Scan Results

List of Findings

Error: TAINTED_SCALAR (CWE-20): [#def1]
/pacemaker/lib/cib/cib_remote.c:218: path: Condition "private->start_time == 0", taking true branch.
/pacemaker/lib/cib/cib_remote.c:222: tainted_argument: Calling function "pcmk__read_available_remote_data" taints argument "*private->callback.buffer".
/pacemaker/lib/common/remote.c:818: path: Condition "header", taking false branch.
/pacemaker/lib/common/remote.c:823: path: Condition "read_len > 20971520UL /* 20 * 1024 * 1024 */", taking false branch.
/pacemaker/lib/common/remote.c:830: path: Condition "remote->buffer_size < read_len", taking true branch.
/pacemaker/lib/common/remote.c:832: path: Switch case default.
/pacemaker/lib/common/remote.c:832: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/common/remote.c:832: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/common/remote.c:832: path: Breaking from switch.
/pacemaker/lib/common/remote.c:838: path: Condition "!received", taking true branch.
/pacemaker/lib/common/remote.c:838: path: Condition "remote->tls_session", taking false branch.
/pacemaker/lib/common/remote.c:855: path: Condition "!received", taking true branch.
/pacemaker/lib/common/remote.c:855: path: Condition "remote->tcp_socket", taking true branch.
/pacemaker/lib/common/remote.c:856: tainted_data_argument: Calling function "read" taints parameter "remote->buffer[remote->buffer_offset]".
/pacemaker/lib/common/remote.c:859: path: Condition "read_rc < 0", taking false branch.
/pacemaker/lib/common/remote.c:865: path: Condition "!received", taking false branch.
/pacemaker/lib/common/remote.c:871: path: Condition "read_rc > 0", taking true branch.
/pacemaker/lib/common/remote.c:875: path: Switch case default.
/pacemaker/lib/common/remote.c:875: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/common/remote.c:875: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/common/remote.c:875: path: Breaking from switch.
/pacemaker/lib/common/remote.c:879: path: Falling through to end of if statement.
/pacemaker/lib/common/remote.c:896: path: Condition "header", taking true branch.
/pacemaker/lib/common/remote.c:897: path: Condition "remote->buffer_offset < header->size_total", taking true branch.
/pacemaker/lib/common/remote.c:898: path: Switch case default.
/pacemaker/lib/common/remote.c:898: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/common/remote.c:898: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/common/remote.c:898: path: Breaking from switch.
/pacemaker/lib/common/remote.c:901: path: Falling through to end of if statement.
/pacemaker/lib/cib/cib_remote.c:223: path: Switch case value "pcmk_rc_ok".
/pacemaker/lib/cib/cib_remote.c:226: path: Breaking from switch.
/pacemaker/lib/cib/cib_remote.c:246: tainted_data: Passing tainted expression "*private->callback.buffer" to "pcmk__remote_message_xml", which uses it as an offset.
/pacemaker/lib/common/remote.c:625: path: Condition "header == NULL", taking false branch.
/pacemaker/lib/common/remote.c:630: path: Condition "header->payload_compressed != 0", taking true branch.
/pacemaker/lib/common/remote.c:660: path: Condition "header->payload_offset > 18446744073709551615UL - size_u", taking false branch.
/pacemaker/lib/common/remote.c:669: path: Condition "buffer_size > 20971520UL /* 20 * 1024 * 1024 */", taking false branch.
/pacemaker/lib/common/remote.c:675: path: Switch case default.
/pacemaker/lib/common/remote.c:675: path: Condition "trace_cs == NULL", taking true branch.
/pacemaker/lib/common/remote.c:675: path: Condition "crm_is_callsite_active(trace_cs, _level, 0)", taking false branch.
/pacemaker/lib/common/remote.c:675: path: Breaking from switch.
/pacemaker/lib/common/remote.c:686: path: Condition "rc != pcmk_rc_ok", taking false branch.
/pacemaker/lib/common/remote.c:692: path: Condition "rc != pcmk_rc_ok", taking false branch.
/pacemaker/lib/common/remote.c:699: path: Condition "!(size_u == header->payload_uncompressed)", taking false branch.
/pacemaker/lib/common/remote.c:706: tainted_data_return: "localized_remote_header" returns tainted data.
/pacemaker/lib/common/remote.c:103: path: Condition "remote == NULL", taking false branch.
/pacemaker/lib/common/remote.c:103: path: Condition "remote->buffer == NULL", taking false branch.
/pacemaker/lib/common/remote.c:103: path: Condition "remote->buffer_offset < 40UL /* sizeof (struct remote_header_v0) */", taking false branch.
/pacemaker/lib/common/remote.c:111: path: Condition "header->endian != 3134905277U", taking true branch.
/pacemaker/lib/common/remote.c:114: path: Condition "!(endian == 3134905277U)", taking false branch.
/pacemaker/lib/common/remote.c:115: path: Condition "endian != 3134905277U", taking false branch.
/pacemaker/lib/common/remote.c:122: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:123: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:124: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:126: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:127: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:128: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:129: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:130: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:130: tainted_data_return: "__fswab32" returns tainted data.
/usr/include/linux/swab.h:60: tainted_data_return: "__arch_swab32" returns tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: tainted_data_transitive: Calling function "__arch_swab32" with tainted argument "val" results in tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: return_tainted_result: Returning tainted result of "__arch_swab32".
/pacemaker/lib/common/remote.c:130: tainted_data_transitive: Calling function "__fswab32" with tainted argument "header->payload_uncompressed" results in tainted data.
/usr/include/linux/swab.h:60: tainted_data_return: "__arch_swab32" returns tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: tainted_data_transitive: Calling function "__arch_swab32" with tainted argument "val" results in tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: return_tainted_result: Returning tainted result of "__arch_swab32".
/pacemaker/lib/common/remote.c:130: var_assign_alias: Assigning: "header->payload_uncompressed" = "0 ? (__u32)((((__u32)header->payload_uncompressed & 0xffU) << 24) | (((__u32)header->payload_uncompressed & 0xff00U) << 8) | (((__u32)header->payload_uncompressed & 0xff0000U) >> 8) | (((__u32)header->payload_uncompressed & 0xff000000U) >> 24)) : __fswab32(header->payload_uncompressed)", which taints "header->payload_uncompressed".
/pacemaker/lib/common/remote.c:134: path: Condition "header->payload_offset != 40UL /* sizeof (struct remote_header_v0) */", taking false branch.
/pacemaker/lib/common/remote.c:141: path: Condition "header->payload_compressed != 0", taking true branch.
/pacemaker/lib/common/remote.c:142: path: Condition "header->payload_compressed > 18446744073709551615UL - header->payload_offset", taking false branch.
/pacemaker/lib/common/remote.c:151: path: Falling through to end of if statement.
/pacemaker/lib/common/remote.c:162: path: Condition "expected_size != header->size_total", taking false branch.
/pacemaker/lib/common/remote.c:168: return_tainted_data: Returning tainted data "header".
/pacemaker/lib/common/remote.c:706: tainted_data_transitive: Calling function "localized_remote_header" with tainted argument "*remote->buffer" taints "localized_remote_header(remote)->payload_uncompressed".
/pacemaker/lib/common/remote.c:103: path: Condition "remote == NULL", taking false branch.
/pacemaker/lib/common/remote.c:103: path: Condition "remote->buffer == NULL", taking false branch.
/pacemaker/lib/common/remote.c:103: path: Condition "remote->buffer_offset < 40UL /* sizeof (struct remote_header_v0) */", taking false branch.
/pacemaker/lib/common/remote.c:111: path: Condition "header->endian != 3134905277U", taking true branch.
/pacemaker/lib/common/remote.c:114: path: Condition "!(endian == 3134905277U)", taking false branch.
/pacemaker/lib/common/remote.c:115: path: Condition "endian != 3134905277U", taking false branch.
/pacemaker/lib/common/remote.c:122: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:123: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:124: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:126: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:127: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:128: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:129: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:130: path: Condition "0", taking false branch.
/pacemaker/lib/common/remote.c:130: tainted_data_return: "__fswab32" returns tainted data.
/usr/include/linux/swab.h:60: tainted_data_return: "__arch_swab32" returns tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: tainted_data_transitive: Calling function "__arch_swab32" with tainted argument "val" results in tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: return_tainted_result: Returning tainted result of "__arch_swab32".
/pacemaker/lib/common/remote.c:130: tainted_data_transitive: Calling function "__fswab32" with tainted argument "header->payload_uncompressed" results in tainted data.
/usr/include/linux/swab.h:60: tainted_data_return: "__arch_swab32" returns tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: tainted_data_transitive: Calling function "__arch_swab32" with tainted argument "val" results in tainted data.
/usr/include/asm/swab.h:10: byte_swapping: Performing a byte swapping operation on "val" implies that it came from an external source, and is therefore tainted.
/usr/include/asm/swab.h:11: return_tainted_data: Returning tainted data "val".
/usr/include/linux/swab.h:60: return_tainted_result: Returning tainted result of "__arch_swab32".
/pacemaker/lib/common/remote.c:130: var_assign_alias: Assigning: "header->payload_uncompressed" = "0 ? (__u32)((((__u32)header->payload_uncompressed & 0xffU) << 24) | (((__u32)header->payload_uncompressed & 0xff00U) << 8) | (((__u32)header->payload_uncompressed & 0xff0000U) >> 8) | (((__u32)header->payload_uncompressed & 0xff000000U) >> 24)) : __fswab32(header->payload_uncompressed)", which taints "header->payload_uncompressed".
/pacemaker/lib/common/remote.c:134: path: Condition "header->payload_offset != 40UL /* sizeof (struct remote_header_v0) */", taking false branch.
/pacemaker/lib/common/remote.c:141: path: Condition "header->payload_compressed != 0", taking true branch.
/pacemaker/lib/common/remote.c:142: path: Condition "header->payload_compressed > 18446744073709551615UL - header->payload_offset", taking false branch.
/pacemaker/lib/common/remote.c:151: path: Falling through to end of if statement.
/pacemaker/lib/common/remote.c:162: path: Condition "expected_size != header->size_total", taking false branch.
/pacemaker/lib/common/remote.c:168: return_tainted_data: Returning tainted data "header".
/pacemaker/lib/common/remote.c:706: var_assign: Assigning: "header" = "localized_remote_header(remote)", which taints "header->payload_uncompressed".
/pacemaker/lib/common/remote.c:712: data_index: Using tainted expression "40UL + header->payload_uncompressed - 1UL" as an index to pointer "remote->buffer".
/pacemaker/lib/cib/cib_remote.c:246: remediation: Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range.