New Defects reported by Coverity Scan for ntpsec

[countkase at yahoo.com]

On Wednesday, March 16, 2022, 01:09:59 PM PDT, Gary E. Miller via devel <devel at ntpsec.org> wrote:

Yo All!

New coverity found defect in NTPsec.

See below.

It can't really be new. Hal was the last person near there a year ago the 24th. Either covertity is pushing more stuff or the noise floor lowered enough to expose that, whatever it is.

My webmail seems to be garbage and the report is nearly as bad.

Begin forwarded message:

Please find the latest report on new defect(s) introduced to ntpsec
found with Coverity Scan.

1 new defect(s) introduced to ntpsec found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 349664:  Uninitialized variables  (UNINIT)


________________________________________________________________________________________________________
*** CID 349664:  Uninitialized variables  (UNINIT)
/tests/ntpd/nts_client.c: 122 in
TEST_nts_client_nts_client_process_response_core_() 116
    0x80, nts_new_cookie, 0, 8, 1, 2, 3, 4, 5, 6, 7, 8, 117
        /* server_negotiation skipped due to getaddrinfo()
containment breach */ 118            0x80,
nts_port_negotiation, 0, 2, 0, 3, 119            0x80,
nts_end_of_message, 0, 0 120        }; 121        /* run */
>>>    CID 349664:  Uninitialized variables  (UNINIT)
>>>    Using uninitialized value "peer.srcadr" when calling
>>> "nts_client_process_response_core".  
122        success = nts_client_process_response_core(buf0,
sizeof(buf0), &peer); 123        /* check */
124        TEST_ASSERT_EQUAL(true, success);
125        TEST_ASSERT_EQUAL_INT16(AEAD_AES_SIV_CMAC_256,
peer.nts_state.aead); 126        TEST_ASSERT_EQUAL_INT32(8,
peer.nts_state.cookielen); 127        TEST_ASSERT_EQUAL_INT8(1,
peer.nts_state.cookies[0][0]);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp8Ldxo61EGGRiTZ6U-2Bjg3sA07-2BBpfNSmUdAWFIW4-2FfVHYSy8cV7mYfZsABp8TO5F4-3DjMwg_V4vXdTh-2BxT-2BxCKbyFfrSoP7IYJKibTqYyKHgATb-2BpYZS-2FWAmCwblwmm8OcEIl6rwptgxCXQw8DeLi3jMzJ0Ec2uQGrvTHiyT6WJjvJ8OvJIHuVm4WHhe-2BcrRqlFkHWXlMqEgTM-2BeF7kt9bKBa-2FIvADI1y13fvqPKbRdFIZSeVcua8J3HFm7RKgR-2FfDsa3H-2FOV5xPhCsZTT6emXTwZ-2B5jog-3D-3D

  To manage Coverity Scan email notifications for "gem at rellim.com",
  click
  https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXx7Tfqjjbls0cEjccfNLTtXEyJGZ4VdMsA5BAyVQQG3-2BhiayktbDtQ9xydmCGCqXM-2FiCfaecVOZTo8suXWaB1cwto7f0wTnlZytc1QYkzBIo8-3DjF1g_V4vXdTh-2BxT-2BxCKbyFfrSoP7IYJKibTqYyKHgATb-2BpYZS-2FWAmCwblwmm8OcEIl6rwXXxfomDL5d4K9aapJ8FcOsqqb5zd2yMSNgtK221QuiXgR7tmqseRzvquUgRSaY3Qb17dEjt-2F8P1VYncR0LVXUkkvoGxsL5JZuNZOkz-2BPwjB46Boo1leo3ugTdcZUwzKANXYyje31ZbO0eRLHnHYJSg-3D-3D