Fw: New Defects reported by Coverity Scan for ntpsec

James Browning jamesb.fe80 at gmail.com
Mon Jan 25 23:21:10 UTC 2021


On Mon, Jan 25, 2021 at 12:03 PM Gary E. Miller via devel <devel at ntpsec.org>
wrote:

> Yo All!
>
> New coverity defects in ntpd.  See below.



> Date: Sun, 24 Jan 2021 07:29:27 +0000 (UTC)
> From: scan-admin at coverity.com
> To: gem at rellim.com
> Subject: New Defects reported by Coverity Scan for ntpsec
>


> 4 new defect(s) introduced to ntpsec found with Coverity Scan.



> ** CID 316495:  Insecure data handling  (TAINTED_SCALAR)
> /ntpd/ntp_scanner.c: 185 in lex_getch()
>

last touched 'Tue Jun 16 08:26:12 2020 -0400'


> *** CID 316494:  Insecure data handling  (TAINTED_SCALAR)
> /tests/common/tests_main.c: 96 in main()
>

last touched 'Thu Apr 9 03:08:24 2020 -0700'


> *** CID 316493:  Uninitialized variables  (UNINIT)
> /ntpd/refclock_generic.c: 2865 in parse_start()


last touched 'Fri Feb 14 21:49:45 2020 -0800'


> *** CID 316492:  Uninitialized variables  (UNINIT)
> /ntpd/refclock_oncore.c: 1887 in oncore_get_timestamp()


last touched 'Mon Aug 19 20:00:55 2019 -0400'

Someone twisted a knob somewhere and needs a wedgie. Also, the bugs need
adjusting as well.

I think some of those knobs should be turned down. The worst raft of errors
comes from ESlint for javascript that should be voted out of the tree and
then the next tier for C strings existing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20210125/9ea25cec/attachment.htm>


More information about the devel mailing list