#3719 closed defect (fixed)

Update libcrypt to latest FreeBSD to address Coverity Scan Issues

Reported by: Joel Sherrill Owned by: Sebastian Huber
Priority: normal Milestone: 6.1
Component: lib Version: 5
Severity: normal Keywords: qualification
Cc: Blocked By:


Coverity issues 1018087, 1018088, 1018089, and 1018090 all appear to be addressed in the latest source code for libcrypt from FreeBSD. This code needs to be updated. This is one of the issues (1018087) in crypt-sha512.c from Scan but the same issues are in sha256.c

275        if (copied_key != NULL)
   	CID 1018088: 'Constant' variable guards dead code (DEADCODE) [select issue]
276                memset(copied_key, '\0', key_len);
   	null: At condition copied_salt != NULL, the value of copied_salt must be NULL.
   	dead_error_condition: The condition copied_salt != NULL cannot be true.
277        if (copied_salt != NULL)
CID 1018087 (#1 of 1): 'Constant' variable guards dead code (DEADCODE)
dead_error_line: Execution cannot reach this statement: memset(copied_salt, 0, salt....
   	Local variable copied_salt is assigned only once, to a constant value, making it effectively constant throughout its scope. If this is not the intent, examine the logic to see if there is a missing assignment that would make copied_salt not remain constant.
278                memset(copied_salt, '\0', salt_len);

Change History (4)

comment:1 Changed on 12/19/19 at 08:07:34 by Sebastian Huber

Milestone: 5.16.1

comment:2 Changed on 09/09/22 at 04:51:17 by Sebastian Huber

Resolution: fixed
Status: assignedclosed

This should be fixed now.

comment:3 Changed on 09/22/22 at 06:17:18 by Sebastian Huber <sebastian.huber@…>

In ade8d99/rtems:

build: Install SHA header files

Update #3719.

comment:4 Changed on 10/31/23 at 11:46:50 by Sebastian Huber

Keywords: qualification added
Note: See TracTickets for help on using tickets.