agentx/master.c:249: example_checked: "t" has its value checked in "t != NULL". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpstatus.c:262: example_assign: Assigning: "transport" = return value from "snmp_sess_transport(snmp_sess_pointer(ss))". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpstatus.c:263: example_checked: "transport" has its value checked in "transport != NULL". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptest.c:231: example_assign: Assigning: "transport" = return value from "snmp_sess_transport(snmp_sess_pointer(ss))". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptest.c:232: example_checked: "transport" has its value checked in "transport != NULL". /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:1243: example_checked: "snmp_sess_transport(snmp_sess_pointer(ss))" has its value checked in "(transport = snmp_sess_transport(snmp_sess_pointer(ss))) != NULL". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:322: var_assigned: Assigning: "t" = null return value from "snmp_sess_transport". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:323: dereference: Dereferencing a null pointer "t". jsafranek: fixed in 5.4+, aee4e89
OVERRUN_DYNAMIC
Error: OVERRUN_DYNAMIC (CWE-125): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:1076: strlen_assign: Setting variable "session->community_len" to the return value of strlen called with argument "cp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:1077: alloc_strlen: Allocating insufficient memory for the terminating null of the string. jsafranek: false positive, community is without '\0' at the end Error: OVERRUN_DYNAMIC (CWE-125): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:5587: buffer_alloc: Calling allocating function "malloc" which allocated 65536 bytes dictated by parameter 1. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:5587: var_assign: Assigning: "isp->packet" = "malloc(rxbuf_len)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:5592: alias: Assigning: "rxbuf" = "isp->packet". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:5677: alias: Assigning: "pptr" = "isp->packet". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:5811: overrun-dbuffer-arg: Overrunning dynamic array "isp->packet" of size 65536 bytes by passing it to a function which indexes it with argument "isp->packet_len" at position 2147483645. jsafranek: looks like a false positive, isp->packet_len cannot grow over 65536 Error: OVERRUN_DYNAMIC (CWE-125): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/if-mib/ifXTable/ifXTable.c:425: strlen_assign: Setting variable "tmp_len" to a value computed using function strlen. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/if-mib/ifXTable/ifXTable.c:431: alloc_strlen: Allocating insufficient memory for the terminating null of the string. jsafranek: false positive Error: OVERRUN_DYNAMIC (CWE-125): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:440: buffer_alloc: Calling allocating function "calloc" which allocated 1 bytes dictated by "1UL" and "olen ? olen : 1U". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:440: var_assign: Assigning: "s" = "calloc(1UL, (olen ? olen : 1U))". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:440: alias: Assigning: "op" = "s". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:456: overrun-local: Overrunning dynamic array "op" of size 0 bytes at position 0. jsafranek: false positive ??? Error: OVERRUN_DYNAMIC (CWE-125): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptable.c:535: buffer_alloc: Calling allocating function "malloc" which allocated 32 bytes dictated by parameter 1. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptable.c:535: var_assign: Assigning: "column" = "malloc(sizeof (*column) /*32*/)". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptable.c:567: overrun-local: Overrunning dynamic array "column" of size 32 bytes at position 32 with index variable "field". jsafranek: false positive, fields == 1 Error: OVERRUN_DYNAMIC (CWE-125): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpUnixDomain.c:361: alloc_strlen: Allocating insufficient memory for the terminating null of the string. jsafranek: false positive Error: OVERRUN_DYNAMIC (CWE-125): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpUnixDomain.c:423: alloc_strlen: Allocating insufficient memory for the terminating null of the string. jsafranek: false positive
OVERRUN_STATIC
Error: OVERRUN_STATIC (CWE-125): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2699: overrun-string: Static array "defbuf" of size 512 is overrun if the index used is too large. jsafranek: false positive Error: OVERRUN_STATIC (CWE-125): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2700: overrun-string: Static array "defbuf" of size 512 is overrun if the index used is too large. jsafranek: false positive Error: OVERRUN_STATIC (CWE-125): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2710: overrun-string: Static array "defbuf" of size 512 is overrun if the index used is too large. jsafranek: false positive Error: OVERRUN_STATIC (CWE-125): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2711: overrun-string: Static array "defbuf" of size 512 is overrun if the index used is too large. jsafranek: false positive Error: OVERRUN_STATIC (CWE-125): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2717: overrun-string: Static array "defbuf" of size 512 is overrun if the index used is too large. jsafranek: false positive Error: OVERRUN_STATIC (CWE-125): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/schedule/schedTable.c:463: overrun-buffer-arg: Overrunning static array "entry->schedContextName" of size 32 bytes by passing it to a function which indexes it with argument "33UL" at byte position 32. jsafranek: fixed in 5,4+, b3c4982 Error: OVERRUN_STATIC (CWE-125): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/target/snmpTargetAddrEntry.c:729: overrun-string: Static array "line" of size 1024 is overrun if the index used is too large. jsafranek: false positive Error: OVERRUN_STATIC (CWE-125): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd_sql.c:421: ptr_assign: Pointer "not_argv" is assigned the address of a static array pointer "not_args" of size 8 bytes. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd_sql.c:445: overrun-local: Overrunning static array of size 8 bytes at byte position 8 by indexing pointer "not_argv" with index variable "i". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd_sql.c:445: overrun-local: Note: These bugs are often difficult to see at first glance. Coverity recommends a close inspection of the events leading to this overrun. jsafranek: false positive Error: OVERRUN_STATIC (CWE-125): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:178: assignment: Assigning: "len" = "sizeof (line) /*2048*/". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:181: overrun-buffer-arg: Overrunning static array "line" of size 2048 bytes by passing it to a function which indexes it with argument "len" at byte position 2048. jsafranek: fixed in 5.4+, b3c4982 Error: OVERRUN_STATIC (CWE-125): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTCPIPv6Domain.c:372: overrun-buffer-val: Overrunning struct type struct sockaddr_in6 of size 28 bytes by passing it as an argument to a function which indexes it at byte position 59. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTCPIPv6Domain.c:177: access_dbuff_const: Calling "memcpy" indexes array "addr" with index "sizeof (netsnmp_indexed_addr_pair) /*60*/" at byte position 59. jsafranek: fixed in 5.7+, bee4d79 Error: OVERRUN_STATIC (CWE-125): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTCPIPv6Domain.c:346: overrun-buffer-val: Overrunning struct type struct sockaddr_in6 of size 28 bytes by passing it as an argument to a function which indexes it at byte position 59. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTCPIPv6Domain.c:177: access_dbuff_const: Calling "memcpy" indexes array "addr" with index "sizeof (netsnmp_indexed_addr_pair) /*60*/" at byte position 59. jsafranek: fixed in 5.7+, bee4d79 Error: OVERRUN_STATIC (CWE-125): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpUDPIPv6Domain.c:534: overrun-buffer-val: Overrunning static array "&mask.__in6_u.__u6_addr8[j] + 1" of size 16 bytes by passing it as an argument to a function which indexes it at byte position 16. jsafranek: false positive Error: OVERRUN_STATIC (CWE-125): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpUDPIPv6Domain.c:534: overrun-local: Overrunning static array of size 16 bytes at byte position 16 by indexing pointer "&mask.__in6_u.__u6_addr8[j]" with index variable "1" through dereference in call to "memset". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpUDPIPv6Domain.c:534: overrun-local: Note: These bugs are often difficult to see at first glance. Coverity recommends a close inspection of the events leading to this overrun. jsafranek: false positive Error: OVERRUN_STATIC (CWE-125): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpUDPIPv6Domain.c:534: overrun-local: Overrunning static array of size 16 bytes at byte position 16 by indexing pointer "&mask.__in6_u.__u6_addr8[j]" with index variable "1" through dereference in call to "memset". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.) /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpUDPIPv6Domain.c:534: overrun-local: Note: These bugs are often difficult to see at first glance. Coverity recommends a close inspection of the events leading to this overrun. jsafranek: false positive
RESOURCE_LEAK
Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:368: alloc_arg: Calling allocation function "se_add_pair_to_list" on "list". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:297: alloc_fn: Storage is returned from allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:297: var_assign: Assigning: "*list" = "calloc(1UL, sizeof (struct snmp_enum_list) /*24*/)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:298: var_assign: Assigning: "lastnode" = "*list". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:382: leaked_storage: Variable "list" going out of scope leaks the storage it points to. jsafranek: false positive, se_add_pair_to_list() allocates new list only if created == 0 (-> the list is then added to sliststorage) Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:4823: alloc_fn: Calling allocation function "malloc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:4823: var_assign: Assigning: "pktbuf" = storage returned from "malloc(2048UL)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:4883: var_assign: Assigning: "packet" = "pktbuf". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:4894: leaked_storage: Variable "packet" going out of scope leaks the storage it points to. magfr: False positive Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:6172: alloc_fn: Calling allocation function "malloc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:6172: var_assign: Assigning: "pktbuf" = storage returned from "malloc(2048UL)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:6208: var_assign: Assigning: "packet" = "pktbuf". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:6222: leaked_storage: Variable "packet" going out of scope leaks the storage it points to. magfr: False positive Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/old_api.c:93: alloc_fn: Calling allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/old_api.c:93: var_assign: Assigning: "reginfo" = storage returned from "calloc(1UL, sizeof (netsnmp_handler_registration) /*80*/)". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/old_api.c:107: leaked_storage: Variable "reginfo" going out of scope leaks the storage it points to. jsafranek: fixed in 5.5+, ce1f284a6 Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/old_api.c:98: alloc_fn: Calling allocation function "netsnmp_duplicate_variable". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/old_api.c:61: alloc_fn: Storage is returned from allocation function "malloc". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/old_api.c:61: var_assign: Assigning: "var2" = "malloc(varsize)". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/old_api.c:63: noescape: Variable "var2" is not freed or pointed-to in function "memcpy". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/old_api.c:65: return_alloc: Returning allocated memory "var2". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/old_api.c:98: var_assign: Assigning: "vp" = storage returned from "netsnmp_duplicate_variable((struct variable *)((char *)var + varsize * i))". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/old_api.c:107: leaked_storage: Variable "vp" going out of scope leaks the storage it points to. jsafranek: fixed in 5.5+, ce1f284a6 Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2012: alloc_fn: Calling allocation function "alloc_node". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:830: alloc_fn: Storage is returned from allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:830: var_assign: Assigning: "np" = "calloc(1UL, sizeof (struct node) /*152*/)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:837: return_alloc: Returning allocated memory "np". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2012: var_assign: Assigning: "np" = storage returned from "alloc_node(nop->modid)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2028: leaked_storage: Variable "np" going out of scope leaks the storage it points to. jsafranek: fixed in 5.4+, a00f3d4 Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2012: alloc_fn: Calling allocation function "alloc_node". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:830: alloc_fn: Storage is returned from allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:830: var_assign: Assigning: "np" = "calloc(1UL, sizeof (struct node) /*152*/)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:837: return_alloc: Returning allocated memory "np". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2012: var_assign: Assigning: "np" = storage returned from "alloc_node(nop->modid)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2012: overwrite_var: Overwriting "np" in call "np = alloc_node(nop->modid)" leaks the storage that "np" points to. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2014: leaked_storage: Variable "root" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2016: var_assign: Assigning: "root" = "np". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2028: leaked_storage: Variable "root" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2044: var_assign: Assigning: "oldnp" = "np". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2044: overwrite_var: Overwriting "oldnp" in call "oldnp = np" leaks the storage that "oldnp" points to. jsafranek: fixed in 5.4+, a00f3d4 Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_array.c:577: alloc_fn: Calling allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_array.c:577: var_assign: Assigning: "g" = storage returned from "calloc(1UL, sizeof (netsnmp_request_group) /*72*/)". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_array.c:580: leaked_storage: Variable "g" going out of scope leaks the storage it points to. jsafranek: fixed in 5.5+, 2ae68f0 Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_array.c:578: alloc_fn: Calling allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_array.c:578: var_assign: Assigning: "i" = storage returned from "calloc(1UL, sizeof (netsnmp_request_group_item) /*24*/)". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_array.c:580: leaked_storage: Variable "i" going out of scope leaks the storage it points to. jsafranek: fixed in 5.5+, 2ae68f0 Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_iterator.c:502: alloc_fn: Calling allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_iterator.c:502: var_assign: Assigning: "reqtmp" = storage returned from "calloc(1UL, sizeof (netsnmp_request_info) /*104*/)". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_iterator.c:507: noescape: Variable "reqtmp" is not freed or pointed-to in function "netsnmp_request_add_list_data". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:950:53: noescape: "netsnmp_request_add_list_data" does not free or save its pointer parameter "request". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_iterator.c:651: leaked_storage: Variable "reqtmp" going out of scope leaks the storage it points to. jsafranek: fixed in 5.5+, d5e817d Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/if-mib/data_access/interface_linux.c:579: alloc_fn: Calling allocation function "fopen". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/if-mib/data_access/interface_linux.c:579: var_assign: Assigning: "devin" = storage returned from "fopen("/proc/net/dev", "r")". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/if-mib/data_access/interface_linux.c:592: leaked_storage: Variable "devin" going out of scope leaks the storage it points to. jsafranek: fixed in 5.4+, d9d938d Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpCallbackDomain.c:380: alloc_fn: Calling allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpCallbackDomain.c:380: var_assign: Assigning: "t" = storage returned from "calloc(1UL, sizeof (netsnmp_transport) /*168*/)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpCallbackDomain.c:389: leaked_storage: Variable "t" going out of scope leaks the storage it points to. jsafranek: fixed in 5.5+, 9ba38ee Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:242: alloc_fn: Calling allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:242: var_assign: Assigning: "var" = storage returned from "calloc(1UL, sizeof (netsnmp_variable_list) /*1136*/)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:247: noescape: Variable "var" is not freed or pointed-to in function "snmp_set_var_objid". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:676:44: noescape: "snmp_set_var_objid" does not free or save its pointer parameter "vp". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:250: noescape: Variable "var" is not freed or pointed-to in function "netsnmp_query_walk". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:1392:47: noescape: "netsnmp_query_walk" does not free or save its pointer parameter "list". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:258: leaked_storage: Variable "var" going out of scope leaks the storage it points to. jsafranek: fixed in 5.4+, eb21714 Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:610: alloc_fn: Calling allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:610: var_assign: Assigning: "dvar" = storage returned from "calloc(1UL, sizeof (netsnmp_variable_list) /*1136*/)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:617: noescape: Variable "dvar" is not freed or pointed-to in function "snmp_set_var_objid". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:676:44: noescape: "snmp_set_var_objid" does not free or save its pointer parameter "vp". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:620: noescape: Variable "dvar" is not freed or pointed-to in function "netsnmp_query_walk". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:1392:47: noescape: "netsnmp_query_walk" does not free or save its pointer parameter "list". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:692: var_assign: Assigning: "vp2" = "dvar". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:715: leaked_storage: Variable "dvar" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:715: leaked_storage: Variable "vp2" going out of scope leaks the storage it points to. jsafranek: fixed in 5.4+, eb21714 Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:242: alloc_fn: Calling allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:242: var_assign: Assigning: "var" = storage returned from "calloc(1UL, sizeof (netsnmp_variable_list) /*1136*/)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:247: noescape: Variable "var" is not freed or pointed-to in function "snmp_set_var_objid". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:676:44: noescape: "snmp_set_var_objid" does not free or save its pointer parameter "vp". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:250: noescape: Variable "var" is not freed or pointed-to in function "netsnmp_query_walk". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:1392:47: noescape: "netsnmp_query_walk" does not free or save its pointer parameter "list". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:265: var_assign: Assigning: "vp1" = "var". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:302: leaked_storage: Variable "var" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:314: var_assign: Assigning: "vp1_prev" = "vp1". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:314: overwrite_var: Overwriting "vp1_prev" in call "vp1_prev = vp1" leaks the storage that "vp1_prev" points to. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:315: overwrite_var: Overwriting "vp1" in call "vp1 = vp1->next_variable" leaks the storage that "vp1" points to. jsafranek: fixed in 5.4+, eb21714 Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:242: alloc_fn: Calling allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:242: var_assign: Assigning: "var" = storage returned from "calloc(1UL, sizeof (netsnmp_variable_list) /*1136*/)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:247: noescape: Variable "var" is not freed or pointed-to in function "snmp_set_var_objid". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:676:44: noescape: "snmp_set_var_objid" does not free or save its pointer parameter "vp". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:250: noescape: Variable "var" is not freed or pointed-to in function "netsnmp_query_walk". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:1392:47: noescape: "netsnmp_query_walk" does not free or save its pointer parameter "list". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:265: var_assign: Assigning: "vp1" = "var". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:314: var_assign: Assigning: "vp1_prev" = "vp1". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:314: overwrite_var: Overwriting "vp1_prev" in call "vp1_prev = vp1" leaks the storage that "vp1_prev" points to. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:315: overwrite_var: Overwriting "vp1" in call "vp1 = vp1->next_variable" leaks the storage that "vp1" points to. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:473: var_assign: Assigning: "vp1" = "var". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:473: overwrite_var: Overwriting "vp1" in call "vp1 = vp1->next_variable" leaks the storage that "vp1" points to. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:615: leaked_storage: Variable "var" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:627: leaked_storage: Variable "var" going out of scope leaks the storage it points to. jsafranek: fixed in 5.4+, eb21714 Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:242: alloc_fn: Calling allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:242: var_assign: Assigning: "var" = storage returned from "calloc(1UL, sizeof (netsnmp_variable_list) /*1136*/)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:247: noescape: Variable "var" is not freed or pointed-to in function "snmp_set_var_objid". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:676:44: noescape: "snmp_set_var_objid" does not free or save its pointer parameter "vp". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:250: noescape: Variable "var" is not freed or pointed-to in function "netsnmp_query_walk". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:1392:47: noescape: "netsnmp_query_walk" does not free or save its pointer parameter "list". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:265: var_assign: Assigning: "vp1" = "var". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:314: var_assign: Assigning: "vp1_prev" = "vp1". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:314: overwrite_var: Overwriting "vp1_prev" in call "vp1_prev = vp1" leaks the storage that "vp1_prev" points to. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:315: overwrite_var: Overwriting "vp1" in call "vp1 = vp1->next_variable" leaks the storage that "vp1" points to. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:473: var_assign: Assigning: "vp1" = "var". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:473: overwrite_var: Overwriting "vp1" in call "vp1 = vp1->next_variable" leaks the storage that "vp1" points to. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:691: var_assign: Assigning: "vp1" = "var". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:715: leaked_storage: Variable "var" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:715: leaked_storage: Variable "vp1" going out of scope leaks the storage it points to. jsafranek: fixed in 5.4+, eb21714 Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/header_complex.c:394: alloc_fn: Calling allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/header_complex.c:394: var_assign: Assigning: "ourself" = storage returned from "calloc(1UL, sizeof (struct header_complex_index) /*40*/)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/header_complex.c:419: var_assign: Assigning: "hciptrp" = "ourself". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/header_complex.c:419: overwrite_var: Overwriting "hciptrp" in call "hciptrp = hciptrp->prev" leaks the storage that "hciptrp" points to. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/header_complex.c:425: leaked_storage: Variable "ourself" going out of scope leaks the storage it points to. jsafranek: false positive Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyFilterProfileTable.c:172: alloc_fn: Calling allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyFilterProfileTable.c:172: var_assign: Assigning: "StorageTmp" = storage returned from "calloc(1UL, sizeof (struct snmpNotifyFilterProfileTable_data) /*48*/)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyFilterProfileTable.c:188: leaked_storage: Variable "StorageTmp" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyFilterProfileTable.c:197: leaked_storage: Variable "StorageTmp" going out of scope leaks the storage it points to. jsafranek: fixed in 5.4+, 748da84 Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:384: alloc_fn: Calling allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:384: var_assign: Assigning: "nptr" = storage returned from "calloc(1UL, sizeof (struct snmpNotifyTable_data) /*56*/)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:396: noescape: Variable "nptr" is not freed or pointed-to in function "snmpNotifyTable_add". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:520:50: noescape: "snmpNotifyTable_add" does not free or save its pointer parameter "thedata". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:397: leaked_storage: Variable "nptr" going out of scope leaks the storage it points to. jsafranek: ??? TBD Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:342: alloc_fn: Calling allocation function "snmpTargetParamTable_create". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/target/snmpTargetParamsEntry.c:48: alloc_fn: Storage is returned from allocation function "malloc". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/target/snmpTargetParamsEntry.c:48: var_assign: Assigning: "newEntry" = "malloc(sizeof (struct targetParamTable_struct) /*56*/)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/target/snmpTargetParamsEntry.c:61: return_alloc: Returning allocated memory "newEntry". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:342: var_assign: Assigning: "pptr" = storage returned from "snmpTargetParamTable_create()". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:350: leaked_storage: Variable "pptr" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:367: leaked_storage: Variable "pptr" going out of scope leaks the storage it points to. jsafranek: fixed in 5.5+, dbf26a0 Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:558: alloc_fn: Calling allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:558: var_assign: Assigning: "StorageTmp" = storage returned from "calloc(1UL, sizeof (struct snmpNotifyTable_data) /*56*/)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:576: leaked_storage: Variable "StorageTmp" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:585: leaked_storage: Variable "StorageTmp" going out of scope leaks the storage it points to. jsafranek: fixed in 5.4+, 0e52e4f Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:367: alloc_fn: Calling allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:367: var_assign: Assigning: "s" = storage returned from "calloc(1UL, olen)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:375: leaked_storage: Variable "s" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:378: leaked_storage: Variable "s" going out of scope leaks the storage it points to. jsafranek: false positive, if s is allocated, *dest_len == olen Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars_linux.c:27: alloc_fn: Calling allocation function "fopen". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars_linux.c:27: var_assign: Assigning: "f" = storage returned from "fopen(filename, "r")". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars_linux.c:34: noescape: Variable "f" is not freed or pointed-to in function "fscanf". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars_linux.c:38: leaked_storage: Variable "f" going out of scope leaks the storage it points to. jsafranek: fixed in 5.4+, 65f2b7b Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars_linux.c:63: alloc_fn: Calling allocation function "fopen". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars_linux.c:63: var_assign: Assigning: "f" = storage returned from "fopen("/proc/net/sctp/snmp", "r")". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars_linux.c:67: noescape: Variable "f" is not freed or pointed-to in function "fgets". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars_linux.c:74: leaked_storage: Variable "f" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars_linux.c:81: leaked_storage: Variable "f" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars_linux.c:139: leaked_storage: Variable "f" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars_linux.c:144: leaked_storage: Variable "f" going out of scope leaks the storage it points to. jsafranek: fixed in 5.4+, 65f2b7b Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:141: alloc_fn: Calling allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:141: var_assign: Assigning: "aptr" = storage returned from "calloc(1UL, sizeof (smux_peer_auth) /*2064*/)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:148: leaked_storage: Variable "aptr" going out of scope leaks the storage it points to. jsafranek: fixed in 5.4+, 2c1507c Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/proxy.c:361: alloc_fn: Calling allocation function "snmp_pdu_create". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:135: alloc_fn: Storage is returned from allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:135: var_assign: Assigning: "pdu" = "calloc(1UL, sizeof (netsnmp_pdu) /*272*/)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:150: return_alloc: Returning allocated memory "pdu". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/proxy.c:361: var_assign: Assigning: "pdu" = storage returned from "snmp_pdu_create(reqinfo->mode)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/proxy.c:404: leaked_storage: Variable "pdu" going out of scope leaks the storage it points to. jsafranek: fixed i 5.4+, 8b97a71 Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/proxy.c:366: alloc_fn: Calling allocation function "snmp_pdu_create". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:135: alloc_fn: Storage is returned from allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:135: var_assign: Assigning: "pdu" = "calloc(1UL, sizeof (netsnmp_pdu) /*272*/)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:150: return_alloc: Returning allocated memory "pdu". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/proxy.c:366: var_assign: Assigning: "pdu" = storage returned from "snmp_pdu_create(163)". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/proxy.c:404: leaked_storage: Variable "pdu" going out of scope leaks the storage it points to. jsafranek: fixed i 5.4+, 8b97a71 Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd_log.c:998: alloc_fn: Calling allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd_log.c:998: var_assign: Assigning: "temp_buf" = storage returned from "calloc(tbuf_len, 1UL)". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd_log.c:1023: leaked_storage: Variable "temp_buf" going out of scope leaks the storage it points to. jsafranek: fixed in 5.4+, a0777d3 Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:2036: alloc_fn: Calling allocation function "netsnmp_openssl_cert_get_fingerprint". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_openssl.c:542: alloc_arg: "binary_to_hex" opens handle stored into "result". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:416: alloc_arg: "netsnmp_binary_to_hex" opens handle stored into "*((u_char **)output)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:367: alloc_fn: Storage is returned from allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:367: var_assign: Assigning: "s" = "calloc(1UL, olen)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:381: var_assign: Assigning: "op" = "s". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:390: var_assign: Assigning: "*dest" = "s". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_openssl.c:551: return_alloc: Returning allocated memory "result". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:2036: leaked_storage: Failing to save storage allocated by "netsnmp_openssl_cert_get_fingerprint(cert, -1)" leaks it. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:2036: noescape: Variable "netsnmp_openssl_cert_get_fingerprint(cert, -1)" is not freed or pointed-to in function "debugmsg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:2036: noescape: Variable "netsnmp_openssl_cert_get_fingerprint(cert, -1)" is not freed or pointed-to in function "debugmsgtoken". jsafranek: fixed in 5.6+, dbc3130 Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/container_binary_array.c:596: alloc_fn: Calling allocation function "netsnmp_binary_array_get_subset". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/container_binary_array.c:526: alloc_fn: Storage is returned from allocation function "malloc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/container_binary_array.c:526: var_assign: Assigning: "subset" = "malloc(*len * sizeof (void *) /*8*/)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/container_binary_array.c:528: noescape: Variable "subset" is not freed or pointed-to in function "memcpy". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/container_binary_array.c:530: return_alloc: Returning allocated memory "subset". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/container_binary_array.c:596: var_assign: Assigning: "rtn" = storage returned from "netsnmp_binary_array_get_subset(container, data, &len)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/container_binary_array.c:598: leaked_storage: Variable "rtn" going out of scope leaks the storage it points to. jsafranek: false positive Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/data_list.c:244: alloc_fn: Calling allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/data_list.c:244: var_assign: Assigning: "info" = storage returned from "calloc(1UL, sizeof (netsnmp_data_list_saveinfo) /*48*/)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/data_list.c:277: leaked_storage: Variable "info" going out of scope leaks the storage it points to. jsafranek: fixed in 5.4+, 536bc57 Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:1269: alloc_fn: Calling allocation function "snmp_pdu_create". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:135: alloc_fn: Storage is returned from allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:135: var_assign: Assigning: "pdu" = "calloc(1UL, sizeof (netsnmp_pdu) /*272*/)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:150: return_alloc: Returning allocated memory "pdu". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:1269: var_assign: Assigning: "pdu" = storage returned from "snmp_pdu_create(160)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:1283: leaked_storage: Variable "pdu" going out of scope leaks the storage it points to. jsafranek: fixed in 5.5+, f57ae53 Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:313: alloc_arg: Calling allocation function "se_add_pair_to_list" on "list". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:297: alloc_fn: Storage is returned from allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:297: var_assign: Assigning: "*list" = "calloc(1UL, sizeof (struct snmp_enum_list) /*24*/)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:298: var_assign: Assigning: "lastnode" = "*list". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:316: leaked_storage: Variable "list" going out of scope leaks the storage it points to. jsafranek: false positive Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmptsm.c:230: alloc_fn: Calling allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmptsm.c:230: var_assign: Assigning: "tmStateRef" = storage returned from "calloc(1UL, sizeof (netsnmp_tmStateReference) /*1384*/)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmptsm.c:266: leaked_storage: Variable "tmStateRef" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmptsm.c:284: leaked_storage: Variable "tmStateRef" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmptsm.c:360: noescape: Variable "tmStateRef" is not freed or pointed-to in function "memdup". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:274:35: noescape: "memdup" does not free or save its pointer parameter "from". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmptsm.c:368: leaked_storage: Variable "tmStateRef" going out of scope leaks the storage it points to. jsafranek: fixed in 5.5+, 34c9628 Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:4277: alloc_arg: Calling allocation function "read_config_read_octet_string" on "userKeyP". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1913: alloc_arg: "read_config_read_octet_string_const" opens handle stored into "*str". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1952: alloc_fn: Storage is returned from allocation function "malloc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1952: var_assign: Assigning: "*str" = "malloc(ilen + 1UL)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1973: var_assign: Assigning: "cptr" = "*str". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:4281: leaked_storage: Variable "userKeyP" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:4293: leaked_storage: Variable "userKeyP" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:4312: leaked_storage: Variable "userKeyP" going out of scope leaks the storage it points to. jsafranek: false positive, read_config_read_octet_string() allocates only if the second argument is NULL Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:4185: alloc_arg: Calling allocation function "read_config_read_octet_string" on "engineID". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1913: alloc_arg: "read_config_read_octet_string_const" opens handle stored into "*str". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1952: alloc_fn: Storage is returned from allocation function "malloc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1952: var_assign: Assigning: "*str" = "malloc(ilen + 1UL)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1973: var_assign: Assigning: "cptr" = "*str". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:4188: leaked_storage: Variable "engineID" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:4191: noescape: Variable "engineID" is not freed or pointed-to in function "usm_get_user". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:3507:23: noescape: "usm_get_user" does not free or save its pointer parameter "engineID". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:4198: leaked_storage: Variable "engineID" going out of scope leaks the storage it points to. jsafranek: fixed in 5.4+, 7e21413 Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:229: alloc_fn: Calling allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:229: var_assign: Assigning: "cachep" = storage returned from "calloc(1UL, sizeof (bio_cache) /*88*/)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:235: leaked_storage: Variable "cachep" going out of scope leaks the storage it points to. jsafranek: fixed in 5.6+, 4ff764e Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSBaseDomain.c:145: alloc_fn: Calling allocation function "netsnmp_openssl_cert_get_fingerprint". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_openssl.c:542: alloc_arg: "binary_to_hex" opens handle stored into "result". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:416: alloc_arg: "netsnmp_binary_to_hex" opens handle stored into "*((u_char **)output)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:367: alloc_fn: Storage is returned from allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:367: var_assign: Assigning: "s" = "calloc(1UL, olen)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:381: var_assign: Assigning: "op" = "s". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:390: var_assign: Assigning: "*dest" = "s". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_openssl.c:551: return_alloc: Returning allocated memory "result". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSBaseDomain.c:145: var_assign: Assigning: "fingerprint" = storage returned from "netsnmp_openssl_cert_get_fingerprint(remote_cert, -1)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSBaseDomain.c:189: leaked_storage: Variable "fingerprint" going out of scope leaks the storage it points to. jsafranek: fixed in 5.6+, 585e3bd Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:617: alloc_fn: Calling allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:617: var_assign: Assigning: "tmStateRef" = storage returned from "calloc(1UL, sizeof (netsnmp_tmStateReference) /*1384*/)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:631: var_assign: Assigning: "addr_pair" = "tmStateRef". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:820: leaked_storage: Variable "addr_pair" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:820: leaked_storage: Variable "tmStateRef" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:916: leaked_storage: Variable "addr_pair" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:916: leaked_storage: Variable "tmStateRef" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:925: leaked_storage: Variable "addr_pair" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:925: leaked_storage: Variable "tmStateRef" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:942: leaked_storage: Variable "addr_pair" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:942: leaked_storage: Variable "tmStateRef" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:948: leaked_storage: Variable "addr_pair" going out of scope leaks the storage it points to. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:948: leaked_storage: Variable "tmStateRef" going out of scope leaks the storage it points to. jsafranek: fixed in 5.6+, 8d5e7a1 Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSBaseDomain.c:75: alloc_fn: Calling allocation function "netsnmp_openssl_cert_get_fingerprint". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_openssl.c:542: alloc_arg: "binary_to_hex" opens handle stored into "result". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:416: alloc_arg: "netsnmp_binary_to_hex" opens handle stored into "*((u_char **)output)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:367: alloc_fn: Storage is returned from allocation function "calloc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:367: var_assign: Assigning: "s" = "calloc(1UL, olen)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:381: var_assign: Assigning: "op" = "s". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:390: var_assign: Assigning: "*dest" = "s". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_openssl.c:551: return_alloc: Returning allocated memory "result". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSBaseDomain.c:75: var_assign: Assigning: "fingerprint" = storage returned from "netsnmp_openssl_cert_get_fingerprint(thecert, -1)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSBaseDomain.c:77: noescape: Variable "fingerprint" is not freed or pointed-to in function "debugmsgtoken". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSBaseDomain.c:77: noescape: Variable "fingerprint" is not freed or pointed-to in function "debugmsg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSBaseDomain.c:131: leaked_storage: Variable "fingerprint" going out of scope leaks the storage it points to. jsafranek: fixed in 5.6+, 585e3bd Error: RESOURCE_LEAK (CWE-404): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/vacm.c:181: alloc_arg: Calling allocation function "read_config_read_objid_const" on "viewSubtree". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:2061: alloc_fn: Storage is returned from allocation function "malloc". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:2061: var_assign: Assigning: "*objid" = "malloc(1024UL)". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/vacm.c:189: leaked_storage: Variable "viewSubtree" going out of scope leaks the storage it points to. jsafranek: false positive
RETURN_LOCAL
Error: RETURN_LOCAL (CWE-562): /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:4778: local_ptr_assign_local: Assigning: "RETVAL" = "str_buf" (address of local variable "str_buf"). /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:4784: out_of_scope: Variable "str_buf" goes out of scope. /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.c:5254: use_invalid: Using "RETVAL", which points to an out-of-scope variable "str_buf". Error: RETURN_LOCAL (CWE-562): /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:4869: local_ptr_assign_local: Assigning: "RETVAL" = "str_buf" (address of local variable "str_buf"). /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:4874: out_of_scope: Variable "str_buf" goes out of scope. /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.c:5358: use_invalid: Using "RETVAL", which points to an out-of-scope variable "str_buf".
REVERSE_INULL
Error: REVERSE_INULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/old_api.c:289: deref_ptr: Directly dereferencing pointer "vp". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/old_api.c:316: check_after_deref: Dereferencing "vp" before a null check. Error: REVERSE_INULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1929: deref_ptr: Directly dereferencing pointer "len". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1984: check_after_deref: Dereferencing "len" before a null check. Error: REVERSE_INULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1929: deref_ptr: Directly dereferencing pointer "len". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:2008: check_after_deref: Dereferencing "len" before a null check. Error: REVERSE_INULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/proxy.c:541: deref_ptr: Directly dereferencing pointer "pdu". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/proxy.c:652: check_after_deref: Dereferencing "pdu" before a null check. Error: REVERSE_INULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/proxy.c:541: deref_ptr: Directly dereferencing pointer "pdu". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/proxy.c:677: check_after_deref: Dereferencing "pdu" before a null check. Error: REVERSE_INULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/proxy.c:541: deref_ptr: Directly dereferencing pointer "pdu". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/proxy.c:692: check_after_deref: Dereferencing "pdu" before a null check. Error: REVERSE_INULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:1203: deref_ptr: Directly dereferencing pointer "pdu". /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:1295: check_after_deref: Dereferencing "pdu" before a null check. Error: REVERSE_INULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:2662: deref_ptr_in_call: Dereferencing pointer "val". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.) /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:2665: check_after_deref: Dereferencing "val" before a null check. Error: REVERSE_INULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:2168: deref_ptr: Directly dereferencing pointer "pdu". /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:2181: deref_ptr_in_call: Dereferencing pointer "pdu". /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:1008: deref_parm: Directly dereferencing parameter "pdu". /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:2192: check_after_deref: Dereferencing "pdu" before a null check. Error: REVERSE_INULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:1182: deref_ptr: Directly dereferencing pointer "key". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:1188: check_after_deref: Dereferencing "key" before a null check. jsafranek: fixed in 5.6+, 73a523e Error: REVERSE_INULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/container_binary_array.c:490: deref_ptr: Directly dereferencing pointer "c". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/container_binary_array.c:498: check_after_deref: Dereferencing "c" before a null check. jsafranek: fixed in 5.6+, 202523c Error: REVERSE_INULL (CWE-476): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/container_list_ssll.c:493: deref_ptr: Directly dereferencing pointer "n". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/container_list_ssll.c:496: check_after_deref: Dereferencing "n" before a null check.
SECURE_TEMP
Error: SECURE_TEMP (CWE-377): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/system.c:1259: secure_temp: Calling "mkstemp" without securely setting umask first. jsafranek: fixed in 5.4+, bb8fcbb Error: SECURE_TEMP (CWE-377): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/util_funcs.c:134: secure_temp: Calling "mkstemp" without securely setting umask first. jsafranek: fixed in 5.4+, bb8fcbb
SIZECHECK
Error: SIZECHECK (CWE-1+31): /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:1041: buffer_alloc: "netsnmp_malloc(sizeof (in_addr_t) /*4*/)" allocates memory. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:118: buffer_alloc: "malloc" allocates memory determined by parameter "size" of the current function. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:118: return_dbuffer: Returning allocated array "malloc(size)". /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:1041: size_error: Allocating 4 bytes to pointer "vars->val.integer", which needs at least 8 bytes. jsafranek: fixed in 5.4+, 8016890 Error: SIZECHECK (CWE-131): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpUnixDomain.c:361: size_is_strlen: Calling allocating function "malloc" with function argument "strlen(addr->sun_path)". Did you intend to add 1 to the byte count? jsafranek: false positive Error: SIZECHECK (CWE-131): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpUnixDomain.c:423: size_is_strlen: Calling allocating function "malloc" with function argument "strlen(addr->sun_path)". Did you intend to add 1 to the byte count? jsafranek: false positive
SIZEOF_MISMATCH
Error: SIZEOF_MISMATCH (CWE-569): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpnetstat/inet.c:252: suspicious_sizeof: Passing argument "root" of type "oid *" and argument "sizeof (root) /*8*/ * root_len" to function "memmove" is suspicious. Did you intend to use "sizeof(*root)" instead of "sizeof (root)" ? In this particular case sizeof(oid *) happens to be equal to sizeof(oid), but this is not a portable assumption. jsafranek: fixed in 5.5+, cd859ad51c4f18d5b0fc69dd669fcb051c798969 Error: SIZEOF_MISMATCH (CWE-569): /builddir/build/BUILD/net-snmp-5.7.1/perl/OID/OID.xs:128: suspicious_sizeof: Passing argument "buf" of type "char *" and argument "sizeof (buf) /*8*/" to function "snprint_bitstring" is suspicious. jsafranek: fixed in 5.4+, 30ff58d09d4c9d5438bb621054fd7ad7a2a597e4
STRING_OVERFLOW
Error: STRING_OVERFLOW (CWE-120): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/system.c:1205: fixed_size_dest: You might overrun the 4096 byte fixed-size string "buf" by copying "entry" without checking the length. jsafranek: fixed in 5.4+, 8850616 Error: STRING_OVERFLOW (CWE-120): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:213: fixed_size_dest: You might overrun the 512 byte fixed-size string "Opts" by copying "localOpts" without checking the length. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:213: parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function. jsafranek: fixed in 5.4+, 4600d11 Error: STRING_OVERFLOW (CWE-120): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/cpu/cpu_linux.c:75: fixed_size_dest: You might overrun the 4096 byte fixed-size string "cpu->descr" by copying "cp + 2" without checking the length. jsafranek: false positive, cp points into buf and it's 1024 bytes at most Error: STRING_OVERFLOW (CWE-120): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/cpu/cpu_linux.c:83: fixed_size_dest: You might overrun the 4096 byte fixed-size string "cpu->descr" by copying "cp" without checking the length. jsafranek: false positive, cp points into buf and it's 1024 bytes at most Error: STRING_OVERFLOW (CWE-120): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/system.c:1257: fixed_size_dest: You might overrun the 4096 byte fixed-size string "name" by copying the return value of "get_temp_file_pattern" without checking the length. jsafranek: fixed in 5.4+, c310e39 Error: STRING_OVERFLOW (CWE-120): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/etherlike-mib/data_access/dot3stats_linux.c:658: fixed_size_dest: You might overrun the 16 byte fixed-size string "ifr.ifr_ifrn.ifrn_name" by copying "name" without checking the length. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/etherlike-mib/data_access/dot3stats_linux.c:658: parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function. jsafranek: fixed in 5.5+, 84c807e Error: STRING_OVERFLOW (CWE-120): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/cpu/cpu.c:145: fixed_size_dest: You might overrun the 4096 byte fixed-size string "cpu->name" by copying "name" without checking the length. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/cpu/cpu.c:145: parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function. jsafranek: fixed in 5.4+, 1cb2462 Error: STRING_OVERFLOW (CWE-120): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/sensors/hw_sensors.c:166: fixed_size_dest: You might overrun the 256 byte fixed-size string "sp->name" by copying "name" without checking the length. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/sensors/hw_sensors.c:166: parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function. jsafranek: fixed in 5.5+, be1375a Error: STRING_OVERFLOW (CWE-120): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/rmon-mib/data_access/etherstats_linux.c:165: fixed_size_dest: You might overrun the 16 byte fixed-size string "ifr.ifr_ifrn.ifrn_name" by copying "name" without checking the length. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/rmon-mib/data_access/etherstats_linux.c:165: parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function. jsafranek: fixed in 5.5+, 88e1f34 Error: STRING_OVERFLOW (CWE-120): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/target/snmpTargetAddrEntry.c:873: fixed_size_dest: You might overrun the 1500 byte fixed-size string "string" by copying "temp_struct->params" without checking the length. jsafranek: fixed in 5.5+, 8291d7c Error: STRING_OVERFLOW (CWE-120): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/target/snmpTargetAddrEntry.c:863: fixed_size_dest: You might overrun the 1500 byte fixed-size string "string" by copying "temp_struct->tagList" without checking the length. jsafranek: fixed in 5.5+, 8291d7c Error: STRING_OVERFLOW (CWE-120): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/versioninfo.c:111: fixed_size_dest: You might overrun the 300 byte fixed-size string "errmsg" by copying the return value of "netsnmp_get_version" without checking the length. jsafranek: fixed in 5.5+, 560bc6c Error: STRING_OVERFLOW (CWE-120): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/versioninfo.c:121: fixed_size_dest: You might overrun the 300 byte fixed-size string "errmsg" by copying "cptr" without checking the length. jsafranek: fixed in 5.5+, 560bc6c Error: STRING_OVERFLOW (CWE-120): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/util_funcs.c:132: fixed_size_dest: You might overrun the 32 byte fixed-size string "name" by copying the return value of "get_temp_file_pattern" without checking the length. jsafranek: fixed in 5.4+, 0efdd02 Error: STRING_OVERFLOW (CWE-120): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdelta.c:474: fixed_size_dest: You might overrun the 64 byte fixed-size string "vip->descriptor" by copying "SumFile" without checking the length. jsafranek: fixed in 5.4+, d369318 Error: STRING_OVERFLOW (CWE-120): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:436: fixed_size_dest: You might overrun the 8192 byte fixed-size string "buf" by copying "default_port" without checking the length. jsafranek: fixed in 5.4+, 21d25d8 Error: STRING_OVERFLOW (CWE-120): /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:938: fixed_size_dest: You might overrun the 4096 byte fixed-size string "soid_buf" by copying "soid_str" without checking the length. /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:938: parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function. jsafranek: fixed in 5.4+, fba188e Error: STRING_OVERFLOW (CWE-120): /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:4844: fixed_size_dest: You might overrun the 4096 byte fixed-size string "str_buf_temp" by copying "iid" without checking the length. jsafranek: fixed in 5.4+, 3aad15a Error: STRING_OVERFLOW (CWE-120): /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:4841: fixed_size_dest: You might overrun the 4096 byte fixed-size string "str_buf_temp" by copying "label" without checking the length. jsafranek: fixed in 5.4+, 3aad15a Error: STRING_OVERFLOW (CWE-120): /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:857: fixed_size_dest: You might overrun the 4096 byte fixed-size string "soid_buf" by copying "soid_str" without checking the length. /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:857: parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function. jsafranek: fixed in 5.4+, fba188e
TAINTED_SCALAR
Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:2245: tainted_string_argument: Call to "fscanf(f, "%*s %lx %*x %*x %*x %s", &if_index, if_name)" taints "if_index". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:2252: lower_bounds: Checking lower bounds of unsigned scalar "if_index" by "last_if_count < if_index". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:2253: var_assign_var: Assigning: "if_index" = "last_if_count". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:2254: tainted_data: Passing tainted variable "sizeof (struct if_nameindex) /*16*/ * (last_if_count + 2)" to a tainted sink. jsafranek: false positive, we trust /proc Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:2245: tainted_string_argument: Call to "fscanf(f, "%*s %lx %*x %*x %*x %s", &if_index, if_name)" taints "if_index". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:2252: lower_bounds: Checking lower bounds of unsigned scalar "if_index" by "last_if_count < if_index". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:2253: var_assign_var: Assigning: "if_index" = "last_if_count". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:2259: tainted_data: Using tainted variable "if_index" as a loop boundary. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:2265: tainted_data: Using tainted variable "if_index" as a loop boundary. jsafranek: false positive, we trust /proc Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:2245: tainted_string_argument: Call to "fscanf(f, "%*s %lx %*x %*x %*x %s", &if_index, if_name)" taints "if_index". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:2251: lower_bounds: Checking lower bounds of unsigned scalar "if_index" by "maxidx < if_index". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:2252: lower_bounds: Checking lower bounds of unsigned scalar "if_index" by "last_if_count < if_index". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:2253: var_assign_var: Assigning: "if_index" = "last_if_count". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:2259: tainted_data: Using tainted variable "if_index" as a loop boundary. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:2265: tainted_data: Using tainted variable "if_index" as a loop boundary. jsafranek: false positive, we trust /proc Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:608: tainted_data_argument: Calling function "recvfrom" taints argument "data". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:622: var_assign_var: Assigning: "data" = "ptr". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:624: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "ptr" transitively taints "type". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:968: var_assign_alias: Assigning: "bufp" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:976: parm_assign: Assigning: "*type" = "*bufp", which taints "*type". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:624: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "ptr" transitively taints "len". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:968: var_assign_alias: Assigning: "bufp" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: tainted_data_transitive: Calling function "asn_parse_length" with tainted argument "bufp[1]" taints "asn_length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1180: var_assign_alias: Assigning: "lengthbyte" = "*data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1215: parm_assign: Assigning: "*length" = "(long)lengthbyte", which taints "*length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1027: parm_assign: Assigning: "*datalength" = "(int)asn_length", which taints "*datalength". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:624: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "ptr" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:968: var_assign_alias: Assigning: "bufp" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: tainted_data_transitive: Calling function "asn_parse_length" with tainted argument "bufp + 1" results in tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1216: return_tainted_data: Returning tainted variable "data + 1". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: var_assign: Assigning: "bufp" = "asn_parse_length(bufp + 1, &asn_length)", which taints "bufp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1029: return_tainted_data: Returning tainted variable "bufp". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:624: var_assign: Assigning: "ptr" = "asn_parse_header", which taints "ptr". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:637: tainted_data: Passing tainted variable "ptr" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:822: tainted_data_transitive: Call to function "asn_parse_int" with tainted argument "ptr" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:491: var_assign_alias: Assigning: "bufp" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:505: tainted_data_transitive: Calling function "asn_parse_length" with tainted argument "bufp" results in tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:505: var_assign: Assigning: "bufp" = "asn_parse_length(bufp, &asn_length)", which taints "bufp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:529: return_tainted_data: Returning tainted variable "bufp". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:822: var_assign_alias: Assigning: "ptr" = "asn_parse_int(ptr, len, &type, &version, sizeof (version) /*8*/)". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:832: tainted_data_sink_lv_call: Passing tainted variable "ptr" to tainted data sink "asn_parse_objid". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1327: var_assign_parm: Assigning: "bufp" = "data". "bufp" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1339: tainted_data_transitive: Call to function "asn_parse_length" with tainted argument "*bufp" transitively taints "asn_length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1346: tainted_data_sink_lv_call: Passing tainted variable "bufp - data + asn_length" to tainted data sink "debugmsg_hex". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_debug.c:372: tainted_data_sink_lv_call: Passing tainted variable "len" to tainted data sink "sprint_realloc_hexstring". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:358: var_assign_parm: Assigning: "line_len" = "len". "line_len" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:360: a_loop_bound: Using tainted variable "line_len" as a loop boundary. jsafranek: false positive, there is _asn_parse_length_check protecting the length Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:608: tainted_data_argument: Calling function "recvfrom" taints argument "data". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:622: var_assign_var: Assigning: "data" = "ptr". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:624: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "ptr" transitively taints "type". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:968: var_assign_alias: Assigning: "bufp" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:976: parm_assign: Assigning: "*type" = "*bufp", which taints "*type". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:624: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "ptr" transitively taints "len". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:968: var_assign_alias: Assigning: "bufp" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: tainted_data_transitive: Calling function "asn_parse_length" with tainted argument "bufp[1]" taints "asn_length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1180: var_assign_alias: Assigning: "lengthbyte" = "*data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1215: parm_assign: Assigning: "*length" = "(long)lengthbyte", which taints "*length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1027: parm_assign: Assigning: "*datalength" = "(int)asn_length", which taints "*datalength". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:624: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "ptr" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:968: var_assign_alias: Assigning: "bufp" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: tainted_data_transitive: Calling function "asn_parse_length" with tainted argument "bufp + 1" results in tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1216: return_tainted_data: Returning tainted variable "data + 1". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: var_assign: Assigning: "bufp" = "asn_parse_length(bufp + 1, &asn_length)", which taints "bufp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1029: return_tainted_data: Returning tainted variable "bufp". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:624: var_assign: Assigning: "ptr" = "asn_parse_header", which taints "ptr". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:637: tainted_data_transitive: Call to function "smux_open_process" with tainted argument "ptr" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:848: tainted_data_transitive: Calling function "asn_parse_string" with tainted argument "ptr" taints "descr". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:812: var_assign_alias: Assigning: "bufp" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:822: tainted_data_transitive: Calling function "asn_parse_length" with tainted argument "bufp" results in tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:822: var_assign: Assigning: "bufp" = "asn_parse_length(bufp, &asn_length)", which taints "bufp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:835: tainted_data_transitive: Calling function "memmove" with tainted argument "bufp" taints "str". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:866: tainted_data_transitive: Calling function "asn_parse_string" with tainted argument "ptr" taints "passwd". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:887: return_tainted_data: Returning tainted variable "ptr". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:637: var_assign: Assigning: "ptr" = "smux_open_process", which taints "ptr". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:666: tainted_data: Passing tainted variable "ptr" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:745: var_assign_parm: Assigning: "ptr" = "data". "ptr" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:748: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "ptr" transitively taints "type". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:748: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "ptr" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:748: var_assign_alias: Assigning: "ptr" = "asn_parse_header(ptr, &len, &type)". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:766: tainted_data_sink_lv_call: Passing tainted variable "ptr" to tainted data sink "smux_rreq_process". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1001: tainted_data_sink_lv_call: Passing tainted variable "ptr" to tainted data sink "asn_parse_objid". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1327: var_assign_parm: Assigning: "bufp" = "data". "bufp" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1339: tainted_data_transitive: Call to function "asn_parse_length" with tainted argument "*bufp" transitively taints "asn_length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1346: tainted_data_sink_lv_call: Passing tainted variable "bufp - data + asn_length" to tainted data sink "debugmsg_hex". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_debug.c:372: tainted_data_sink_lv_call: Passing tainted variable "len" to tainted data sink "sprint_realloc_hexstring". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:358: var_assign_parm: Assigning: "line_len" = "len". "line_len" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:360: a_loop_bound: Using tainted variable "line_len" as a loop boundary. jsafranek: false positive, there is _asn_parse_length_check protecting the length Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:715: tainted_data_argument: Calling function "recvfrom" taints argument "data". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:731: tainted_data: Passing tainted variable "data" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:745: var_assign_parm: Assigning: "ptr" = "data". "ptr" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:748: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "ptr" transitively taints "type". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:968: var_assign_alias: Assigning: "bufp" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:976: parm_assign: Assigning: "*type" = "*bufp", which taints "*type". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:748: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "ptr" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:968: var_assign_alias: Assigning: "bufp" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: tainted_data_transitive: Calling function "asn_parse_length" with tainted argument "bufp + 1" results in tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1216: return_tainted_data: Returning tainted variable "data + 1". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: var_assign: Assigning: "bufp" = "asn_parse_length(bufp + 1, &asn_length)", which taints "bufp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1029: return_tainted_data: Returning tainted variable "bufp". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:748: var_assign_alias: Assigning: "ptr" = "asn_parse_header(ptr, &len, &type)". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:766: tainted_data_sink_lv_call: Passing tainted variable "ptr" to tainted data sink "smux_rreq_process". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1001: tainted_data_sink_lv_call: Passing tainted variable "ptr" to tainted data sink "asn_parse_objid". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1327: var_assign_parm: Assigning: "bufp" = "data". "bufp" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1339: tainted_data_transitive: Call to function "asn_parse_length" with tainted argument "*bufp" transitively taints "asn_length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1180: var_assign_alias: Assigning: "lengthbyte" = "*data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1215: parm_assign: Assigning: "*length" = "(long)lengthbyte", which taints "*length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1346: tainted_data_sink_lv_call: Passing tainted variable "bufp - data + asn_length" to tainted data sink "debugmsg_hex". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_debug.c:372: tainted_data_sink_lv_call: Passing tainted variable "len" to tainted data sink "sprint_realloc_hexstring". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:358: var_assign_parm: Assigning: "line_len" = "len". "line_len" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:360: a_loop_bound: Using tainted variable "line_len" as a loop boundary. jsafranek: false positive, there is _asn_parse_length_check protecting the length Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1434: tainted_data_argument: Calling function "recvfrom" taints argument "result". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1464: tainted_data_transitive: Call to function "smux_parse" with tainted argument "result" transitively taints "return_type". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1484: var_assign_alias: Assigning: "ptr" = "rsp". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1493: tainted_data_transitive: Calling function "asn_parse_header" with tainted argument "ptr" taints "type". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:968: var_assign_alias: Assigning: "bufp" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:976: parm_assign: Assigning: "*type" = "*bufp", which taints "*type". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1493: tainted_data_transitive: Calling function "asn_parse_header" with tainted argument "ptr" taints "length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:968: var_assign_alias: Assigning: "bufp" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: tainted_data_transitive: Calling function "asn_parse_length" with tainted argument "bufp[1]" taints "asn_length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1180: var_assign_alias: Assigning: "lengthbyte" = "*data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1215: parm_assign: Assigning: "*length" = "(long)lengthbyte", which taints "*length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1027: parm_assign: Assigning: "*datalength" = "(int)asn_length", which taints "*datalength". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1493: tainted_data_transitive: Calling function "asn_parse_header" with tainted argument "ptr" results in tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:968: var_assign_alias: Assigning: "bufp" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: tainted_data_transitive: Calling function "asn_parse_length" with tainted argument "bufp + 1" results in tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1216: return_tainted_data: Returning tainted variable "data + 1". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: var_assign: Assigning: "bufp" = "asn_parse_length(bufp + 1, &asn_length)", which taints "bufp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1029: return_tainted_data: Returning tainted variable "bufp". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1493: var_assign: Assigning: "ptr" = "asn_parse_header(ptr, &length, &type)", which taints "ptr". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1497: tainted_data_transitive: Calling function "asn_parse_int" with tainted argument "ptr" results in tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:491: var_assign_alias: Assigning: "bufp" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:505: tainted_data_transitive: Calling function "asn_parse_length" with tainted argument "bufp" results in tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:505: var_assign: Assigning: "bufp" = "asn_parse_length(bufp, &asn_length)", which taints "bufp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:529: return_tainted_data: Returning tainted variable "bufp". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1497: var_assign: Assigning: "ptr" = "asn_parse_int(ptr, &length, &type, &reqid, sizeof (reqid) /*8*/)", which taints "ptr". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1502: tainted_data_transitive: Calling function "asn_parse_int" with tainted argument "ptr" results in tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1502: var_assign: Assigning: "ptr" = "asn_parse_int(ptr, &length, &type, &errstat, sizeof (errstat) /*8*/)", which taints "ptr". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1508: tainted_data_transitive: Calling function "asn_parse_int" with tainted argument "ptr" results in tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1508: var_assign: Assigning: "ptr" = "asn_parse_int(ptr, &length, &type, &errindex, sizeof (errindex) /*8*/)", which taints "ptr". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1526: tainted_data_transitive: Calling function "smux_parse_var" with tainted argument "ptr" taints "return_type". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1546: var_assign_alias: Assigning: "ptr" = "varbind". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1553: tainted_data_transitive: Calling function "asn_parse_header" with tainted argument "ptr" taints "type". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1553: tainted_data_transitive: Calling function "asn_parse_header" with tainted argument "ptr" taints "len". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1553: tainted_data_transitive: Calling function "asn_parse_header" with tainted argument "ptr" results in tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1553: var_assign: Assigning: "ptr" = "asn_parse_header(ptr, &len, &type)", which taints "ptr". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1564: tainted_data_transitive: Calling function "snmp_parse_var_op" with tainted argument "ptr" taints "ptr". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp.c:154: var_assign_alias: Assigning: "var_op_start" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp.c:156: tainted_data_transitive: Calling function "asn_parse_sequence" with tainted argument "data" taints "var_op_type". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1050: tainted_data_transitive: Calling function "asn_parse_header" with tainted argument "data" taints "type". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp.c:156: tainted_data_transitive: Calling function "asn_parse_sequence" with tainted argument "data" taints "var_op_len". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1050: tainted_data_transitive: Calling function "asn_parse_header" with tainted argument "data" taints "type". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1050: tainted_data_transitive: Calling function "asn_parse_header" with tainted argument "data" taints "datalength". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp.c:156: tainted_data_transitive: Calling function "asn_parse_sequence" with tainted argument "data" taints "data". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1050: tainted_data_transitive: Calling function "asn_parse_header" with tainted argument "data" results in tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1050: parm_assign: Assigning: "data" = "asn_parse_header(data, datalength, type)", which taints "data". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1564: tainted_data_transitive: Calling function "snmp_parse_var_op" with tainted argument "ptr" taints "var_val". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp.c:154: var_assign_alias: Assigning: "var_op_start" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp.c:156: tainted_data_transitive: Calling function "asn_parse_sequence" with tainted argument "data" taints "var_op_type". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp.c:156: tainted_data_transitive: Calling function "asn_parse_sequence" with tainted argument "data" taints "var_op_len". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp.c:176: parm_assign: Assigning: "*var_val" = "data", which taints "*var_val". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1564: tainted_data_transitive: Calling function "snmp_parse_var_op" with tainted argument "ptr" taints "vartype". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp.c:154: var_assign_alias: Assigning: "var_op_start" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp.c:156: tainted_data_transitive: Calling function "asn_parse_sequence" with tainted argument "data" taints "var_op_type". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp.c:156: tainted_data_transitive: Calling function "asn_parse_sequence" with tainted argument "data" taints "var_op_len". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp.c:176: parm_assign: Assigning: "*var_val" = "data", which taints "*var_val". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp.c:180: tainted_data_transitive: Calling function "asn_parse_header" with tainted argument "data" taints "var_val_type". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1464: tainted_data: Passing tainted variable "result" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1484: var_assign_parm: Assigning: "ptr" = "rsp". "ptr" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1493: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "ptr" transitively taints "type". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1493: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "ptr" transitively taints "length". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1493: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "ptr" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1493: var_assign_alias: Assigning: "ptr" = "asn_parse_header(ptr, &length, &type)". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1497: tainted_data_transitive: Call to function "asn_parse_int" with tainted argument "ptr" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1497: var_assign_alias: Assigning: "ptr" = "asn_parse_int(ptr, &length, &type, &reqid, sizeof (reqid) /*8*/)". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1502: tainted_data_transitive: Call to function "asn_parse_int" with tainted argument "ptr" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1502: var_assign_alias: Assigning: "ptr" = "asn_parse_int(ptr, &length, &type, &errstat, sizeof (errstat) /*8*/)". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1508: tainted_data_transitive: Call to function "asn_parse_int" with tainted argument "ptr" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1508: var_assign_alias: Assigning: "ptr" = "asn_parse_int(ptr, &length, &type, &errindex, sizeof (errindex) /*8*/)". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1526: tainted_data_sink_lv_call: Passing tainted variable "ptr" to tainted data sink "smux_parse_var". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1546: var_assign_parm: Assigning: "ptr" = "varbind". "ptr" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1553: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "ptr" transitively taints "type". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1553: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "ptr" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1553: var_assign_alias: Assigning: "ptr" = "asn_parse_header(ptr, &len, &type)". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1564: tainted_data_transitive: Call to function "snmp_parse_var_op" with tainted argument "ptr" transitively taints "var_val". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1631: tainted_data_sink_lv_call: Passing tainted variable "var_val" to tainted data sink "asn_parse_objid". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1327: var_assign_parm: Assigning: "bufp" = "data". "bufp" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1339: tainted_data_transitive: Call to function "asn_parse_length" with tainted argument "*bufp" transitively taints "asn_length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1346: tainted_data_sink_lv_call: Passing tainted variable "bufp - data + asn_length" to tainted data sink "debugmsg_hex". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_debug.c:372: tainted_data_sink_lv_call: Passing tainted variable "len" to tainted data sink "sprint_realloc_hexstring". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:358: var_assign_parm: Assigning: "line_len" = "len". "line_len" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:360: a_loop_bound: Using tainted variable "line_len" as a loop boundary. jsafranek: false positive, there is _asn_parse_length_check protecting the length Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1434: tainted_data_argument: Calling function "recvfrom" taints argument "result". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1451: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "result" transitively taints "length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:968: var_assign_alias: Assigning: "bufp" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: tainted_data_transitive: Calling function "asn_parse_length" with tainted argument "bufp[1]" taints "asn_length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1180: var_assign_alias: Assigning: "lengthbyte" = "*data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1215: parm_assign: Assigning: "*length" = "(long)lengthbyte", which taints "*length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1027: parm_assign: Assigning: "*datalength" = "(int)asn_length", which taints "*datalength". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1451: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "result" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:968: var_assign_alias: Assigning: "bufp" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: tainted_data_transitive: Calling function "asn_parse_length" with tainted argument "bufp + 1" results in tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1216: return_tainted_data: Returning tainted variable "data + 1". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: var_assign: Assigning: "bufp" = "asn_parse_length(bufp + 1, &asn_length)", which taints "bufp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1029: return_tainted_data: Returning tainted variable "bufp". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1451: var_assign: Assigning: "ptr" = "asn_parse_header", which taints "ptr". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1452: tainted_data: Passing tainted variable "ptr" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1857: var_assign_parm: Assigning: "ptr" = "rsp". "ptr" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1863: tainted_data_sink_lv_call: Passing tainted variable "ptr" to tainted data sink "asn_parse_objid". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1327: var_assign_parm: Assigning: "bufp" = "data". "bufp" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1339: tainted_data_transitive: Call to function "asn_parse_length" with tainted argument "*bufp" transitively taints "asn_length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1346: tainted_data_sink_lv_call: Passing tainted variable "bufp - data + asn_length" to tainted data sink "debugmsg_hex". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_debug.c:372: tainted_data_sink_lv_call: Passing tainted variable "len" to tainted data sink "sprint_realloc_hexstring". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:358: var_assign_parm: Assigning: "line_len" = "len". "line_len" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:360: a_loop_bound: Using tainted variable "line_len" as a loop boundary. jsafranek: false positive, there is _asn_parse_length_check protecting the length Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1434: tainted_data_argument: Calling function "recvfrom" taints argument "result". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1451: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "result" transitively taints "length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:968: var_assign_alias: Assigning: "bufp" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: tainted_data_transitive: Calling function "asn_parse_length" with tainted argument "bufp[1]" taints "asn_length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1180: var_assign_alias: Assigning: "lengthbyte" = "*data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1215: parm_assign: Assigning: "*length" = "(long)lengthbyte", which taints "*length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1027: parm_assign: Assigning: "*datalength" = "(int)asn_length", which taints "*datalength". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1451: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "result" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:968: var_assign_alias: Assigning: "bufp" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: tainted_data_transitive: Calling function "asn_parse_length" with tainted argument "bufp + 1" results in tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1216: return_tainted_data: Returning tainted variable "data + 1". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: var_assign: Assigning: "bufp" = "asn_parse_length(bufp + 1, &asn_length)", which taints "bufp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1029: return_tainted_data: Returning tainted variable "bufp". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1451: var_assign: Assigning: "ptr" = "asn_parse_header", which taints "ptr". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1451: var_assign: Assigning: "ptr" = "asn_parse_header", which taints "ptr". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1452: tainted_data: Passing tainted variable "ptr" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1857: var_assign_parm: Assigning: "ptr" = "rsp". "ptr" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1863: tainted_data_sink_lv_call: Passing tainted variable "ptr" to tainted data sink "asn_parse_objid". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1327: var_assign_parm: Assigning: "bufp" = "data". "bufp" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1339: tainted_data_transitive: Call to function "asn_parse_length" with tainted argument "*bufp" transitively taints "asn_length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1346: tainted_data_sink_lv_call: Passing tainted variable "bufp - data + asn_length" to tainted data sink "debugmsg_hex". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_debug.c:372: tainted_data_sink_lv_call: Passing tainted variable "len" to tainted data sink "sprint_realloc_hexstring". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:358: var_assign_parm: Assigning: "line_len" = "len". "line_len" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:360: a_loop_bound: Using tainted variable "line_len" as a loop boundary. jsafranek: false positive, there is _asn_parse_length_check protecting the length Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:465: tainted_data_argument: Calling function "recvfrom" taints argument "buf". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:484: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "buf" transitively taints "len". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:968: var_assign_alias: Assigning: "bufp" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: tainted_data_transitive: Calling function "asn_parse_length" with tainted argument "bufp[1]" taints "asn_length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1180: var_assign_alias: Assigning: "lengthbyte" = "*data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1215: parm_assign: Assigning: "*length" = "(long)lengthbyte", which taints "*length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1027: parm_assign: Assigning: "*datalength" = "(int)asn_length", which taints "*datalength". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:484: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "buf" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:968: var_assign_alias: Assigning: "bufp" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: tainted_data_transitive: Calling function "asn_parse_length" with tainted argument "bufp + 1" results in tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1216: return_tainted_data: Returning tainted variable "data + 1". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: var_assign: Assigning: "bufp" = "asn_parse_length(bufp + 1, &asn_length)", which taints "bufp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1029: return_tainted_data: Returning tainted variable "bufp". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:484: var_assign: Assigning: "ptr" = "asn_parse_header", which taints "ptr". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:485: tainted_data: Passing tainted variable "ptr" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1857: var_assign_parm: Assigning: "ptr" = "rsp". "ptr" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1863: tainted_data_sink_lv_call: Passing tainted variable "ptr" to tainted data sink "asn_parse_objid". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1327: var_assign_parm: Assigning: "bufp" = "data". "bufp" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1339: tainted_data_transitive: Call to function "asn_parse_length" with tainted argument "*bufp" transitively taints "asn_length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1346: tainted_data_sink_lv_call: Passing tainted variable "bufp - data + asn_length" to tainted data sink "debugmsg_hex". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_debug.c:372: tainted_data_sink_lv_call: Passing tainted variable "len" to tainted data sink "sprint_realloc_hexstring". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:358: var_assign_parm: Assigning: "line_len" = "len". "line_len" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:360: a_loop_bound: Using tainted variable "line_len" as a loop boundary. jsafranek: false positive, there is _asn_parse_length_check protecting the length Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:465: tainted_data_argument: Calling function "recvfrom" taints argument "buf". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:484: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "buf" transitively taints "len". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:968: var_assign_alias: Assigning: "bufp" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: tainted_data_transitive: Calling function "asn_parse_length" with tainted argument "bufp[1]" taints "asn_length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1180: var_assign_alias: Assigning: "lengthbyte" = "*data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1215: parm_assign: Assigning: "*length" = "(long)lengthbyte", which taints "*length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1027: parm_assign: Assigning: "*datalength" = "(int)asn_length", which taints "*datalength". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:484: tainted_data_transitive: Call to function "asn_parse_header" with tainted argument "buf" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:968: var_assign_alias: Assigning: "bufp" = "data". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: tainted_data_transitive: Calling function "asn_parse_length" with tainted argument "bufp + 1" results in tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1216: return_tainted_data: Returning tainted variable "data + 1". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:977: var_assign: Assigning: "bufp" = "asn_parse_length(bufp + 1, &asn_length)", which taints "bufp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1029: return_tainted_data: Returning tainted variable "bufp". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:484: var_assign: Assigning: "ptr" = "asn_parse_header", which taints "ptr". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:484: var_assign: Assigning: "ptr" = "asn_parse_header", which taints "ptr". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:485: tainted_data: Passing tainted variable "ptr" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1857: var_assign_parm: Assigning: "ptr" = "rsp". "ptr" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1863: tainted_data_sink_lv_call: Passing tainted variable "ptr" to tainted data sink "asn_parse_objid". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1327: var_assign_parm: Assigning: "bufp" = "data". "bufp" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1339: tainted_data_transitive: Call to function "asn_parse_length" with tainted argument "*bufp" transitively taints "asn_length". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1346: tainted_data_sink_lv_call: Passing tainted variable "bufp - data + asn_length" to tainted data sink "debugmsg_hex". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_debug.c:372: tainted_data_sink_lv_call: Passing tainted variable "len" to tainted data sink "sprint_realloc_hexstring". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:358: var_assign_parm: Assigning: "line_len" = "len". "line_len" is now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:360: a_loop_bound: Using tainted variable "line_len" as a loop boundary. jsafranek: false positive, there is _asn_parse_length_check protecting the length Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:569: tainted_data: Passing tainted variable "optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "myoptarg" transitively taints "cp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:166: tainted_data_transitive: Call to function "strchr" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:183: data_index: Passing tainted variable "cp" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:634: data_index: Passing tainted variable "line" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:585: tainted_data_transitive: Call to function "strncpy" with tainted argument "line" transitively taints "buf". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:618: data_index: Passing tainted variable "line + (cptr - buf) + strlen(cptr)[1]" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1706: data_index: Passing tainted variable "*ptr" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1714: data_index: Using tainted variable "(int)(unsigned char)*ptr" as an index to pointer "*__ctype_b_loc()". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:676: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:676: tainted_data: Passing tainted variable "*optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:382: data_index: Using tainted variable "(int)(unsigned char)*optarg" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:569: tainted_data: Passing tainted variable "optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "myoptarg" transitively taints "cp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:166: tainted_data_transitive: Call to function "strchr" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:183: data_index: Passing tainted variable "cp" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:634: data_index: Passing tainted variable "line" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:585: tainted_data_transitive: Call to function "strncpy" with tainted argument "line" transitively taints "buf". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:618: data_index: Passing tainted variable "line + (cptr - buf) + strlen(cptr)[1]" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1706: data_index: Passing tainted variable "*ptr" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1714: data_index: Using tainted variable "(int)(unsigned char)*ptr" as an index to pointer "*__ctype_b_loc()". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:616: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:676: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:676: tainted_data: Passing tainted variable "*optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:382: data_index: Using tainted variable "(int)(unsigned char)*optarg" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:569: tainted_data: Passing tainted variable "optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "myoptarg" transitively taints "cp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:166: tainted_data_transitive: Call to function "strchr" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:183: data_index: Passing tainted variable "cp" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:634: data_index: Passing tainted variable "line" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:585: tainted_data_transitive: Call to function "strncpy" with tainted argument "line" transitively taints "buf". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:618: data_index: Passing tainted variable "line + (cptr - buf) + strlen(cptr)[1]" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1706: data_index: Passing tainted variable "*ptr" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1714: data_index: Using tainted variable "(int)(unsigned char)*ptr" as an index to pointer "*__ctype_b_loc()". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:616: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:676: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:676: tainted_data: Passing tainted variable "*optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:382: data_index: Using tainted variable "(int)(unsigned char)*optarg" as an index to pointer "*__ctype_b_loc()". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:700: var_assign_var: Assigning: "optarg" = "app_name". Both are now tainted. jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:569: tainted_data: Passing tainted variable "optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "myoptarg" transitively taints "cp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:166: tainted_data_transitive: Call to function "strchr" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:183: data_index: Passing tainted variable "cp" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:634: data_index: Passing tainted variable "line" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:585: tainted_data_transitive: Call to function "strncpy" with tainted argument "line" transitively taints "buf". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:618: data_index: Passing tainted variable "line + (cptr - buf) + strlen(cptr)[1]" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1706: data_index: Passing tainted variable "*ptr" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1714: data_index: Using tainted variable "(int)(unsigned char)*ptr" as an index to pointer "*__ctype_b_loc()". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:616: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:616: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:676: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:676: tainted_data: Passing tainted variable "*optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:382: data_index: Using tainted variable "(int)(unsigned char)*optarg" as an index to pointer "*__ctype_b_loc()". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:700: var_assign_var: Assigning: "optarg" = "app_name". Both are now tainted. jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:569: tainted_data: Passing tainted variable "optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "myoptarg" transitively taints "cp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:166: tainted_data_transitive: Call to function "strchr" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:183: data_index: Passing tainted variable "cp" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:634: data_index: Passing tainted variable "line" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:585: tainted_data_transitive: Call to function "strncpy" with tainted argument "line" transitively taints "buf". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:618: data_index: Passing tainted variable "line + (cptr - buf) + strlen(cptr)[1]" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1706: data_index: Passing tainted variable "*ptr" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1714: data_index: Using tainted variable "(int)(unsigned char)*ptr" as an index to pointer "*__ctype_b_loc()". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:616: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:616: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:676: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:700: var_assign_var: Assigning: "optarg" = "app_name". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:712: var_assign_var: Assigning: "optarg" = "pid_file". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:795: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:569: tainted_data: Passing tainted variable "optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "myoptarg" transitively taints "cp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:166: tainted_data_transitive: Call to function "strchr" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:183: data_index: Passing tainted variable "cp" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:634: data_index: Passing tainted variable "line" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:585: tainted_data_transitive: Call to function "strncpy" with tainted argument "line" transitively taints "buf". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:618: data_index: Passing tainted variable "line + (cptr - buf) + strlen(cptr)[1]" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1706: data_index: Passing tainted variable "*ptr" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1714: data_index: Using tainted variable "(int)(unsigned char)*ptr" as an index to pointer "*__ctype_b_loc()". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:616: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:616: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:676: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:676: tainted_data: Passing tainted variable "*optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:382: data_index: Using tainted variable "(int)(unsigned char)*optarg" as an index to pointer "*__ctype_b_loc()". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:700: var_assign_var: Assigning: "optarg" = "app_name". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:712: var_assign_var: Assigning: "optarg" = "pid_file". Both are now tainted. jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:569: tainted_data: Passing tainted variable "optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "myoptarg" transitively taints "cp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:166: tainted_data_transitive: Call to function "strchr" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:183: data_index: Passing tainted variable "cp" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:634: data_index: Passing tainted variable "line" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:585: tainted_data_transitive: Call to function "strncpy" with tainted argument "line" transitively taints "buf". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:618: data_index: Passing tainted variable "line + (cptr - buf) + strlen(cptr)[1]" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1706: data_index: Passing tainted variable "*ptr" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1714: data_index: Using tainted variable "(int)(unsigned char)*ptr" as an index to pointer "*__ctype_b_loc()". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:616: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:616: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:676: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:700: var_assign_var: Assigning: "optarg" = "app_name". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:712: var_assign_var: Assigning: "optarg" = "pid_file". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:795: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:795: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:552: tainted_data: Passing tainted variable "*argv[arg - 1]" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:6931: data_index: Passing tainted variable "*value" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/int64.c:516: data_index: Using tainted variable "(int)(unsigned char)*str" as an index to pointer "*__ctype_b_loc()". /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:552: tainted_data: Passing tainted variable "argv[arg - 1]" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:7019: data_index: Passing tainted variable "value" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:601: data_index: Passing tainted variable "hex" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:542: parm_assign_alias: Assigning: "cp" = "hex", which taints "cp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:553: data_index: Using tainted variable "(int)(int)cp[1]" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:455: var_assign_var: Assigning: "optarg" = "context". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:484: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:484: tainted_data: Passing tainted variable "*optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:382: data_index: Using tainted variable "(int)(unsigned char)*optarg" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:455: var_assign_var: Assigning: "optarg" = "context". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:467: var_assign_var: Assigning: "optarg" = "sysUpTime". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:484: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:484: tainted_data: Passing tainted variable "*optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:382: data_index: Using tainted variable "(int)(unsigned char)*optarg" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:484: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:484: tainted_data: Passing tainted variable "*optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:382: data_index: Using tainted variable "(int)(unsigned char)*optarg" as an index to pointer "*__ctype_b_loc()". /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:552: tainted_data: Passing tainted variable "*argv[arg - 1]" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:6931: data_index: Passing tainted variable "*value" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/int64.c:516: data_index: Using tainted variable "(int)(unsigned char)*str" as an index to pointer "*__ctype_b_loc()". /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:552: tainted_data: Passing tainted variable "argv[arg - 1]" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:7019: data_index: Passing tainted variable "value" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:601: data_index: Passing tainted variable "hex" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:542: parm_assign_alias: Assigning: "cp" = "hex", which taints "cp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:553: data_index: Using tainted variable "(int)(int)cp[1]" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:455: var_assign_var: Assigning: "optarg" = "context". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:467: var_assign_var: Assigning: "optarg" = "sysUpTime". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:475: tainted_data_transitive: Call to function "snmp_mib_toggle_options" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:697: return_tainted_data: Returning tainted variable "options". /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:484: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:484: tainted_data: Passing tainted variable "*optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:382: data_index: Using tainted variable "(int)(unsigned char)*optarg" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:148: var_assign_var: Assigning: "(u_char *)argv[++arg]" = "engineid". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:228: tainted_data: Passing tainted variable "engineid + 2" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:441: parm_assign_alias: Assigning: "ip" = "input", which taints "ip". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:447: data_index: Using tainted variable "(int)*ip" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:148: var_assign_var: Assigning: "(u_char *)argv[++arg]" = "engineid". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:227: tainted_data: Using tainted variable "(int)engineid[1]" as an index to pointer "*__ctype_tolower_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptls.c:481: var_assign_var: Assigning: "argv[++arg]" = "fingerprint". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptls.c:502: tainted_data: Passing tainted variable "fingerprint" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptls.c:89: data_index: Passing tainted variable "fp" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:1988: data_index: Passing tainted variable "hex_fp" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:542: parm_assign_alias: Assigning: "cp" = "hex", which taints "cp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:553: data_index: Using tainted variable "(int)(int)cp[1]" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptls.c:517: var_assign_var: Assigning: "argv[++arg]" = "fingerprint". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptls.c:525: tainted_data: Passing tainted variable "fingerprint" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptls.c:181: data_index: Passing tainted variable "fp" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:1988: data_index: Passing tainted variable "hex_fp" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:542: parm_assign_alias: Assigning: "cp" = "hex", which taints "cp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:553: data_index: Using tainted variable "(int)(int)cp[1]" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:227: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:227: tainted_data: Passing tainted variable "*optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:382: data_index: Using tainted variable "(int)(unsigned char)*optarg" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:227: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:146: tainted_data_transitive: Call to function "atoi" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:227: tainted_data: Passing tainted variable "*optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:382: data_index: Using tainted variable "(int)(unsigned char)*optarg" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:227: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:146: tainted_data_transitive: Call to function "atoi" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:146: tainted_data_transitive: Call to function "atoi" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:227: tainted_data: Passing tainted variable "*optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:382: data_index: Using tainted variable "(int)(unsigned char)*optarg" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:227: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:146: tainted_data_transitive: Call to function "atoi" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:146: tainted_data_transitive: Call to function "atoi" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:154: tainted_data_transitive: Call to function "snmp_mib_toggle_options" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:697: return_tainted_data: Returning tainted variable "options". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:227: tainted_data: Passing tainted variable "*optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:382: data_index: Using tainted variable "(int)(unsigned char)*optarg" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:227: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:146: tainted_data_transitive: Call to function "atoi" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:146: tainted_data_transitive: Call to function "atoi" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:154: tainted_data_transitive: Call to function "snmp_mib_toggle_options" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:697: return_tainted_data: Returning tainted variable "options". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:163: tainted_data_transitive: Call to function "snmp_out_toggle_options" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2234: return_tainted_data: Returning tainted variable "options - 1". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:227: tainted_data: Passing tainted variable "*optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:382: data_index: Using tainted variable "(int)(unsigned char)*optarg" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:227: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:146: tainted_data_transitive: Call to function "atoi" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:146: tainted_data_transitive: Call to function "atoi" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:154: tainted_data_transitive: Call to function "snmp_mib_toggle_options" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:697: return_tainted_data: Returning tainted variable "options". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:163: tainted_data_transitive: Call to function "snmp_out_toggle_options" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2234: return_tainted_data: Returning tainted variable "options - 1". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:171: tainted_data_transitive: Call to function "snmp_in_toggle_options" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2321: tainted_data_transitive: Calling function "snmp_in_options" with tainted argument "options" results in tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2272: var_assign_alias: Assigning: "cp" = "optarg". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2312: return_tainted_data: Returning tainted variable "cp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2321: return_tainted_data: Returning tainted variable "snmp_in_options(options, 0, NULL)". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:227: tainted_data: Passing tainted variable "*optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:382: data_index: Using tainted variable "(int)(unsigned char)*optarg" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:227: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:146: tainted_data_transitive: Call to function "atoi" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:146: tainted_data_transitive: Call to function "atoi" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:154: tainted_data_transitive: Call to function "snmp_mib_toggle_options" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:697: return_tainted_data: Returning tainted variable "options". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:163: tainted_data_transitive: Call to function "snmp_out_toggle_options" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2234: return_tainted_data: Returning tainted variable "options - 1". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:171: tainted_data_transitive: Call to function "snmp_in_toggle_options" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2321: tainted_data_transitive: Calling function "snmp_in_options" with tainted argument "options" results in tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2272: var_assign_alias: Assigning: "cp" = "optarg". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2312: return_tainted_data: Returning tainted variable "cp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2321: return_tainted_data: Returning tainted variable "snmp_in_options(options, 0, NULL)". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:179: var_assign_var: Assigning: "optarg" = "cp". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:227: tainted_data: Passing tainted variable "*optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:382: data_index: Using tainted variable "(int)(unsigned char)*optarg" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:693: tainted_data: Passing tainted variable "optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "myoptarg" transitively taints "cp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:166: tainted_data_transitive: Call to function "strchr" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:183: data_index: Passing tainted variable "cp" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:634: data_index: Passing tainted variable "line" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:585: tainted_data_transitive: Call to function "strncpy" with tainted argument "line" transitively taints "buf". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:618: data_index: Passing tainted variable "line + (cptr - buf) + strlen(cptr)[1]" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1706: data_index: Passing tainted variable "*ptr" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1714: data_index: Using tainted variable "(int)(unsigned char)*ptr" as an index to pointer "*__ctype_b_loc()". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:838: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:838: tainted_data: Passing tainted variable "*optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:382: data_index: Using tainted variable "(int)(unsigned char)*optarg" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:693: tainted_data: Passing tainted variable "optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "myoptarg" transitively taints "cp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:166: tainted_data_transitive: Call to function "strchr" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:183: data_index: Passing tainted variable "cp" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:634: data_index: Passing tainted variable "line" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:585: tainted_data_transitive: Call to function "strncpy" with tainted argument "line" transitively taints "buf". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:618: data_index: Passing tainted variable "line + (cptr - buf) + strlen(cptr)[1]" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1706: data_index: Passing tainted variable "*ptr" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1714: data_index: Using tainted variable "(int)(unsigned char)*ptr" as an index to pointer "*__ctype_b_loc()". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:747: vararg_transitive: Call to "sprintf" with tainted argument "optarg" taints "trap1_fmt_str_remember". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:838: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:838: tainted_data: Passing tainted variable "*optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:382: data_index: Using tainted variable "(int)(unsigned char)*optarg" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:693: tainted_data: Passing tainted variable "optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "myoptarg" transitively taints "cp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:166: tainted_data_transitive: Call to function "strchr" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:183: data_index: Passing tainted variable "cp" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:634: data_index: Passing tainted variable "line" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:585: tainted_data_transitive: Call to function "strncpy" with tainted argument "line" transitively taints "buf". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:618: data_index: Passing tainted variable "line + (cptr - buf) + strlen(cptr)[1]" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1706: data_index: Passing tainted variable "*ptr" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1714: data_index: Using tainted variable "(int)(unsigned char)*ptr" as an index to pointer "*__ctype_b_loc()". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:747: vararg_transitive: Call to "sprintf" with tainted argument "optarg" taints "trap1_fmt_str_remember". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:758: tainted_data_transitive: Call to function "atoi" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:838: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:838: tainted_data: Passing tainted variable "*optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:382: data_index: Using tainted variable "(int)(unsigned char)*optarg" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:693: tainted_data: Passing tainted variable "optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "myoptarg" transitively taints "cp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:166: tainted_data_transitive: Call to function "strchr" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:183: data_index: Passing tainted variable "cp" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:634: data_index: Passing tainted variable "line" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:585: tainted_data_transitive: Call to function "strncpy" with tainted argument "line" transitively taints "buf". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:618: data_index: Passing tainted variable "line + (cptr - buf) + strlen(cptr)[1]" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1706: data_index: Passing tainted variable "*ptr" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1714: data_index: Using tainted variable "(int)(unsigned char)*ptr" as an index to pointer "*__ctype_b_loc()". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:747: vararg_transitive: Call to "sprintf" with tainted argument "optarg" taints "trap1_fmt_str_remember". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:758: tainted_data_transitive: Call to function "atoi" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:828: tainted_data_transitive: Call to function "snmp_out_toggle_options" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2234: return_tainted_data: Returning tainted variable "options - 1". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:838: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:838: tainted_data: Passing tainted variable "*optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:382: data_index: Using tainted variable "(int)(unsigned char)*optarg" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:693: tainted_data: Passing tainted variable "optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "myoptarg" transitively taints "cp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:165: tainted_data_transitive: Call to function "strcpy" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:166: tainted_data_transitive: Call to function "strchr" with tainted argument "cp" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:183: data_index: Passing tainted variable "cp" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:634: data_index: Passing tainted variable "line" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:585: tainted_data_transitive: Call to function "strncpy" with tainted argument "line" transitively taints "buf". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:618: data_index: Passing tainted variable "line + (cptr - buf) + strlen(cptr)[1]" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1706: data_index: Passing tainted variable "*ptr" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1714: data_index: Using tainted variable "(int)(unsigned char)*ptr" as an index to pointer "*__ctype_b_loc()". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:747: vararg_transitive: Call to "sprintf" with tainted argument "optarg" taints "trap1_fmt_str_remember". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:758: tainted_data_transitive: Call to function "atoi" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:828: tainted_data_transitive: Call to function "snmp_out_toggle_options" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2234: return_tainted_data: Returning tainted variable "options - 1". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:838: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:838: tainted_data: Passing tainted variable "*optarg" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:382: data_index: Using tainted variable "(int)(unsigned char)*optarg" as an index to pointer "*__ctype_b_loc()". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:876: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpusm.c:451: var_assign_var: Assigning: "argv[++arg]" = "newpass". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpusm.c:581: tainted_data: Passing tainted variable "newpass" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:601: data_index: Passing tainted variable "hex" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:542: parm_assign_alias: Assigning: "cp" = "hex", which taints "cp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:553: data_index: Using tainted variable "(int)(int)cp[1]" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful Error: TAINTED_SCALAR (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpusm.c:450: var_assign_var: Assigning: "argv[++arg]" = "oldpass". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmpusm.c:534: tainted_data: Passing tainted variable "oldpass" to a tainted sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:601: data_index: Passing tainted variable "hex" to a tainted data index sink. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:542: parm_assign_alias: Assigning: "cp" = "hex", which taints "cp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:553: data_index: Using tainted variable "(int)(int)cp[1]" as an index to pointer "*__ctype_b_loc()". jsafranek: false positive, iterating through cmdline argument is not harmful
TAINTED_STRING
Error: TAINTED_STRING (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:676: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:684: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:692: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. jsafranek: false positive Error: TAINTED_STRING (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:616: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:676: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:684: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:692: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. jsafranek: false positive Error: TAINTED_STRING (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:616: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:676: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:684: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:692: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:700: var_assign_var: Assigning: "app_name" = "optarg". Both are now tainted. jsafranek: false positive Error: TAINTED_STRING (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:616: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:616: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:676: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:684: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:692: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:700: var_assign_var: Assigning: "app_name" = "optarg". Both are now tainted. jsafranek: false positive Error: TAINTED_STRING (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:616: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:616: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:676: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:684: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:692: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:700: var_assign_var: Assigning: "app_name" = "optarg". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:712: var_assign_var: Assigning: "pid_file" = "optarg". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:1000: tainted_string: Passing tainted string "pid_file" to a function that cannot accept tainted data. jsafranek: false positive Error: TAINTED_STRING (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:616: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:616: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:676: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:684: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:692: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:700: var_assign_var: Assigning: "app_name" = "optarg". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:712: var_assign_var: Assigning: "pid_file" = "optarg". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:795: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:1000: tainted_string: Passing tainted string "pid_file" to a function that cannot accept tainted data. jsafranek: false positive Error: TAINTED_STRING (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:616: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:616: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:676: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:684: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:692: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:700: var_assign_var: Assigning: "app_name" = "optarg". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:712: var_assign_var: Assigning: "pid_file" = "optarg". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:795: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:795: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:1000: tainted_string: Passing tainted string "pid_file" to a function that cannot accept tainted data. jsafranek: false positive Error: TAINTED_STRING (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:449: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:452: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:484: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". jsafranek: false positive Error: TAINTED_STRING (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:449: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:452: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:455: var_assign_var: Assigning: "context" = "optarg". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:484: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". jsafranek: false positive Error: TAINTED_STRING (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:449: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:452: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:455: var_assign_var: Assigning: "context" = "optarg". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:467: var_assign_var: Assigning: "sysUpTime" = "optarg". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:484: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". jsafranek: false positive Error: TAINTED_STRING (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:449: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:452: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:455: var_assign_var: Assigning: "context" = "optarg". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:467: var_assign_var: Assigning: "sysUpTime" = "optarg". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:475: tainted_data_transitive: Call to function "snmp_mib_toggle_options" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:697: return_tainted_data: Returning tainted variable "options". /builddir/build/BUILD/net-snmp-5.7.1/apps/agentxtrap.c:484: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". jsafranek: false positive Error: TAINTED_STRING (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:131: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:134: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:227: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". jsafranek: false positive Error: TAINTED_STRING (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:131: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:134: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:146: tainted_data_transitive: Call to function "atoi" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:227: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". jsafranek: false positive Error: TAINTED_STRING (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:131: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:134: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:146: tainted_data_transitive: Call to function "atoi" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:154: tainted_data_transitive: Call to function "snmp_mib_toggle_options" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:697: return_tainted_data: Returning tainted variable "options". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:227: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". jsafranek: false positive Error: TAINTED_STRING (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:131: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:134: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:146: tainted_data_transitive: Call to function "atoi" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:154: tainted_data_transitive: Call to function "snmp_mib_toggle_options" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:697: return_tainted_data: Returning tainted variable "options". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:163: tainted_data_transitive: Call to function "snmp_out_toggle_options" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2234: return_tainted_data: Returning tainted variable "options - 1". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:227: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". jsafranek: false positive Error: TAINTED_STRING (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:131: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:134: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:146: tainted_data_transitive: Call to function "atoi" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:154: tainted_data_transitive: Call to function "snmp_mib_toggle_options" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:697: return_tainted_data: Returning tainted variable "options". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:163: tainted_data_transitive: Call to function "snmp_out_toggle_options" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2234: return_tainted_data: Returning tainted variable "options - 1". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:171: tainted_data_transitive: Call to function "snmp_in_toggle_options" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2321: tainted_data_transitive: Calling function "snmp_in_options" with tainted argument "options" results in tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2272: var_assign_alias: Assigning: "cp" = "optarg". Both are now tainted. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2312: return_tainted_data: Returning tainted variable "cp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2321: return_tainted_data: Returning tainted variable "snmp_in_options(options, 0, NULL)". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:227: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". jsafranek: false positive Error: TAINTED_STRING (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:800: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:809: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:838: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". jsafranek: false positive Error: TAINTED_STRING (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:747: vararg_transitive: Call to "sprintf" with tainted argument "optarg" taints "trap1_fmt_str_remember". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:800: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:809: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:838: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". jsafranek: false positive Error: TAINTED_STRING (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:747: vararg_transitive: Call to "sprintf" with tainted argument "optarg" taints "trap1_fmt_str_remember". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:758: tainted_data_transitive: Call to function "atoi" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:800: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:809: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:838: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". jsafranek: false positive Error: TAINTED_STRING (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:747: vararg_transitive: Call to "sprintf" with tainted argument "optarg" taints "trap1_fmt_str_remember". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:758: tainted_data_transitive: Call to function "atoi" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:800: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:809: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:828: tainted_data_transitive: Call to function "snmp_out_toggle_options" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2234: return_tainted_data: Returning tainted variable "options - 1". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:838: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". jsafranek: false positive Error: TAINTED_STRING (CWE-20): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:747: vararg_transitive: Call to "sprintf" with tainted argument "optarg" taints "trap1_fmt_str_remember". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:758: tainted_data_transitive: Call to function "atoi" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:800: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:809: tainted_string: Passing tainted string "optarg" to a function that cannot accept tainted data. /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:828: tainted_data_transitive: Call to function "snmp_out_toggle_options" with tainted argument "optarg" returns tainted data. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2234: return_tainted_data: Returning tainted variable "options - 1". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:838: tainted_data_transitive: Call to function "snmp_log_options" with tainted argument "argv" transitively taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:396: parm_assign: Assigning: "optarg" = "argv[optind]", which taints "optarg". /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:876: tainted_data_transitive: Call to function "strtoul" with tainted argument "optarg" returns tainted data. jsafranek: false positive
TOCTOU
Error: TOCTOU (CWE-367): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/system.c:1209: fs_check_call: Calling function "stat" to perform check on "buf". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/system.c:1216: toctou: Calling function "mkdir" that uses "buf" after a check function. This can cause a time-of-check, time-of-use race condition. jsafranek: IMHO harmless Error: TOCTOU (CWE-367): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:4892: fs_check_call: Calling function "stat" to perform check on "dirname". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:4928: toctou: Calling function "opendir" that uses "dirname" after a check function. This can cause a time-of-check, time-of-use race condition. jsafranek: false positive Error: TOCTOU (CWE-367): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:4892: fs_check_call: Calling function "stat" to perform check on "token". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:4895: toctou: Calling function "fopen" that uses "token" after a check function. This can cause a time-of-check, time-of-use race condition. jsafranek: false positive Error: TOCTOU (CWE-367): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/util_funcs/get_pid_from_inode.c:152: fs_check_call: Calling function "readlink" to perform check on "path_name". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/util_funcs/get_pid_from_inode.c:140: toctou: Calling function "opendir" that uses "path_name" after a check function. This can cause a time-of-check, time-of-use race condition. jsafranek: false positive Error: TOCTOU (CWE-367): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/logmatch.c:251: fs_check_call: Calling function "stat" to perform check on "logmatchTable[iindex].filename". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/logmatch.c:259: toctou: Calling function "fopen" that uses "logmatchTable[iindex].filename" after a check function. This can cause a time-of-check, time-of-use race condition. jsafranek: false positive Error: TOCTOU (CWE-367): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1634: fs_check_call: Calling function "stat" to perform check on "file". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1637: toctou: Calling function "unlink" that uses "file" after a check function. This can cause a time-of-check, time-of-use race condition. jsafranek: false positive Error: TOCTOU (CWE-367): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1562: fs_check_call: Calling function "stat" to perform check on "file". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:1571: toctou: Calling function "rename" that uses "file" after a check function. This can cause a time-of-check, time-of-use race condition. jsafranek: false positive Error: TOCTOU (CWE-367): /builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:521: fs_check_call: Calling function "stat" to perform check on "path". /builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:535: toctou: Calling function "fopen" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition. jsafranek: false positive Error: TOCTOU (CWE-367): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:1349: fs_check_call: Calling function "stat" to perform check on "idxname". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:1387: toctou: Calling function "fopen" that uses "idxname" after a check function. This can cause a time-of-check, time-of-use race condition. jsafranek: false positive
UNINIT
Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:4346: var_decl: Declaring variable "objid" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:4367: uninit_use_in_call: Using uninitialized element of array "objid" when calling "asn_parse_objid". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1394: read_parm: Reading a parameter value. jsafranek: looks like a false positive: objid[1] is either cleared at snmp_api.c:1352 or at least one value is stored in *oidp at snmp_api.c:1379 Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:3641: var_decl: Declaring variable "import_list" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:3716: uninit_use: Using uninitialized value "import_list[i].modid". jsafranek: false positive, modid is set when FROM is found in the MIB file. Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/data_access/systemstats_linux.c:359: var_decl: Declaring variable "scan_count" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/data_access/systemstats_linux.c:520: uninit_use: Using uninitialized value "scan_count". jsafranek: fixed in 5.4.x Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:6783: var_decl: Declaring variable "c64tmp" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:6931: uninit_use_in_call: Using uninitialized value "c64tmp": field "c64tmp".low is uninitialized when calling "read64". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/int64.c:519: read_parm: Reading a parameter value. /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:7113: uninit_use_in_call: Using uninitialized value "c64tmp": field "c64tmp".low is uninitialized when calling "read64". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:7121: uninit_use_in_call: Using uninitialized value "c64tmp": field "c64tmp".low is uninitialized when calling "read64". jsafranek: false positive, value is cleared at snmp_api.c:510 Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/sensors/lmsensors_v3.c:35: var_decl: Declaring variable "val" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/sensors/lmsensors_v3.c:77: uninit_use_in_call: Using uninitialized value "val" when calling "debugmsgtoken". jsafranek: fixed in 5.5.x Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_disk.c:324: var_decl: Declaring variable "d_set". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_disk.c:358: alloc_fn: Assigning: "d_set" = "(details_set *)malloc(sizeof (details_set) /*32*/)", which is allocated but not initialized. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_disk.c:385: uninit_use: Using uninitialized element of array "*d_set". jsafranek: fixed in 5.4.x Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/data_access/route_ioctl.c:90: var_decl: Declaring variable "dst" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/data_access/route_ioctl.c:121: uninit_use_in_call: Using uninitialized value "dst": field "dst".sin_zero is uninitialized when calling "memcpy". jsafranek: false positive, dst.sin_zero is not described in POSIX Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/data_access/route_ioctl.c:90: var_decl: Declaring variable "gateway" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/data_access/route_ioctl.c:122: uninit_use_in_call: Using uninitialized value "gateway": field "gateway".sin_zero is uninitialized when calling "memcpy". jsafranek: false positive, dst.sin_zero is not described in POSIX Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/data_access/route_ioctl.c:90: var_decl: Declaring variable "mask" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/data_access/route_ioctl.c:123: uninit_use_in_call: Using uninitialized value "mask": field "mask".sin_zero is uninitialized when calling "memcpy". jsafranek: false positive, dst.sin_zero is not described in POSIX Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/data_access/route_ioctl.c:149: var_decl: Declaring variable "dst" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/data_access/route_ioctl.c:171: uninit_use_in_call: Using uninitialized value "dst": field "dst".sin_zero is uninitialized when calling "memcpy". jsafranek: false positive, dst.sin_zero is not described in POSIX Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/data_access/route_ioctl.c:150: var_decl: Declaring variable "gateway" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/data_access/route_ioctl.c:172: uninit_use_in_call: Using uninitialized value "gateway": field "gateway".sin_zero is uninitialized when calling "memcpy". jsafranek: false positive, dst.sin_zero is not described in POSIX Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:97: var_decl: Declaring variable "dst" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:118: uninit_use_in_call: Using uninitialized value "dst": field "dst".sin_zero is uninitialized when calling "memcpy". jsafranek: false positive, dst.sin_zero is not described in POSIX Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:98: var_decl: Declaring variable "gateway" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:119: uninit_use_in_call: Using uninitialized value "gateway": field "gateway".sin_zero is uninitialized when calling "memcpy". jsafranek: false positive, dst.sin_zero is not described in POSIX Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:187: var_decl: Declaring variable "dst" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:208: uninit_use_in_call: Using uninitialized value "dst": field "dst".sin_zero is uninitialized when calling "memcpy". jsafranek: false positive, dst.sin_zero is not described in POSIX Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:188: var_decl: Declaring variable "gateway" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:209: uninit_use_in_call: Using uninitialized value "gateway": field "gateway".sin_zero is uninitialized when calling "memcpy". jsafranek: false positive, dst.sin_zero is not described in POSIX Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/tcpTable.c:695: var_decl: Declaring variable "pcb" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/tcpTable.c:719: uninit_use_in_call: Using uninitialized value "pcb": field "pcb".inp_next is uninitialized when calling "memcpy". jsafranek: false positive, nnew->inp_next is set just after the memcpy Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/udpTable.c:489: var_decl: Declaring variable "pcb" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/udpTable.c:506: uninit_use_in_call: Using uninitialized value "pcb": field "pcb".uid is uninitialized when calling "memcpy". jsafranek: fixed in 5.4.x Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/vacm_vars.c:1087: var_decl: Declaring variable "newContextPrefix" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/vacm_vars.c:1226: uninit_use_in_call: Using uninitialized value "newContextPrefix" when calling "free". jsafranek: fixed in 5.4.x Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/vacm_vars.c:1087: var_decl: Declaring variable "newGroupName" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/vacm_vars.c:1225: uninit_use_in_call: Using uninitialized value "newGroupName" when calling "free". jsafranek: fixed in 5.4.x Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:815: var_decl: Declaring variable "oid_name" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:832: uninit_use_in_call: Using uninitialized element of array "oid_name" when calling "asn_parse_objid". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1394: read_parm: Reading a parameter value. jsafranek: looks like a false positive: objid[1] is either cleared at snmp_api.c:1352 or at least one value is stored in *oidp at snmp_api.c:1379 Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:994: var_decl: Declaring variable "oid_name" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1001: uninit_use_in_call: Using uninitialized element of array "oid_name" when calling "asn_parse_objid". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1394: read_parm: Reading a parameter value. jsafranek: looks like a false positive: objid[1] is either cleared at snmp_api.c:1352 or at least one value is stored in *oidp at snmp_api.c:1379 Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1845: var_decl: Declaring variable "sa_enterpriseoid" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1863: uninit_use_in_call: Using uninitialized element of array "sa_enterpriseoid" when calling "asn_parse_objid". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/asn1.c:1394: read_parm: Reading a parameter value. jsafranek: looks like a false positive: objid[1] is either cleared at snmp_api.c:1352 or at least one value is stored in *oidp at snmp_api.c:1379 Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/pass_persist.c:746: var_decl: Declaring variable "sa" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/pass_persist.c:765: uninit_use_in_call: Using uninitialized value "sa": field "sa".sa_restorer is uninitialized when calling "sigaction". jsafranek: false positive, sa_restorer is obsolete and should not be used Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:3497: var_decl: Declaring variable "str_buf_prefix" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:3659: uninit_use: Using uninitialized element of array "str_buf_prefix". jsafranek: TODO!!! Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:1007: var_decl: Declaring variable "status" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:1099: uninit_use: Using uninitialized value "status". jsafranek: fixed in 5.4.x Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:1781: var_decl: Declaring variable "iid" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:1837: uninit_use_in_call: Using uninitialized value "iid" when calling "printf". jsafranek: fixed in 5.4.x Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:1999: var_decl: Declaring variable "iid" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:2088: uninit_use_in_call: Using uninitialized value "iid" when calling "printf". jsafranek: fixed in 5.4.x Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:1990: var_decl: Declaring variable "oid_arr_broken_check_len" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:2316: uninit_use: Using uninitialized value "oid_arr_broken_check_len". jsafranek: fixed in 5.6.x Error: UNINIT (CWE-457): /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:1988: var_decl: Declaring variable "oid_arr_len" without initializer. /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:2315: uninit_use: Using uninitialized value "oid_arr_len". jsafranek: fixed in 5.6.x
UNREACHABLE
Error: UNREACHABLE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/var_route.c:581: unreachable: This code cannot be reached: "long_return = -1L;". jsafranek: false positive because of #ifdefs Error: UNREACHABLE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/var_route.c:590: unreachable: This code cannot be reached: "long_return = -1L;". jsafranek: false positive because of #ifdefs Error: UNREACHABLE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/var_route.c:599: unreachable: This code cannot be reached: "long_return = -1L;". jsafranek: false positive because of #ifdefs Error: UNREACHABLE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/var_route.c:605: unreachable: This code cannot be reached: "long_return = -1L;". jsafranek: false positive because of #ifdefs Error: UNREACHABLE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/var_route.c:648: unreachable: This code cannot be reached: "long_return = 0L;". jsafranek: false positive because of #ifdefs Error: UNREACHABLE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:306: unreachable: This code cannot be reached: "fprintf(stderr, "translate_...". jsafranek: fixed in 5.4+, a883ef1 Error: UNREACHABLE (CWE-561): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSBaseDomain.c:117: unreachable: This code cannot be reached: "if (0 == depth && verify_in...". jsafranek: looks very suspicious!
UNUSED_VALUE
Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteEventConf.c:410: returned_pointer: Pointer "line" returned by "read_config_read_data(4, line, &vp, &len)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteEventConf.c:455: returned_pointer: Pointer "line" returned by "read_config_read_data(4, line, &vp, &len)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteEventConf.c:364: returned_pointer: Pointer "line" returned by "read_config_read_data(66, line, &tmp, NULL)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteEventConf.c:530: returned_pointer: Pointer "cptr" returned by "read_config_store_data(4, cptr, &cp, &tint)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteEventConf.c:507: returned_pointer: Pointer "cptr" returned by "read_config_store_data(66, cptr, &tint, NULL)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteEventConf.c:553: returned_pointer: Pointer "cptr" returned by "read_config_store_data(66, cptr, &tint, NULL)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteEventTable.c:283: returned_pointer: Pointer "tinfo" returned by "netsnmp_extract_table_info(request)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteObjectsConf.c:89: returned_pointer: Pointer "line" returned by "read_config_read_data(66, line, &tmpint, &len)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteObjectsConf.c:96: returned_pointer: Pointer "line" returned by "read_config_read_data(66, line, &tmpint, &len)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteObjectsConf.c:150: returned_pointer: Pointer "cptr" returned by "read_config_store_data(66, cptr, &tint, NULL)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerBooleanTable.c:155: returned_pointer: Pointer "entry" returned by "netsnmp_tdata_extract_entry(request)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerConf.c:455: returned_pointer: Pointer "cp" returned by "copy_nword_const(cp, buf, 2560)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerConf.c:495: returned_pointer: Pointer "cp" returned by "copy_nword_const(cp, buf, 2560)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerConf.c:1124: returned_pointer: Pointer "line" returned by "_parse_mteTBlCols(line, entry, 0)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerConf.c:970: returned_pointer: Pointer "line" returned by "_parse_mteTDCols(line, entry, 0)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerConf.c:1045: returned_pointer: Pointer "line" returned by "_parse_mteTExCols(line, entry, 0)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerConf.c:904: returned_pointer: Pointer "line" returned by "_parse_mteTCols(line, entry, 0)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerConf.c:1208: returned_pointer: Pointer "line" returned by "_parse_mteTThCols(line, entry, 0)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerConf.c:1254: returned_pointer: Pointer "line" returned by "_parse_mteTThCols(line, entry, 1)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerConf.c:1387: returned_pointer: Pointer "cptr" returned by "read_config_store_data(4, cptr, &cp, &tint)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerConf.c:1415: returned_pointer: Pointer "cptr" returned by "read_config_store_data(4, cptr, &cp, &tint)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerConf.c:1461: returned_pointer: Pointer "cptr" returned by "read_config_store_data(4, cptr, &cp, &tint)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerConf.c:1332: returned_pointer: Pointer "cptr" returned by "read_config_store_data(66, cptr, &tint, NULL)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerConf.c:1357: returned_pointer: Pointer "cptr" returned by "read_config_store_data(66, cptr, &tint, NULL)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerDeltaTable.c:128: returned_pointer: Pointer "entry" returned by "netsnmp_tdata_extract_entry(request)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerExistenceTable.c:142: returned_pointer: Pointer "entry" returned by "netsnmp_tdata_extract_entry(request)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerTable.c:352: returned_pointer: Pointer "tinfo" returned by "netsnmp_extract_table_info(request)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerThresholdTable.c:192: returned_pointer: Pointer "entry" returned by "netsnmp_tdata_extract_entry(request)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/schedule/schedConf.c:354: returned_pointer: Pointer "line" returned by "read_config_read_data(66, line, &len, NULL)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/schedule/schedConf.c:95: returned_pointer: Pointer "line" returned by "read_config_read_data(2, line, &value, &tmpint)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/schedule/schedConf.c:240: returned_pointer: Pointer "line" returned by "read_config_read_data(2, line, &value, &tmpint)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/schedule/schedConf.c:431: returned_pointer: Pointer "cptr" returned by "read_config_store_data(66, cptr, &tint, NULL)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/vacm_conf.c:165: returned_pointer: Pointer "st" returned by "copy_nword(st, security, 33)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpUnixDomain.c:679: returned_pointer: Pointer "param" returned by "copy_nword(param, community, sizeof (community) /*257*/)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/vacm_conf.c:927: returned_pointer: Pointer "cp" returned by "copy_nword(cp, context, sizeof (context) /*2560*/)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyFilterProfileTable.c:205: returned_pointer: Pointer "line" returned by "read_config_read_data(2, line, &StorageTmp->snmpNotifyFilterProfileRowStatus, &tmpint)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyFilterProfileTable.c:266: returned_pointer: Pointer "cptr" returned by "read_config_store_data(2, cptr, &StorageTmp->snmpNotifyFilterProfileRowStatus, NULL)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:598: returned_pointer: Pointer "line" returned by "read_config_read_data(2, line, &StorageTmp->snmpNotifyRowStatus, &tmpint)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:667: returned_pointer: Pointer "cptr" returned by "read_config_store_data(2, cptr, &StorageTmp->snmpNotifyRowStatus, &tmpint)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpTables_linux.c:143: returned_pointer: Pointer "token" returned by "strtok(NULL, " ")" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpTables_linux.c:144: returned_pointer: Pointer "token" returned by "strtok(NULL, " ")" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpTables_linux.c:145: returned_pointer: Pointer "token" returned by "strtok(NULL, " ")" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpTables_linux.c:167: returned_pointer: Pointer "token" returned by "strtok(NULL, " ")" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpTables_linux.c:168: returned_pointer: Pointer "token" returned by "strtok(NULL, " ")" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpTables_linux.c:169: returned_pointer: Pointer "token" returned by "strtok(NULL, " ")" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpTables_linux.c:142: returned_pointer: Pointer "token" returned by "strtok(line, " ")" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1564: returned_pointer: Pointer "ptr" returned by "snmp_parse_var_op(ptr, var_name, &var_name_len, vartype, &var_val_len, &var_val, &len)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/target/snmpTargetAddrEntry.c:669: returned_pointer: Pointer "cptr" returned by "copy_nword(cptr, buff, sizeof (buff) /*1024*/)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/target/snmpTargetParamsEntry.c:543: returned_pointer: Pointer "cptr" returned by "copy_nword(cptr, buff, sizeof (buff) /*1024*/)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/text_utils.c:245: returned_pointer: Pointer "ptr" returned by "skip_white(ptr)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/text_utils.c:286: returned_pointer: Pointer "ptr" returned by "skip_white(ptr)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:430: returned_pointer: Pointer "cptr" returned by "copy_nword(cptr, buf, sizeof (buf) /*8192*/)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:3314: returned_pointer: Pointer "tp" returned by "__tag2oid(tag_pv, __av_elem_pv(varbind, 1, NULL), oid_arr, &oid_arr_len, NULL, best_guess)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:3555: returned_pointer: Pointer "tp" returned by "__tag2oid(tag_pv, __av_elem_pv(varbind, 1, NULL), oid_arr, &oid_arr_len, NULL, best_guess)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:4367: returned_pointer: Pointer "tp" returned by "__tag2oid(enterprise, NULL, pdu->enterprise, &pdu->enterprise_length, NULL, best_guess)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:1621: returned_pointer: Pointer "tp" returned by "__tag2oid(tag, iid, oid_arr, &oid_arr_len, NULL, best_guess)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:2411: returned_pointer: Pointer "tp" returned by "__tag2oid(tag, iid, oid_arr, &oid_arr_len, NULL, best_guess)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:1833: returned_pointer: Pointer "tp" returned by "__tag2oid(tag, iid, oid_arr, &oid_arr_len, NULL, best_guess)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:1897: returned_pointer: Pointer "val_tuple" returned by "PyTuple_New(varlist_len)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:2082: returned_pointer: Pointer "tp" returned by "__tag2oid(tag, iid, oid_arr[varlist_ind], oid_arr_len + varlist_ind, NULL, best_guess)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:2052: returned_pointer: Pointer "varbind" returned by "PyIter_Next(varlist_iter)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:4117: returned_pointer: Pointer "line" returned by "read_config_read_octet_string(line, &user->userPublicString, &user->userPublicStringLen)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:4554: returned_pointer: Pointer "cp" returned by "copy_nword(cp, buf, sizeof (buf) /*1024*/)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:4041: returned_pointer: Pointer "cptr" returned by "read_config_save_octet_string(cptr, user->userPublicString, user->userPublicStringLen)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSTCPDomain.c:938: returned_pointer: Pointer "cp" returned by "strrchr(addr_string, 58)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpUDPDomain.c:245: returned_pointer: Pointer "param" returned by "copy_nword(param, community, sizeof (community) /*257*/)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpUDPIPv6Domain.c:484: returned_pointer: Pointer "param" returned by "copy_nword(param, community, sizeof (community) /*257*/)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/vacm.c:236: returned_pointer: Pointer "cptr" returned by "read_config_save_octet_string(cptr, (u_char *)access_entry->views[2], strlen(access_entry->views[2]) + 1UL)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/vacm.c:272: returned_pointer: Pointer "cptr" returned by "read_config_save_octet_string(cptr, (u_char *)access_entry->views[authtype], strlen(access_entry->views[authtype]) + 1UL)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/vacm.c:391: returned_pointer: Pointer "cptr" returned by "read_config_save_octet_string(cptr, (u_char *)group_entry->groupName, strlen(group_entry->groupName) + 1UL)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/vacm.c:155: returned_pointer: Pointer "cptr" returned by "read_config_save_octet_string(cptr, (u_char *)view->viewMask, view->viewMaskLen)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/vacm.c:344: returned_pointer: Pointer "line" returned by "read_config_read_octet_string(line, (u_char **)¬ifyView, &len)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/vacm.c:366: returned_pointer: Pointer "line" returned by "read_config_read_octet_string(line, (u_char **)&view, &len)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/vacm.c:425: returned_pointer: Pointer "line" returned by "read_config_read_octet_string(line, (u_char **)&groupName, &len)" is never used. Error: UNUSED_VALUE (CWE-563): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/vacm.c:197: returned_pointer: Pointer "line" returned by "read_config_read_octet_string(line, &viewMask, &vptr->viewMaskLen)" is never used.
USE_AFTER_FREE
Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_dataset.c:468: freed_arg: "netsnmp_register_table_data" frees "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_data.c:435: freed_arg: "netsnmp_register_table" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table.c:158: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_dataset.c:470: deref_after_free: Dereferencing freed pointer "reginfo". jsafranek: fixed in 5.7+, 5d61e57 Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/extend.c:198: freed_arg: "netsnmp_register_table" frees "reg". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table.c:158: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/extend.c:199: deref_after_free: Dereferencing freed pointer "reg". jsafranek: fixed in 5.7+, c303549 Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/extend.c:160: freed_arg: "netsnmp_register_table_data" frees "reg". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_data.c:435: freed_arg: "netsnmp_register_table" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table.c:158: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/extend.c:161: deref_after_free: Dereferencing freed pointer "reg". jsafranek: fixed in 5.7+, c303549 Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/extend.c:178: freed_arg: "netsnmp_register_table_data" frees "reg". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_data.c:435: freed_arg: "netsnmp_register_table" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table.c:158: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/extend.c:179: deref_after_free: Dereferencing freed pointer "reg". jsafranek: fixed in 5.7+, c303549 Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrSWInstalledTable.c:143: freed_arg: "netsnmp_register_table" frees "reg". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table.c:158: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrSWInstalledTable.c:167: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. jsafranek: fixed in 5.5+, 6193676 Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrSWRunPerfTable.c:115: freed_arg: "netsnmp_register_table" frees "reg". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table.c:158: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrSWRunPerfTable.c:133: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. jsafranek: fixed in 5.5+, 6193676 Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrSWRunTable.c:128: freed_arg: "netsnmp_register_table" frees "reg". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table.c:158: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrSWRunTable.c:146: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. jsafranek: fixed in 5.5+, 6193676 Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/icmp.c:474: freed_arg: "netsnmp_register_scalar_group" frees "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/scalar_group.c:65: freed_arg: "netsnmp_register_serialize" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/serialize.c:37: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/icmp.c:480: pass_freed_arg: Passing freed pointer "reginfo" as an argument to function "netsnmp_inject_handler". jsafranek: fixed in 5.5+, e0bb09e Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/icmp.c:534: freed_arg: "netsnmp_register_table_iterator" frees "msg_stats_reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_iterator.c:273: freed_arg: "netsnmp_register_table" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table.c:158: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/icmp.c:535: pass_freed_arg: Passing freed pointer "msg_stats_reginfo" as an argument to function "netsnmp_inject_handler". jsafranek: fixed in 5.5+, e0bb09e Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/icmp.c:510: freed_arg: "netsnmp_register_table_iterator" frees "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_iterator.c:273: freed_arg: "netsnmp_register_table" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table.c:158: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/icmp.c:540: pass_freed_arg: Passing freed pointer "reginfo" as an argument to function "netsnmp_inject_handler". jsafranek: fixed in 5.5+, e0bb09e Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ip.c:161: freed_arg: "netsnmp_register_scalar_group" frees "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/scalar_group.c:65: freed_arg: "netsnmp_register_serialize" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/serialize.c:37: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ip.c:168: pass_freed_arg: Passing freed pointer "reginfo" as an argument to function "netsnmp_inject_handler". jsafranek: fixed in 5.5+, 0bdfef8 Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/mta_sendmail.c:978: freed_arg: "fclose" frees "sendmailcf_fp". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/mta_sendmail.c:978: deref_arg: Calling "fclose" dereferences freed pointer "sendmailcf_fp". jsafranek: fixed in 5.4+, 17053e3 Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerDeltaTable.c:64: freed_arg: "netsnmp_tdata_register" frees "reg". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_tdata.c:410: freed_arg: "netsnmp_container_table_register" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_container.c:352: freed_arg: "netsnmp_register_table" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table.c:158: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerDeltaTable.c:65: deref_after_free: Dereferencing freed pointer "reg". jsafranek: fixed in 5.4+, 22fd0bf Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerExistenceTable.c:64: freed_arg: "netsnmp_tdata_register" frees "reg". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_tdata.c:410: freed_arg: "netsnmp_container_table_register" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_container.c:352: freed_arg: "netsnmp_register_table" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table.c:158: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTriggerExistenceTable.c:65: deref_after_free: Dereferencing freed pointer "reg". jsafranek: fixed in 5.4+, 22fd0bf Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpAssocLocalAddrTable.c:102: freed_arg: "netsnmp_register_table" frees "reg". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table.c:158: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpAssocLocalAddrTable.c:130: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. jsafranek: fixed in 5.5+, 6193676 Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpAssocRemAddrTable.c:101: freed_arg: "netsnmp_register_table" frees "reg". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table.c:158: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpAssocRemAddrTable.c:129: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. jsafranek: fixed in 5.5+, 6193676 Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpAssocTable.c:135: freed_arg: "netsnmp_register_table" frees "reg". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table.c:158: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpAssocTable.c:166: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. jsafranek: fixed in 5.5+, 6193676 Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpLookupLocalPortTable.c:97: freed_arg: "netsnmp_register_table" frees "reg". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table.c:158: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpLookupLocalPortTable.c:125: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. jsafranek: fixed in 5.5+, 6193676 Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpLookupRemHostNameTable.c:99: freed_arg: "netsnmp_register_table" frees "reg". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table.c:158: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpLookupRemHostNameTable.c:127: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. jsafranek: fixed in 5.5+, 6193676 Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpLookupRemIPAddrTable.c:98: freed_arg: "netsnmp_register_table" frees "reg". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table.c:158: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpLookupRemIPAddrTable.c:121: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. jsafranek: fixed in 5.5+, 6193676 Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpLookupRemPortTable.c:97: freed_arg: "netsnmp_register_table" frees "reg". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table.c:158: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpLookupRemPortTable.c:120: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. jsafranek: fixed in 5.5+, 6193676 Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpLookupRemPrimIPAddrTable.c:99: freed_arg: "netsnmp_register_table" frees "reg". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table.c:158: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpLookupRemPrimIPAddrTable.c:122: double_free: Calling "netsnmp_handler_registration_free" frees pointer "reg" which has already been freed. jsafranek: fixed in 5.5+, 6193676 Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars.c:46: freed_arg: "netsnmp_register_scalar_group" frees "reginfo_params". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/scalar_group.c:65: freed_arg: "netsnmp_register_serialize" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/serialize.c:37: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars.c:48: pass_freed_arg: Passing freed pointer "reginfo_params" as an argument to function "netsnmp_inject_handler". jsafranek: fixed in 5.5+, c2c1121 Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars.c:30: freed_arg: "netsnmp_register_scalar_group" frees "reginfo_stats". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/scalar_group.c:65: freed_arg: "netsnmp_register_serialize" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/serialize.c:37: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars.c:32: pass_freed_arg: Passing freed pointer "reginfo_stats" as an argument to function "netsnmp_inject_handler". jsafranek: fixed in 5.5+, c2c1121 Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/tcp.c:123: freed_arg: "netsnmp_register_scalar_group" frees "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/scalar_group.c:65: freed_arg: "netsnmp_register_serialize" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/serialize.c:37: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/tcp.c:130: pass_freed_arg: Passing freed pointer "reginfo" as an argument to function "netsnmp_inject_handler". fixed in 5.4+, 7a37f33 Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/tcpTable.c:185: freed_arg: "netsnmp_register_table_iterator" frees "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_iterator.c:273: freed_arg: "netsnmp_register_table" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table.c:158: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/tcpTable.c:195: pass_freed_arg: Passing freed pointer "reginfo" as an argument to function "netsnmp_inject_handler". fixed in 5.4+, 7871f2b Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/udp.c:84: freed_arg: "netsnmp_register_scalar_group" frees "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/scalar_group.c:65: freed_arg: "netsnmp_register_serialize" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/serialize.c:37: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/udp.c:91: pass_freed_arg: Passing freed pointer "reginfo" as an argument to function "netsnmp_inject_handler". fixed in 5.4+, cf9465f Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/udpTable.c:165: freed_arg: "netsnmp_register_table_iterator" frees "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_iterator.c:273: freed_arg: "netsnmp_register_table" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table.c:158: freed_arg: "netsnmp_register_handler" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:305: freed_arg: "netsnmp_register_mib" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1122: freed_arg: "netsnmp_handler_registration_free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:770: freed_arg: "free" frees parameter "reginfo". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/udpTable.c:174: pass_freed_arg: Passing freed pointer "reginfo" as an argument to function "netsnmp_inject_handler". fixed in 5.4+, af9abd5 Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/ipAddressPrefixTable/ipAddressPrefixTable_data_access.c:289: freed_arg: "ipAddressPrefixTable_release_rowreq_ctx" frees "rowreq_ctx". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/ipAddressPrefixTable/ipAddressPrefixTable_interface.c:595: freed_arg: "free" frees parameter "rowreq_ctx". /builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/ipAddressPrefixTable/ipAddressPrefixTable_data_access.c:259: deref_after_free: Dereferencing freed pointer "rowreq_ctx". jsafranek: fixed in 3c3eeae Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:750: freed_arg: "se_add_pair_to_list" frees "dirname_copy". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:286: freed_arg: "free" frees parameter "label". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:754: double_free: Calling "free" frees pointer "dirname_copy" which has already been freed. jsafranek: fixed in 5.6+, c5cacf5 Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:3263: freed_arg: "netsnmp_tlstmAddr_free" frees "entry". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:3199: freed_arg: "free" frees parameter "entry". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:3264: deref_after_free: Dereferencing freed pointer "entry". magfr: Corrected in 5.6+ (c96b3b4d8530ad5e0efb03f24dab5e5f1a460031) Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:3317: freed_arg: "netsnmp_tlstmAddr_add" frees "entry". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:3263: freed_arg: "netsnmp_tlstmAddr_free" frees parameter "entry". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:3199: freed_arg: "free" frees parameter "entry". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:3318: double_free: Calling "netsnmp_tlstmAddr_free" frees pointer "entry" which has already been freed. magfr: Corrected in 5.6+ (c5978c89cde2440f4d20dadbc9d1dd8db562d56e) Error: USE_AFTER_FREE (CWE-416): /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:3053: freed_arg: "netsnmp_tlstmParams_free" frees "stp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:2988: freed_arg: "free" frees parameter "stp". /builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:3054: deref_after_free: Dereferencing freed pointer "stp". magfr: Corrected in 5.6+ (c96b3b4d8530ad5e0efb03f24dab5e5f1a460031)