#3719 assigned defect

Update libcrypt to latest FreeBSD to address Coverity Scan Issues

Reported by: Joel Sherrill Owned by: Sebastian Huber
Priority: normal Milestone: 5.1
Component: lib Version: 5
Severity: normal Keywords:
Cc: Blocked By:
Blocking:

Description

Coverity issues 1018087, 1018088, 1018089, and 1018090 all appear to be addressed in the latest source code for libcrypt from FreeBSD. This code needs to be updated. This is one of the issues (1018087) in crypt-sha512.c from Scan but the same issues are in sha256.c

275        if (copied_key != NULL)
   	CID 1018088: 'Constant' variable guards dead code (DEADCODE) [select issue]
276                memset(copied_key, '\0', key_len);
   	null: At condition copied_salt != NULL, the value of copied_salt must be NULL.
   	dead_error_condition: The condition copied_salt != NULL cannot be true.
277        if (copied_salt != NULL)
   	
CID 1018087 (#1 of 1): 'Constant' variable guards dead code (DEADCODE)
dead_error_line: Execution cannot reach this statement: memset(copied_salt, 0, salt....
   	Local variable copied_salt is assigned only once, to a constant value, making it effectively constant throughout its scope. If this is not the intent, examine the logic to see if there is a missing assignment that would make copied_salt not remain constant.
278                memset(copied_salt, '\0', salt_len);

Change History (0)

Note: See TracTickets for help on using tickets.