Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Static Analysis Issues #514

Open
ashman-p opened this issue Sep 10, 2024 · 1 comment
Open

Static Analysis Issues #514

ashman-p opened this issue Sep 10, 2024 · 1 comment
Labels
bug Something isn't working help wanted Extra attention is needed

Comments

@ashman-p
Copy link
Contributor

Describe the bug
A clear and concise description of what the bug is.
Coverity SA tool reports a number of issues
I have triaged and classified most. The 'New' ones i have not looked at yet.
I plan to submit PRs for as many as I can.

Type Impact Status Classification Severity File. Function
1 Uninitialized pointer read High New Unclassified Unspecified Memory - illegal accesses test/oqs_test_groups.c test_group
2 Resource leak High New Unclassified Unspecified Resource leaks oqsprov/oqs_encode_key2any.c oqsx_pki_priv_to_der
3 Resource leak High New Unclassified Unspecified Resource leaks oqsprov/oqs_encode_key2any.c oqsx_pki_priv_to_der
4 Out-of-bounds read High Triaged Bug Minor Memory - illegal accesses oqsprov/oqsprov.c get_composite_idx
5 Resource leak High New Unclassified Unspecified Resource leaks oqsprov/oqs_encode_key2any.c oqsx_pki_priv_to_der
6 Resource leak High New Unclassified Unspecified Resource leaks oqsprov/oqs_encode_key2any.c oqsx_pki_priv_to_der
7 Logically dead code Medium Triaged Bug Minor Control flow issues oqsprov/oqs_sig.c oqs_sig_sign
8 Dereference after null check Medium Triaged Bug Moderate Null pointer dereferences oqsprov/oqs_kmgmt.c oqsx_get_hybrid_params
9 Dereference after null check Medium Triaged Bug Minor Null pointer dereferences test/oqs_test_evp_pkey_params.c main
10 Logically dead code Medium Triaged Bug Minor Control flow issues oqsprov/oqs_kem.c oqs_qs_kem_encaps_keyslot
11 Logically dead code Medium Triaged Bug Minor Control flow issues oqsprov/oqs_kem.c oqs_qs_kem_encaps_keyslot
12 Dereference before null check Medium Triaged Bug Minor Null pointer dereferences oqsprov/oqs_kem.c oqs_qs_kem_decaps_keyslot
13 Dereference before null check Medium Triaged Bug Minor Null pointer dereferences oqsprov/oqs_kem.c oqs_qs_kem_encaps_keyslot
14 Dereference after null check Medium Triaged Bug Moderate Null pointer dereferences oqsprov/oqsprov_keys.c oqsx_key_new
15 Explicit null dereferenced Medium New Unclassified Unspecified Null pointer dereferences oqsprov/oqsprov.c OSSL_provider_init
16 Incorrect sizeof expression Medium New Unclassified Unspecified Incorrect expression oqsprov/oqsprov.c OSSL_provider_init
17 Dereference before null check Medium Triaged Bug Minor Null pointer dereferences oqsprov/oqs_kem.c oqs_qs_kem_encaps_keyslot
18 Dereference before null check Medium Triaged Bug Minor Null pointer dereferences oqsprov/oqs_kem.c oqs_qs_kem_decaps_keyslot
19 Dead default in switch Low Triaged Bug Minor Possible Control flow issues oqsprov/oqs_sig.c oqs_sig_sign
20 Dead default in switch Low Triaged Bug Minor Possible Control flow issues oqsprov/oqs_sig.c oqs_sig_verify

To Reproduce
Steps to reproduce the behavior:

  1. Go to '...'
  2. Click on '....'
  3. Scroll down to '....'
  4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Environment (please complete the following information):

  • OS: [e.g. Ubuntu 20]
  • OpenSSL version [e.g., 3.2.0-dev]
  • oqsprovider version [e.g. 0.4.0]

Please run the following commands to obtain the version information:

  • For OpenSSL: openssl version
  • For oqsprovider: openssl list -providers

If oqsprovider is not listed as active, be sure to first follow all
USAGE guidance.

If reporting bugs triggered by OpenSSL API integrations, e.g. running
a provider build statically
or directly invoking any OpenSSL API, be sure to retrieve and report all errors
reported by using the OpenSSL ERR_get_error_all
function.

Bug reports generated from Debug builds
wth the debug environment variable "OQSPROV=1" set will be particularly helpful to find underlying
problems.

Additional context
Add any other context about the problem here.

Hints
To exclude a build/setup error, please consider running your test
commands to reproduce the problem in our pre-build docker image,
e.g. as such: docker run -it openquantumsafe/oqs-ossl3 and
provide full command input and output traces in the bug report.
@ashman-p ashman-p added the bug Something isn't working label Sep 10, 2024
@baentsch
Copy link
Member

Excellent -- Thanks very much @ashman-p for putting this together! Would you mind doing a (draft) PR already setting up this testing in GH CI (knowing it's going to fail)? This way, a) we can track progress and b) can allow others to cooperate (@dehatideep offered to do the same a few days ago in our discussion on cncf/tag-security#1333).

@baentsch baentsch added the help wanted Extra attention is needed label Sep 10, 2024
@baentsch baentsch mentioned this issue Sep 12, 2024
Merged
@dehatideep dehatideep mentioned this issue Sep 16, 2024
Closed
13 tasks
@dehatideep dehatideep mentioned this issue Sep 24, 2024
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
bug Something isn't working help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ashman-p @baentsch