Scan Results

List of Findings

Error: DC.WEAK_CRYPTO (CWE-676): [#def1]
/pacemaker/daemons/fenced/fenced_commands.c:702: dont_call: "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
/pacemaker/daemons/fenced/fenced_commands.c:702: remediation: Use a compliant random number generator, such as "/dev/random" or "/dev/urandom" on Unix-like systems, and CNG (Cryptography API: Next Generation) on Windows.

Error: INCOMPLETE_DEALLOCATOR (CWE-404): [#def2]
/pacemaker/lib/cluster/election.c:100: allocation: Memory is allocated.
/pacemaker/lib/common/mainloop.c:1368: alloc_fn: Storage is returned from allocation function "pcmk__assert_alloc_as".
/pacemaker/include/crm/common/internal.h:225: alloc_fn: Storage is returned from allocation function "calloc".
/pacemaker/include/crm/common/internal.h:225: assign: Assigning: "ptr" = "calloc(nmemb, size)".
/pacemaker/include/crm/common/internal.h:227: path: Condition "ptr == NULL", taking false branch.
/pacemaker/include/crm/common/internal.h:231: return_alloc: Returning allocated memory "ptr".
/pacemaker/lib/common/mainloop.c:1368: assign: Assigning: "t" = "pcmk__assert_alloc_as("mainloop.c", <anonymous>, 1368U, 1UL, 40UL)".
/pacemaker/lib/common/mainloop.c:1370: path: Condition "name != NULL", taking true branch.
/pacemaker/lib/common/mainloop.c:1372: path: Falling through to end of if statement.
/pacemaker/lib/common/mainloop.c:1380: path: Switch case default.
/pacemaker/lib/common/mainloop.c:1380: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/common/mainloop.c:1380: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/common/mainloop.c:1380: path: Breaking from switch.
/pacemaker/lib/common/mainloop.c:1381: return_alloc: Returning allocated memory "t".
/pacemaker/lib/cluster/election.c:100: allocation: The field "cluster->priv->election->timeout" is allocated, but not released in the identified deallocator.
/pacemaker/lib/cluster/cluster.c:163: deallocator: Deallocator for "struct pcmk__cluster".

Error: NULL_FIELD (CWE-476): [#def3]
/pacemaker/lib/pacemaker/pcmk_sched_bundle.c:925: null_field: Reading field "bundle", which is expected to possibly be "NULL" in "probe_data->bundle" (checked 1 out of 1 times).
/pacemaker/lib/pacemaker/pcmk_sched_bundle.c:925: alias_transfer: Assigning: "bundle" = "probe_data->bundle".
/pacemaker/lib/pacemaker/pcmk_sched_bundle.c:927: path: Condition "replica->ip != NULL", taking true branch.
/pacemaker/lib/pacemaker/pcmk_sched_bundle.c:927: path: Condition "replica->ip->priv->cmds->create_probe(replica->ip, probe_data->node)", taking true branch.
/pacemaker/lib/pacemaker/pcmk_sched_bundle.c:932: path: Condition "replica->child != NULL", taking true branch.
/pacemaker/lib/pacemaker/pcmk_sched_bundle.c:932: path: Condition "pcmk__same_node(probe_data->node, replica->node)", taking true branch.
/pacemaker/lib/pacemaker/pcmk_sched_bundle.c:932: path: Condition "replica->child->priv->cmds->create_probe(replica->child, probe_data->node)", taking true branch.
/pacemaker/lib/pacemaker/pcmk_sched_bundle.c:938: path: Condition "replica->container->priv->cmds->create_probe(replica->container, probe_data->node)", taking true branch.
/pacemaker/lib/pacemaker/pcmk_sched_bundle.c:954: dereference: Dereferencing "bundle", which is known to be "NULL".
/pacemaker/lib/pacemaker/pcmk_sched_bundle.c:975: example_checked: Example 1: "probe_data->bundle" has its value checked in "bundle == NULL".

Error: NULL_FIELD (CWE-476): [#def4]
/pacemaker/lib/common/schemas.c:1153: path: Condition "xml != NULL", taking true branch.
/pacemaker/lib/common/schemas.c:1153: path: Condition "*xml != NULL", taking true branch.
/pacemaker/lib/common/schemas.c:1153: path: Condition "(*xml)->doc != NULL", taking true branch.
/pacemaker/lib/common/schemas.c:1156: path: Condition "max_schema_name != NULL", taking true branch.
/pacemaker/lib/common/schemas.c:1159: path: Condition "max_entry != NULL", taking true branch.
/pacemaker/lib/common/schemas.c:1165: path: Condition "max_schema_index < 1", taking true branch.
/pacemaker/lib/common/schemas.c:1170: path: Condition "entry == NULL", taking false branch.
/pacemaker/lib/common/schemas.c:1174: path: Condition "original_schema->schema_index >= max_schema_index", taking false branch.
/pacemaker/lib/common/schemas.c:1178: path: Condition "entry != NULL", taking true branch.
/pacemaker/lib/common/schemas.c:1182: path: Condition "current_schema->schema_index > max_schema_index", taking false branch.
/pacemaker/lib/common/schemas.c:1186: path: Condition "!validate_with(*xml, current_schema, error_handler, (void *)0x3)", taking false branch.
/pacemaker/lib/common/schemas.c:1197: path: Switch case default.
/pacemaker/lib/common/schemas.c:1197: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/common/schemas.c:1197: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/common/schemas.c:1197: path: Breaking from switch.
/pacemaker/lib/common/schemas.c:1200: path: Condition "current_schema->schema_index == max_schema_index", taking false branch.
/pacemaker/lib/common/schemas.c:1204: path: Condition "!transform", taking false branch.
/pacemaker/lib/common/schemas.c:1204: path: Condition "current_schema->transforms == NULL", taking false branch.
/pacemaker/lib/common/schemas.c:1204: null_field: Reading field "next", which is expected to possibly be "NULL" in "entry->next" (checked 454 out of 456 times).
/pacemaker/lib/common/schemas.c:1204: dereference: Dereferencing "entry->next", which is known to be "NULL".
/pacemaker/daemons/attrd/attrd_sync.c:415: example_checked: Example 1: "node->next" has its value checked in "node != NULL".
/pacemaker/daemons/based/based_messages.c:522: example_checked: Example 2: "iter->next" has its value checked in "iter != NULL".
/pacemaker/daemons/controld/controld_cib.c:489: example_checked: Example 3: "iter->next" has its value checked in "iter != NULL".
/pacemaker/daemons/controld/controld_control.c:212: example_checked: Example 4: "iter->next" has its value checked in "iter != NULL".
/pacemaker/daemons/controld/controld_execd.c:1775: example_checked: Example 5: "state_entry->next" has its value checked in "state_entry != NULL".

Error: NULL_FIELD (CWE-476): [#def5]
/pacemaker/daemons/fenced/fenced_remote.c:1612: path: Condition "pcmk_all_flags_set(op->call_options, st_opt_topology)", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1612: path: Condition "tp", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1618: path: Condition "pcmk__str_eq(op->action, "on", pcmk__str_none)", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1618: path: Condition "op->automatic_list != NULL", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1630: path: Condition "i < 10", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1631: path: Condition "!tp->levels[i]", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1632: path: Continuing loop.
/pacemaker/daemons/fenced/fenced_remote.c:1630: path: Condition "i < 10", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1631: path: Condition "!tp->levels[i]", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1632: path: Continuing loop.
/pacemaker/daemons/fenced/fenced_remote.c:1630: path: Condition "i < 10", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1631: path: Condition "!tp->levels[i]", taking false branch.
/pacemaker/daemons/fenced/fenced_remote.c:1634: path: Condition "device_list", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1637: path: Condition "iter != NULL", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1640: path: Condition "auto_list", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1643: path: Condition "match", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1648: path: Condition "find_peer_device(op, peer, device_list->data, fenced_support_flag(op->action))", taking false branch.
/pacemaker/daemons/fenced/fenced_remote.c:1656: path: Jumping back to the beginning of the loop.
/pacemaker/daemons/fenced/fenced_remote.c:1637: path: Condition "iter != NULL", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1640: path: Condition "auto_list", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1643: path: Condition "match", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1648: path: Condition "find_peer_device(op, peer, device_list->data, fenced_support_flag(op->action))", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1654: path: Breaking from loop.
/pacemaker/daemons/fenced/fenced_remote.c:1661: path: Condition "!found", taking false branch.
/pacemaker/daemons/fenced/fenced_remote.c:1664: path: Jumping back to the beginning of the loop.
/pacemaker/daemons/fenced/fenced_remote.c:1634: path: Condition "device_list", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1637: path: Condition "iter != NULL", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1640: path: Condition "auto_list", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1643: path: Condition "match", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1648: path: Condition "find_peer_device(op, peer, device_list->data, fenced_support_flag(op->action))", taking false branch.
/pacemaker/daemons/fenced/fenced_remote.c:1656: path: Jumping back to the beginning of the loop.
/pacemaker/daemons/fenced/fenced_remote.c:1637: path: Condition "iter != NULL", taking false branch.
/pacemaker/daemons/fenced/fenced_remote.c:1661: path: Condition "!found", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1661: path: Condition "is_watchdog_fencing(op, device_list->data)", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1664: path: Jumping back to the beginning of the loop.
/pacemaker/daemons/fenced/fenced_remote.c:1634: path: Condition "device_list", taking false branch.
/pacemaker/daemons/fenced/fenced_remote.c:1665: path: Jumping back to the beginning of the loop.
/pacemaker/daemons/fenced/fenced_remote.c:1630: path: Condition "i < 10", taking false branch.
/pacemaker/daemons/fenced/fenced_remote.c:1668: path: Condition "auto_list", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1669: path: Condition "iter != NULL", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1672: path: Condition "iter2 != NULL", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1674: path: Condition "find_peer_device(op, peer, iter->data, st_device_supports_on)", taking false branch.
/pacemaker/daemons/fenced/fenced_remote.c:1679: path: Jumping back to the beginning of the loop.
/pacemaker/daemons/fenced/fenced_remote.c:1672: null_field: Reading field "next", which is expected to possibly be "NULL" in "iter2->next" (checked 454 out of 456 times).
/pacemaker/daemons/fenced/fenced_remote.c:1672: alias_transfer: Assigning: "iter" = "iter2->next".
/pacemaker/daemons/fenced/fenced_remote.c:1672: path: Condition "iter2 != NULL", taking true branch.
/pacemaker/daemons/fenced/fenced_remote.c:1674: dereference: Dereferencing "iter", which is known to be "NULL".
/pacemaker/daemons/attrd/attrd_sync.c:415: example_checked: Example 1: "node->next" has its value checked in "node != NULL".
/pacemaker/daemons/based/based_messages.c:522: example_checked: Example 2: "iter->next" has its value checked in "iter != NULL".
/pacemaker/daemons/controld/controld_cib.c:489: example_checked: Example 3: "iter->next" has its value checked in "iter != NULL".
/pacemaker/daemons/controld/controld_control.c:212: example_checked: Example 4: "iter->next" has its value checked in "iter != NULL".
/pacemaker/daemons/controld/controld_execd.c:1775: example_checked: Example 5: "state_entry->next" has its value checked in "state_entry != NULL".

Error: NULL_FIELD (CWE-476): [#def6]
/pacemaker/lib/pengine/bundle.c:966: path: Condition "!(rsc != NULL)", taking false branch.
/pacemaker/lib/pengine/bundle.c:967: path: Switch case default.
/pacemaker/lib/pengine/bundle.c:967: path: Condition "trace_tag_cs == NULL", taking true branch.
/pacemaker/lib/pengine/bundle.c:967: path: Condition "crm_is_callsite_active(trace_tag_cs, _level, converted_tag)", taking false branch.
/pacemaker/lib/pengine/bundle.c:975: path: Condition "xml_obj != NULL", taking true branch.
/pacemaker/lib/pengine/bundle.c:979: path: Condition "xml_obj == NULL", taking false branch.
/pacemaker/lib/pengine/bundle.c:987: path: Condition "xml_obj == NULL", taking false branch.
/pacemaker/lib/pengine/bundle.c:999: path: Condition "value == NULL", taking false branch.
/pacemaker/lib/pengine/bundle.c:1012: path: Condition "bundle_data->nreplicas_per_host == 1", taking true branch.
/pacemaker/lib/pengine/bundle.c:1026: path: Condition "xml_obj", taking true branch.
/pacemaker/lib/pengine/bundle.c:1036: path: Condition "crm_str_to_boolean(value, &bundle_data->add_host) != 1", taking false branch.
/pacemaker/lib/pengine/bundle.c:1040: path: Condition "xml_child != NULL", taking true branch.
/pacemaker/lib/pengine/bundle.c:1050: path: Condition "port->source == NULL", taking false branch.
/pacemaker/lib/pengine/bundle.c:1057: path: Condition "port->source != NULL", taking true branch.
/pacemaker/lib/pengine/bundle.c:1057: path: Condition "strlen(port->source) > 0", taking true branch.
/pacemaker/lib/pengine/bundle.c:1058: path: Condition "port->target == NULL", taking false branch.
/pacemaker/lib/pengine/bundle.c:1063: path: Falling through to end of if statement.
/pacemaker/lib/pengine/bundle.c:1068: path: Jumping back to the beginning of the loop.
/pacemaker/lib/pengine/bundle.c:1040: path: Condition "xml_child != NULL", taking false branch.
/pacemaker/lib/pengine/bundle.c:1073: path: Condition "xml_child != NULL", taking true branch.
/pacemaker/lib/pengine/bundle.c:1083: path: Condition "source == NULL", taking true branch.
/pacemaker/lib/pengine/bundle.c:1089: path: Condition "source", taking true branch.
/pacemaker/lib/pengine/bundle.c:1089: path: Condition "target", taking true branch.
/pacemaker/lib/pengine/bundle.c:1091: path: Condition "strcmp(target, "/var/log") == 0", taking true branch.
/pacemaker/lib/pengine/bundle.c:1094: path: Falling through to end of if statement.
/pacemaker/lib/pengine/bundle.c:1098: path: Jumping back to the beginning of the loop.
/pacemaker/lib/pengine/bundle.c:1073: path: Condition "xml_child != NULL", taking true branch.
/pacemaker/lib/pengine/bundle.c:1083: path: Condition "source == NULL", taking true branch.
/pacemaker/lib/pengine/bundle.c:1089: path: Condition "source", taking true branch.
/pacemaker/lib/pengine/bundle.c:1089: path: Condition "target", taking false branch.
/pacemaker/lib/pengine/bundle.c:1095: path: Condition "pcmk__config_error_handler == NULL", taking true branch.
/pacemaker/lib/pengine/bundle.c:1095: path: Falling through to end of if statement.
/pacemaker/lib/pengine/bundle.c:1098: path: Jumping back to the beginning of the loop.
/pacemaker/lib/pengine/bundle.c:1073: path: Condition "xml_child != NULL", taking false branch.
/pacemaker/lib/pengine/bundle.c:1102: path: Condition "xml_obj", taking true branch.
/pacemaker/lib/pengine/bundle.c:1102: path: Condition "valid_network(bundle_data)", taking true branch.
/pacemaker/lib/pengine/bundle.c:1114: path: Condition "bundle_data->promoted_max > 0", taking false branch.
/pacemaker/lib/pengine/bundle.c:1135: path: Condition "bundle_data->nreplicas_per_host > 1", taking false branch.
/pacemaker/lib/pengine/bundle.c:1138: path: Condition "bundle_data->promoted_max", taking false branch.
/pacemaker/lib/pengine/bundle.c:1150: path: Falling through to end of if statement.
/pacemaker/lib/pengine/bundle.c:1157: path: Condition "xml_resource", taking true branch.
/pacemaker/lib/pengine/bundle.c:1163: path: Condition "pe__unpack_resource(xml_resource, &bundle_data->child, rsc, rsc->priv->scheduler) != pcmk_rc_ok", taking false branch.
/pacemaker/lib/pengine/bundle.c:1192: path: Condition "need_log_mount", taking false branch.
/pacemaker/lib/pengine/bundle.c:1198: path: Condition "bundle_data->control_port", taking true branch.
/pacemaker/lib/pengine/bundle.c:1200: path: Falling through to end of if statement.
/pacemaker/lib/pengine/bundle.c:1216: path: Condition "childIter != NULL", taking true branch.
/pacemaker/lib/pengine/bundle.c:1227: path: Condition "pcmk_all_flags_set(replica->child->flags, pcmk__rsc_notify)", taking true branch.
/pacemaker/lib/pengine/bundle.c:1234: null_field: Reading field "child", which is expected to possibly be "NULL" in "replica->child" (checked 17 out of 18 times).
/pacemaker/lib/pengine/bundle.c:1234: dereference: Dereferencing "replica->child", which is known to be "NULL".
/pacemaker/lib/pacemaker/pcmk_sched_bundle.c:69: example_checked: Example 1: "replica->child" has its value checked in "replica->child != NULL".
/pacemaker/lib/pacemaker/pcmk_sched_bundle.c:932: example_checked: Example 2: "replica->child" has its value checked in "replica->child != NULL".
/pacemaker/lib/pacemaker/pcmk_sched_bundle.c:504: example_checked: Example 3: "replica->child" has its value checked in "replica->child == NULL".
/pacemaker/lib/pacemaker/pcmk_sched_bundle.c:247: example_checked: Example 4: "replica->child" has its value checked in "replica->child != NULL".
/pacemaker/lib/pacemaker/pcmk_sched_bundle.c:288: example_checked: Example 5: "replica->child" has its value checked in "replica->child != NULL".

Error: NULL_FIELD (CWE-476): [#def7]
/pacemaker/lib/fencing/st_client.c:1497: path: Condition "blob->xml == NULL", taking false branch.
/pacemaker/lib/fencing/st_client.c:1504: path: Condition "entry == NULL", taking false branch.
/pacemaker/lib/fencing/st_client.c:1508: path: Condition "entry->delete", taking false branch.
/pacemaker/lib/fencing/st_client.c:1512: path: Condition "entry->notify == NULL", taking false branch.
/pacemaker/lib/fencing/st_client.c:1516: path: Condition "!pcmk__str_eq(entry->event, event, pcmk__str_none)", taking false branch.
/pacemaker/lib/fencing/st_client.c:1523: path: Switch case default.
/pacemaker/lib/fencing/st_client.c:1523: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/fencing/st_client.c:1523: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking true branch.
/pacemaker/lib/fencing/st_client.c:1523: path: Breaking from switch.
/pacemaker/lib/fencing/st_client.c:1524: null_field: Reading field "notify", which is expected to possibly be "NULL" in "entry->notify" (checked 2 out of 2 times).
/pacemaker/lib/fencing/st_client.c:1524: dereference: Dereferencing "entry->notify", which is known to be "NULL".
/pacemaker/lib/fencing/st_client.c:1512: example_checked: Example 1: "entry->notify" has its value checked in "entry->notify == NULL".
/pacemaker/lib/fencing/st_client.c:789: example_checked: Example 2: "a_client->notify" has its value checked in "a_client->notify == NULL".

Error: NULL_FIELD (CWE-476): [#def8]
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1229: path: Condition "rsc != NULL", taking true branch.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1229: path: Condition "order != NULL", taking true branch.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1232: path: Switch case default.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1232: path: Condition "trace_tag_cs == NULL", taking true branch.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1232: path: Condition "crm_is_callsite_active(trace_tag_cs, _level, converted_tag)", taking false branch.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1235: path: Condition "order->action2 != NULL", taking false branch.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1242: path: Condition "then_actions == NULL", taking false branch.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1248: path: Condition "first_action != NULL", taking false branch.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1257: path: Condition "first_action == NULL", taking true branch.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1257: path: Condition "!pcmk_all_flags_set(flags, pcmk__ar_first_implies_then)", taking false branch.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1267: path: Condition "iter != NULL", taking true branch.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1270: path: Condition "first_action != NULL", taking false branch.
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1274: null_field: Reading field "rsc1", which is expected to possibly be "NULL" in "order->rsc1" (checked 4 out of 5 times).
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1274: dereference: Dereferencing "order->rsc1", which is known to be "NULL".
/pacemaker/lib/pacemaker/pcmk_sched_migration.c:270: example_checked: Example 1: "order->rsc1" has its value checked in "order->rsc1 == NULL".
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:524: example_checked: Example 2: "first_action->rsc" has its value checked in "order->rsc1 == NULL".
/pacemaker/lib/pacemaker/pcmk_sched_ordering.c:1414: example_checked: Example 3: "order->rsc1" has its value checked in "rsc != NULL".
/pacemaker/lib/pacemaker/pcmk_sched_probes.c:372: example_checked: Example 4: "order->rsc1" has its value checked in "order->rsc1 == NULL".

Error: NULL_FIELD (CWE-476): [#def9]
/pacemaker/lib/lrmd/lrmd_client.c:1529: path: Condition "rc != pcmk_rc_ok", taking false branch.
/pacemaker/lib/lrmd/lrmd_client.c:1542: path: Condition "native->tls == NULL", taking true branch.
/pacemaker/lib/lrmd/lrmd_client.c:1543: path: Condition "use_cert", taking false branch.
/pacemaker/lib/lrmd/lrmd_client.c:1545: path: Condition "rc != pcmk_rc_ok", taking false branch.
/pacemaker/lib/lrmd/lrmd_client.c:1552: path: Condition "!use_cert", taking true branch.
/pacemaker/lib/lrmd/lrmd_client.c:1556: path: Condition "rc != pcmk_rc_ok", taking false branch.
/pacemaker/lib/lrmd/lrmd_client.c:1565: null_field: Reading field "tls", which is expected to possibly be "NULL" in "native->tls" (checked 3 out of 3 times).
/pacemaker/lib/lrmd/lrmd_client.c:1565: dereference: Passing null pointer "native->tls" to "pcmk__tls_add_psk_key", which dereferences it.
/pacemaker/lib/common/tls.c:456: dereference: Dereferencing pointer "tls".
/pacemaker/lib/lrmd/lrmd_client.c:629: example_checked: Example 1: "native->tls" has its value checked in "native->tls".
/pacemaker/lib/lrmd/lrmd_client.c:1642: example_checked: Example 2: "native->tls" has its value checked in "native->tls == NULL".
/pacemaker/lib/lrmd/lrmd_client.c:1542: example_checked: Example 3: "native->tls" has its value checked in "native->tls == NULL".

Error: RESOURCE_LEAK (CWE-404): [#def10]
/pacemaker/daemons/based/based_io.c:49: open_fn: Returning handle opened by "mkstemp".
/pacemaker/daemons/based/based_io.c:49: var_assign: Assigning: "new_fd" = handle returned from "mkstemp(new)".
/pacemaker/daemons/based/based_io.c:51: path: Condition "new_fd < 0", taking false branch.
/pacemaker/daemons/based/based_io.c:51: path: Condition "rename(old, new) < 0", taking false branch.
/pacemaker/daemons/based/based_io.c:59: path: Condition "new_fd > 0", taking false branch.
/pacemaker/daemons/based/based_io.c:59: off_by_one: Testing whether handle "new_fd" is strictly greater than zero is suspicious.  "new_fd" leaks when it is zero.
/pacemaker/daemons/based/based_io.c:59: remediation: Did you intend to include equality with zero?
/pacemaker/daemons/based/based_io.c:63: leaked_handle: Handle variable "new_fd" going out of scope leaks the handle.

Error: RESOURCE_LEAK (CWE-404): [#def11]
/pacemaker/lib/common/alerts.c:352: path: Condition "alert != NULL", taking true branch.
/pacemaker/lib/common/alerts.c:361: path: Condition "alert_id == NULL", taking false branch.
/pacemaker/lib/common/alerts.c:365: path: Condition "alert_path == NULL", taking false branch.
/pacemaker/lib/common/alerts.c:373: path: Condition "unpack_alert(alert, entry, &max_timeout) != pcmk_rc_ok", taking false branch.
/pacemaker/lib/common/alerts.c:380: path: Condition "entry->tstamp_format == NULL", taking false branch.
/pacemaker/lib/common/alerts.c:385: path: Switch case default.
/pacemaker/lib/common/alerts.c:385: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/common/alerts.c:385: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/common/alerts.c:385: path: Breaking from switch.
/pacemaker/lib/common/alerts.c:390: path: Condition "recipient != NULL", taking true branch.
/pacemaker/lib/common/alerts.c:395: alloc_arg: "pcmk__dup_alert" allocates memory that is stored into "pcmk__dup_alert(entry)->recipient".
/pacemaker/lib/common/alerts.c:98: alloc_fn: Storage is returned from allocation function "pcmk__str_copy_as".
/pacemaker/lib/common/strings.c:1254: path: Condition "str != NULL", taking true branch.
/pacemaker/lib/common/strings.c:1255: alloc_fn: Storage is returned from allocation function "strdup".
/pacemaker/lib/common/strings.c:1255: assign: Assigning: "result" = "strdup(str)".
/pacemaker/lib/common/strings.c:1257: path: Condition "result == NULL", taking false branch.
/pacemaker/lib/common/strings.c:1261: return_alloc: Returning allocated memory "result".
/pacemaker/lib/common/alerts.c:98: assign: Assigning: "new_entry->recipient" = "pcmk__str_copy_as("alerts.c", <anonymous>, 98U, entry->recipient)".
/pacemaker/lib/common/alerts.c:99: path: Condition "entry->select_attribute_name", taking true branch.
/pacemaker/lib/common/alerts.c:102: return_alloc: Returning "new_entry", where "new_entry->recipient" is allocated memory.
/pacemaker/lib/common/alerts.c:395: var_assign: Assigning: "recipient_entry->recipient" = "pcmk__dup_alert(entry)->recipient".
/pacemaker/lib/common/alerts.c:398: overwrite_var: Overwriting "recipient_entry->recipient" in "recipient_entry->recipient = crm_element_value_copy(recipient, "value")" leaks the storage that "recipient_entry->recipient" points to.

Error: TAINTED_SCALAR (CWE-789): [#def12]
/pacemaker/lib/cib/cib_remote.c:214: path: Condition "private->start_time == 0", taking true branch.
/pacemaker/lib/cib/cib_remote.c:218: tainted_argument: Calling function "pcmk__read_available_remote_data" taints argument "*private->callback.buffer".
/pacemaker/lib/common/remote.c:441: path: Condition "header", taking false branch.
/pacemaker/lib/common/remote.c:447: path: Condition "remote->buffer_size < read_len", taking true branch.
/pacemaker/lib/common/remote.c:449: path: Switch case default.
/pacemaker/lib/common/remote.c:449: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/common/remote.c:449: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/common/remote.c:449: path: Breaking from switch.
/pacemaker/lib/common/remote.c:453: path: Condition "remote->tls_session", taking false branch.
/pacemaker/lib/common/remote.c:466: path: Condition "remote->tcp_socket >= 0", taking true branch.
/pacemaker/lib/common/remote.c:467: tainted_data_argument: Calling function "read" taints parameter "remote->buffer[remote->buffer_offset]".
/pacemaker/lib/common/remote.c:470: path: Condition "read_rc < 0", taking false branch.
/pacemaker/lib/common/remote.c:473: path: Falling through to end of if statement.
/pacemaker/lib/common/remote.c:479: path: Condition "read_rc > 0", taking true branch.
/pacemaker/lib/common/remote.c:483: path: Switch case default.
/pacemaker/lib/common/remote.c:483: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/common/remote.c:483: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/common/remote.c:483: path: Breaking from switch.
/pacemaker/lib/common/remote.c:486: path: Falling through to end of if statement.
/pacemaker/lib/common/remote.c:502: path: Condition "header", taking true branch.
/pacemaker/lib/common/remote.c:503: path: Condition "remote->buffer_offset < header->size_total", taking true branch.
/pacemaker/lib/common/remote.c:504: path: Switch case default.
/pacemaker/lib/common/remote.c:504: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/common/remote.c:504: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/common/remote.c:504: path: Breaking from switch.
/pacemaker/lib/common/remote.c:506: path: Falling through to end of if statement.
/pacemaker/lib/cib/cib_remote.c:219: path: Switch case value "pcmk_rc_ok".
/pacemaker/lib/cib/cib_remote.c:222: path: Breaking from switch.
/pacemaker/lib/cib/cib_remote.c:242: tainted_data: Passing tainted expression "*private->callback.buffer" to "pcmk__remote_message_xml", which uses it as an allocation size.
/pacemaker/lib/common/remote.c:295: tainted_data_return: "localized_remote_header" returns tainted data.
/pacemaker/lib/common/remote.c:100: path: Condition "remote->buffer_offset < 40UL /* sizeof (struct remote_header_v0) */", taking false branch.
/pacemaker/lib/common/remote.c:103: path: Condition "header->endian != 3134905277U", taking true branch.
/pacemaker/lib/common/remote.c:106: path: Condition "!(endian == 3134905277U)", taking false branch.
/pacemaker/lib/common/remote.c:107: path: Condition "endian != 3134905277U", taking false branch.
/pacemaker/lib/common/remote.c:114: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:115: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:116: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:118: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:119: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:120: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:120: tainted_data_return: "__fswab32" returns tainted data.
/usr/include/linux/swab.h:60: tainted_data_return: "__arch_swab32" returns tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: tainted_data_transitive: Calling function "__arch_swab32" with tainted argument "val" results in tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: return_tainted_result: Returning tainted result of "__arch_swab32".
/pacemaker/lib/common/remote.c:120: tainted_data_transitive: Calling function "__fswab32" with tainted argument "header->payload_offset" results in tainted data.
/usr/include/linux/swab.h:60: tainted_data_return: "__arch_swab32" returns tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: tainted_data_transitive: Calling function "__arch_swab32" with tainted argument "val" results in tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: return_tainted_result: Returning tainted result of "__arch_swab32".
/pacemaker/lib/common/remote.c:120: var_assign_alias: Assigning: "header->payload_offset" = "(__u32)(0 ? (__u32)((((__u32)header->payload_offset & 0xffU) << 24) | (((__u32)header->payload_offset & 0xff00U) << 8) | (((__u32)header->payload_offset & 0xff0000U) >> 8) | (((__u32)header->payload_offset & 0xff000000U) >> 24)) : __fswab32(header->payload_offset))", which taints "header->payload_offset".
/pacemaker/lib/common/remote.c:121: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:122: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:125: return_tainted_data: Returning tainted data "header".
/pacemaker/lib/common/remote.c:295: tainted_data_transitive: Calling function "localized_remote_header" with tainted argument "*remote->buffer" taints "localized_remote_header(remote)->payload_offset".
/pacemaker/lib/common/remote.c:100: path: Condition "remote->buffer_offset < 40UL /* sizeof (struct remote_header_v0) */", taking false branch.
/pacemaker/lib/common/remote.c:103: path: Condition "header->endian != 3134905277U", taking true branch.
/pacemaker/lib/common/remote.c:106: path: Condition "!(endian == 3134905277U)", taking false branch.
/pacemaker/lib/common/remote.c:107: path: Condition "endian != 3134905277U", taking false branch.
/pacemaker/lib/common/remote.c:114: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:115: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:116: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:118: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:119: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:120: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:120: tainted_data_return: "__fswab32" returns tainted data.
/usr/include/linux/swab.h:60: tainted_data_return: "__arch_swab32" returns tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: tainted_data_transitive: Calling function "__arch_swab32" with tainted argument "val" results in tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: return_tainted_result: Returning tainted result of "__arch_swab32".
/pacemaker/lib/common/remote.c:120: tainted_data_transitive: Calling function "__fswab32" with tainted argument "header->payload_offset" results in tainted data.
/usr/include/linux/swab.h:60: tainted_data_return: "__arch_swab32" returns tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: tainted_data_transitive: Calling function "__arch_swab32" with tainted argument "val" results in tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: return_tainted_result: Returning tainted result of "__arch_swab32".
/pacemaker/lib/common/remote.c:120: var_assign_alias: Assigning: "header->payload_offset" = "(__u32)(0 ? (__u32)((((__u32)header->payload_offset & 0xffU) << 24) | (((__u32)header->payload_offset & 0xff00U) << 8) | (((__u32)header->payload_offset & 0xff0000U) >> 8) | (((__u32)header->payload_offset & 0xff000000U) >> 24)) : __fswab32(header->payload_offset))", which taints "header->payload_offset".
/pacemaker/lib/common/remote.c:121: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:122: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:125: return_tainted_data: Returning tainted data "header".
/pacemaker/lib/common/remote.c:295: var_assign: Assigning: "header" = "localized_remote_header(remote)", which taints "header->payload_offset".
/pacemaker/lib/common/remote.c:297: path: Condition "header == NULL", taking false branch.
/pacemaker/lib/common/remote.c:302: path: Condition "header->payload_compressed", taking true branch.
/pacemaker/lib/common/remote.c:305: taint_sink_lv_call: Passing tainted expression "header->payload_offset + size_u" to taint sink "pcmk__assert_alloc_as".
/pacemaker/include/crm/common/internal.h:225: taint_sink_lv_call: Passing tainted expression "size" to taint sink "calloc".
/pacemaker/lib/cib/cib_remote.c:242: remediation: Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range.

Error: TAINTED_SCALAR (CWE-20): [#def13]
/pacemaker/lib/cib/cib_remote.c:214: path: Condition "private->start_time == 0", taking true branch.
/pacemaker/lib/cib/cib_remote.c:218: tainted_argument: Calling function "pcmk__read_available_remote_data" taints argument "*private->callback.buffer".
/pacemaker/lib/common/remote.c:441: path: Condition "header", taking false branch.
/pacemaker/lib/common/remote.c:447: path: Condition "remote->buffer_size < read_len", taking true branch.
/pacemaker/lib/common/remote.c:449: path: Switch case default.
/pacemaker/lib/common/remote.c:449: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/common/remote.c:449: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/common/remote.c:449: path: Breaking from switch.
/pacemaker/lib/common/remote.c:453: path: Condition "remote->tls_session", taking false branch.
/pacemaker/lib/common/remote.c:466: path: Condition "remote->tcp_socket >= 0", taking true branch.
/pacemaker/lib/common/remote.c:467: tainted_data_argument: Calling function "read" taints parameter "remote->buffer[remote->buffer_offset]".
/pacemaker/lib/common/remote.c:470: path: Condition "read_rc < 0", taking false branch.
/pacemaker/lib/common/remote.c:473: path: Falling through to end of if statement.
/pacemaker/lib/common/remote.c:479: path: Condition "read_rc > 0", taking true branch.
/pacemaker/lib/common/remote.c:483: path: Switch case default.
/pacemaker/lib/common/remote.c:483: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/common/remote.c:483: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/common/remote.c:483: path: Breaking from switch.
/pacemaker/lib/common/remote.c:486: path: Falling through to end of if statement.
/pacemaker/lib/common/remote.c:502: path: Condition "header", taking true branch.
/pacemaker/lib/common/remote.c:503: path: Condition "remote->buffer_offset < header->size_total", taking true branch.
/pacemaker/lib/common/remote.c:504: path: Switch case default.
/pacemaker/lib/common/remote.c:504: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/common/remote.c:504: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/common/remote.c:504: path: Breaking from switch.
/pacemaker/lib/common/remote.c:506: path: Falling through to end of if statement.
/pacemaker/lib/cib/cib_remote.c:219: path: Switch case value "pcmk_rc_ok".
/pacemaker/lib/cib/cib_remote.c:222: path: Breaking from switch.
/pacemaker/lib/cib/cib_remote.c:242: tainted_data: Passing tainted expression "*private->callback.buffer" to "pcmk__remote_message_xml", which uses it as an offset.
/pacemaker/lib/common/remote.c:295: tainted_data_return: "localized_remote_header" returns tainted data.
/pacemaker/lib/common/remote.c:100: path: Condition "remote->buffer_offset < 40UL /* sizeof (struct remote_header_v0) */", taking false branch.
/pacemaker/lib/common/remote.c:103: path: Condition "header->endian != 3134905277U", taking true branch.
/pacemaker/lib/common/remote.c:106: path: Condition "!(endian == 3134905277U)", taking false branch.
/pacemaker/lib/common/remote.c:107: path: Condition "endian != 3134905277U", taking false branch.
/pacemaker/lib/common/remote.c:114: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:115: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:116: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:118: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:119: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:120: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:120: tainted_data_return: "__fswab32" returns tainted data.
/usr/include/linux/swab.h:60: tainted_data_return: "__arch_swab32" returns tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: tainted_data_transitive: Calling function "__arch_swab32" with tainted argument "val" results in tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: return_tainted_result: Returning tainted result of "__arch_swab32".
/pacemaker/lib/common/remote.c:120: tainted_data_transitive: Calling function "__fswab32" with tainted argument "header->payload_offset" results in tainted data.
/usr/include/linux/swab.h:60: tainted_data_return: "__arch_swab32" returns tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: tainted_data_transitive: Calling function "__arch_swab32" with tainted argument "val" results in tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: return_tainted_result: Returning tainted result of "__arch_swab32".
/pacemaker/lib/common/remote.c:120: var_assign_alias: Assigning: "header->payload_offset" = "(__u32)(0 ? (__u32)((((__u32)header->payload_offset & 0xffU) << 24) | (((__u32)header->payload_offset & 0xff00U) << 8) | (((__u32)header->payload_offset & 0xff0000U) >> 8) | (((__u32)header->payload_offset & 0xff000000U) >> 24)) : __fswab32(header->payload_offset))", which taints "header->payload_offset".
/pacemaker/lib/common/remote.c:121: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:122: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:125: return_tainted_data: Returning tainted data "header".
/pacemaker/lib/common/remote.c:295: tainted_data_transitive: Calling function "localized_remote_header" with tainted argument "*remote->buffer" taints "localized_remote_header(remote)->payload_offset".
/pacemaker/lib/common/remote.c:100: path: Condition "remote->buffer_offset < 40UL /* sizeof (struct remote_header_v0) */", taking false branch.
/pacemaker/lib/common/remote.c:103: path: Condition "header->endian != 3134905277U", taking true branch.
/pacemaker/lib/common/remote.c:106: path: Condition "!(endian == 3134905277U)", taking false branch.
/pacemaker/lib/common/remote.c:107: path: Condition "endian != 3134905277U", taking false branch.
/pacemaker/lib/common/remote.c:114: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:115: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:116: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:118: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:119: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:120: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:120: tainted_data_return: "__fswab32" returns tainted data.
/usr/include/linux/swab.h:60: tainted_data_return: "__arch_swab32" returns tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: tainted_data_transitive: Calling function "__arch_swab32" with tainted argument "val" results in tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: return_tainted_result: Returning tainted result of "__arch_swab32".
/pacemaker/lib/common/remote.c:120: tainted_data_transitive: Calling function "__fswab32" with tainted argument "header->payload_offset" results in tainted data.
/usr/include/linux/swab.h:60: tainted_data_return: "__arch_swab32" returns tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: tainted_data_transitive: Calling function "__arch_swab32" with tainted argument "val" results in tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: return_tainted_result: Returning tainted result of "__arch_swab32".
/pacemaker/lib/common/remote.c:120: var_assign_alias: Assigning: "header->payload_offset" = "(__u32)(0 ? (__u32)((((__u32)header->payload_offset & 0xffU) << 24) | (((__u32)header->payload_offset & 0xff00U) << 8) | (((__u32)header->payload_offset & 0xff0000U) >> 8) | (((__u32)header->payload_offset & 0xff000000U) >> 24)) : __fswab32(header->payload_offset))", which taints "header->payload_offset".
/pacemaker/lib/common/remote.c:121: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:122: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:125: return_tainted_data: Returning tainted data "header".
/pacemaker/lib/common/remote.c:295: var_assign: Assigning: "header" = "localized_remote_header(remote)", which taints "header->payload_offset".
/pacemaker/lib/common/remote.c:297: path: Condition "header == NULL", taking false branch.
/pacemaker/lib/common/remote.c:302: path: Condition "header->payload_compressed", taking true branch.
/pacemaker/lib/common/remote.c:308: path: Switch case default.
/pacemaker/lib/common/remote.c:308: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/common/remote.c:308: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/common/remote.c:308: path: Breaking from switch.
/pacemaker/lib/common/remote.c:316: path: Condition "rc != pcmk_rc_ok", taking false branch.
/pacemaker/lib/common/remote.c:322: path: Condition "rc != pcmk_rc_ok", taking false branch.
/pacemaker/lib/common/remote.c:329: path: Condition "!(size_u == header->payload_uncompressed)", taking false branch.
/pacemaker/lib/common/remote.c:331: taint_sink_lv_call: Passing tainted expression "header->payload_offset" to taint sink "memcpy".
/pacemaker/lib/cib/cib_remote.c:242: remediation: Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range.

Error: TAINTED_STRING (CWE-20): [#def14]
/pacemaker/daemons/execd/remoted_pidone.c:104: path: Condition "fp != NULL", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:107: tainted_argument: Calling function "fgets" taints argument "*line".
/pacemaker/daemons/execd/remoted_pidone.c:107: path: Condition "fgets(line, 2048, fp) != NULL", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:114: tainted_data_transitive: Call to function "find_env_var_name" with tainted argument "line" transitively taints "*name".
/pacemaker/daemons/execd/remoted_pidone.c:79: parm_assign: Assigning: "*first" = "line", which taints "*first".
/pacemaker/daemons/execd/remoted_pidone.c:80: path: Condition "*__ctype_b_loc()[(int)**first] & 8192 /* (unsigned short)_ISspace */", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:82: path: Jumping back to the beginning of the loop.
/pacemaker/daemons/execd/remoted_pidone.c:80: path: Condition "*__ctype_b_loc()[(int)**first] & 8192 /* (unsigned short)_ISspace */", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:84: path: Condition "*__ctype_b_loc()[(int)**first] & 1024 /* (unsigned short)_ISalpha */", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:86: path: Condition "*__ctype_b_loc()[(int)*last[1]] & 8 /* (unsigned short)_ISalnum */", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:86: path: Condition "*last[1] == '_'", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:114: path: Condition "find_env_var_name(line, &name, &end)", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:114: path: Condition "*++end == '='", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:120: path: Condition "*end == '\''", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:125: path: Condition "quote", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:129: path: Condition "*end != *quote", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:129: path: Condition "*end != 0", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:132: path: Jumping back to the beginning of the loop.
/pacemaker/daemons/execd/remoted_pidone.c:129: path: Condition "*end != *quote", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:129: path: Condition "*(end - 1) == '\\'", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:133: path: Condition "*end == *quote", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:136: path: Falling through to end of if statement.
/pacemaker/daemons/execd/remoted_pidone.c:141: path: Falling through to end of if statement.
/pacemaker/daemons/execd/remoted_pidone.c:162: path: Condition "value", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:165: path: Condition "*__ctype_b_loc()[(int)*end] & 8192 /* (unsigned short)_ISspace */", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:165: path: Condition "*end != 10", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:168: path: Condition "*end == 10", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:169: path: Condition "quote == NULL", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:175: tainted_string: Passing tainted string "*name" to "setenv", which cannot accept tainted data.
/pacemaker/daemons/execd/remoted_pidone.c:175: remediation: Ensure tainted data is properly sanitized, for instance by using a whitelist of permissible characters.

Error: TAINTED_STRING (CWE-20): [#def15]
/pacemaker/daemons/execd/remoted_pidone.c:104: path: Condition "fp != NULL", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:107: tainted_argument: Calling function "fgets" taints argument "*line".
/pacemaker/daemons/execd/remoted_pidone.c:107: path: Condition "fgets(line, 2048, fp) != NULL", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:114: tainted_data_transitive: Call to function "find_env_var_name" with tainted argument "line" transitively taints "*end".
/pacemaker/daemons/execd/remoted_pidone.c:79: var_assign_parm: Assigning: "*first" = "line".
/pacemaker/daemons/execd/remoted_pidone.c:80: path: Condition "*__ctype_b_loc()[(int)**first] & 8192 /* (unsigned short)_ISspace */", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:82: path: Jumping back to the beginning of the loop.
/pacemaker/daemons/execd/remoted_pidone.c:80: path: Condition "*__ctype_b_loc()[(int)**first] & 8192 /* (unsigned short)_ISspace */", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:84: path: Condition "*__ctype_b_loc()[(int)**first] & 1024 /* (unsigned short)_ISalpha */", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:85: parm_assign: Assigning: "*last" = "*first", which taints "**last".
/pacemaker/daemons/execd/remoted_pidone.c:86: path: Condition "*__ctype_b_loc()[(int)*last[1]] & 8 /* (unsigned short)_ISalnum */", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:86: path: Condition "*last[1] == '_'", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:114: path: Condition "find_env_var_name(line, &name, &end)", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:114: path: Condition "*++end == '='", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:120: path: Condition "*end == '\''", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:123: var_assign_var: Assigning: "value" = "end". Both are now tainted.
/pacemaker/daemons/execd/remoted_pidone.c:125: path: Condition "quote", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:129: path: Condition "*end != *quote", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:129: path: Condition "*end != 0", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:132: path: Jumping back to the beginning of the loop.
/pacemaker/daemons/execd/remoted_pidone.c:129: path: Condition "*end != *quote", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:129: path: Condition "*(end - 1) == '\\'", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:133: path: Condition "*end == *quote", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:136: path: Falling through to end of if statement.
/pacemaker/daemons/execd/remoted_pidone.c:141: path: Falling through to end of if statement.
/pacemaker/daemons/execd/remoted_pidone.c:162: path: Condition "value", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:165: path: Condition "*__ctype_b_loc()[(int)*end] & 8192 /* (unsigned short)_ISspace */", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:165: path: Condition "*end != 10", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:168: path: Condition "*end == 10", taking true branch.
/pacemaker/daemons/execd/remoted_pidone.c:169: path: Condition "quote == NULL", taking false branch.
/pacemaker/daemons/execd/remoted_pidone.c:175: tainted_string: Passing tainted string "*value" to "setenv", which cannot accept tainted data.
/pacemaker/daemons/execd/remoted_pidone.c:175: remediation: Ensure tainted data is properly sanitized, for instance by using a whitelist of permissible characters.

Error: TOCTOU (CWE-367): [#def16]
/pacemaker/daemons/execd/remoted_schemas.c:51: fs_check_call: Calling function "stat" to perform check on "remote_schema_dir".
/pacemaker/daemons/execd/remoted_schemas.c:53: path: Condition "rc == -1", taking true branch.
/pacemaker/daemons/execd/remoted_schemas.c:54: path: Condition "*__errno_location() == 2", taking true branch.
/pacemaker/daemons/execd/remoted_schemas.c:56: toctou: Calling function "mkdir" that uses "remote_schema_dir" after a check function. This can cause a time-of-check, time-of-use race condition.

Error: TOCTOU (CWE-367): [#def17]
/pacemaker/daemons/execd/remoted_schemas.c:51: fs_check_call: Calling function "stat" to perform check on "remote_schema_dir".
/pacemaker/daemons/execd/remoted_schemas.c:53: path: Condition "rc == -1", taking false branch.
/pacemaker/daemons/execd/remoted_schemas.c:68: path: Condition "!((sb.st_mode & 61440) == 16384)", taking false branch.
/pacemaker/daemons/execd/remoted_schemas.c:78: toctou: Calling function "nftw" that uses "remote_schema_dir" after a check function. This can cause a time-of-check, time-of-use race condition.