bug-gnulib
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Coverity false positives triggered by gnulib's implementation of base64

From: Kamil Dudka
Subject: Coverity false positives triggered by gnulib's implementation of base64
Date: Tue, 07 May 2019 16:22:34 +0200 
Coverity Analysis 2019.03 incorrectly marks the input argument 
of base64_encode(), and conseuqnetly base64_encode_alloc(), as
tainted_data_sink because it sees byte-level operations on the input.

It triggered the following false positives in the cryptsetup project:

Error: TAINTED_SCALAR:
lib/luks2/luks2_digest_pbkdf2.c:117: tainted_data_argument: Calling function 
"crypt_random_get" taints argument "salt".
lib/luks2/luks2_digest_pbkdf2.c:157: tainted_data: Passing tainted variable 
"salt" to a tainted sink.

Error: TAINTED_SCALAR:
lib/luks2/luks2_keyslot_luks2.c:445: tainted_data_argument: Calling function 
"crypt_random_get" taints argument "salt".
lib/luks2/luks2_keyslot_luks2.c:448: tainted_data: Passing tainted variable 
"salt" to a tainted sink.


... but it can affect other gnulib-based projects, too.  Would it be
possible to apply the following one-line patch on gnulib source code
to suppress this class of false positives in gnulib-based projects?

https://gitlab.com/cryptsetup/cryptsetup/commit/75b2610e

Thanks in advance for considering it!

Kamil
reply via email to
[Prev in Thread] Current Thread [Next in Thread]