certmonger

#174 covscan and clang issues to investigate
Opened by rcritten. Modified

Open
Close Issue

Resource Leak

1. Defect type: RESOURCE_LEAK
8. certmonger-0.79.13/src/ipa.c:719: alloc_arg: "parse_json_result" allocates memory that is stored into "error_message".
17. certmonger-0.79.13/src/ipa.c:679: leaked_storage: Variable "error_message" going out of scope leaks the storage it points to.
#   677|    if (!json_str) {
#   678|        cm_log(0, "json_dumps() failed\n");
#   679|->      return CM_SUBMIT_STATUS_UNCONFIGURED;
#   680|    }
#   681|   
Collapse
2. Defect type: RESOURCE_LEAK
8. certmonger-0.79.13/src/ipa.c:719: alloc_arg: "parse_json_result" allocates memory that is stored into "error_message".
16. certmonger-0.79.13/src/ipa.c:673: leaked_storage: Variable "error_message" going out of scope leaks the storage it points to.
#   671|    if (!json_req) {
#   672|        cm_log(0, "json_pack_ex() failed: %s\n", j_error.text);
#   673|->      return CM_SUBMIT_STATUS_UNCONFIGURED;
#   674|    }
#   675|    json_str = json_dumps(json_req, 0);
Collapse
3. Defect type: RESOURCE_LEAK
1. certmonger-0.79.13/src/casave.c:99: alloc_fn: Storage is returned from allocation function "fdopen".
2. certmonger-0.79.13/src/casave.c:99: var_assign: Assigning: "fp" = storage returned from "fdopen(fd, "w")".
8. certmonger-0.79.13/src/casave.c:169: leaked_storage: Variable "fp" going out of scope leaks the storage it points to.
#   167|        if (PK11_NeedLogin(slot)) {
#   168|            cm_log(0, "NSS database %s requires login\n", state->nssdb);
#   169|->              return CM_CERTSAVE_STATUS_INTERNAL_ERROR;
#   170|        }
#   171|        for (i = 0; state->certs[i] != NULL; i++) {

Wrong Check of Return Value

Collapse
1. Defect type: CHECKED_RETURN
24. certmonger-0.79.13/src/submit-h.c:188: check_return: Calling "curl_easy_setopt(ctx->curl, _curl_opt, ":")" without checking return value. This library function may fail and return an error code.
#   186|                     CURLOPT_HTTPAUTH,
#   187|                     CURLAUTH_NEGOTIATE);
#   188|->          curl_easy_setopt(ctx->curl, CURLOPT_USERPWD, ":");
#   189|   #else
#   190|            cm_log(-1,
Collapse
2. Defect type: CHECKED_RETURN
23. certmonger-0.79.13/src/submit-h.c:185: check_return: Calling "curl_easy_setopt(ctx->curl, _curl_opt, 4UL)" without checking return value. This library function may fail and return an error code.
#   183|        if (ctx->negotiate == cm_submit_h_negotiate_on) {
#   184|   #if defined(CURLAUTH_NEGOTIATE)
#   185|->          curl_easy_setopt(ctx->curl,
#   186|                     CURLOPT_HTTPAUTH,
#   187|                     CURLAUTH_NEGOTIATE);

Compiler Warnings

Expand
1. Defect type: COMPILER_WARNING
2. certmonger-0.79.13/src/pkcs7.c:935:7: warning[-Wunused-variable]: unused variable 'error'
Expand
2. Defect type: COMPILER_WARNING
1. certmonger-0.79.13/src/pkcs7.c:933:11: warning[-Wunused-variable]: unused variable 'buf'
Expand
3. Defect type: COMPILER_WARNING
1. certmonger-0.79.13/src/ipa.c:866:53: warning[-Wunused-parameter]: unused parameter 'pwd'
Expand
4. Defect type: COMPILER_WARNING
2. certmonger-0.79.13/src/ipa.c:866:36: warning[-Wunused-parameter]: unused parameter 'uid'
Expand
5. Defect type: COMPILER_WARNING
2. certmonger-0.79.13/src/dogtag.c:124:21: warning[-Wunused-variable]: unused variable 'csre'
Expand
6. Defect type: COMPILER_WARNING
1. certmonger-0.79.13/src/certread-n.c:255:4: warning[-Wmaybe-uninitialized]: 'token' may be used uninitialized in this function
Expand
7. Defect type: COMPILER_WARNING
2. certmonger-0.79.13/src/casave.c:93:11: warning[-Wunused-variable]: unused variable 'items'

Clang

Expand
1. Defect type: CLANG_WARNING
1. certmonger-0.79.13/tests/tools/addcinfo.c:78:4: warning[unix.Malloc]: Potential leak of memory pointed to by 'buffer'
Expand
2. Defect type: CLANG_WARNING
1. certmonger-0.79.13/src/tdbus.c:760:2: warning[deadcode.DeadStores]: Value stored to 'exit_on_disconnect' is never read
Expand
3. Defect type: CLANG_WARNING
1. certmonger-0.79.13/src/ipa.c:947:2: warning[unix.Malloc]: Argument to free() is the address of a global variable, which is not memory allocated by malloc()
Expand
4. Defect type: CLANG_WARNING
1. certmonger-0.79.13/src/ipa.c:672:3: warning[unix.Malloc]: Potential leak of memory pointed to by 'error_message'
Expand
5. Defect type: CLANG_WARNING
1. certmonger-0.79.13/src/dogtag.c:558:13: warning[unix.Malloc]: Potential leak of memory pointed to by 'csr'
Expand
6. Defect type: CLANG_WARNING
1. certmonger-0.79.13/src/certread-n.c:255:4: warning[core.CallAndMessage]: 3rd function call argument is an uninitialized value
Metadata
None
None
None
None
None
Static archive. pagure.io was sunset in 2026; this is a read-only snapshot.
Red Hat Logo

Fedora is sponsored by Red Hat. Learn more about the relationship between Red Hat and Fedora »

© Red Hat, Inc. and others.