List of Defects Error: RESOURCE_LEAK (CWE-772): [#def1] rsync-3.1.3/access.c:264: alloc_fn: Storage is returned from allocation function "lp_hosts_allow". rsync-3.1.3/loadparm.c:477:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:477:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/access.c:264: var_assign: Assigning: "allow_list" = storage returned from "lp_hosts_allow(i)". rsync-3.1.3/access.c:268: overwrite_var: Overwriting "allow_list" in "allow_list = NULL" leaks the storage that "allow_list" points to. # 266| # 267| if (allow_list && !*allow_list) # 268|-> allow_list = NULL; # 269| if (deny_list && !*deny_list) # 270| deny_list = NULL; Error: RESOURCE_LEAK (CWE-772): [#def2] rsync-3.1.3/access.c:265: alloc_fn: Storage is returned from allocation function "lp_hosts_deny". rsync-3.1.3/loadparm.c:478:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:478:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/access.c:265: var_assign: Assigning: "deny_list" = storage returned from "lp_hosts_deny(i)". rsync-3.1.3/access.c:270: overwrite_var: Overwriting "deny_list" in "deny_list = NULL" leaks the storage that "deny_list" points to. # 268| allow_list = NULL; # 269| if (deny_list && !*deny_list) # 270|-> deny_list = NULL; # 271| # 272| allow_forward_dns = lp_forward_lookup(i); Error: RESOURCE_LEAK (CWE-772): [#def3] rsync-3.1.3/access.c:264: alloc_fn: Storage is returned from allocation function "lp_hosts_allow". rsync-3.1.3/loadparm.c:477:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:477:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/access.c:264: var_assign: Assigning: "allow_list" = storage returned from "lp_hosts_allow(i)". rsync-3.1.3/access.c:276: noescape: Resource "allow_list" is not freed or pointed-to in "access_match". rsync-3.1.3/access.c:241:37: noescape: "access_match(char const *, char const *, char const **)" does not free or save its parameter "list". rsync-3.1.3/access.c:277: leaked_storage: Variable "allow_list" going out of scope leaks the storage it points to. # 275| if (allow_list) { # 276| if (access_match(allow_list, addr, host_ptr)) # 277|-> return 1; # 278| /* For an allow-list w/o a deny-list, disallow non-matches. */ # 279| if (!deny_list) Error: RESOURCE_LEAK (CWE-772): [#def4] rsync-3.1.3/access.c:264: alloc_fn: Storage is returned from allocation function "lp_hosts_allow". rsync-3.1.3/loadparm.c:477:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:477:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/access.c:264: var_assign: Assigning: "allow_list" = storage returned from "lp_hosts_allow(i)". rsync-3.1.3/access.c:276: noescape: Resource "allow_list" is not freed or pointed-to in "access_match". rsync-3.1.3/access.c:241:37: noescape: "access_match(char const *, char const *, char const **)" does not free or save its parameter "list". rsync-3.1.3/access.c:280: leaked_storage: Variable "allow_list" going out of scope leaks the storage it points to. # 278| /* For an allow-list w/o a deny-list, disallow non-matches. */ # 279| if (!deny_list) # 280|-> return 0; # 281| } # 282| Error: RESOURCE_LEAK (CWE-772): [#def5] rsync-3.1.3/access.c:265: alloc_fn: Storage is returned from allocation function "lp_hosts_deny". rsync-3.1.3/loadparm.c:478:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:478:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/access.c:265: var_assign: Assigning: "deny_list" = storage returned from "lp_hosts_deny(i)". rsync-3.1.3/access.c:285: noescape: Resource "deny_list" is not freed or pointed-to in "access_match". rsync-3.1.3/access.c:241:37: noescape: "access_match(char const *, char const *, char const **)" does not free or save its parameter "list". rsync-3.1.3/access.c:286: leaked_storage: Variable "deny_list" going out of scope leaks the storage it points to. # 284| * items), we always disallow access. */ # 285| if (deny_list && access_match(deny_list, addr, host_ptr)) # 286|-> return 0; # 287| # 288| /* Allow all other access. */ Error: RESOURCE_LEAK (CWE-772): [#def6] rsync-3.1.3/access.c:265: alloc_fn: Storage is returned from allocation function "lp_hosts_deny". rsync-3.1.3/loadparm.c:478:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:478:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/access.c:265: var_assign: Assigning: "deny_list" = storage returned from "lp_hosts_deny(i)". rsync-3.1.3/access.c:285: noescape: Resource "deny_list" is not freed or pointed-to in "access_match". rsync-3.1.3/access.c:241:37: noescape: "access_match(char const *, char const *, char const **)" does not free or save its parameter "list". rsync-3.1.3/access.c:289: leaked_storage: Variable "deny_list" going out of scope leaks the storage it points to. # 287| # 288| /* Allow all other access. */ # 289|-> return 1; # 290| } Error: RESOURCE_LEAK (CWE-772): [#def7] rsync-3.1.3/authenticate.c:103: alloc_fn: Storage is returned from allocation function "lp_secrets_file". rsync-3.1.3/loadparm.c:491:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:491:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/authenticate.c:103: var_assign: Assigning: "fname" = storage returned from "lp_secrets_file(module)". rsync-3.1.3/authenticate.c:111: noescape: Resource "fname" is not freed or pointed-to in "fopen". rsync-3.1.3/authenticate.c:112: leaked_storage: Variable "fname" going out of scope leaks the storage it points to. # 110| # 111| if (!fname || !*fname || (fh = fopen(fname, "r")) == NULL) # 112|-> return "no secrets file"; # 113| # 114| if (do_fstat(fileno(fh), &st) == -1) { Error: RESOURCE_LEAK (CWE-772): [#def8] rsync-3.1.3/authenticate.c:103: alloc_fn: Storage is returned from allocation function "lp_secrets_file". rsync-3.1.3/loadparm.c:491:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:491:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/authenticate.c:103: var_assign: Assigning: "fname" = storage returned from "lp_secrets_file(module)". rsync-3.1.3/authenticate.c:111: noescape: Resource "fname" is not freed or pointed-to in "fopen". rsync-3.1.3/authenticate.c:128: leaked_storage: Variable "fname" going out of scope leaks the storage it points to. # 126| if (!ok) { # 127| fclose(fh); # 128|-> return "ignoring secrets file"; # 129| } # 130| Error: RESOURCE_LEAK (CWE-772): [#def9] rsync-3.1.3/authenticate.c:103: alloc_fn: Storage is returned from allocation function "lp_secrets_file". rsync-3.1.3/loadparm.c:491:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:491:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/authenticate.c:103: var_assign: Assigning: "fname" = storage returned from "lp_secrets_file(module)". rsync-3.1.3/authenticate.c:111: noescape: Resource "fname" is not freed or pointed-to in "fopen". rsync-3.1.3/authenticate.c:134: leaked_storage: Variable "fname" going out of scope leaks the storage it points to. # 132| /* Reject attempt to match a comment. */ # 133| fclose(fh); # 134|-> return "invalid username"; # 135| } # 136| Error: RESOURCE_LEAK (CWE-772): [#def10] rsync-3.1.3/authenticate.c:103: alloc_fn: Storage is returned from allocation function "lp_secrets_file". rsync-3.1.3/loadparm.c:491:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:491:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/authenticate.c:103: var_assign: Assigning: "fname" = storage returned from "lp_secrets_file(module)". rsync-3.1.3/authenticate.c:111: noescape: Resource "fname" is not freed or pointed-to in "fopen". rsync-3.1.3/authenticate.c:168: leaked_storage: Variable "fname" going out of scope leaks the storage it points to. # 166| memset(pass2, 0, sizeof pass2); # 167| # 168|-> return err; # 169| } # 170| Error: RESOURCE_LEAK (CWE-772): [#def11] rsync-3.1.3/authenticate.c:226: alloc_fn: Storage is returned from allocation function "lp_auth_users". rsync-3.1.3/loadparm.c:469:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:469:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/authenticate.c:226: var_assign: Assigning: "users" = storage returned from "lp_auth_users(module)". rsync-3.1.3/authenticate.c:238: leaked_storage: Variable "users" going out of scope leaks the storage it points to. # 236| /* if no auth list then allow anyone in! */ # 237| if (!users || !*users) # 238|-> return ""; # 239| # 240| gen_challenge(addr, challenge); Error: RESOURCE_LEAK (CWE-772): [#def12] rsync-3.1.3/authenticate.c:246: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/authenticate.c:246: noescape: Resource "lp_name(module)" is not freed or pointed-to in "rprintf". rsync-3.1.3/authenticate.c:246: leaked_storage: Failing to save or free storage allocated by "lp_name(module)" leaks it. # 244| if (!read_line_old(f_in, line, sizeof line, 0) # 245| || (pass = strchr(line, ' ')) == NULL) { # 246|-> rprintf(FLOG, "auth failed on module %s from %s (%s): " # 247| "invalid challenge response\n", # 248| lp_name(module), host, addr); Error: RESOURCE_LEAK (CWE-772): [#def13] rsync-3.1.3/authenticate.c:226: alloc_fn: Storage is returned from allocation function "lp_auth_users". rsync-3.1.3/loadparm.c:469:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:469:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/authenticate.c:226: var_assign: Assigning: "users" = storage returned from "lp_auth_users(module)". rsync-3.1.3/authenticate.c:249: leaked_storage: Variable "users" going out of scope leaks the storage it points to. # 247| "invalid challenge response\n", # 248| lp_name(module), host, addr); # 249|-> return NULL; # 250| } # 251| *pass++ = '\0'; Error: RESOURCE_LEAK (CWE-772): [#def14] rsync-3.1.3/authenticate.c:226: alloc_fn: Storage is returned from allocation function "lp_auth_users". rsync-3.1.3/loadparm.c:469:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:469:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/authenticate.c:226: var_assign: Assigning: "users" = storage returned from "lp_auth_users(module)". rsync-3.1.3/authenticate.c:253: noescape: Resource "users" is not freed or pointed-to in "strdup". rsync-3.1.3/authenticate.c:253: overwrite_var: Overwriting "users" in "users = strdup(users)" leaks the storage that "users" points to. # 251| *pass++ = '\0'; # 252| # 253|-> if (!(users = strdup(users))) # 254| out_of_memory("auth_server"); # 255| Error: RESOURCE_LEAK (CWE-772): [#def15] rsync-3.1.3/authenticate.c:334: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/authenticate.c:334: noescape: Resource "lp_name(module)" is not freed or pointed-to in "rprintf". rsync-3.1.3/authenticate.c:334: leaked_storage: Failing to save or free storage allocated by "lp_name(module)" leaks it. # 332| # 333| if (err) { # 334|-> rprintf(FLOG, "auth failed on module %s from %s (%s) for %s: %s\n", # 335| lp_name(module), host, addr, line, err); # 336| return NULL; Error: RESOURCE_LEAK (CWE-772): [#def16] rsync-3.1.3/batch.c:270: alloc_arg: "check_for_hostspec" allocates memory that is stored into "p". rsync-3.1.3/options.c:2911:3: alloc_fn: Storage is returned from allocation function "parse_hostspec". rsync-3.1.3/options.c:2892:2: alloc_fn: Storage is returned from allocation function "_new_array". rsync-3.1.3/util2.c:68:2: alloc_fn: Storage is returned from allocation function "calloc". rsync-3.1.3/util2.c:68:2: return_alloc_fn: Directly returning storage allocated by "calloc". rsync-3.1.3/options.c:2892:2: var_assign: Assigning: "ret" = "_new_array(userlen + hostlen + 1, 1U, 0)". rsync-3.1.3/options.c:2896:2: return_alloc: Returning allocated memory "ret". rsync-3.1.3/options.c:2911:3: var_assign: Assigning: "*host_ptr" = "parse_hostspec(s + strlen("rsync://"), &path, port_ptr)". rsync-3.1.3/batch.c:270: overwrite_var: Overwriting "p" in "p = check_for_hostspec(argv[argc - 1], &p, &i)" leaks the storage that "p" points to. # 268| } # 269| } # 270|-> if (!(p = check_for_hostspec(argv[argc - 1], &p, &i))) # 271| p = argv[argc - 1]; # 272| if (write(fd, " ${1:-", 6) != 6 Error: RESOURCE_LEAK (CWE-772): [#def17] rsync-3.1.3/cleanup.c:209: alloc_fn: Storage is returned from allocation function "lp_pid_file". rsync-3.1.3/loadparm.c:463:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:463:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/cleanup.c:209: noescape: Resource "lp_pid_file()" is not freed or pointed-to in "unlink". rsync-3.1.3/cleanup.c:209: leaked_storage: Failing to save or free storage allocated by "lp_pid_file()" leaks it. # 207| char *pidf = lp_pid_file(); # 208| if (pidf && *pidf) # 209|-> unlink(lp_pid_file()); # 210| } # 211| Error: RESOURCE_LEAK (CWE-772): [#def18] rsync-3.1.3/cleanup.c:207: alloc_fn: Storage is returned from allocation function "lp_pid_file". rsync-3.1.3/loadparm.c:463:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:463:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/cleanup.c:207: var_assign: Assigning: "pidf" = storage returned from "lp_pid_file()". rsync-3.1.3/cleanup.c:210: leaked_storage: Variable "pidf" going out of scope leaks the storage it points to. # 208| if (pidf && *pidf) # 209| unlink(lp_pid_file()); # 210|-> } # 211| # 212| if (exit_code == 0) { Error: RESOURCE_LEAK (CWE-772): [#def19] rsync-3.1.3/clientserver.c:151: alloc_fn: Storage is returned from allocation function "lp_motd_file". rsync-3.1.3/loadparm.c:462:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:462:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:151: var_assign: Assigning: "motd" = storage returned from "lp_motd_file()". rsync-3.1.3/clientserver.c:153: noescape: Resource "motd" is not freed or pointed-to in "fopen". rsync-3.1.3/clientserver.c:169: leaked_storage: Variable "motd" going out of scope leaks the storage it points to. # 167| if (am_client) # 168| rprintf(FERROR, "rsync: did not see server greeting\n"); # 169|-> return -1; # 170| } # 171| Error: RESOURCE_LEAK (CWE-772): [#def20] rsync-3.1.3/clientserver.c:233: alloc_fn: Storage is returned from allocation function "_new_array". rsync-3.1.3/util2.c:68:2: alloc_fn: Storage is returned from allocation function "calloc". rsync-3.1.3/util2.c:68:2: return_alloc_fn: Directly returning storage allocated by "calloc". rsync-3.1.3/clientserver.c:233: var_assign: Assigning: "modname" = storage returned from "_new_array(modlen + 1 + 1, 1U, 0)". rsync-3.1.3/clientserver.c:235: noescape: Resource "modname" is not freed or pointed-to in "strlcpy". rsync-3.1.3/lib/compat.c:110:23: noescape: "strlcpy(char *, char const *, size_t)" does not free or save its parameter "d". rsync-3.1.3/clientserver.c:245: leaked_storage: Variable "modname" going out of scope leaks the storage it points to. # 243| # 244| if (exchange_protocols(f_in, f_out, line, sizeof line, 1) < 0) # 245|-> return -1; # 246| # 247| /* set daemon_over_rsh to false since we need to build the Error: RESOURCE_LEAK (CWE-772): [#def21] rsync-3.1.3/clientserver.c:520: alloc_fn: Storage is returned from allocation function "lp_charset". rsync-3.1.3/loadparm.c:470:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:470:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:520: var_assign: Assigning: "iconv_opt" = storage returned from "lp_charset(i)". rsync-3.1.3/clientserver.c:523: overwrite_var: Overwriting "iconv_opt" in "iconv_opt = NULL" leaks the storage that "iconv_opt" points to. # 521| if (*iconv_opt) # 522| setup_iconv(); # 523|-> iconv_opt = NULL; # 524| #endif # 525| Error: RESOURCE_LEAK (CWE-772): [#def22] rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". rsync-3.1.3/clientserver.c:534: noescape: Resource "name" is not freed or pointed-to in "rprintf". rsync-3.1.3/clientserver.c:537: noescape: Resource "name" is not freed or pointed-to in "io_printf". rsync-3.1.3/clientserver.c:543: leaked_storage: Variable "name" going out of scope leaks the storage it points to. # 541| name, host, addr); # 542| } # 543|-> return -1; # 544| } # 545| Error: RESOURCE_LEAK (CWE-772): [#def23] rsync-3.1.3/clientserver.c:551: alloc_fn: Storage is returned from allocation function "lp_lock_file". rsync-3.1.3/loadparm.c:482:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:482:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:551: noescape: Resource "lp_lock_file(i)" is not freed or pointed-to in "claim_connection". rsync-3.1.3/connection.c:25:28: noescape: "claim_connection(char *, int)" does not free or save its parameter "fname". rsync-3.1.3/clientserver.c:551: leaked_storage: Failing to save or free storage allocated by "lp_lock_file(i)" leaks it. # 549| } # 550| # 551|-> if (!claim_connection(lp_lock_file(i), lp_max_connections(i))) { # 552| if (errno) { # 553| rsyserr(FLOG, errno, "failed to open lock file %s", Error: RESOURCE_LEAK (CWE-772): [#def24] rsync-3.1.3/clientserver.c:553: alloc_fn: Storage is returned from allocation function "lp_lock_file". rsync-3.1.3/loadparm.c:482:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:482:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:553: noescape: Resource "lp_lock_file(i)" is not freed or pointed-to in "rsyserr". rsync-3.1.3/clientserver.c:553: leaked_storage: Failing to save or free storage allocated by "lp_lock_file(i)" leaks it. # 551| if (!claim_connection(lp_lock_file(i), lp_max_connections(i))) { # 552| if (errno) { # 553|-> rsyserr(FLOG, errno, "failed to open lock file %s", # 554| lp_lock_file(i)); # 555| io_printf(f_out, "@ERROR: failed to open lock file\n"); Error: RESOURCE_LEAK (CWE-772): [#def25] rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". rsync-3.1.3/clientserver.c:562: leaked_storage: Variable "name" going out of scope leaks the storage it points to. # 560| lp_max_connections(i)); # 561| } # 562|-> return -1; # 563| } # 564| Error: RESOURCE_LEAK (CWE-772): [#def26] rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". rsync-3.1.3/clientserver.c:569: noescape: Resource "name" is not freed or pointed-to in "io_printf". rsync-3.1.3/clientserver.c:570: leaked_storage: Variable "name" going out of scope leaks the storage it points to. # 568| if (!auth_user) { # 569| io_printf(f_out, "@ERROR: auth failed on module %s\n", name); # 570|-> return -1; # 571| } # 572| set_env_str("RSYNC_USER_NAME", auth_user); Error: RESOURCE_LEAK (CWE-772): [#def27] rsync-3.1.3/clientserver.c:586: alloc_fn: Storage is returned from allocation function "lp_uid". rsync-3.1.3/loadparm.c:494:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:494:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:586: leaked_storage: Failing to save or free storage allocated by "lp_uid(i)" leaks it. # 584| am_root = (uid == 0); # 585| # 586|-> p = *lp_uid(i) ? lp_uid(i) : am_root ? NOBODY_USER : NULL; # 587| if (p) { # 588| if (!user_to_uid(p, &uid, True)) { Error: RESOURCE_LEAK (CWE-772): [#def28] rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". rsync-3.1.3/clientserver.c:591: leaked_storage: Variable "name" going out of scope leaks the storage it points to. # 589| rprintf(FLOG, "Invalid uid %s\n", p); # 590| io_printf(f_out, "@ERROR: invalid uid %s\n", p); # 591|-> return -1; # 592| } # 593| set_uid = 1; Error: RESOURCE_LEAK (CWE-772): [#def29] rsync-3.1.3/clientserver.c:597: alloc_fn: Storage is returned from allocation function "lp_gid". rsync-3.1.3/loadparm.c:476:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:476:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:597: leaked_storage: Failing to save or free storage allocated by "lp_gid(i)" leaks it. # 595| set_uid = 0; # 596| # 597|-> p = *lp_gid(i) ? conf_strtok(lp_gid(i)) : NULL; # 598| if (p) { # 599| /* The "*" gid must be the first item in the list. */ Error: RESOURCE_LEAK (CWE-772): [#def30] rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". rsync-3.1.3/clientserver.c:603: leaked_storage: Variable "name" going out of scope leaks the storage it points to. # 601| #ifdef HAVE_GETGROUPLIST # 602| if (want_all_groups(f_out, uid) < 0) # 603|-> return -1; # 604| #elif defined HAVE_INITGROUPS # 605| if ((pw = want_all_groups(f_out, uid)) == NULL) Error: RESOURCE_LEAK (CWE-772): [#def31] rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". rsync-3.1.3/clientserver.c:613: leaked_storage: Variable "name" going out of scope leaks the storage it points to. # 611| #endif # 612| } else if (add_a_group(f_out, p) < 0) # 613|-> return -1; # 614| while ((p = conf_strtok(NULL)) != NULL) { # 615| #if defined HAVE_INITGROUPS && !defined HAVE_GETGROUPLIST Error: RESOURCE_LEAK (CWE-772): [#def32] rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". rsync-3.1.3/clientserver.c:623: leaked_storage: Variable "name" going out of scope leaks the storage it points to. # 621| #endif # 622| if (add_a_group(f_out, p) < 0) # 623|-> return -1; # 624| } # 625| } else if (am_root) { Error: RESOURCE_LEAK (CWE-772): [#def33] rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". rsync-3.1.3/clientserver.c:627: leaked_storage: Variable "name" going out of scope leaks the storage it points to. # 625| } else if (am_root) { # 626| if (add_a_group(f_out, NOBODY_GROUP) < 0) # 627|-> return -1; # 628| } # 629| Error: RESOURCE_LEAK (CWE-772): [#def34] rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". rsync-3.1.3/clientserver.c:632: noescape: Resource "name" is not freed or pointed-to in "rprintf". rsync-3.1.3/clientserver.c:634: leaked_storage: Variable "name" going out of scope leaks the storage it points to. # 632| rprintf(FLOG, "No path specified for module %s\n", name); # 633| io_printf(f_out, "@ERROR: no path setting.\n"); # 634|-> return -1; # 635| } # 636| if (use_chroot) { Error: RESOURCE_LEAK (CWE-772): [#def35] rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". rsync-3.1.3/clientserver.c:640: leaked_storage: Variable "name" going out of scope leaks the storage it points to. # 638| *p = '\0'; /* Temporary... */ # 639| if (!(module_chdir = normalize_path(module_dir, True, NULL))) # 640|-> return path_failure(f_out, module_dir, False); # 641| *p = '/'; # 642| if (!(p = normalize_path(p + 2, True, &module_dirlen))) Error: RESOURCE_LEAK (CWE-772): [#def36] rsync-3.1.3/clientserver.c:639: alloc_fn: Storage is returned from allocation function "normalize_path". rsync-3.1.3/util.c:1156:3: alloc_fn: Storage is returned from allocation function "strdup". rsync-3.1.3/util.c:1156:3: var_assign: Assigning: "path" = "strdup(curr_dir)". rsync-3.1.3/util.c:1164:2: noescape: Resource "path" is not freed or pointed-to in function "clean_fname". rsync-3.1.3/util.c:913:23: noescape: "clean_fname(char *, int)" does not free or save its parameter "name". rsync-3.1.3/util.c:1169:2: return_alloc: Returning allocated memory "path". rsync-3.1.3/clientserver.c:639: var_assign: Assigning: "module_chdir" = storage returned from "normalize_path(module_dir, 1, NULL)". rsync-3.1.3/clientserver.c:643: leaked_storage: Variable "module_chdir" going out of scope leaks the storage it points to. # 641| *p = '/'; # 642| if (!(p = normalize_path(p + 2, True, &module_dirlen))) # 643|-> return path_failure(f_out, strstr(module_dir, "/./"), False); # 644| if (!(full_module_path = normalize_path(module_dir, False, NULL))) # 645| full_module_path = module_dir; Error: RESOURCE_LEAK (CWE-772): [#def37] rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". rsync-3.1.3/clientserver.c:643: leaked_storage: Variable "name" going out of scope leaks the storage it points to. # 641| *p = '/'; # 642| if (!(p = normalize_path(p + 2, True, &module_dirlen))) # 643|-> return path_failure(f_out, strstr(module_dir, "/./"), False); # 644| if (!(full_module_path = normalize_path(module_dir, False, NULL))) # 645| full_module_path = module_dir; Error: RESOURCE_LEAK (CWE-772): [#def38] rsync-3.1.3/clientserver.c:630: alloc_fn: Storage is returned from allocation function "lp_path". rsync-3.1.3/loadparm.c:487:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:487:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:630: var_assign: Assigning: "module_dir" = storage returned from "lp_path(i)". rsync-3.1.3/clientserver.c:637: identity_transfer: Passing "module_dir" as argument 1 to function "strstr", which returns an offset off that argument. rsync-3.1.3/clientserver.c:637: noescape: Resource "module_dir" is not freed or pointed-to in "strstr". rsync-3.1.3/clientserver.c:637: var_assign: Assigning: "p" = storage returned from "strstr(module_dir, "/./")". rsync-3.1.3/clientserver.c:639: noescape: Resource "module_dir" is not freed or pointed-to in "normalize_path". rsync-3.1.3/util.c:1146:28: noescape: "normalize_path(char *, int, unsigned int *)" does not free or save its parameter "path". rsync-3.1.3/clientserver.c:642: noescape: Resource "p + 2" is not freed or pointed-to in "normalize_path". rsync-3.1.3/util.c:1146:28: noescape: "normalize_path(char *, int, unsigned int *)" does not free or save its parameter "path". rsync-3.1.3/clientserver.c:644: noescape: Resource "module_dir" is not freed or pointed-to in "normalize_path". rsync-3.1.3/util.c:1146:28: noescape: "normalize_path(char *, int, unsigned int *)" does not free or save its parameter "path". rsync-3.1.3/clientserver.c:646: overwrite_var: Overwriting "module_dir" in "module_dir = p" leaks the storage that "module_dir" points to. # 644| if (!(full_module_path = normalize_path(module_dir, False, NULL))) # 645| full_module_path = module_dir; # 646|-> module_dir = p; # 647| } else { # 648| if (!(module_chdir = normalize_path(module_dir, False, NULL))) Error: RESOURCE_LEAK (CWE-772): [#def39] rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". rsync-3.1.3/clientserver.c:649: leaked_storage: Variable "name" going out of scope leaks the storage it points to. # 647| } else { # 648| if (!(module_chdir = normalize_path(module_dir, False, NULL))) # 649|-> return path_failure(f_out, module_dir, False); # 650| full_module_path = module_chdir; # 651| module_dir = "/"; Error: RESOURCE_LEAK (CWE-772): [#def40] rsync-3.1.3/clientserver.c:630: alloc_fn: Storage is returned from allocation function "lp_path". rsync-3.1.3/loadparm.c:487:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:487:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:630: var_assign: Assigning: "module_dir" = storage returned from "lp_path(i)". rsync-3.1.3/clientserver.c:637: noescape: Resource "module_dir" is not freed or pointed-to in "strstr". rsync-3.1.3/clientserver.c:648: noescape: Resource "module_dir" is not freed or pointed-to in "normalize_path". rsync-3.1.3/util.c:1146:28: noescape: "normalize_path(char *, int, unsigned int *)" does not free or save its parameter "path". rsync-3.1.3/clientserver.c:651: overwrite_var: Overwriting "module_dir" in "module_dir = "/"" leaks the storage that "module_dir" points to. # 649| return path_failure(f_out, module_dir, False); # 650| full_module_path = module_chdir; # 651|-> module_dir = "/"; # 652| module_dirlen = 1; # 653| } Error: RESOURCE_LEAK (CWE-772): [#def41] rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". rsync-3.1.3/clientserver.c:656: leaked_storage: Variable "name" going out of scope leaks the storage it points to. # 654| } else { # 655| if (!(module_chdir = normalize_path(module_dir, False, &module_dirlen))) # 656|-> return path_failure(f_out, module_dir, False); # 657| full_module_path = module_dir = module_chdir; # 658| } Error: RESOURCE_LEAK (CWE-772): [#def42] rsync-3.1.3/clientserver.c:630: alloc_fn: Storage is returned from allocation function "lp_path". rsync-3.1.3/loadparm.c:487:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:487:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:630: var_assign: Assigning: "module_dir" = storage returned from "lp_path(i)". rsync-3.1.3/clientserver.c:655: noescape: Resource "module_dir" is not freed or pointed-to in "normalize_path". rsync-3.1.3/util.c:1146:28: noescape: "normalize_path(char *, int, unsigned int *)" does not free or save its parameter "path". rsync-3.1.3/clientserver.c:657: overwrite_var: Overwriting "module_dir" in "module_dir = module_chdir" leaks the storage that "module_dir" points to. # 655| if (!(module_chdir = normalize_path(module_dir, False, &module_dirlen))) # 656| return path_failure(f_out, module_dir, False); # 657|-> full_module_path = module_dir = module_chdir; # 658| } # 659| set_env_str("RSYNC_MODULE_PATH", full_module_path); Error: RESOURCE_LEAK (CWE-772): [#def43] rsync-3.1.3/clientserver.c:691: alloc_fn: Storage is returned from allocation function "lp_postxfer_exec". rsync-3.1.3/loadparm.c:488:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:488:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:691: leaked_storage: Failing to save or free storage allocated by "lp_postxfer_exec(i)" leaks it. # 689| # 690| #ifdef HAVE_PUTENV # 691|-> if (*lp_prexfer_exec(i) || *lp_postxfer_exec(i)) { # 692| int status; # 693| Error: RESOURCE_LEAK (CWE-772): [#def44] rsync-3.1.3/clientserver.c:691: alloc_fn: Storage is returned from allocation function "lp_prexfer_exec". rsync-3.1.3/loadparm.c:489:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:489:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:691: leaked_storage: Failing to save or free storage allocated by "lp_prexfer_exec(i)" leaks it. # 689| # 690| #ifdef HAVE_PUTENV # 691|-> if (*lp_prexfer_exec(i) || *lp_postxfer_exec(i)) { # 692| int status; # 693| Error: RESOURCE_LEAK (CWE-772): [#def45] rsync-3.1.3/clientserver.c:697: alloc_fn: Storage is returned from allocation function "lp_postxfer_exec". rsync-3.1.3/loadparm.c:488:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:488:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:697: leaked_storage: Failing to save or free storage allocated by "lp_postxfer_exec(i)" leaks it. # 695| * daemon while this process waits for the exit status and # 696| * runs the indicated command at that point. */ # 697|-> if (*lp_postxfer_exec(i)) { # 698| pid_t pid = fork(); # 699| if (pid < 0) { Error: RESOURCE_LEAK (CWE-772): [#def46] rsync-3.1.3/clientserver.c:639: alloc_fn: Storage is returned from allocation function "normalize_path". rsync-3.1.3/util.c:1156:3: alloc_fn: Storage is returned from allocation function "strdup". rsync-3.1.3/util.c:1156:3: var_assign: Assigning: "path" = "strdup(curr_dir)". rsync-3.1.3/util.c:1164:2: noescape: Resource "path" is not freed or pointed-to in function "clean_fname". rsync-3.1.3/util.c:913:23: noescape: "clean_fname(char *, int)" does not free or save its parameter "name". rsync-3.1.3/util.c:1169:2: return_alloc: Returning allocated memory "path". rsync-3.1.3/clientserver.c:639: var_assign: Assigning: "module_chdir" = storage returned from "normalize_path(module_dir, 1, NULL)". rsync-3.1.3/clientserver.c:702: leaked_storage: Variable "module_chdir" going out of scope leaks the storage it points to. # 700| rsyserr(FLOG, errno, "fork failed"); # 701| io_printf(f_out, "@ERROR: fork failed\n"); # 702|-> return -1; # 703| } # 704| if (pid) { Error: RESOURCE_LEAK (CWE-772): [#def47] rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". rsync-3.1.3/clientserver.c:702: leaked_storage: Variable "name" going out of scope leaks the storage it points to. # 700| rsyserr(FLOG, errno, "fork failed"); # 701| io_printf(f_out, "@ERROR: fork failed\n"); # 702|-> return -1; # 703| } # 704| if (pid) { Error: RESOURCE_LEAK (CWE-772): [#def48] rsync-3.1.3/clientserver.c:717: alloc_fn: Storage is returned from allocation function "lp_postxfer_exec". rsync-3.1.3/loadparm.c:488:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:488:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:717: noescape: Resource "lp_postxfer_exec(i)" is not freed or pointed-to in "system". rsync-3.1.3/clientserver.c:717: leaked_storage: Failing to save or free storage allocated by "lp_postxfer_exec(i)" leaks it. # 715| status = -1; # 716| set_env_num("RSYNC_EXIT_STATUS", status); # 717|-> if (system(lp_postxfer_exec(i)) < 0) # 718| status = -1; # 719| _exit(status); Error: RESOURCE_LEAK (CWE-772): [#def49] rsync-3.1.3/clientserver.c:725: alloc_fn: Storage is returned from allocation function "lp_prexfer_exec". rsync-3.1.3/loadparm.c:489:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:489:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:725: leaked_storage: Failing to save or free storage allocated by "lp_prexfer_exec(i)" leaks it. # 723| * command, though it first waits for the parent process to # 724| * send us the user's request via a pipe. */ # 725|-> if (*lp_prexfer_exec(i)) { # 726| int arg_fds[2], error_fds[2]; # 727| set_env_num("RSYNC_PID", (long)getpid()); Error: RESOURCE_LEAK (CWE-772): [#def50] rsync-3.1.3/clientserver.c:639: alloc_fn: Storage is returned from allocation function "normalize_path". rsync-3.1.3/util.c:1156:3: alloc_fn: Storage is returned from allocation function "strdup". rsync-3.1.3/util.c:1156:3: var_assign: Assigning: "path" = "strdup(curr_dir)". rsync-3.1.3/util.c:1164:2: noescape: Resource "path" is not freed or pointed-to in function "clean_fname". rsync-3.1.3/util.c:913:23: noescape: "clean_fname(char *, int)" does not free or save its parameter "name". rsync-3.1.3/util.c:1169:2: return_alloc: Returning allocated memory "path". rsync-3.1.3/clientserver.c:639: var_assign: Assigning: "module_chdir" = storage returned from "normalize_path(module_dir, 1, NULL)". rsync-3.1.3/clientserver.c:731: leaked_storage: Variable "module_chdir" going out of scope leaks the storage it points to. # 729| rsyserr(FLOG, errno, "pre-xfer exec preparation failed"); # 730| io_printf(f_out, "@ERROR: pre-xfer exec preparation failed\n"); # 731|-> return -1; # 732| } # 733| if (pre_exec_pid == 0) { Error: RESOURCE_LEAK (CWE-772): [#def51] rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". rsync-3.1.3/clientserver.c:731: leaked_storage: Variable "name" going out of scope leaks the storage it points to. # 729| rsyserr(FLOG, errno, "pre-xfer exec preparation failed"); # 730| io_printf(f_out, "@ERROR: pre-xfer exec preparation failed\n"); # 731|-> return -1; # 732| } # 733| if (pre_exec_pid == 0) { Error: RESOURCE_LEAK (CWE-772): [#def52] rsync-3.1.3/clientserver.c:761: alloc_fn: Storage is returned from allocation function "lp_prexfer_exec". rsync-3.1.3/loadparm.c:489:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:489:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:761: noescape: Resource "lp_prexfer_exec(i)" is not freed or pointed-to in "system". rsync-3.1.3/clientserver.c:761: leaked_storage: Failing to save or free storage allocated by "lp_prexfer_exec(i)" leaks it. # 759| dup2(pre_exec_error_fd, STDOUT_FILENO); # 760| close(pre_exec_error_fd); # 761|-> status = system(lp_prexfer_exec(i)); # 762| if (!WIFEXITED(status)) # 763| _exit(1); Error: RESOURCE_LEAK (CWE-772): [#def53] rsync-3.1.3/clientserver.c:639: alloc_fn: Storage is returned from allocation function "normalize_path". rsync-3.1.3/util.c:1156:3: alloc_fn: Storage is returned from allocation function "strdup". rsync-3.1.3/util.c:1156:3: var_assign: Assigning: "path" = "strdup(curr_dir)". rsync-3.1.3/util.c:1164:2: noescape: Resource "path" is not freed or pointed-to in function "clean_fname". rsync-3.1.3/util.c:913:23: noescape: "clean_fname(char *, int)" does not free or save its parameter "name". rsync-3.1.3/util.c:1169:2: return_alloc: Returning allocated memory "path". rsync-3.1.3/clientserver.c:639: var_assign: Assigning: "module_chdir" = storage returned from "normalize_path(module_dir, 1, NULL)". rsync-3.1.3/clientserver.c:789: noescape: Resource "module_chdir" is not freed or pointed-to in "chroot". rsync-3.1.3/clientserver.c:790: noescape: Resource "module_chdir" is not freed or pointed-to in "rsyserr". rsync-3.1.3/clientserver.c:792: leaked_storage: Variable "module_chdir" going out of scope leaks the storage it points to. # 790| rsyserr(FLOG, errno, "chroot %s failed", module_chdir); # 791| io_printf(f_out, "@ERROR: chroot failed\n"); # 792|-> return -1; # 793| } # 794| module_chdir = module_dir; Error: RESOURCE_LEAK (CWE-772): [#def54] rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". rsync-3.1.3/clientserver.c:792: leaked_storage: Variable "name" going out of scope leaks the storage it points to. # 790| rsyserr(FLOG, errno, "chroot %s failed", module_chdir); # 791| io_printf(f_out, "@ERROR: chroot failed\n"); # 792|-> return -1; # 793| } # 794| module_chdir = module_dir; Error: RESOURCE_LEAK (CWE-772): [#def55] rsync-3.1.3/clientserver.c:639: alloc_fn: Storage is returned from allocation function "normalize_path". rsync-3.1.3/util.c:1156:3: alloc_fn: Storage is returned from allocation function "strdup". rsync-3.1.3/util.c:1156:3: var_assign: Assigning: "path" = "strdup(curr_dir)". rsync-3.1.3/util.c:1164:2: noescape: Resource "path" is not freed or pointed-to in function "clean_fname". rsync-3.1.3/util.c:913:23: noescape: "clean_fname(char *, int)" does not free or save its parameter "name". rsync-3.1.3/util.c:1169:2: return_alloc: Returning allocated memory "path". rsync-3.1.3/clientserver.c:639: var_assign: Assigning: "module_chdir" = storage returned from "normalize_path(module_dir, 1, NULL)". rsync-3.1.3/clientserver.c:789: noescape: Resource "module_chdir" is not freed or pointed-to in "chroot". rsync-3.1.3/clientserver.c:794: overwrite_var: Overwriting "module_chdir" in "module_chdir = module_dir" leaks the storage that "module_chdir" points to. # 792| return -1; # 793| } # 794|-> module_chdir = module_dir; # 795| } # 796| Error: RESOURCE_LEAK (CWE-772): [#def56] rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". rsync-3.1.3/clientserver.c:798: leaked_storage: Variable "name" going out of scope leaks the storage it points to. # 796| # 797| if (!change_dir(module_chdir, CD_NORMAL)) # 798|-> return path_failure(f_out, module_chdir, True); # 799| if (module_dirlen || (!use_chroot && !*lp_daemon_chroot())) # 800| sanitize_paths = 1; Error: RESOURCE_LEAK (CWE-772): [#def57] rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". rsync-3.1.3/clientserver.c:828: leaked_storage: Variable "name" going out of scope leaks the storage it points to. # 826| rsyserr(FLOG, errno, "setgroups failed"); # 827| io_printf(f_out, "@ERROR: setgroups failed\n"); # 828|-> return -1; # 829| } # 830| #endif Error: RESOURCE_LEAK (CWE-772): [#def58] rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". rsync-3.1.3/clientserver.c:850: leaked_storage: Variable "name" going out of scope leaks the storage it points to. # 848| rsyserr(FLOG, errno, "setuid %ld failed", (long)uid); # 849| io_printf(f_out, "@ERROR: setuid failed\n"); # 850|-> return -1; # 851| } # 852| Error: RESOURCE_LEAK (CWE-772): [#def59] rsync-3.1.3/clientserver.c:857: alloc_fn: Storage is returned from allocation function "lp_temp_dir". rsync-3.1.3/loadparm.c:493:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:493:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:857: leaked_storage: Failing to save or free storage allocated by "lp_temp_dir(i)" leaks it. # 855| } # 856| # 857|-> if (lp_temp_dir(i) && *lp_temp_dir(i)) { # 858| tmpdir = lp_temp_dir(i); # 859| if (strlen(tmpdir) >= MAXPATHLEN - 10) { Error: RESOURCE_LEAK (CWE-772): [#def60] rsync-3.1.3/clientserver.c:858: alloc_fn: Storage is returned from allocation function "lp_temp_dir". rsync-3.1.3/loadparm.c:493:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:493:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:858: var_assign: Assigning: "tmpdir" = storage returned from "lp_temp_dir(i)". rsync-3.1.3/clientserver.c:859: noescape: Resource "tmpdir" is not freed or pointed-to in "strlen". rsync-3.1.3/clientserver.c:863: overwrite_var: Overwriting "tmpdir" in "tmpdir = NULL" leaks the storage that "tmpdir" points to. # 861| "the 'temp dir' value for %s is WAY too long -- ignoring.\n", # 862| name); # 863|-> tmpdir = NULL; # 864| } # 865| } Error: RESOURCE_LEAK (CWE-772): [#def61] rsync-3.1.3/clientserver.c:1021: alloc_fn: Storage is returned from allocation function "lp_comment". rsync-3.1.3/loadparm.c:471:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:471:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:1021: noescape: Resource "lp_comment(i)" is not freed or pointed-to in "io_printf". rsync-3.1.3/clientserver.c:1021: leaked_storage: Failing to save or free storage allocated by "lp_comment(i)" leaks it. # 1019| for (i = 0; i < n; i++) { # 1020| if (lp_list(i)) # 1021|-> io_printf(fd, "%-15s\t%s\n", lp_name(i), lp_comment(i)); # 1022| } # 1023| Error: RESOURCE_LEAK (CWE-772): [#def62] rsync-3.1.3/clientserver.c:1021: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:1021: noescape: Resource "lp_name(i)" is not freed or pointed-to in "io_printf". rsync-3.1.3/clientserver.c:1021: leaked_storage: Failing to save or free storage allocated by "lp_name(i)" leaks it. # 1019| for (i = 0; i < n; i++) { # 1020| if (lp_list(i)) # 1021|-> io_printf(fd, "%-15s\t%s\n", lp_name(i), lp_comment(i)); # 1022| } # 1023| Error: RESOURCE_LEAK (CWE-772): [#def63] rsync-3.1.3/clientserver.c:1058: alloc_fn: Storage is returned from allocation function "lp_daemon_chroot". rsync-3.1.3/loadparm.c:459:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:459:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:1058: var_assign: Assigning: "p" = storage returned from "lp_daemon_chroot()". rsync-3.1.3/clientserver.c:1061: noescape: Resource "p" is not freed or pointed-to in "chroot". rsync-3.1.3/clientserver.c:1062: noescape: Resource "p" is not freed or pointed-to in "rsyserr". rsync-3.1.3/clientserver.c:1063: leaked_storage: Variable "p" going out of scope leaks the storage it points to. # 1061| if (chroot(p) < 0 || chdir("/") < 0) { # 1062| rsyserr(FLOG, errno, "daemon chroot %s failed", p); # 1063|-> return -1; # 1064| } # 1065| } Error: RESOURCE_LEAK (CWE-772): [#def64] rsync-3.1.3/clientserver.c:1058: alloc_fn: Storage is returned from allocation function "lp_daemon_chroot". rsync-3.1.3/loadparm.c:459:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:459:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:1058: var_assign: Assigning: "p" = storage returned from "lp_daemon_chroot()". rsync-3.1.3/clientserver.c:1061: noescape: Resource "p" is not freed or pointed-to in "chroot". rsync-3.1.3/clientserver.c:1066: overwrite_var: Overwriting "p" in "p = lp_daemon_gid()" leaks the storage that "p" points to. # 1064| } # 1065| } # 1066|-> p = lp_daemon_gid(); # 1067| if (*p) { # 1068| gid_t gid; Error: RESOURCE_LEAK (CWE-772): [#def65] rsync-3.1.3/clientserver.c:1066: alloc_fn: Storage is returned from allocation function "lp_daemon_gid". rsync-3.1.3/loadparm.c:460:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:460:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:1066: var_assign: Assigning: "p" = storage returned from "lp_daemon_gid()". rsync-3.1.3/clientserver.c:1079: overwrite_var: Overwriting "p" in "p = lp_daemon_uid()" leaks the storage that "p" points to. # 1077| our_gid = MY_GID(); # 1078| } # 1079|-> p = lp_daemon_uid(); # 1080| if (*p) { # 1081| uid_t uid; Error: RESOURCE_LEAK (CWE-772): [#def66] rsync-3.1.3/clientserver.c:1079: alloc_fn: Storage is returned from allocation function "lp_daemon_uid". rsync-3.1.3/loadparm.c:461:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:461:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:1079: var_assign: Assigning: "p" = storage returned from "lp_daemon_uid()". rsync-3.1.3/clientserver.c:1104: leaked_storage: Variable "p" going out of scope leaks the storage it points to. # 1102| # 1103| if (exchange_protocols(f_in, f_out, line, sizeof line, 0) < 0) # 1104|-> return -1; # 1105| # 1106| line[0] = 0; Error: RESOURCE_LEAK (CWE-772): [#def67] rsync-3.1.3/clientserver.c:1140: alloc_fn: Storage is returned from allocation function "lp_pid_file". rsync-3.1.3/loadparm.c:463:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:463:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:1140: var_assign: Assigning: "pid_file" = storage returned from "lp_pid_file()". rsync-3.1.3/clientserver.c:1146: leaked_storage: Variable "pid_file" going out of scope leaks the storage it points to. # 1144| # 1145| if (!pid_file || !*pid_file) # 1146|-> return; # 1147| # 1148| cleanup_set_pid(pid); Error: RESOURCE_LEAK (CWE-772): [#def68] rsync-3.1.3/clientserver.c:1193: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.] rsync-3.1.3/clientserver.c:1193: leaked_handle: Ignoring handle opened by "open("/dev/null", 2)" leaks it. # 1191| for (i = 0; i < 3; i++) { # 1192| close(i); # 1193|-> open("/dev/null", O_RDWR); # 1194| } # 1195| } Error: RESOURCE_LEAK (CWE-772): [#def69] rsync-3.1.3/clientserver.c:1207: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.] rsync-3.1.3/clientserver.c:1207: leaked_handle: Ignoring handle opened by "open("/dev/null", 2)" leaks it. # 1205| for (i = 1; i < 3; i++) { # 1206| close(i); # 1207|-> open("/dev/null", O_RDWR); # 1208| } # 1209| Error: RESOURCE_LEAK (CWE-772): [#def70] rsync-3.1.3/clientserver.c:1226: alloc_fn: Storage is returned from allocation function "lp_bind_address". rsync-3.1.3/loadparm.c:458:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:458:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/clientserver.c:1226: leaked_storage: Failing to save or free storage allocated by "lp_bind_address()" leaks it. # 1224| if (rsync_port == 0 && (rsync_port = lp_rsync_port()) == 0) # 1225| rsync_port = RSYNC_PORT; # 1226|-> if (bind_address == NULL && *lp_bind_address()) # 1227| bind_address = lp_bind_address(); # 1228| Error: RESOURCE_LEAK (CWE-772): [#def71] rsync-3.1.3/connection.c:32: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.] rsync-3.1.3/connection.c:32: var_assign: Assigning: "fd" = handle returned from "open(fname, 66, 384)". rsync-3.1.3/connection.c:37: noescape: Resource "fd" is not freed or pointed-to in "lock_range". rsync-3.1.3/util.c:578:20: noescape: "lock_range(int, int, int)" does not free or save its parameter "fd". rsync-3.1.3/connection.c:38: leaked_handle: Handle variable "fd" going out of scope leaks the handle. # 36| for (i = 0; i < max_connections; i++) { # 37| if (lock_range(fd, i*4, 4)) # 38|-> return 1; # 39| } # 40| Error: RESOURCE_LEAK (CWE-772): [#def72] rsync-3.1.3/flist.c:1407: alloc_fn: Storage is returned from allocation function "make_file". rsync-3.1.3/flist.c:1313:3: alloc_fn: Storage is returned from allocation function "_new_array". rsync-3.1.3/util2.c:68:2: alloc_fn: Storage is returned from allocation function "calloc". rsync-3.1.3/util2.c:68:2: return_alloc_fn: Directly returning storage allocated by "calloc". rsync-3.1.3/flist.c:1313:3: var_assign: Assigning: "bp" = "_new_array(alloc_len, 1U, 0)". rsync-3.1.3/flist.c:1317:2: noescape: Resource "bp" is not freed or pointed-to in function "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] rsync-3.1.3/flist.c:1319:2: var_assign: Assigning: "file" = "bp". rsync-3.1.3/flist.c:1322:2: noescape: Resource "bp" is not freed or pointed-to in function "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.] rsync-3.1.3/flist.c:1392:2: return_alloc: Returning allocated memory "file". rsync-3.1.3/flist.c:1407: var_assign: Assigning: "file" = storage returned from "make_file(fname, flist, stp, flags, filter_level)". rsync-3.1.3/flist.c:1434: noescape: Resource "file" is not freed or pointed-to in "f_name". rsync-3.1.3/flist.c:3199:40: noescape: "f_name(struct file_struct const *, char *)" does not free or save its parameter "f". rsync-3.1.3/flist.c:1438: leaked_storage: Variable "file" going out of scope leaks the storage it points to. # 1436| "skipping symlink with 0-length value: %s\n", # 1437| full_fname(fbuf)); # 1438|-> return NULL; # 1439| } # 1440| } else { Error: RESOURCE_LEAK (CWE-772): [#def73] rsync-3.1.3/flist.c:1407: alloc_fn: Storage is returned from allocation function "make_file". rsync-3.1.3/flist.c:1313:3: alloc_fn: Storage is returned from allocation function "_new_array". rsync-3.1.3/util2.c:68:2: alloc_fn: Storage is returned from allocation function "calloc". rsync-3.1.3/util2.c:68:2: return_alloc_fn: Directly returning storage allocated by "calloc". rsync-3.1.3/flist.c:1313:3: var_assign: Assigning: "bp" = "_new_array(alloc_len, 1U, 0)". rsync-3.1.3/flist.c:1317:2: noescape: Resource "bp" is not freed or pointed-to in function "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] rsync-3.1.3/flist.c:1319:2: var_assign: Assigning: "file" = "bp". rsync-3.1.3/flist.c:1322:2: noescape: Resource "bp" is not freed or pointed-to in function "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.] rsync-3.1.3/flist.c:1392:2: return_alloc: Returning allocated memory "file". rsync-3.1.3/flist.c:1407: var_assign: Assigning: "file" = storage returned from "make_file(fname, flist, stp, flags, filter_level)". rsync-3.1.3/flist.c:1465: noescape: Resource "file" is not freed or pointed-to in "f_name". rsync-3.1.3/flist.c:3199:40: noescape: "f_name(struct file_struct const *, char *)" does not free or save its parameter "f". rsync-3.1.3/flist.c:1468: leaked_storage: Variable "file" going out of scope leaks the storage it points to. # 1466| "[%s] cannot convert filename: %s (%s)\n", # 1467| who_am_i(), f_name(file, fbuf), strerror(errno)); # 1468|-> return NULL; # 1469| } # 1470| fbuf[outbuf.len] = '\0'; Error: RESOURCE_LEAK (CWE-772): [#def74] rsync-3.1.3/flist.c:2618: alloc_fn: Storage is returned from allocation function "recv_file_list". rsync-3.1.3/flist.c:2446:2: alloc_fn: Storage is returned from allocation function "flist_new". rsync-3.1.3/flist.c:2744:2: alloc_fn: Storage is returned from allocation function "calloc". rsync-3.1.3/flist.c:2744:2: var_assign: Assigning: "flist" = "calloc(1UL, 88UL)". rsync-3.1.3/flist.c:2780:2: return_alloc: Returning allocated memory "flist". rsync-3.1.3/flist.c:2446:2: var_assign: Assigning: "flist" = "flist_new(0, "recv_file_list")". rsync-3.1.3/flist.c:2525:3: noescape: Resource "flist" is not freed or pointed-to in function "finish_filelist_progress". rsync-3.1.3/flist.c:174:62: noescape: "finish_filelist_progress(struct file_list const *)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2558:3: noescape: Resource "flist" is not freed or pointed-to in function "flist_done_allocating". rsync-3.1.3/flist.c:319:53: noescape: "flist_done_allocating(struct file_list *)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2569:2: noescape: Resource "flist" is not freed or pointed-to in function "flist_sort_and_clean". rsync-3.1.3/flist.c:2820:52: noescape: "flist_sort_and_clean(struct file_list *, int)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2582:3: noescape: Resource "flist" is not freed or pointed-to in function "output_flist". rsync-3.1.3/flist.c:2991:44: noescape: "output_flist(struct file_list *)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2590:2: return_alloc: Returning allocated memory "flist". rsync-3.1.3/flist.c:2618: var_assign: Assigning: "flist" = storage returned from "recv_file_list(f, ndx)". rsync-3.1.3/flist.c:2621: leaked_storage: Variable "flist" going out of scope leaks the storage it points to. # 2619| flist->parent_ndx = ndx; # 2620| } # 2621|-> } # 2622| # 2623| /* Search for an identically-named item in the file list. Note that the Error: RESOURCE_LEAK (CWE-772): [#def75] rsync-3.1.3/io.c:1688: alloc_fn: Storage is returned from allocation function "recv_file_list". rsync-3.1.3/flist.c:2446:2: alloc_fn: Storage is returned from allocation function "flist_new". rsync-3.1.3/flist.c:2744:2: alloc_fn: Storage is returned from allocation function "calloc". rsync-3.1.3/flist.c:2744:2: var_assign: Assigning: "flist" = "calloc(1UL, 88UL)". rsync-3.1.3/flist.c:2780:2: return_alloc: Returning allocated memory "flist". rsync-3.1.3/flist.c:2446:2: var_assign: Assigning: "flist" = "flist_new(0, "recv_file_list")". rsync-3.1.3/flist.c:2525:3: noescape: Resource "flist" is not freed or pointed-to in function "finish_filelist_progress". rsync-3.1.3/flist.c:174:62: noescape: "finish_filelist_progress(struct file_list const *)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2558:3: noescape: Resource "flist" is not freed or pointed-to in function "flist_done_allocating". rsync-3.1.3/flist.c:319:53: noescape: "flist_done_allocating(struct file_list *)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2569:2: noescape: Resource "flist" is not freed or pointed-to in function "flist_sort_and_clean". rsync-3.1.3/flist.c:2820:52: noescape: "flist_sort_and_clean(struct file_list *, int)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2582:3: noescape: Resource "flist" is not freed or pointed-to in function "output_flist". rsync-3.1.3/flist.c:2991:44: noescape: "output_flist(struct file_list *)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2590:2: return_alloc: Returning allocated memory "flist". rsync-3.1.3/io.c:1688: var_assign: Assigning: "flist" = storage returned from "recv_file_list(iobuf.in_fd, ndx)". rsync-3.1.3/io.c:1695: leaked_storage: Variable "flist" going out of scope leaks the storage it points to. # 1693| #endif # 1694| flist_receiving_enabled = True; # 1695|-> } # 1696| } # 1697| } Error: CPPCHECK_WARNING (CWE-401): [#def76] rsync-3.1.3/lib/pool_alloc.c:58: error[memleak]: Memory leak: pool # 56| if (bomb) # 57| (*bomb)("Compiler error: MINALIGN is not a power of 2\n"); # 58|-> return NULL; # 59| } # 60| Error: BAD_FREE (CWE-763): [#def77] rsync-3.1.3/lib/pool_alloc.c:104: offset_free: "free" frees address offset from "cur->start". # 102| next = cur->next; # 103| if (pool->flags & POOL_PREPEND) # 104|-> free(PTR_ADD(cur->start, -sizeof (struct pool_extent))); # 105| else { # 106| free(cur->start); Error: BAD_FREE (CWE-763): [#def78] rsync-3.1.3/lib/pool_alloc.c:239: offset_free: "free" frees address offset from "cur->start". # 237| prev->next = cur->next; # 238| if (pool->flags & POOL_PREPEND) # 239|-> free(PTR_ADD(cur->start, -sizeof (struct pool_extent))); # 240| else { # 241| free(cur->start); Error: BAD_FREE (CWE-763): [#def79] rsync-3.1.3/lib/pool_alloc.c:296: offset_free: "free" frees address offset from "cur->start". # 294| next = cur->next; # 295| if (pool->flags & POOL_PREPEND) # 296|-> free(PTR_ADD(cur->start, -sizeof (struct pool_extent))); # 297| else { # 298| free(cur->start); Error: RESOURCE_LEAK (CWE-772): [#def80] rsync-3.1.3/loadparm.c:687: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:687: var_assign: Assigning: "parmvalue" = storage returned from "expand_vars(parmvalue)". rsync-3.1.3/loadparm.c:693: noescape: Resource "parmvalue" is not freed or pointed-to in "set_boolean". rsync-3.1.3/loadparm.c:635:41: noescape: "set_boolean(int *, char *)" does not free or save its parameter "parmvalue". rsync-3.1.3/loadparm.c:740: leaked_storage: Returning without freeing "parmvalue" leaks the storage that it points to. # 738| } # 739| # 740|-> return True; # 741| } # 742| Error: RESOURCE_LEAK (CWE-772): [#def81] rsync-3.1.3/loadparm.c:857: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/loadparm.c:857: noescape: Resource "lp_name(i)" is not freed or pointed-to in "strcmp". rsync-3.1.3/loadparm.c:857: leaked_storage: Failing to save or free storage allocated by "lp_name(i)" leaks it. # 855| # 856| for (i = section_list.count - 1; i >= 0; i--) { # 857|-> if (strcmp(lp_name(i), name) == 0) # 858| break; # 859| } Error: RESOURCE_LEAK (CWE-772): [#def82] rsync-3.1.3/log.c:176: alloc_fn: Storage is returned from allocation function "lp_log_file". rsync-3.1.3/loadparm.c:483:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:483:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/log.c:176: noescape: Resource "lp_log_file(module_id)" is not freed or pointed-to in "strcmp". rsync-3.1.3/log.c:176: leaked_storage: Failing to save or free storage allocated by "lp_log_file(module_id)" leaks it. # 174| return; # 175| assert(logfile_name); /* all am_daemon procs got at least an empty string */ # 176|-> if (strcmp(logfile_name, lp_log_file(module_id)) != 0) { # 177| if (logfile_fp) { # 178| fclose(logfile_fp); Error: RESOURCE_LEAK (CWE-772): [#def83] rsync-3.1.3/log.c:185: alloc_fn: Storage is returned from allocation function "lp_syslog_tag". rsync-3.1.3/loadparm.c:492:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:492:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/log.c:185: noescape: Resource "lp_syslog_tag(module_id)" is not freed or pointed-to in "strcmp". rsync-3.1.3/log.c:185: leaked_storage: Failing to save or free storage allocated by "lp_syslog_tag(module_id)" leaks it. # 183| } else if (*logfile_name) # 184| return; /* unchanged, non-empty "log file" names */ # 185|-> else if (lp_syslog_facility(-1) != lp_syslog_facility(module_id) # 186| || strcmp(lp_syslog_tag(-1), lp_syslog_tag(module_id)) != 0) # 187| closelog(); Error: RESOURCE_LEAK (CWE-772): [#def84] rsync-3.1.3/log.c:648: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/log.c:648: var_assign: Assigning: "n" = storage returned from "lp_name(module_id)". rsync-3.1.3/log.c:745: noescape: Resource "n" is not freed or pointed-to in "snprintf". rsync-3.1.3/log.c:746: overwrite_var: Overwriting "n" in "n = buf2" leaks the storage that "n" points to. # 744| strlcat(fmt, "s", sizeof fmt); # 745| snprintf(buf2, sizeof buf2, fmt, n); # 746|-> n = buf2; # 747| } # 748| len = strlen(n); Error: RESOURCE_LEAK (CWE-772): [#def85] rsync-3.1.3/log.c:648: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/log.c:648: var_assign: Assigning: "n" = storage returned from "lp_name(module_id)". rsync-3.1.3/log.c:748: noescape: Resource "n" is not freed or pointed-to in "strlen". rsync-3.1.3/log.c:767: noescape: Resource "n" is not freed or pointed-to in "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.] rsync-3.1.3/log.c:774: leaked_storage: Variable "n" going out of scope leaks the storage it points to. # 772| # 773| rwrite(code, buf, total, 0); # 774|-> } # 775| # 776| /* Return 1 if the format escape is in the log-format string (e.g. look for Error: RESOURCE_LEAK (CWE-772): [#def86] rsync-3.1.3/main.c:1210: alloc_fn: Storage is returned from allocation function "recv_file_list". rsync-3.1.3/flist.c:2446:2: alloc_fn: Storage is returned from allocation function "flist_new". rsync-3.1.3/flist.c:2744:2: alloc_fn: Storage is returned from allocation function "calloc". rsync-3.1.3/flist.c:2744:2: var_assign: Assigning: "flist" = "calloc(1UL, 88UL)". rsync-3.1.3/flist.c:2780:2: return_alloc: Returning allocated memory "flist". rsync-3.1.3/flist.c:2446:2: var_assign: Assigning: "flist" = "flist_new(0, "recv_file_list")". rsync-3.1.3/flist.c:2525:3: noescape: Resource "flist" is not freed or pointed-to in function "finish_filelist_progress". rsync-3.1.3/flist.c:174:62: noescape: "finish_filelist_progress(struct file_list const *)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2558:3: noescape: Resource "flist" is not freed or pointed-to in function "flist_done_allocating". rsync-3.1.3/flist.c:319:53: noescape: "flist_done_allocating(struct file_list *)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2569:2: noescape: Resource "flist" is not freed or pointed-to in function "flist_sort_and_clean". rsync-3.1.3/flist.c:2820:52: noescape: "flist_sort_and_clean(struct file_list *, int)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2582:3: noescape: Resource "flist" is not freed or pointed-to in function "output_flist". rsync-3.1.3/flist.c:2991:44: noescape: "output_flist(struct file_list *)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2590:2: return_alloc: Returning allocated memory "flist". rsync-3.1.3/main.c:1210: var_assign: Assigning: "flist" = storage returned from "recv_file_list(f_in, -1)". rsync-3.1.3/main.c:1215: noescape: Resource "flist" is not freed or pointed-to in "get_local_name". rsync-3.1.3/main.c:579:47: noescape: "get_local_name(struct file_list *, char *)" does not free or save its parameter "flist". rsync-3.1.3/main.c:1232: leaked_storage: Variable "flist" going out of scope leaks the storage it points to. # 1230| } # 1231| # 1232|-> return MAX(exit_code, exit_code2); # 1233| } # 1234| Error: RESOURCE_LEAK (CWE-772): [#def87] rsync-3.1.3/main.c:1272: alloc_arg: "check_for_hostspec" allocates memory that is stored into "shell_machine". rsync-3.1.3/options.c:2911:3: alloc_fn: Storage is returned from allocation function "parse_hostspec". rsync-3.1.3/options.c:2892:2: alloc_fn: Storage is returned from allocation function "_new_array". rsync-3.1.3/util2.c:68:2: alloc_fn: Storage is returned from allocation function "calloc". rsync-3.1.3/util2.c:68:2: return_alloc_fn: Directly returning storage allocated by "calloc". rsync-3.1.3/options.c:2892:2: var_assign: Assigning: "ret" = "_new_array(userlen + hostlen + 1, 1U, 0)". rsync-3.1.3/options.c:2896:2: return_alloc: Returning allocated memory "ret". rsync-3.1.3/options.c:2911:3: var_assign: Assigning: "*host_ptr" = "parse_hostspec(s + strlen("rsync://"), &path, port_ptr)". rsync-3.1.3/main.c:1326: overwrite_var: Overwriting "shell_machine" in "shell_machine = NULL" leaks the storage that "shell_machine" points to. # 1324| exit_cleanup(RERR_SYNTAX); # 1325| } # 1326|-> shell_machine = NULL; # 1327| } else { /* hostspec was found, so dest is remote */ # 1328| argv[argc] = path; Error: RESOURCE_LEAK (CWE-772): [#def88] rsync-3.1.3/main.c:1352: alloc_arg: "check_for_hostspec" allocates memory that is stored into "dummy_host". rsync-3.1.3/options.c:2911:3: alloc_fn: Storage is returned from allocation function "parse_hostspec". rsync-3.1.3/options.c:2892:2: alloc_fn: Storage is returned from allocation function "_new_array". rsync-3.1.3/util2.c:68:2: alloc_fn: Storage is returned from allocation function "calloc". rsync-3.1.3/util2.c:68:2: return_alloc_fn: Directly returning storage allocated by "calloc". rsync-3.1.3/options.c:2892:2: var_assign: Assigning: "ret" = "_new_array(userlen + hostlen + 1, 1U, 0)". rsync-3.1.3/options.c:2896:2: return_alloc: Returning allocated memory "ret". rsync-3.1.3/options.c:2911:3: var_assign: Assigning: "*host_ptr" = "parse_hostspec(s + strlen("rsync://"), &path, port_ptr)". rsync-3.1.3/main.c:1357: leaked_storage: Variable "dummy_host" going out of scope leaks the storage it points to. # 1355| } # 1356| } # 1357|-> } else { # 1358| char *dummy_host; # 1359| int dummy_port = rsync_port; Error: RESOURCE_LEAK (CWE-772): [#def89] rsync-3.1.3/main.c:1364: alloc_arg: "check_for_hostspec" allocates memory that is stored into "dummy_host". rsync-3.1.3/options.c:2911:3: alloc_fn: Storage is returned from allocation function "parse_hostspec". rsync-3.1.3/options.c:2892:2: alloc_fn: Storage is returned from allocation function "_new_array". rsync-3.1.3/util2.c:68:2: alloc_fn: Storage is returned from allocation function "calloc". rsync-3.1.3/util2.c:68:2: return_alloc_fn: Directly returning storage allocated by "calloc". rsync-3.1.3/options.c:2892:2: var_assign: Assigning: "ret" = "_new_array(userlen + hostlen + 1, 1U, 0)". rsync-3.1.3/options.c:2896:2: return_alloc: Returning allocated memory "ret". rsync-3.1.3/options.c:2911:3: var_assign: Assigning: "*host_ptr" = "parse_hostspec(s + strlen("rsync://"), &path, port_ptr)". rsync-3.1.3/main.c:1370: noescape: Resource "dummy_host" is not freed or pointed-to in "strcmp". rsync-3.1.3/main.c:1385: leaked_storage: Variable "dummy_host" going out of scope leaks the storage it points to. # 1383| remote_argv[i] = arg; # 1384| } # 1385|-> } # 1386| # 1387| if (daemon_over_rsh < 0) Error: RESOURCE_LEAK (CWE-772): [#def90] rsync-3.1.3/main.c:1272: alloc_arg: "check_for_hostspec" allocates memory that is stored into "shell_machine". rsync-3.1.3/options.c:2911:3: alloc_fn: Storage is returned from allocation function "parse_hostspec". rsync-3.1.3/options.c:2892:2: alloc_fn: Storage is returned from allocation function "_new_array". rsync-3.1.3/util2.c:68:2: alloc_fn: Storage is returned from allocation function "calloc". rsync-3.1.3/util2.c:68:2: return_alloc_fn: Directly returning storage allocated by "calloc". rsync-3.1.3/options.c:2892:2: var_assign: Assigning: "ret" = "_new_array(userlen + hostlen + 1, 1U, 0)". rsync-3.1.3/options.c:2896:2: return_alloc: Returning allocated memory "ret". rsync-3.1.3/options.c:2911:3: var_assign: Assigning: "*host_ptr" = "parse_hostspec(s + strlen("rsync://"), &path, port_ptr)". rsync-3.1.3/main.c:1290: noescape: Resource "shell_machine" is not freed or pointed-to in "strcmp". rsync-3.1.3/main.c:1388: noescape: Resource "shell_machine" is not freed or pointed-to in "start_socket_client". rsync-3.1.3/clientserver.c:103:31: noescape: "start_socket_client(char *, int, char **, int, char **)" does not free or save its parameter "host". rsync-3.1.3/main.c:1388: leaked_storage: Variable "shell_machine" going out of scope leaks the storage it points to. # 1386| # 1387| if (daemon_over_rsh < 0) # 1388|-> return start_socket_client(shell_machine, remote_argc, remote_argv, argc, argv); # 1389| # 1390| if (password_file && !daemon_over_rsh) { Error: RESOURCE_LEAK (CWE-772): [#def91] rsync-3.1.3/options.c:1329: alloc_fn: Storage is returned from allocation function "lp_charset". rsync-3.1.3/loadparm.c:470:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:470:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/options.c:1329: leaked_storage: Failing to save or free storage allocated by "lp_charset(module_id)" leaks it. # 1327| set_refuse_options("log-file*"); # 1328| #ifdef ICONV_OPTION # 1329|-> if (!*lp_charset(module_id)) # 1330| set_refuse_options("iconv"); # 1331| #endif Error: RESOURCE_LEAK (CWE-772): [#def92] rsync-3.1.3/options.c:2338: alloc_arg: "check_for_hostspec" allocates memory that is stored into "h". rsync-3.1.3/options.c:2911:3: alloc_fn: Storage is returned from allocation function "parse_hostspec". rsync-3.1.3/options.c:2892:2: alloc_fn: Storage is returned from allocation function "_new_array". rsync-3.1.3/util2.c:68:2: alloc_fn: Storage is returned from allocation function "calloc". rsync-3.1.3/util2.c:68:2: return_alloc_fn: Directly returning storage allocated by "calloc". rsync-3.1.3/options.c:2892:2: var_assign: Assigning: "ret" = "_new_array(userlen + hostlen + 1, 1U, 0)". rsync-3.1.3/options.c:2896:2: return_alloc: Returning allocated memory "ret". rsync-3.1.3/options.c:2911:3: var_assign: Assigning: "*host_ptr" = "parse_hostspec(s + strlen("rsync://"), &path, port_ptr)". rsync-3.1.3/options.c:2342: leaked_storage: Variable "h" going out of scope leaks the storage it points to. # 2340| snprintf(err_buf, sizeof err_buf, # 2341| "The --files-from sent to the server cannot specify a host.\n"); # 2342|-> return 0; # 2343| } # 2344| files_from = p; Error: RESOURCE_LEAK (CWE-772): [#def93] rsync-3.1.3/options.c:1479: alloc_fn: Storage is returned from allocation function "sanitize_path". rsync-3.1.3/util.c:1023:10: alloc_fn: Storage is returned from allocation function "_new_array". rsync-3.1.3/util2.c:68:2: alloc_fn: Storage is returned from allocation function "calloc". rsync-3.1.3/util2.c:68:2: return_alloc_fn: Directly returning storage allocated by "calloc". rsync-3.1.3/util.c:1023:10: var_assign: Assigning: "dest" = "_new_array(((rlen + plen + 1 > 2) ? rlen + plen + 1 : 2), 1U, 0)". rsync-3.1.3/util.c:1026:4: noescape: Resource "dest" is not freed or pointed-to in function "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.] rsync-3.1.3/util.c:1037:2: var_assign: Assigning: "sanp" = "dest". rsync-3.1.3/util.c:1037:2: var_assign: Assigning: "start" = "sanp". rsync-3.1.3/util.c:1079:2: return_alloc: Returning allocated memory "dest". rsync-3.1.3/options.c:1479: var_assign: Assigning: "arg" = storage returned from "sanitize_path(NULL, arg, NULL, 0, 0)". rsync-3.1.3/options.c:1482: noescape: Resource "arg" is not freed or pointed-to in "strdup". rsync-3.1.3/options.c:2380: leaked_storage: Variable "arg" going out of scope leaks the storage it points to. # 2378| snprintf(err_buf, sizeof err_buf, # 2379| "Your options have been rejected by the server.\n"); # 2380|-> return 0; # 2381| } # 2382| Error: RESOURCE_LEAK (CWE-772): [#def94] rsync-3.1.3/rsync.c:369: alloc_fn: Storage is returned from allocation function "recv_file_list". rsync-3.1.3/flist.c:2446:2: alloc_fn: Storage is returned from allocation function "flist_new". rsync-3.1.3/flist.c:2744:2: alloc_fn: Storage is returned from allocation function "calloc". rsync-3.1.3/flist.c:2744:2: var_assign: Assigning: "flist" = "calloc(1UL, 88UL)". rsync-3.1.3/flist.c:2780:2: return_alloc: Returning allocated memory "flist". rsync-3.1.3/flist.c:2446:2: var_assign: Assigning: "flist" = "flist_new(0, "recv_file_list")". rsync-3.1.3/flist.c:2525:3: noescape: Resource "flist" is not freed or pointed-to in function "finish_filelist_progress". rsync-3.1.3/flist.c:174:62: noescape: "finish_filelist_progress(struct file_list const *)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2558:3: noescape: Resource "flist" is not freed or pointed-to in function "flist_done_allocating". rsync-3.1.3/flist.c:319:53: noescape: "flist_done_allocating(struct file_list *)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2569:2: noescape: Resource "flist" is not freed or pointed-to in function "flist_sort_and_clean". rsync-3.1.3/flist.c:2820:52: noescape: "flist_sort_and_clean(struct file_list *, int)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2582:3: noescape: Resource "flist" is not freed or pointed-to in function "output_flist". rsync-3.1.3/flist.c:2991:44: noescape: "output_flist(struct file_list *)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2590:2: return_alloc: Returning allocated memory "flist". rsync-3.1.3/rsync.c:369: var_assign: Assigning: "flist" = storage returned from "recv_file_list(f_in, ndx)". rsync-3.1.3/rsync.c:327: leaked_storage: Variable "flist" going out of scope leaks the storage it points to. # 325| break; # 326| if (ndx == NDX_DONE) # 327|-> return ndx; # 328| if (ndx == NDX_DEL_STATS) { # 329| read_del_stats(f_in); Error: RESOURCE_LEAK (CWE-772): [#def95] rsync-3.1.3/rsync.c:369: alloc_fn: Storage is returned from allocation function "recv_file_list". rsync-3.1.3/flist.c:2446:2: alloc_fn: Storage is returned from allocation function "flist_new". rsync-3.1.3/flist.c:2744:2: alloc_fn: Storage is returned from allocation function "calloc". rsync-3.1.3/flist.c:2744:2: var_assign: Assigning: "flist" = "calloc(1UL, 88UL)". rsync-3.1.3/flist.c:2780:2: return_alloc: Returning allocated memory "flist". rsync-3.1.3/flist.c:2446:2: var_assign: Assigning: "flist" = "flist_new(0, "recv_file_list")". rsync-3.1.3/flist.c:2525:3: noescape: Resource "flist" is not freed or pointed-to in function "finish_filelist_progress". rsync-3.1.3/flist.c:174:62: noescape: "finish_filelist_progress(struct file_list const *)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2558:3: noescape: Resource "flist" is not freed or pointed-to in function "flist_done_allocating". rsync-3.1.3/flist.c:319:53: noescape: "flist_done_allocating(struct file_list *)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2569:2: noescape: Resource "flist" is not freed or pointed-to in function "flist_sort_and_clean". rsync-3.1.3/flist.c:2820:52: noescape: "flist_sort_and_clean(struct file_list *, int)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2582:3: noescape: Resource "flist" is not freed or pointed-to in function "output_flist". rsync-3.1.3/flist.c:2991:44: noescape: "output_flist(struct file_list *)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2590:2: return_alloc: Returning allocated memory "flist". rsync-3.1.3/rsync.c:369: var_assign: Assigning: "flist" = storage returned from "recv_file_list(f_in, ndx)". rsync-3.1.3/rsync.c:369: overwrite_var: Overwriting "flist" in "flist = recv_file_list(f_in, ndx)" leaks the storage that "flist" points to. # 367| /* Send all the data we read for this flist to the generator. */ # 368| start_flist_forward(ndx); # 369|-> flist = recv_file_list(f_in, ndx); # 370| flist->parent_ndx = ndx; # 371| stop_flist_forward(); Error: RESOURCE_LEAK (CWE-772): [#def96] rsync-3.1.3/rsync.c:369: alloc_fn: Storage is returned from allocation function "recv_file_list". rsync-3.1.3/flist.c:2446:2: alloc_fn: Storage is returned from allocation function "flist_new". rsync-3.1.3/flist.c:2744:2: alloc_fn: Storage is returned from allocation function "calloc". rsync-3.1.3/flist.c:2744:2: var_assign: Assigning: "flist" = "calloc(1UL, 88UL)". rsync-3.1.3/flist.c:2780:2: return_alloc: Returning allocated memory "flist". rsync-3.1.3/flist.c:2446:2: var_assign: Assigning: "flist" = "flist_new(0, "recv_file_list")". rsync-3.1.3/flist.c:2525:3: noescape: Resource "flist" is not freed or pointed-to in function "finish_filelist_progress". rsync-3.1.3/flist.c:174:62: noescape: "finish_filelist_progress(struct file_list const *)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2558:3: noescape: Resource "flist" is not freed or pointed-to in function "flist_done_allocating". rsync-3.1.3/flist.c:319:53: noescape: "flist_done_allocating(struct file_list *)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2569:2: noescape: Resource "flist" is not freed or pointed-to in function "flist_sort_and_clean". rsync-3.1.3/flist.c:2820:52: noescape: "flist_sort_and_clean(struct file_list *, int)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2582:3: noescape: Resource "flist" is not freed or pointed-to in function "output_flist". rsync-3.1.3/flist.c:2991:44: noescape: "output_flist(struct file_list *)" does not free or save its parameter "flist". rsync-3.1.3/flist.c:2590:2: return_alloc: Returning allocated memory "flist". rsync-3.1.3/rsync.c:369: var_assign: Assigning: "flist" = storage returned from "recv_file_list(f_in, ndx)". rsync-3.1.3/rsync.c:384: overwrite_var: Overwriting "flist" in "flist = flist_for_ndx(ndx, "read_ndx_and_attrs")" leaks the storage that "flist" points to. # 382| } # 383| # 384|-> flist = flist_for_ndx(ndx, "read_ndx_and_attrs"); # 385| if (flist != cur_flist) { # 386| cur_flist = flist; Error: RESOURCE_LEAK (CWE-772): [#def97] rsync-3.1.3/socket.c:362: alloc_fn: Storage is returned from allocation function "_new_array". rsync-3.1.3/util2.c:68:2: alloc_fn: Storage is returned from allocation function "calloc". rsync-3.1.3/util2.c:68:2: return_alloc_fn: Directly returning storage allocated by "calloc". rsync-3.1.3/socket.c:362: var_assign: Assigning: "prog" = storage returned from "_new_array(len, 1U, 0)". rsync-3.1.3/socket.c:364: var_assign: Assigning: "t" = "prog". rsync-3.1.3/socket.c:371: noescape: Resource "t" is not freed or pointed-to in "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.] rsync-3.1.3/socket.c:382: leaked_storage: Variable "t" going out of scope leaks the storage it points to. rsync-3.1.3/socket.c:390: noescape: Resource "prog" is not freed or pointed-to in "sock_exec". rsync-3.1.3/socket.c:825:34: noescape: "sock_exec(char const *)" does not free or save its parameter "prog". rsync-3.1.3/socket.c:390: leaked_storage: Variable "prog" going out of scope leaks the storage it points to. # 388| } # 389| if (prog) # 390|-> return sock_exec(prog); # 391| return open_socket_out(host, port, bind_addr, af_hint); # 392| } Error: RESOURCE_LEAK (CWE-772): [#def98] rsync-3.1.3/socket.c:437: start: Starting defect path here. rsync-3.1.3/socket.c:457: alloc_fn: Storage is returned from allocation function "lp_socket_options". rsync-3.1.3/loadparm.c:464:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:464:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/socket.c:457: noescape: Resource "lp_socket_options()" is not freed or pointed-to in "set_socket_options". rsync-3.1.3/socket.c:684:39: noescape: "set_socket_options(int, char *)" does not free or save its parameter "options". rsync-3.1.3/socket.c:457: leaked_storage: Failing to save or free storage allocated by "lp_socket_options()" leaks it. # 455| set_socket_options(s, sockopts); # 456| else # 457|-> set_socket_options(s, lp_socket_options()); # 458| # 459| #ifdef IPV6_V6ONLY Error: RESOURCE_LEAK (CWE-772): [#def99] rsync-3.1.3/util.c:338: open_fn: Returning handle opened by "do_open". rsync-3.1.3/syscall.c:210:2: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.] rsync-3.1.3/syscall.c:210:2: return_handle_fn: Directly returning handle opened by "open". rsync-3.1.3/util.c:338: var_assign: Assigning: "ifd" = handle returned from "do_open(source, 0, 0U)". rsync-3.1.3/util.c:350: leaked_handle: Handle variable "ifd" going out of scope leaks the handle. # 348| rsyserr(FERROR_XFER, errno, "unlink %s", full_fname(dest)); # 349| errno = save_errno; # 350|-> return -1; # 351| } # 352| Error: RESOURCE_LEAK (CWE-772): [#def100] rsync-3.1.3/util.c:1196: alloc_fn: Storage is returned from allocation function "lp_name". rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". rsync-3.1.3/util.c:1196: var_assign: Assigning: "m2" = storage returned from "lp_name(module_id)". rsync-3.1.3/util.c:1201: noescape: Resource "m2" is not freed or pointed-to in "asprintf". rsync-3.1.3/util.c:1204: leaked_storage: Variable "m2" going out of scope leaks the storage it points to. # 1202| out_of_memory("full_fname"); # 1203| # 1204|-> return result; # 1205| } # 1206| ---------------------------------------------------------------------------------------------------- Comment on the covscan review: def1, def2, def7, def11: It depends what the expand_vars actually returns. But consider this example: char* var = (char *)malloc(100*sizeof(char)); char* var2 = (char *)calloc(100, sizeof(char)); if(var && !*var) { printf("var not empty\n"); var = NULL; } if(var2 && !*var2) { printf("var22 not empty\n"); var2 = NULL; } malloc or calloc are the two possibilities that new_array called in expand_vars may return. In both cases there is a leak - valgrind confirms this. -------- def3, def4, def5, def6, def8, def9, def10, def12, def13, def15, def17, def18, def19, def21, def22, def23, def24, def25, def26, def27, def28, def29, def30, def31, def32, def33, def34, def35, def37, def38, def39, def40, def41, def42, def43, def44, def45, def47, def48, def49, def51, def52, def54, def56, def57, def58, def59, def60, def61, def62, def63, def64, def65, def66, def67, def70, def81, def82, def83, def84, def85, def91, def98, def100: expand_vars returns allocated memory and in most cases it is not being freed. For example consider this in def12: rprintf(FLOG, "auth failed on module %s from %s (%s): invalid challenge response\n",lp_name(module), host, addr); All these defects have to do something with lp_* functions. As far as I can tell, expand_vars always returns some allocated space. -------- def14: Definitely looks like a leak. I have seen the same thing in util.c on line 1160. The pointer is lost since it is overwritten by buffer returned by strdup. -------- def16: To be honest I couldn't figure this one out. You pass the pointer p to check_for_hostspec function, the pointer is than used to hold some value but is overwritten on return. I am not really sure if this is a mistake or not -------- def20: free(modname) should be called before return -------- def36, def46, def50, def53, def55: free(module_chdir) should be called before return -------- def68, def69: False positive, all gets redirected to /dev/null -------- def71: The fd probably gets closed somewhere else? but I could not figure out where. -------- def72, def73: This seems like a false positive. It seems that the newly created struct in make_file is actually saved in pool_alloc function so the new file structure is not actually lost. -------- def74, def75, def86, def94, def95, def96: Seems like a false positive, flist_new saves the pointer to the newly allocated list if I am not mistaken. -------- def76: This is a leak. It might be solved by changing the order of the first two ifs. First check the MINALIGN, and if it is OK, try to allocate the pool. -------- def77, def78, def79: False positive, the offset is negative due to the way this has been allocated -------- def80: Probably a false positive, the parameter should be saved in the parm_table? -------- def88, def89: dummy_host here should be freed -------- def90, def92, def93, def97: these should be probably all freed -------- def99: ifd should be closed if the robust_unlink function fails