Scan Results

List of Findings

Error: DC.WEAK_CRYPTO (CWE-676): [#def1]
/pacemaker/daemons/fenced/fenced_commands.c:694: dont_call: "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
/pacemaker/daemons/fenced/fenced_commands.c:694: remediation: Use a compliant random number generator, such as "/dev/random" or "/dev/urandom" on Unix-like systems, and CNG (Cryptography API: Next Generation) on Windows.

Error: INTEGER_OVERFLOW (CWE-190): [#def2]
/pacemaker/lib/cib/cib_file.c:814: tainted_data_argument: The value returned in "seq" is considered tainted.
/pacemaker/lib/cib/cib_file.c:814: path: Condition "pcmk__read_series_sequence(cib_dirname, "cib", &seq) != pcmk_rc_ok", taking false branch.
/pacemaker/lib/cib/cib_file.c:819: underflow: The cast of "seq" to a signed type could result in a negative number.

Error: INTEGER_OVERFLOW (CWE-190): [#def3]
/pacemaker/daemons/attrd/attrd_utils.c:171: path: Condition "value[6 /* 5 + 1 */] != '+'", taking true branch.
/pacemaker/daemons/attrd/attrd_utils.c:174: tainted_data_return: Called function "char2score(offset_s)", and a possible return value may be less than zero.
/pacemaker/daemons/attrd/attrd_utils.c:174: assign: Assigning: "offset" = "char2score(offset_s)".
/pacemaker/daemons/attrd/attrd_utils.c:176: overflow: The expression "int_value" is considered to have possibly overflowed.
/pacemaker/daemons/attrd/attrd_utils.c:178: path: Condition "int_value > 1000000", taking false branch.
/pacemaker/daemons/attrd/attrd_utils.c:181: return_overflow: "int_value", which might have overflowed, is returned from the function.

Error: INTEGER_OVERFLOW (CWE-190): [#def4]
/pacemaker/lib/common/iso8601.c:883: path: Condition "pcmk__str_empty(date_str)", taking false branch.
/pacemaker/lib/common/iso8601.c:888: path: Condition "date_str[0] == 'T'", taking false branch.
/pacemaker/lib/common/iso8601.c:888: path: Condition "date_str[2] == ':'", taking false branch.
/pacemaker/lib/common/iso8601.c:901: path: Condition "!strncasecmp("epoch", date_str, 5)", taking true branch.
/pacemaker/lib/common/iso8601.c:901: path: Condition "date_str[5] == 0", taking false branch.
/pacemaker/lib/common/iso8601.c:901: path: Condition "date_str[5] == '/'", taking false branch.
/pacemaker/lib/common/iso8601.c:901: path: Condition "*__ctype_b_loc()[(int)date_str[5]] & 8192 /* (unsigned short)_ISspace */", taking false branch.
/pacemaker/lib/common/iso8601.c:911: path: Condition "rc == 1", taking true branch.
/pacemaker/lib/common/iso8601.c:915: path: Condition "rc == 3", taking false branch.
/pacemaker/lib/common/iso8601.c:936: path: Condition "rc == 2", taking false branch.
/pacemaker/lib/common/iso8601.c:952: path: Condition "rc == 3", taking true branch.
/pacemaker/lib/common/iso8601.c:953: path: Condition "week > crm_time_weeks_in_year(year)", taking false branch.
/pacemaker/lib/common/iso8601.c:958: path: Condition "day < 1", taking false branch.
/pacemaker/lib/common/iso8601.c:958: path: Condition "day > 7", taking false branch.
/pacemaker/lib/common/iso8601.c:974: tainted_data_return: Called function "crm_time_january1_weekday(year)", and a possible return value may be less than zero.
/pacemaker/lib/common/iso8601.c:974: assign: Assigning: "jan1" = "crm_time_january1_weekday(year)".
/pacemaker/lib/common/iso8601.c:976: path: Switch case default.
/pacemaker/lib/common/iso8601.c:976: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/common/iso8601.c:976: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/common/iso8601.c:976: path: Breaking from switch.
/pacemaker/lib/common/iso8601.c:982: path: Condition "jan1 <= 4", taking true branch.
/pacemaker/lib/common/iso8601.c:983: overflow: The expression "1 - jan1" is considered to have possibly overflowed.
/pacemaker/lib/common/iso8601.c:983: overflow_sink: "1 - jan1", which might be negative, is passed to "crm_time_add_days(dt, 1 - jan1)".
/pacemaker/lib/common/iso8601.c:1573: path: Switch case default.
/pacemaker/lib/common/iso8601.c:1573: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/common/iso8601.c:1573: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/common/iso8601.c:1573: path: Breaking from switch.
/pacemaker/lib/common/iso8601.c:1575: parm_assign: Assigning: "a_time->days" += "extra", which taints "a_time->days".
/pacemaker/lib/common/iso8601.c:1576: loop_bound_upper: Using tainted expression "a_time->days" as a loop boundary.

Error: NULL_FIELD (CWE-476): [#def5]
/pacemaker/lib/cib/cib_utils.c:947: null_field: Reading field "delegate_fn", which is expected to possibly be "NULL" in "cib->delegate_fn" (checked 17 out of 18 times).
/pacemaker/lib/cib/cib_utils.c:947: alias_transfer: Assigning: "delegate" = "cib->delegate_fn".
/pacemaker/lib/cib/cib_utils.c:952: path: Condition "user_name == NULL", taking true branch.
/pacemaker/lib/cib/cib_utils.c:956: dereference: Dereferencing "delegate", which is known to be "NULL".
/pacemaker/lib/cib/cib_client.c:316: example_checked: Example 1: "cib->delegate_fn" has its value checked in "cib->delegate_fn == NULL".
/pacemaker/lib/cib/cib_client.c:346: example_checked: Example 2: "cib->delegate_fn" has its value checked in "cib->delegate_fn == NULL".
/pacemaker/lib/cib/cib_client.c:370: example_checked: Example 3: "cib->delegate_fn" has its value checked in "cib->delegate_fn == NULL".
/pacemaker/lib/cib/cib_client.c:378: example_checked: Example 4: "cib->delegate_fn" has its value checked in "cib->delegate_fn == NULL".
/pacemaker/lib/cib/cib_client.c:426: example_checked: Example 5: "cib->delegate_fn" has its value checked in "cib->delegate_fn == NULL".

Error: NULL_FIELD (CWE-476): [#def6]
/pacemaker/daemons/fenced/fenced_remote.c:1538: path: Condition "pcmk_all_flags_set(op->call_options, st_opt_topology)", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1538: path: Condition "tp", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1544: path: Condition "pcmk__str_eq(op->action, "on", pcmk__str_none)", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1544: path: Condition "op->automatic_list != NULL", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1556: path: Condition "i < 10", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1557: path: Condition "!tp->levels[i]", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1558: path: Continuing loop.
/pacemaker/daemons/fenced/fenced_remote.c:1556: path: Condition "i < 10", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1557: path: Condition "!tp->levels[i]", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1558: path: Continuing loop.
/pacemaker/daemons/fenced/fenced_remote.c:1556: path: Condition "i < 10", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1557: path: Condition "!tp->levels[i]", taking false branch.
/pacemaker/daemons/fenced/fenced_remote.c:1560: path: Condition "device_list", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1564: path: Condition "stonith_watchdog_timeout_ms > 0", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1564: path: Condition "pcmk__is_fencing_action(op->action)", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1564: path: Condition "pcmk__str_eq(device_list->data, "watchdog", pcmk__str_none)", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1564: path: Condition "node_does_watchdog_fencing(op->target)", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1570: path: Continuing loop.
/pacemaker/daemons/fenced/fenced_remote.c:1560: path: Condition "device_list", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1564: path: Condition "stonith_watchdog_timeout_ms > 0", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1564: path: Condition "pcmk__is_fencing_action(op->action)", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1564: path: Condition "pcmk__str_eq(device_list->data, "watchdog", pcmk__str_none)", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1564: path: Condition "node_does_watchdog_fencing(op->target)", taking false branch.
/pacemaker/daemons/fenced/fenced_remote.c:1573: path: Condition "iter != NULL", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1576: path: Condition "auto_list", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1579: path: Condition "match", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1584: path: Condition "find_peer_device(op, peer, device_list->data, fenced_support_flag(op->action))", taking false branch.
/pacemaker/daemons/fenced/fenced_remote.c:1591: path: Jumping back to the beginning of the loop.
/pacemaker/daemons/fenced/fenced_remote.c:1573: path: Condition "iter != NULL", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1576: path: Condition "auto_list", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1579: path: Condition "match", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1584: path: Condition "find_peer_device(op, peer, device_list->data, fenced_support_flag(op->action))", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1589: path: Breaking from loop.
/pacemaker/daemons/fenced/fenced_remote.c:1592: path: Jumping back to the beginning of the loop.
/pacemaker/daemons/fenced/fenced_remote.c:1560: path: Condition "device_list", taking false branch.
/pacemaker/daemons/fenced/fenced_remote.c:1593: path: Jumping back to the beginning of the loop.
/pacemaker/daemons/fenced/fenced_remote.c:1556: path: Condition "i < 10", taking false branch.
/pacemaker/daemons/fenced/fenced_remote.c:1596: path: Condition "auto_list", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1597: path: Condition "iter != NULL", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1600: path: Condition "iter2 != NULL", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1602: path: Condition "find_peer_device(op, peer, iter->data, st_device_supports_on)", taking false branch.
/pacemaker/daemons/fenced/fenced_remote.c:1607: path: Jumping back to the beginning of the loop.
/pacemaker/daemons/fenced/fenced_remote.c:1600: null_field: Reading field "next", which is expected to possibly be "NULL" in "iter2->next" (checked 466 out of 467 times).
/pacemaker/daemons/fenced/fenced_remote.c:1600: alias_transfer: Assigning: "iter" = "iter2->next".
/pacemaker/daemons/fenced/fenced_remote.c:1600: path: Condition "iter2 != NULL", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1602: dereference: Dereferencing "iter", which is known to be "NULL".
/pacemaker/daemons/attrd/attrd_sync.c:417: example_checked: Example 1: "node->next" has its value checked in "node != NULL".
/pacemaker/daemons/controld/controld_cib.c:504: example_checked: Example 2: "iter->next" has its value checked in "iter != NULL".
/pacemaker/daemons/controld/controld_control.c:208: example_checked: Example 3: "iter->next" has its value checked in "iter != NULL".
/pacemaker/daemons/controld/controld_execd.c:1791: example_checked: Example 4: "state_entry->next" has its value checked in "state_entry != NULL".
/pacemaker/daemons/controld/controld_fencing.c:355: example_checked: Example 5: "iter->next" has its value checked in "iter != NULL".

Error: NULL_FIELD (CWE-476): [#def7]
/pacemaker/lib/pengine/bundle.c:992: path: Condition "!(rsc != NULL)", taking false branch.
/pacemaker/lib/pengine/bundle.c:993: path: Switch case default.
/pacemaker/lib/pengine/bundle.c:993: path: Condition "trace_tag_cs == NULL", taking true branch.
/pacemaker/lib/pengine/bundle.c:993: path: Condition "crm_is_callsite_active(trace_tag_cs, _level, converted_tag)", taking false branch.
/pacemaker/lib/pengine/bundle.c:1000: path: Condition "xml_obj != NULL", taking true branch.
/pacemaker/lib/pengine/bundle.c:1002: path: Falling through to end of if statement.
/pacemaker/lib/pengine/bundle.c:1018: path: Condition "value == NULL", taking true branch.
/pacemaker/lib/pengine/bundle.c:1026: path: Condition "value == NULL", taking true branch.
/pacemaker/lib/pengine/bundle.c:1026: path: Condition "bundle_data->promoted_max > 0", taking false branch.
/pacemaker/lib/pengine/bundle.c:1039: path: Condition "bundle_data->nreplicas_per_host == 1", taking true branch.
/pacemaker/lib/pengine/bundle.c:1049: path: Condition "xml_obj", taking true branch.
/pacemaker/lib/pengine/bundle.c:1056: path: Condition "crm_str_to_boolean(value, &bundle_data->add_host) != 1", taking true branch.
/pacemaker/lib/pengine/bundle.c:1060: path: Condition "xml_child != NULL", taking true branch.
/pacemaker/lib/pengine/bundle.c:1066: path: Condition "port->source == NULL", taking false branch.
/pacemaker/lib/pengine/bundle.c:1072: path: Condition "port->source != NULL", taking true branch.
/pacemaker/lib/pengine/bundle.c:1072: path: Condition "strlen(port->source) > 0", taking true branch.
/pacemaker/lib/pengine/bundle.c:1073: path: Condition "port->target == NULL", taking false branch.
/pacemaker/lib/pengine/bundle.c:1078: path: Falling through to end of if statement.
/pacemaker/lib/pengine/bundle.c:1082: path: Jumping back to the beginning of the loop.
/pacemaker/lib/pengine/bundle.c:1060: path: Condition "xml_child != NULL", taking false branch.
/pacemaker/lib/pengine/bundle.c:1086: path: Condition "xml_child != NULL", taking true branch.
/pacemaker/lib/pengine/bundle.c:1094: path: Condition "source == NULL", taking true branch.
/pacemaker/lib/pengine/bundle.c:1100: path: Condition "source", taking true branch.
/pacemaker/lib/pengine/bundle.c:1100: path: Condition "target", taking true branch.
/pacemaker/lib/pengine/bundle.c:1102: path: Condition "strcmp(target, "/var/log") == 0", taking true branch.
/pacemaker/lib/pengine/bundle.c:1105: path: Falling through to end of if statement.
/pacemaker/lib/pengine/bundle.c:1108: path: Jumping back to the beginning of the loop.
/pacemaker/lib/pengine/bundle.c:1086: path: Condition "xml_child != NULL", taking true branch.
/pacemaker/lib/pengine/bundle.c:1094: path: Condition "source == NULL", taking true branch.
/pacemaker/lib/pengine/bundle.c:1100: path: Condition "source", taking true branch.
/pacemaker/lib/pengine/bundle.c:1100: path: Condition "target", taking false branch.
/pacemaker/lib/pengine/bundle.c:1106: path: Condition "pcmk__config_error_handler == NULL", taking true branch.
/pacemaker/lib/pengine/bundle.c:1106: path: Falling through to end of if statement.
/pacemaker/lib/pengine/bundle.c:1108: path: Jumping back to the beginning of the loop.
/pacemaker/lib/pengine/bundle.c:1086: path: Condition "xml_child != NULL", taking false branch.
/pacemaker/lib/pengine/bundle.c:1111: path: Condition "xml_obj", taking true branch.
/pacemaker/lib/pengine/bundle.c:1111: path: Condition "valid_network(bundle_data)", taking true branch.
/pacemaker/lib/pengine/bundle.c:1121: path: Condition "bundle_data->promoted_max", taking false branch.
/pacemaker/lib/pengine/bundle.c:1139: path: Condition "bundle_data->nreplicas_per_host > 1", taking false branch.
/pacemaker/lib/pengine/bundle.c:1142: path: Condition "bundle_data->promoted_max", taking false branch.
/pacemaker/lib/pengine/bundle.c:1154: path: Falling through to end of if statement.
/pacemaker/lib/pengine/bundle.c:1160: path: Condition "xml_resource", taking true branch.
/pacemaker/lib/pengine/bundle.c:1166: path: Condition "pe__unpack_resource(xml_resource, &bundle_data->child, rsc, scheduler) != pcmk_rc_ok", taking false branch.
/pacemaker/lib/pengine/bundle.c:1195: path: Condition "need_log_mount", taking false branch.
/pacemaker/lib/pengine/bundle.c:1201: path: Condition "bundle_data->control_port", taking true branch.
/pacemaker/lib/pengine/bundle.c:1203: path: Falling through to end of if statement.
/pacemaker/lib/pengine/bundle.c:1218: path: Condition "childIter != NULL", taking true branch.
/pacemaker/lib/pengine/bundle.c:1228: path: Condition "pcmk_all_flags_set(replica->child->flags, pcmk_rsc_notify)", taking true branch.
/pacemaker/lib/pengine/bundle.c:1235: null_field: Reading field "child", which is expected to possibly be "NULL" in "replica->child" (checked 18 out of 21 times).
/pacemaker/lib/pengine/bundle.c:1235: dereference: Dereferencing "replica->child", which is known to be "NULL".
/pacemaker/lib/pacemaker/pcmk_sched_bundle.c:68: example_checked: Example 1: "replica->child" has its value checked in "replica->child != NULL".
/pacemaker/lib/pacemaker/pcmk_sched_bundle.c:910: example_checked: Example 2: "replica->child" has its value checked in "replica->child != NULL".
/pacemaker/lib/pacemaker/pcmk_sched_bundle.c:488: example_checked: Example 3: "replica->child" has its value checked in "replica->child == NULL".
/pacemaker/lib/pacemaker/pcmk_sched_bundle.c:242: example_checked: Example 4: "replica->child" has its value checked in "replica->child != NULL".
/pacemaker/lib/pacemaker/pcmk_sched_bundle.c:283: example_checked: Example 5: "replica->child" has its value checked in "replica->child != NULL".

Error: NULL_FIELD (CWE-476): [#def8]
/pacemaker/lib/fencing/st_client.c:1495: path: Condition "blob->xml == NULL", taking false branch.
/pacemaker/lib/fencing/st_client.c:1502: path: Condition "entry == NULL", taking false branch.
/pacemaker/lib/fencing/st_client.c:1506: path: Condition "entry->delete", taking false branch.
/pacemaker/lib/fencing/st_client.c:1510: path: Condition "entry->notify == NULL", taking false branch.
/pacemaker/lib/fencing/st_client.c:1514: path: Condition "!pcmk__str_eq(entry->event, event, pcmk__str_none)", taking false branch.
/pacemaker/lib/fencing/st_client.c:1521: path: Switch case default.
/pacemaker/lib/fencing/st_client.c:1521: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/fencing/st_client.c:1521: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking true branch.
/pacemaker/lib/fencing/st_client.c:1521: path: Breaking from switch.
/pacemaker/lib/fencing/st_client.c:1522: null_field: Reading field "notify", which is expected to possibly be "NULL" in "entry->notify" (checked 2 out of 2 times).
/pacemaker/lib/fencing/st_client.c:1522: dereference: Dereferencing "entry->notify", which is known to be "NULL".
/pacemaker/lib/fencing/st_client.c:1510: example_checked: Example 1: "entry->notify" has its value checked in "entry->notify == NULL".
/pacemaker/lib/fencing/st_client.c:787: example_checked: Example 2: "a_client->notify" has its value checked in "a_client->notify == NULL".

Error: NULL_FIELD (CWE-476): [#def9]
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1232: path: Condition "rsc != NULL", taking true branch.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1232: path: Condition "order != NULL", taking true branch.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1235: path: Switch case default.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1235: path: Condition "trace_tag_cs == NULL", taking true branch.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1235: path: Condition "crm_is_callsite_active(trace_tag_cs, _level, converted_tag)", taking false branch.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1238: path: Condition "order->rh_action != NULL", taking false branch.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1245: path: Condition "then_actions == NULL", taking false branch.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1251: path: Condition "first_action != NULL", taking false branch.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1260: path: Condition "first_action == NULL", taking true branch.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1260: path: Condition "!pcmk_all_flags_set(flags, pcmk__ar_first_implies_then)", taking false branch.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1270: path: Condition "iter != NULL", taking true branch.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1273: path: Condition "first_action != NULL", taking false branch.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1277: null_field: Reading field "lh_rsc", which is expected to possibly be "NULL" in "order->lh_rsc" (checked 4 out of 5 times).
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1277: dereference: Dereferencing "order->lh_rsc", which is known to be "NULL".
/pacemaker/lib/pacemaker/pcmk_sched_migration.c:271: example_checked: Example 1: "order->lh_rsc" has its value checked in "order->lh_rsc == NULL".
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:564: example_checked: Example 2: "first_action->rsc" has its value checked in "order->lh_rsc == NULL".
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1413: example_checked: Example 3: "order->lh_rsc" has its value checked in "rsc != NULL".
/pacemaker/lib/pacemaker/pcmk_sched_probes.c:359: example_checked: Example 4: "order->lh_rsc" has its value checked in "order->lh_rsc == NULL".

Error: NULL_RETURNS (CWE-476): [#def10]
/pacemaker/lib/common/schemas.c:913: path: Condition "schema->transform_enter", taking true branch.
/pacemaker/lib/common/schemas.c:914: path: Switch case default.
/pacemaker/lib/common/schemas.c:914: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/common/schemas.c:914: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/common/schemas.c:914: path: Breaking from switch.
/pacemaker/lib/common/schemas.c:917: path: Condition "upgrade == NULL", taking false branch.
/pacemaker/lib/common/schemas.c:923: path: Condition "upgrade == NULL", taking false branch.
/pacemaker/lib/common/schemas.c:927: path: Switch case default.
/pacemaker/lib/common/schemas.c:927: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/common/schemas.c:927: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/common/schemas.c:927: path: Breaking from switch.
/pacemaker/lib/common/schemas.c:930: path: Condition "upgrade != xml", taking true branch.
/pacemaker/lib/common/schemas.c:935: path: Condition "final != NULL", taking true branch.
/pacemaker/lib/common/schemas.c:935: path: Condition "transform_onleave", taking true branch.
/pacemaker/lib/common/schemas.c:938: path: Condition "!(schema->transform_enter != NULL)", taking false branch.
/pacemaker/lib/common/schemas.c:941: returned_null: "strrchr" returns "NULL" (checked 12 out of 14 times).
/pacemaker/lib/common/schemas.c:941: dereference: Passing null pointer "strrchr(transform_leave, 45)" to "memcpy", which dereferences it.
/pacemaker/daemons/controld/controld_te_callbacks.c:326: example_assign: Example 1: Assigning: "key" = return value from "strrchr(mutable_key, 39)".
/pacemaker/daemons/controld/controld_te_callbacks.c:327: example_checked: Example 1 (cont.): "key" has its value checked in "key != NULL".
/pacemaker/daemons/controld/controld_te_utils.c:443: example_assign: Example 2: Assigning: "shortpath" = return value from "strrchr(path, 47)".
/pacemaker/daemons/controld/controld_te_utils.c:445: example_checked: Example 2 (cont.): "shortpath" has its value checked in "shortpath".
/pacemaker/daemons/fenced/fenced_cib.c:361: example_assign: Example 3: Assigning: "shortpath" = return value from "strrchr(xpath, 47)".
/pacemaker/daemons/fenced/fenced_cib.c:361: example_checked: Example 3 (cont.): "shortpath" has its value checked in "shortpath".
/pacemaker/lib/cib/cib_file.c:450: example_assign: Example 4: Assigning: "sep" = return value from "strrchr(path, 47)".
/pacemaker/lib/cib/cib_file.c:476: example_checked: Example 4 (cont.): "sep" has its value checked in "sep == NULL".
/pacemaker/lib/common/strings.c:511: example_assign: Example 5: Assigning: "s" = return value from "strrchr(s, match[0])".
/pacemaker/lib/common/strings.c:512: example_checked: Example 5 (cont.): "s" has its value checked in "s == NULL".

Error: NULL_RETURNS (CWE-476): [#def11]
/pacemaker/lib/common/schemas.c:278: path: Condition "transform_expected", taking true branch.
/pacemaker/lib/common/schemas.c:285: path: Condition "!transform_expected", taking false branch.
/pacemaker/lib/common/schemas.c:288: path: Condition "stat(xslt, &s) == 0", taking true branch.
/pacemaker/lib/common/schemas.c:294: path: Condition "stat(xslt, &s) != 0", taking false branch.
/pacemaker/lib/common/schemas.c:309: path: Condition "xslt != NULL", taking true branch.
/pacemaker/lib/common/schemas.c:311: returned_null: "strrchr" returns "NULL" (checked 12 out of 14 times).
/pacemaker/lib/common/schemas.c:311: dereference: Passing null pointer "strrchr(xslt, 45)" to "memcpy", which dereferences it.
/pacemaker/daemons/controld/controld_te_callbacks.c:326: example_assign: Example 1: Assigning: "key" = return value from "strrchr(mutable_key, 39)".
/pacemaker/daemons/controld/controld_te_callbacks.c:327: example_checked: Example 1 (cont.): "key" has its value checked in "key != NULL".
/pacemaker/daemons/controld/controld_te_utils.c:443: example_assign: Example 2: Assigning: "shortpath" = return value from "strrchr(path, 47)".
/pacemaker/daemons/controld/controld_te_utils.c:445: example_checked: Example 2 (cont.): "shortpath" has its value checked in "shortpath".
/pacemaker/daemons/fenced/fenced_cib.c:361: example_assign: Example 3: Assigning: "shortpath" = return value from "strrchr(xpath, 47)".
/pacemaker/daemons/fenced/fenced_cib.c:361: example_checked: Example 3 (cont.): "shortpath" has its value checked in "shortpath".
/pacemaker/lib/cib/cib_file.c:450: example_assign: Example 4: Assigning: "sep" = return value from "strrchr(path, 47)".
/pacemaker/lib/cib/cib_file.c:476: example_checked: Example 4 (cont.): "sep" has its value checked in "sep == NULL".
/pacemaker/lib/common/strings.c:511: example_assign: Example 5: Assigning: "s" = return value from "strrchr(s, match[0])".
/pacemaker/lib/common/strings.c:512: example_checked: Example 5 (cont.): "s" has its value checked in "s == NULL".

Error: RESOURCE_LEAK (CWE-404): [#def12]
/pacemaker/tools/crm_resource.c:787: alloc_arg: "pcmk__scan_nvpair" allocates memory that is stored into "name".
/pacemaker/lib/common/nvpair.c:226: allocate_storage: Allocating storage in "*name" to hold parsed value.
/pacemaker/lib/common/nvpair.c:226: path: Condition "sscanf(input, "%m[^=]=%m[^\n]", name, value) <= 0", taking true branch.
/pacemaker/tools/crm_resource.c:787: path: Condition "pcmk__scan_nvpair(optarg, &name, &value) != 2", taking true branch.
/pacemaker/tools/crm_resource.c:788: leaked_storage: Variable "name" going out of scope leaks the storage it points to.

Error: RESOURCE_LEAK (CWE-404): [#def13]
/pacemaker/daemons/based/based_io.c:50: open_fn: Returning handle opened by "mkstemp".
/pacemaker/daemons/based/based_io.c:50: var_assign: Assigning: "new_fd" = handle returned from "mkstemp(new)".
/pacemaker/daemons/based/based_io.c:52: path: Condition "new_fd < 0", taking false branch.
/pacemaker/daemons/based/based_io.c:52: path: Condition "rename(old, new) < 0", taking false branch.
/pacemaker/daemons/based/based_io.c:60: path: Condition "new_fd > 0", taking false branch.
/pacemaker/daemons/based/based_io.c:60: off_by_one: Testing whether handle "new_fd" is strictly greater than zero is suspicious.  "new_fd" leaks when it is zero.
/pacemaker/daemons/based/based_io.c:60: remediation: Did you intend to include equality with zero?
/pacemaker/daemons/based/based_io.c:64: leaked_handle: Handle variable "new_fd" going out of scope leaks the handle.

Error: RESOURCE_LEAK (CWE-404): [#def14]
/pacemaker/daemons/based/based_remote.c:629: path: Condition "pam_name == NULL", taking true branch.
/pacemaker/daemons/based/based_remote.c:632: path: Condition "pam_name == NULL", taking true branch.
/pacemaker/daemons/based/based_remote.c:637: alloc_fn: Storage is returned from allocation function "strdup".
/pacemaker/daemons/based/based_remote.c:637: var_assign: Assigning: "p_conv.appdata_ptr" = storage returned from "strdup(passwd)".
/pacemaker/daemons/based/based_remote.c:640: path: Condition "rc != 0", taking false branch.
/pacemaker/daemons/based/based_remote.c:646: path: Condition "rc != 0", taking false branch.
/pacemaker/daemons/based/based_remote.c:657: path: Condition "rc != 0", taking false branch.
/pacemaker/daemons/based/based_remote.c:661: path: Condition "p_user == NULL", taking true branch.
/pacemaker/daemons/based/based_remote.c:663: path: Jumping to label "bail".
/pacemaker/daemons/based/based_remote.c:680: leaked_storage: Variable "p_conv" going out of scope leaks the storage "p_conv.appdata_ptr" points to.

Error: RESOURCE_LEAK (CWE-404): [#def15]
/pacemaker/daemons/controld/controld_schedulerd.c:443: path: Condition "rc != 0", taking false branch.
/pacemaker/daemons/controld/controld_schedulerd.c:449: path: Condition "call_id != fsa_pe_query", taking false branch.
/pacemaker/daemons/controld/controld_schedulerd.c:453: path: Condition "!pcmk_all_flags_set(controld_globals.fsa_input_register, 1ULL)", taking false branch.
/pacemaker/daemons/controld/controld_schedulerd.c:453: path: Condition "!pcmk_all_flags_set(controld_globals.fsa_input_register, 512ULL)", taking false branch.
/pacemaker/daemons/controld/controld_schedulerd.c:459: path: Condition "controld_globals.fsa_state != S_POLICY_ENGINE", taking false branch.
/pacemaker/daemons/controld/controld_schedulerd.c:465: path: Condition "num_cib_op_callbacks() > 1", taking false branch.
/pacemaker/daemons/controld/controld_schedulerd.c:474: path: Condition "!(output != NULL)", taking false branch.
/pacemaker/daemons/controld/controld_schedulerd.c:485: path: Condition "watchdog", taking true branch.
/pacemaker/daemons/controld/controld_schedulerd.c:487: path: Condition "pcmk_all_flags_set(controld_globals.flags, controld_ever_had_quorum)", taking true branch.
/pacemaker/daemons/controld/controld_schedulerd.c:487: path: Condition "!crm_have_quorum", taking true branch.
/pacemaker/daemons/controld/controld_schedulerd.c:492: alloc_arg: "pcmk_schedulerd_api_graph" allocates memory that is stored into "ref".
/pacemaker/lib/common/ipc_schedulerd.c:179: alloc_arg: "do_schedulerd_api_call" allocates memory that is stored into "*ref".
/pacemaker/lib/common/ipc_schedulerd.c:149: path: Condition "!pcmk_ipc_is_connected(api)", taking false branch.
/pacemaker/lib/common/ipc_schedulerd.c:154: path: Condition "!(private != NULL)", taking false branch.
/pacemaker/lib/common/ipc_schedulerd.c:156: path: Condition "crm_system_name", taking true branch.
/pacemaker/lib/common/ipc_schedulerd.c:160: path: Condition "cmd", taking true branch.
/pacemaker/lib/common/ipc_schedulerd.c:162: path: Condition "rc != pcmk_rc_ok", taking true branch.
/pacemaker/lib/common/ipc_schedulerd.c:163: path: Switch case default.
/pacemaker/lib/common/ipc_schedulerd.c:163: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/common/ipc_schedulerd.c:163: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/common/ipc_schedulerd.c:163: path: Breaking from switch.
/pacemaker/lib/common/ipc_schedulerd.c:167: alloc_fn: Storage is returned from allocation function "strdup".
/pacemaker/lib/common/ipc_schedulerd.c:167: assign: Assigning: "*ref" = "strdup(crm_element_value(cmd, "reference"))".
/pacemaker/lib/common/ipc_schedulerd.c:169: path: Falling through to end of if statement.
/pacemaker/daemons/controld/controld_schedulerd.c:494: path: Condition "rc < 0", taking true branch.
/pacemaker/daemons/controld/controld_schedulerd.c:498: path: Falling through to end of if statement.
/pacemaker/daemons/controld/controld_schedulerd.c:506: leaked_storage: Variable "ref" going out of scope leaks the storage it points to.

Error: STRING_NULL (CWE-170): [#def16]
/pacemaker/lib/lrmd/lrmd_client.c:1976: path: Condition "!standard", taking false branch.
/pacemaker/lib/lrmd/lrmd_client.c:1976: path: Condition "!type", taking false branch.
/pacemaker/lib/lrmd/lrmd_client.c:1981: path: Condition "pcmk__str_eq(standard, "stonith", pcmk__str_casei)", taking false branch.
/pacemaker/lib/lrmd/lrmd_client.c:1987: path: Condition "param", taking true branch.
/pacemaker/lib/lrmd/lrmd_client.c:1989: path: Jumping back to the beginning of the loop.
/pacemaker/lib/lrmd/lrmd_client.c:1987: path: Condition "param", taking false branch.
/pacemaker/lib/lrmd/lrmd_client.c:1996: path: Condition "action == NULL", taking false branch.
/pacemaker/lib/lrmd/lrmd_client.c:1999: path: Condition "action->rc != PCMK_OCF_UNKNOWN", taking false branch.
/pacemaker/lib/lrmd/lrmd_client.c:2004: string_null_source: Function "services_action_sync" does not terminate string "action->stdout_data".
/pacemaker/lib/services/services.c:1024: path: Condition "op == NULL", taking false branch.
/pacemaker/lib/services/services.c:1031: path: Condition "pcmk__str_eq(op->action, "meta-data", pcmk__str_casei)", taking true branch.
/pacemaker/lib/services/services.c:1039: string_null_source: Function "execute_metadata_action" does not terminate string "op->stdout_data".
/pacemaker/lib/services/services.c:976: path: Condition "op->agent == NULL", taking false branch.
/pacemaker/lib/services/services.c:983: path: Condition "class == NULL", taking false branch.
/pacemaker/lib/services/services.c:992: path: Condition "!strcmp(class, "service")", taking true branch.
/pacemaker/lib/services/services.c:995: path: Condition "class == NULL", taking false branch.
/pacemaker/lib/services/services.c:1004: path: Condition "pcmk__str_eq(class, "lsb", pcmk__str_casei)", taking false branch.
/pacemaker/lib/services/services.c:1010: path: Condition "pcmk__str_eq(class, "nagios", pcmk__str_casei)", taking true branch.
/pacemaker/lib/services/services.c:1011: string_null_source: Function "services__get_nagios_metadata" does not terminate string "op->stdout_data".
/pacemaker/lib/services/services_nagios.c:183: path: Condition "file_strm == NULL", taking false branch.
/pacemaker/lib/services/services_nagios.c:195: path: Condition "!(length >= 0)", taking false branch.
/pacemaker/lib/services/services_nagios.c:196: path: Condition "!(start == ftell(file_strm))", taking false branch.
/pacemaker/lib/services/services_nagios.c:198: path: Condition "length <= 0", taking false branch.
/pacemaker/lib/services/services_nagios.c:205: path: Switch case default.
/pacemaker/lib/services/services_nagios.c:205: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/services/services_nagios.c:205: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/services/services_nagios.c:205: path: Breaking from switch.
/pacemaker/lib/services/services_nagios.c:207: string_null_source: Function "fread" does not terminate string "*output".
/pacemaker/lib/services/services_nagios.c:208: path: Condition "read_len != length", taking false branch.
/pacemaker/lib/services/services.c:1039: path: Condition "execute_metadata_action(op) == pcmk_rc_ok", taking true branch.
/pacemaker/lib/services/services.c:1040: path: Falling through to end of if statement.
/pacemaker/lib/services/services.c:1043: path: Switch case default.
/pacemaker/lib/services/services.c:1043: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/services/services.c:1043: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/services/services.c:1043: path: Breaking from switch.
/pacemaker/lib/services/services.c:1045: path: Condition "op->stdout_data", taking true branch.
/pacemaker/lib/services/services.c:1046: path: Switch case default.
/pacemaker/lib/services/services.c:1046: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/services/services.c:1046: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/services/services.c:1046: path: Breaking from switch.
/pacemaker/lib/services/services.c:1048: path: Condition "op->stderr_data", taking true branch.
/pacemaker/lib/services/services.c:1049: path: Switch case default.
/pacemaker/lib/services/services.c:1049: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/services/services.c:1049: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/services/services.c:1049: path: Breaking from switch.
/pacemaker/lib/lrmd/lrmd_client.c:2004: path: Condition "!services_action_sync(action)", taking false branch.
/pacemaker/lib/lrmd/lrmd_client.c:2011: path: Condition "!action->stdout_data", taking false branch.
/pacemaker/lib/lrmd/lrmd_client.c:2018: string_null: Passing unterminated string "action->stdout_data" to "strdup", which expects a null-terminated string.

Error: TAINTED_STRING (CWE-20): [#def17]
/pacemaker/daemons/execd/remoted_pidone.c:104: path: Condition "fp != NULL", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:107: tainted_argument: Calling function "fgets" taints argument "*line".
/pacemaker/daemons/execd/remoted_pidone.c:107: path: Condition "fgets(line, 2048, fp) != NULL", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:114: tainted_data_transitive: Call to function "find_env_var_name" with tainted argument "line" transitively taints "*name".
/pacemaker/daemons/execd/remoted_pidone.c:79: parm_assign: Assigning: "*first" = "line", which taints "*first".
/pacemaker/daemons/execd/remoted_pidone.c:80: path: Condition "*__ctype_b_loc()[(int)**first] & 8192 /* (unsigned short)_ISspace */", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:82: path: Jumping back to the beginning of the loop.
/pacemaker/daemons/execd/remoted_pidone.c:80: path: Condition "*__ctype_b_loc()[(int)**first] & 8192 /* (unsigned short)_ISspace */", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:84: path: Condition "*__ctype_b_loc()[(int)**first] & 1024 /* (unsigned short)_ISalpha */", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:86: path: Condition "*__ctype_b_loc()[(int)*last[1]] & 8 /* (unsigned short)_ISalnum */", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:86: path: Condition "*last[1] == '_'", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:114: path: Condition "find_env_var_name(line, &name, &end)", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:114: path: Condition "*++end == '='", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:120: path: Condition "*end == '\''", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:125: path: Condition "quote", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:129: path: Condition "*end != *quote", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:129: path: Condition "*end != 0", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:132: path: Jumping back to the beginning of the loop.
/pacemaker/daemons/execd/remoted_pidone.c:129: path: Condition "*end != *quote", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:129: path: Condition "*(end - 1) == '\\'", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:133: path: Condition "*end == *quote", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:136: path: Falling through to end of if statement.
/pacemaker/daemons/execd/remoted_pidone.c:141: path: Falling through to end of if statement.
/pacemaker/daemons/execd/remoted_pidone.c:162: path: Condition "value", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:165: path: Condition "*__ctype_b_loc()[(int)*end] & 8192 /* (unsigned short)_ISspace */", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:165: path: Condition "*end != 10", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:168: path: Condition "*end == 10", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:169: path: Condition "quote == NULL", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:175: tainted_string: Passing tainted string "*name" to "setenv", which cannot accept tainted data.
/pacemaker/daemons/execd/remoted_pidone.c:175: remediation: Ensure tainted data is properly sanitized, for instance by using a whitelist of permissible characters.

Error: TAINTED_STRING (CWE-20): [#def18]
/pacemaker/daemons/execd/remoted_pidone.c:104: path: Condition "fp != NULL", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:107: tainted_argument: Calling function "fgets" taints argument "*line".
/pacemaker/daemons/execd/remoted_pidone.c:107: path: Condition "fgets(line, 2048, fp) != NULL", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:114: tainted_data_transitive: Call to function "find_env_var_name" with tainted argument "line" transitively taints "*end".
/pacemaker/daemons/execd/remoted_pidone.c:79: var_assign_parm: Assigning: "*first" = "line".
/pacemaker/daemons/execd/remoted_pidone.c:80: path: Condition "*__ctype_b_loc()[(int)**first] & 8192 /* (unsigned short)_ISspace */", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:82: path: Jumping back to the beginning of the loop.
/pacemaker/daemons/execd/remoted_pidone.c:80: path: Condition "*__ctype_b_loc()[(int)**first] & 8192 /* (unsigned short)_ISspace */", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:84: path: Condition "*__ctype_b_loc()[(int)**first] & 1024 /* (unsigned short)_ISalpha */", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:85: parm_assign: Assigning: "*last" = "*first", which taints "**last".
/pacemaker/daemons/execd/remoted_pidone.c:86: path: Condition "*__ctype_b_loc()[(int)*last[1]] & 8 /* (unsigned short)_ISalnum */", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:86: path: Condition "*last[1] == '_'", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:114: path: Condition "find_env_var_name(line, &name, &end)", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:114: path: Condition "*++end == '='", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:120: path: Condition "*end == '\''", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:123: var_assign_var: Assigning: "value" = "end". Both are now tainted.
/pacemaker/daemons/execd/remoted_pidone.c:125: path: Condition "quote", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:129: path: Condition "*end != *quote", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:129: path: Condition "*end != 0", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:132: path: Jumping back to the beginning of the loop.
/pacemaker/daemons/execd/remoted_pidone.c:129: path: Condition "*end != *quote", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:129: path: Condition "*(end - 1) == '\\'", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:133: path: Condition "*end == *quote", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:136: path: Falling through to end of if statement.
/pacemaker/daemons/execd/remoted_pidone.c:141: path: Falling through to end of if statement.
/pacemaker/daemons/execd/remoted_pidone.c:162: path: Condition "value", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:165: path: Condition "*__ctype_b_loc()[(int)*end] & 8192 /* (unsigned short)_ISspace */", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:165: path: Condition "*end != 10", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:168: path: Condition "*end == 10", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:169: path: Condition "quote == NULL", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:175: tainted_string: Passing tainted string "*value" to "setenv", which cannot accept tainted data.
/pacemaker/daemons/execd/remoted_pidone.c:175: remediation: Ensure tainted data is properly sanitized, for instance by using a whitelist of permissible characters.

Error: UNSAFE_XML_PARSE_CONFIG: [#def19]
/pacemaker/lib/common/xml.c:823: unsafe_xml_parse_config: XML parse option should not have flag "XML_PARSE_RECOVER" set, which can lead to application level attacks that depend on the application context and hence it is better to not recover from errors when processing malformed XML.

Error: UNSAFE_XML_PARSE_CONFIG: [#def20]
/pacemaker/lib/common/xml.c:1016: unsafe_xml_parse_config: XML parse option should not have flag "XML_PARSE_RECOVER" set, which can lead to application level attacks that depend on the application context and hence it is better to not recover from errors when processing malformed XML.

Error: UNSAFE_XML_PARSE_CONFIG: [#def21]
/pacemaker/lib/common/xml.c:1029: unsafe_xml_parse_config: XML parse option should not have flag "XML_PARSE_RECOVER" set, which can lead to application level attacks that depend on the application context and hence it is better to not recover from errors when processing malformed XML.

Error: UNSAFE_XML_PARSE_CONFIG: [#def22]
/pacemaker/lib/common/xml.c:1044: unsafe_xml_parse_config: XML parse option should not have flag "XML_PARSE_RECOVER" set, which can lead to application level attacks that depend on the application context and hence it is better to not recover from errors when processing malformed XML.

Error: UNUSED_VALUE (CWE-563): [#def23]
/pacemaker/lib/common/schemas.c:936: value_overwrite: Overwriting previous write to "upgrade" with value from "final".
/pacemaker/lib/common/schemas.c:932: assigned_pointer: Assigning value "NULL" to "upgrade" here, but that stored value is overwritten before it can be used.

Error: Y2K38_SAFETY (CWE-197): [#def24]
/pacemaker/daemons/controld/controld_cib.c:752: store_truncates_time_t: A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "time(NULL)" is cast to "unsigned int".

Error: Y2K38_SAFETY (CWE-197): [#def25]
/pacemaker/daemons/controld/controld_execd.c:1027: store_truncates_time_t: A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "time(NULL)" is cast to "unsigned int".

Error: Y2K38_SAFETY (CWE-197): [#def26]
/pacemaker/daemons/controld/controld_execd_state.c:81: store_truncates_time_t: A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "op->start_time" is cast to "unsigned int".

Error: Y2K38_SAFETY (CWE-197): [#def27]
/pacemaker/daemons/controld/controld_execd_state.c:82: store_truncates_time_t: A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "op->start_time" is cast to "unsigned int".

Error: Y2K38_SAFETY (CWE-197): [#def28]
/pacemaker/daemons/controld/controld_remote_ra.c:469: store_truncates_time_t: A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "cmd->start_time" is cast to "unsigned int".

Error: Y2K38_SAFETY (CWE-197): [#def29]
/pacemaker/daemons/controld/controld_remote_ra.c:470: store_truncates_time_t: A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "cmd->start_time" is cast to "unsigned int".

Error: Y2K38_SAFETY (CWE-197): [#def30]
/pacemaker/daemons/controld/controld_remote_ra.c:476: store_truncates_time_t: A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "time(NULL)" is cast to "unsigned int".

Error: Y2K38_SAFETY (CWE-197): [#def31]
/pacemaker/daemons/controld/controld_remote_ra.c:624: store_truncates_time_t: A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "time(NULL)" is cast to "unsigned int".

Error: Y2K38_SAFETY (CWE-197): [#def32]
/pacemaker/daemons/controld/controld_timers.c:413: store_truncates_time_t: A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "diff_seconds" is cast to "guint".

Error: Y2K38_SAFETY (CWE-197): [#def33]
/pacemaker/lib/lrmd/lrmd_client.c:298: store_truncates_time_t: A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "epoch" is cast to "unsigned int".

Error: Y2K38_SAFETY (CWE-197): [#def34]
/pacemaker/lib/lrmd/lrmd_client.c:301: store_truncates_time_t: A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "epoch" is cast to "unsigned int".

Error: Y2K38_SAFETY (CWE-197): [#def35]
/pacemaker/lib/pacemaker/pcmk_graph_consumer.c:860: store_truncates_time_t: A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "time(NULL)" is cast to "unsigned int".

Error: Y2K38_SAFETY (CWE-197): [#def36]
/pacemaker/lib/pacemaker/pcmk_injections.c:171: store_truncates_time_t: A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "time(NULL)" is cast to "unsigned int".