I put opendkim 1.1.0 through Coverity. The report is available at
http://www.blackops.org/~msk/coverity.
I've looked at each of the things it reported. Many were false positives
but several were valid issues. Below is what I managed to find based on
the report. You're welcome to see if you disagree with any of my calls
about its findings. I've committed my fixes based on this to CVS for the
next release.
Although it found a number of them, I don't think any of the memory or
file handle leaks were regularly visible in earlier versions. They were
almost all confined to error cases, which presumably didn't happen all
that often.
Several of the checks classified as TOCTOU (time-of-check vs. time-of-use)
are filesystem race conditions, but it's all configuration data (i.e. read
once) and not live operational data (e.g. in-transit messages) so I'm not
terribly concerned about them.
Lots of the stack use items can be ignored because I did the run with a
very low (4k) stack size limit. Pretty much all modern systems can
tolerate much larger stack allocations.
I'll run it again tomorrow to see if I missed anything.
-MSK
1 dkimf_sigreport [false positive]
2 dkimf_policyreport [false positive]
3 dkimf_local_adsp dead code removed
4 ares_tokenize fixed; forgot to treat "\" as escape
5 dkim_test_adsp [false positive]
6 dkim_test_key fixed; checked wrong status after function
7 dkim_get_key_file fixed; possible NULL dereference
8 dkim_get_key_file [duplicate]
9 mlfi_negotiate fixed (reworked the code)
10 mlfi_connect fixed; possible NULL dereference
11 main [false positive]
12 dkim_siglist_setup [false positive]
13 dkim_sig_process [false positive]
14 dkim_siglist_setup [false positive]
15 dkim_get_key [false positive]
16 /usr/include/regex.h [out of scope]
17 unknown [false positive]
18 unknown [false positive]
19 /usr/include/openssl/pkcs7.h
[out of scope]
20 /usr/include/openssl/ssl3.h
[out of scope]
21 dkim_name_to_code ignored
22 dkim_name_to_code ignored
23 dkimf_crypto_dyn_create fixed memory leak
24 config_load_level fixed file handle leak
25 dkim_test_key fixed memory leak
26 dkim_canon_selecthdrs fixed memory leak
27 dkim_gensighdr fixed memory leak
28 dkimf_config_load fixed file handle leak
29 dkimf_config_load fixed file handle leak
30 dkimf_config_load fixed file handle leak
31 dkim_tmpfile ignored
32 main ignored
33 dkimf_base64_encode_file
ignored
34 dkimf_testfile ignored
35 dkimf_testfile ignored
36 dkim_get_policy_dns ignored
37 dkim_get_policy_dns_excheck
ignored
38 dkim_get_policy_dns_excheck
ignored
39 dkim_get_policy_dns_excheck
ignored
40 dkim_get_key_dns ignored
41 dkim_test_dns_get ignored
42 dkimf_testfile ignored
43 dkim_sig_hdrlistok ignored
44 ares_parse ignored
45 mlfi_eom ignored
46 mlfi_eom ignored
47 mlfi_eom ignored
48 dkimf_config_reload ignored
49 dkimf_config_load ignored
50 dkimf_loadkeys ignored
51 dkimf_loadkeys ignored
52 dkim_header ignored
53 dkim_eom_sign ignored
54 dkim_gensighdr ignored
55 dkim_gensighdr ignored
56 main ignored
57 dkim_tmpfile ignored
58 dkimf_base64_encode_file
ignored
59 dkim_get_policy_dns ignored
60 dkimf_testfile ignored
61 main ignored
62 mlfi_eom ignored
63 dkimf_base64_encode_file
ignored
64 main ignored
65 dkimf_config_load ignored
66 dkimf_config_load ignored
67 dkimf_config_load ignored
68 ares_parse [false positive]
69 dkim_key_smtp [false positive]
70 dkim_key_granok [false positive]
71 dkim_siglist_setup [false positive]
72 dkim_siglist_setup [false positive]
73 dkim_header [false positive]
74 mlfi_negotiate fixed by earlier rewrite
75 dkimf_freekeys fix double-free()
76 dkim_dstring_printf fix memory leak
Received on Fri Sep 18 2009 - 03:05:01 PST