The Samba-Bugzilla – Attachment 14689 Details for
Bug 13692
Coverity scan for rsync-3.1.3
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Covscan report with commentary
covscan_report (text/plain), 116.96 KB, created by
Michal Ruprich
on 2018-11-27 08:49:00 UTC
(
hide
)
Description:
Covscan report with commentary
Filename:
MIME Type:
Creator:
Michal Ruprich
Created:
2018-11-27 08:49:00 UTC
Size:
116.96 KB
patch
obsolete
>List of Defects > >Error: RESOURCE_LEAK (CWE-772): [#def1] >rsync-3.1.3/access.c:264: alloc_fn: Storage is returned from allocation function "lp_hosts_allow". >rsync-3.1.3/loadparm.c:477:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:477:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/access.c:264: var_assign: Assigning: "allow_list" = storage returned from "lp_hosts_allow(i)". >rsync-3.1.3/access.c:268: overwrite_var: Overwriting "allow_list" in "allow_list = NULL" leaks the storage that "allow_list" points to. ># 266| ># 267| if (allow_list && !*allow_list) ># 268|-> allow_list = NULL; ># 269| if (deny_list && !*deny_list) ># 270| deny_list = NULL; > >Error: RESOURCE_LEAK (CWE-772): [#def2] >rsync-3.1.3/access.c:265: alloc_fn: Storage is returned from allocation function "lp_hosts_deny". >rsync-3.1.3/loadparm.c:478:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:478:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/access.c:265: var_assign: Assigning: "deny_list" = storage returned from "lp_hosts_deny(i)". >rsync-3.1.3/access.c:270: overwrite_var: Overwriting "deny_list" in "deny_list = NULL" leaks the storage that "deny_list" points to. ># 268| allow_list = NULL; ># 269| if (deny_list && !*deny_list) ># 270|-> deny_list = NULL; ># 271| ># 272| allow_forward_dns = lp_forward_lookup(i); > >Error: RESOURCE_LEAK (CWE-772): [#def3] >rsync-3.1.3/access.c:264: alloc_fn: Storage is returned from allocation function "lp_hosts_allow". >rsync-3.1.3/loadparm.c:477:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:477:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/access.c:264: var_assign: Assigning: "allow_list" = storage returned from "lp_hosts_allow(i)". >rsync-3.1.3/access.c:276: noescape: Resource "allow_list" is not freed or pointed-to in "access_match". >rsync-3.1.3/access.c:241:37: noescape: "access_match(char const *, char const *, char const **)" does not free or save its parameter "list". >rsync-3.1.3/access.c:277: leaked_storage: Variable "allow_list" going out of scope leaks the storage it points to. ># 275| if (allow_list) { ># 276| if (access_match(allow_list, addr, host_ptr)) ># 277|-> return 1; ># 278| /* For an allow-list w/o a deny-list, disallow non-matches. */ ># 279| if (!deny_list) > >Error: RESOURCE_LEAK (CWE-772): [#def4] >rsync-3.1.3/access.c:264: alloc_fn: Storage is returned from allocation function "lp_hosts_allow". >rsync-3.1.3/loadparm.c:477:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:477:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/access.c:264: var_assign: Assigning: "allow_list" = storage returned from "lp_hosts_allow(i)". >rsync-3.1.3/access.c:276: noescape: Resource "allow_list" is not freed or pointed-to in "access_match". >rsync-3.1.3/access.c:241:37: noescape: "access_match(char const *, char const *, char const **)" does not free or save its parameter "list". >rsync-3.1.3/access.c:280: leaked_storage: Variable "allow_list" going out of scope leaks the storage it points to. ># 278| /* For an allow-list w/o a deny-list, disallow non-matches. */ ># 279| if (!deny_list) ># 280|-> return 0; ># 281| } ># 282| > >Error: RESOURCE_LEAK (CWE-772): [#def5] >rsync-3.1.3/access.c:265: alloc_fn: Storage is returned from allocation function "lp_hosts_deny". >rsync-3.1.3/loadparm.c:478:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:478:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/access.c:265: var_assign: Assigning: "deny_list" = storage returned from "lp_hosts_deny(i)". >rsync-3.1.3/access.c:285: noescape: Resource "deny_list" is not freed or pointed-to in "access_match". >rsync-3.1.3/access.c:241:37: noescape: "access_match(char const *, char const *, char const **)" does not free or save its parameter "list". >rsync-3.1.3/access.c:286: leaked_storage: Variable "deny_list" going out of scope leaks the storage it points to. ># 284| * items), we always disallow access. */ ># 285| if (deny_list && access_match(deny_list, addr, host_ptr)) ># 286|-> return 0; ># 287| ># 288| /* Allow all other access. */ > >Error: RESOURCE_LEAK (CWE-772): [#def6] >rsync-3.1.3/access.c:265: alloc_fn: Storage is returned from allocation function "lp_hosts_deny". >rsync-3.1.3/loadparm.c:478:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:478:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/access.c:265: var_assign: Assigning: "deny_list" = storage returned from "lp_hosts_deny(i)". >rsync-3.1.3/access.c:285: noescape: Resource "deny_list" is not freed or pointed-to in "access_match". >rsync-3.1.3/access.c:241:37: noescape: "access_match(char const *, char const *, char const **)" does not free or save its parameter "list". >rsync-3.1.3/access.c:289: leaked_storage: Variable "deny_list" going out of scope leaks the storage it points to. ># 287| ># 288| /* Allow all other access. */ ># 289|-> return 1; ># 290| } > >Error: RESOURCE_LEAK (CWE-772): [#def7] >rsync-3.1.3/authenticate.c:103: alloc_fn: Storage is returned from allocation function "lp_secrets_file". >rsync-3.1.3/loadparm.c:491:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:491:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/authenticate.c:103: var_assign: Assigning: "fname" = storage returned from "lp_secrets_file(module)". >rsync-3.1.3/authenticate.c:111: noescape: Resource "fname" is not freed or pointed-to in "fopen". >rsync-3.1.3/authenticate.c:112: leaked_storage: Variable "fname" going out of scope leaks the storage it points to. ># 110| ># 111| if (!fname || !*fname || (fh = fopen(fname, "r")) == NULL) ># 112|-> return "no secrets file"; ># 113| ># 114| if (do_fstat(fileno(fh), &st) == -1) { > >Error: RESOURCE_LEAK (CWE-772): [#def8] >rsync-3.1.3/authenticate.c:103: alloc_fn: Storage is returned from allocation function "lp_secrets_file". >rsync-3.1.3/loadparm.c:491:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:491:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/authenticate.c:103: var_assign: Assigning: "fname" = storage returned from "lp_secrets_file(module)". >rsync-3.1.3/authenticate.c:111: noescape: Resource "fname" is not freed or pointed-to in "fopen". >rsync-3.1.3/authenticate.c:128: leaked_storage: Variable "fname" going out of scope leaks the storage it points to. ># 126| if (!ok) { ># 127| fclose(fh); ># 128|-> return "ignoring secrets file"; ># 129| } ># 130| > >Error: RESOURCE_LEAK (CWE-772): [#def9] >rsync-3.1.3/authenticate.c:103: alloc_fn: Storage is returned from allocation function "lp_secrets_file". >rsync-3.1.3/loadparm.c:491:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:491:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/authenticate.c:103: var_assign: Assigning: "fname" = storage returned from "lp_secrets_file(module)". >rsync-3.1.3/authenticate.c:111: noescape: Resource "fname" is not freed or pointed-to in "fopen". >rsync-3.1.3/authenticate.c:134: leaked_storage: Variable "fname" going out of scope leaks the storage it points to. ># 132| /* Reject attempt to match a comment. */ ># 133| fclose(fh); ># 134|-> return "invalid username"; ># 135| } ># 136| > >Error: RESOURCE_LEAK (CWE-772): [#def10] >rsync-3.1.3/authenticate.c:103: alloc_fn: Storage is returned from allocation function "lp_secrets_file". >rsync-3.1.3/loadparm.c:491:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:491:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/authenticate.c:103: var_assign: Assigning: "fname" = storage returned from "lp_secrets_file(module)". >rsync-3.1.3/authenticate.c:111: noescape: Resource "fname" is not freed or pointed-to in "fopen". >rsync-3.1.3/authenticate.c:168: leaked_storage: Variable "fname" going out of scope leaks the storage it points to. ># 166| memset(pass2, 0, sizeof pass2); ># 167| ># 168|-> return err; ># 169| } ># 170| > >Error: RESOURCE_LEAK (CWE-772): [#def11] >rsync-3.1.3/authenticate.c:226: alloc_fn: Storage is returned from allocation function "lp_auth_users". >rsync-3.1.3/loadparm.c:469:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:469:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/authenticate.c:226: var_assign: Assigning: "users" = storage returned from "lp_auth_users(module)". >rsync-3.1.3/authenticate.c:238: leaked_storage: Variable "users" going out of scope leaks the storage it points to. ># 236| /* if no auth list then allow anyone in! */ ># 237| if (!users || !*users) ># 238|-> return ""; ># 239| ># 240| gen_challenge(addr, challenge); > >Error: RESOURCE_LEAK (CWE-772): [#def12] >rsync-3.1.3/authenticate.c:246: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/authenticate.c:246: noescape: Resource "lp_name(module)" is not freed or pointed-to in "rprintf". >rsync-3.1.3/authenticate.c:246: leaked_storage: Failing to save or free storage allocated by "lp_name(module)" leaks it. ># 244| if (!read_line_old(f_in, line, sizeof line, 0) ># 245| || (pass = strchr(line, ' ')) == NULL) { ># 246|-> rprintf(FLOG, "auth failed on module %s from %s (%s): " ># 247| "invalid challenge response\n", ># 248| lp_name(module), host, addr); > >Error: RESOURCE_LEAK (CWE-772): [#def13] >rsync-3.1.3/authenticate.c:226: alloc_fn: Storage is returned from allocation function "lp_auth_users". >rsync-3.1.3/loadparm.c:469:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:469:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/authenticate.c:226: var_assign: Assigning: "users" = storage returned from "lp_auth_users(module)". >rsync-3.1.3/authenticate.c:249: leaked_storage: Variable "users" going out of scope leaks the storage it points to. ># 247| "invalid challenge response\n", ># 248| lp_name(module), host, addr); ># 249|-> return NULL; ># 250| } ># 251| *pass++ = '\0'; > >Error: RESOURCE_LEAK (CWE-772): [#def14] >rsync-3.1.3/authenticate.c:226: alloc_fn: Storage is returned from allocation function "lp_auth_users". >rsync-3.1.3/loadparm.c:469:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:469:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/authenticate.c:226: var_assign: Assigning: "users" = storage returned from "lp_auth_users(module)". >rsync-3.1.3/authenticate.c:253: noescape: Resource "users" is not freed or pointed-to in "strdup". >rsync-3.1.3/authenticate.c:253: overwrite_var: Overwriting "users" in "users = strdup(users)" leaks the storage that "users" points to. ># 251| *pass++ = '\0'; ># 252| ># 253|-> if (!(users = strdup(users))) ># 254| out_of_memory("auth_server"); ># 255| > >Error: RESOURCE_LEAK (CWE-772): [#def15] >rsync-3.1.3/authenticate.c:334: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/authenticate.c:334: noescape: Resource "lp_name(module)" is not freed or pointed-to in "rprintf". >rsync-3.1.3/authenticate.c:334: leaked_storage: Failing to save or free storage allocated by "lp_name(module)" leaks it. ># 332| ># 333| if (err) { ># 334|-> rprintf(FLOG, "auth failed on module %s from %s (%s) for %s: %s\n", ># 335| lp_name(module), host, addr, line, err); ># 336| return NULL; > >Error: RESOURCE_LEAK (CWE-772): [#def16] >rsync-3.1.3/batch.c:270: alloc_arg: "check_for_hostspec" allocates memory that is stored into "p". >rsync-3.1.3/options.c:2911:3: alloc_fn: Storage is returned from allocation function "parse_hostspec". >rsync-3.1.3/options.c:2892:2: alloc_fn: Storage is returned from allocation function "_new_array". >rsync-3.1.3/util2.c:68:2: alloc_fn: Storage is returned from allocation function "calloc". >rsync-3.1.3/util2.c:68:2: return_alloc_fn: Directly returning storage allocated by "calloc". >rsync-3.1.3/options.c:2892:2: var_assign: Assigning: "ret" = "_new_array(userlen + hostlen + 1, 1U, 0)". >rsync-3.1.3/options.c:2896:2: return_alloc: Returning allocated memory "ret". >rsync-3.1.3/options.c:2911:3: var_assign: Assigning: "*host_ptr" = "parse_hostspec(s + strlen("rsync://"), &path, port_ptr)". >rsync-3.1.3/batch.c:270: overwrite_var: Overwriting "p" in "p = check_for_hostspec(argv[argc - 1], &p, &i)" leaks the storage that "p" points to. ># 268| } ># 269| } ># 270|-> if (!(p = check_for_hostspec(argv[argc - 1], &p, &i))) ># 271| p = argv[argc - 1]; ># 272| if (write(fd, " ${1:-", 6) != 6 > >Error: RESOURCE_LEAK (CWE-772): [#def17] >rsync-3.1.3/cleanup.c:209: alloc_fn: Storage is returned from allocation function "lp_pid_file". >rsync-3.1.3/loadparm.c:463:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:463:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/cleanup.c:209: noescape: Resource "lp_pid_file()" is not freed or pointed-to in "unlink". >rsync-3.1.3/cleanup.c:209: leaked_storage: Failing to save or free storage allocated by "lp_pid_file()" leaks it. ># 207| char *pidf = lp_pid_file(); ># 208| if (pidf && *pidf) ># 209|-> unlink(lp_pid_file()); ># 210| } ># 211| > >Error: RESOURCE_LEAK (CWE-772): [#def18] >rsync-3.1.3/cleanup.c:207: alloc_fn: Storage is returned from allocation function "lp_pid_file". >rsync-3.1.3/loadparm.c:463:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:463:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/cleanup.c:207: var_assign: Assigning: "pidf" = storage returned from "lp_pid_file()". >rsync-3.1.3/cleanup.c:210: leaked_storage: Variable "pidf" going out of scope leaks the storage it points to. ># 208| if (pidf && *pidf) ># 209| unlink(lp_pid_file()); ># 210|-> } ># 211| ># 212| if (exit_code == 0) { > >Error: RESOURCE_LEAK (CWE-772): [#def19] >rsync-3.1.3/clientserver.c:151: alloc_fn: Storage is returned from allocation function "lp_motd_file". >rsync-3.1.3/loadparm.c:462:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:462:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:151: var_assign: Assigning: "motd" = storage returned from "lp_motd_file()". >rsync-3.1.3/clientserver.c:153: noescape: Resource "motd" is not freed or pointed-to in "fopen". >rsync-3.1.3/clientserver.c:169: leaked_storage: Variable "motd" going out of scope leaks the storage it points to. ># 167| if (am_client) ># 168| rprintf(FERROR, "rsync: did not see server greeting\n"); ># 169|-> return -1; ># 170| } ># 171| > >Error: RESOURCE_LEAK (CWE-772): [#def20] >rsync-3.1.3/clientserver.c:233: alloc_fn: Storage is returned from allocation function "_new_array". >rsync-3.1.3/util2.c:68:2: alloc_fn: Storage is returned from allocation function "calloc". >rsync-3.1.3/util2.c:68:2: return_alloc_fn: Directly returning storage allocated by "calloc". >rsync-3.1.3/clientserver.c:233: var_assign: Assigning: "modname" = storage returned from "_new_array(modlen + 1 + 1, 1U, 0)". >rsync-3.1.3/clientserver.c:235: noescape: Resource "modname" is not freed or pointed-to in "strlcpy". >rsync-3.1.3/lib/compat.c:110:23: noescape: "strlcpy(char *, char const *, size_t)" does not free or save its parameter "d". >rsync-3.1.3/clientserver.c:245: leaked_storage: Variable "modname" going out of scope leaks the storage it points to. ># 243| ># 244| if (exchange_protocols(f_in, f_out, line, sizeof line, 1) < 0) ># 245|-> return -1; ># 246| ># 247| /* set daemon_over_rsh to false since we need to build the > >Error: RESOURCE_LEAK (CWE-772): [#def21] >rsync-3.1.3/clientserver.c:520: alloc_fn: Storage is returned from allocation function "lp_charset". >rsync-3.1.3/loadparm.c:470:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:470:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:520: var_assign: Assigning: "iconv_opt" = storage returned from "lp_charset(i)". >rsync-3.1.3/clientserver.c:523: overwrite_var: Overwriting "iconv_opt" in "iconv_opt = NULL" leaks the storage that "iconv_opt" points to. ># 521| if (*iconv_opt) ># 522| setup_iconv(); ># 523|-> iconv_opt = NULL; ># 524| #endif ># 525| > >Error: RESOURCE_LEAK (CWE-772): [#def22] >rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". >rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". >rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". >rsync-3.1.3/clientserver.c:534: noescape: Resource "name" is not freed or pointed-to in "rprintf". >rsync-3.1.3/clientserver.c:537: noescape: Resource "name" is not freed or pointed-to in "io_printf". >rsync-3.1.3/clientserver.c:543: leaked_storage: Variable "name" going out of scope leaks the storage it points to. ># 541| name, host, addr); ># 542| } ># 543|-> return -1; ># 544| } ># 545| > >Error: RESOURCE_LEAK (CWE-772): [#def23] >rsync-3.1.3/clientserver.c:551: alloc_fn: Storage is returned from allocation function "lp_lock_file". >rsync-3.1.3/loadparm.c:482:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:482:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:551: noescape: Resource "lp_lock_file(i)" is not freed or pointed-to in "claim_connection". >rsync-3.1.3/connection.c:25:28: noescape: "claim_connection(char *, int)" does not free or save its parameter "fname". >rsync-3.1.3/clientserver.c:551: leaked_storage: Failing to save or free storage allocated by "lp_lock_file(i)" leaks it. ># 549| } ># 550| ># 551|-> if (!claim_connection(lp_lock_file(i), lp_max_connections(i))) { ># 552| if (errno) { ># 553| rsyserr(FLOG, errno, "failed to open lock file %s", > >Error: RESOURCE_LEAK (CWE-772): [#def24] >rsync-3.1.3/clientserver.c:553: alloc_fn: Storage is returned from allocation function "lp_lock_file". >rsync-3.1.3/loadparm.c:482:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:482:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:553: noescape: Resource "lp_lock_file(i)" is not freed or pointed-to in "rsyserr". >rsync-3.1.3/clientserver.c:553: leaked_storage: Failing to save or free storage allocated by "lp_lock_file(i)" leaks it. ># 551| if (!claim_connection(lp_lock_file(i), lp_max_connections(i))) { ># 552| if (errno) { ># 553|-> rsyserr(FLOG, errno, "failed to open lock file %s", ># 554| lp_lock_file(i)); ># 555| io_printf(f_out, "@ERROR: failed to open lock file\n"); > >Error: RESOURCE_LEAK (CWE-772): [#def25] >rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". >rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". >rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". >rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". >rsync-3.1.3/clientserver.c:562: leaked_storage: Variable "name" going out of scope leaks the storage it points to. ># 560| lp_max_connections(i)); ># 561| } ># 562|-> return -1; ># 563| } ># 564| > >Error: RESOURCE_LEAK (CWE-772): [#def26] >rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". >rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". >rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". >rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". >rsync-3.1.3/clientserver.c:569: noescape: Resource "name" is not freed or pointed-to in "io_printf". >rsync-3.1.3/clientserver.c:570: leaked_storage: Variable "name" going out of scope leaks the storage it points to. ># 568| if (!auth_user) { ># 569| io_printf(f_out, "@ERROR: auth failed on module %s\n", name); ># 570|-> return -1; ># 571| } ># 572| set_env_str("RSYNC_USER_NAME", auth_user); > >Error: RESOURCE_LEAK (CWE-772): [#def27] >rsync-3.1.3/clientserver.c:586: alloc_fn: Storage is returned from allocation function "lp_uid". >rsync-3.1.3/loadparm.c:494:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:494:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:586: leaked_storage: Failing to save or free storage allocated by "lp_uid(i)" leaks it. ># 584| am_root = (uid == 0); ># 585| ># 586|-> p = *lp_uid(i) ? lp_uid(i) : am_root ? NOBODY_USER : NULL; ># 587| if (p) { ># 588| if (!user_to_uid(p, &uid, True)) { > >Error: RESOURCE_LEAK (CWE-772): [#def28] >rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". >rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". >rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". >rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". >rsync-3.1.3/clientserver.c:591: leaked_storage: Variable "name" going out of scope leaks the storage it points to. ># 589| rprintf(FLOG, "Invalid uid %s\n", p); ># 590| io_printf(f_out, "@ERROR: invalid uid %s\n", p); ># 591|-> return -1; ># 592| } ># 593| set_uid = 1; > >Error: RESOURCE_LEAK (CWE-772): [#def29] >rsync-3.1.3/clientserver.c:597: alloc_fn: Storage is returned from allocation function "lp_gid". >rsync-3.1.3/loadparm.c:476:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:476:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:597: leaked_storage: Failing to save or free storage allocated by "lp_gid(i)" leaks it. ># 595| set_uid = 0; ># 596| ># 597|-> p = *lp_gid(i) ? conf_strtok(lp_gid(i)) : NULL; ># 598| if (p) { ># 599| /* The "*" gid must be the first item in the list. */ > >Error: RESOURCE_LEAK (CWE-772): [#def30] >rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". >rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". >rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". >rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". >rsync-3.1.3/clientserver.c:603: leaked_storage: Variable "name" going out of scope leaks the storage it points to. ># 601| #ifdef HAVE_GETGROUPLIST ># 602| if (want_all_groups(f_out, uid) < 0) ># 603|-> return -1; ># 604| #elif defined HAVE_INITGROUPS ># 605| if ((pw = want_all_groups(f_out, uid)) == NULL) > >Error: RESOURCE_LEAK (CWE-772): [#def31] >rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". >rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". >rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". >rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". >rsync-3.1.3/clientserver.c:613: leaked_storage: Variable "name" going out of scope leaks the storage it points to. ># 611| #endif ># 612| } else if (add_a_group(f_out, p) < 0) ># 613|-> return -1; ># 614| while ((p = conf_strtok(NULL)) != NULL) { ># 615| #if defined HAVE_INITGROUPS && !defined HAVE_GETGROUPLIST > >Error: RESOURCE_LEAK (CWE-772): [#def32] >rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". >rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". >rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". >rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". >rsync-3.1.3/clientserver.c:623: leaked_storage: Variable "name" going out of scope leaks the storage it points to. ># 621| #endif ># 622| if (add_a_group(f_out, p) < 0) ># 623|-> return -1; ># 624| } ># 625| } else if (am_root) { > >Error: RESOURCE_LEAK (CWE-772): [#def33] >rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". >rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". >rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". >rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". >rsync-3.1.3/clientserver.c:627: leaked_storage: Variable "name" going out of scope leaks the storage it points to. ># 625| } else if (am_root) { ># 626| if (add_a_group(f_out, NOBODY_GROUP) < 0) ># 627|-> return -1; ># 628| } ># 629| > >Error: RESOURCE_LEAK (CWE-772): [#def34] >rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". >rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". >rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". >rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". >rsync-3.1.3/clientserver.c:632: noescape: Resource "name" is not freed or pointed-to in "rprintf". >rsync-3.1.3/clientserver.c:634: leaked_storage: Variable "name" going out of scope leaks the storage it points to. ># 632| rprintf(FLOG, "No path specified for module %s\n", name); ># 633| io_printf(f_out, "@ERROR: no path setting.\n"); ># 634|-> return -1; ># 635| } ># 636| if (use_chroot) { > >Error: RESOURCE_LEAK (CWE-772): [#def35] >rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". >rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". >rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". >rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". >rsync-3.1.3/clientserver.c:640: leaked_storage: Variable "name" going out of scope leaks the storage it points to. ># 638| *p = '\0'; /* Temporary... */ ># 639| if (!(module_chdir = normalize_path(module_dir, True, NULL))) ># 640|-> return path_failure(f_out, module_dir, False); ># 641| *p = '/'; ># 642| if (!(p = normalize_path(p + 2, True, &module_dirlen))) > >Error: RESOURCE_LEAK (CWE-772): [#def36] >rsync-3.1.3/clientserver.c:639: alloc_fn: Storage is returned from allocation function "normalize_path". >rsync-3.1.3/util.c:1156:3: alloc_fn: Storage is returned from allocation function "strdup". >rsync-3.1.3/util.c:1156:3: var_assign: Assigning: "path" = "strdup(curr_dir)". >rsync-3.1.3/util.c:1164:2: noescape: Resource "path" is not freed or pointed-to in function "clean_fname". >rsync-3.1.3/util.c:913:23: noescape: "clean_fname(char *, int)" does not free or save its parameter "name". >rsync-3.1.3/util.c:1169:2: return_alloc: Returning allocated memory "path". >rsync-3.1.3/clientserver.c:639: var_assign: Assigning: "module_chdir" = storage returned from "normalize_path(module_dir, 1, NULL)". >rsync-3.1.3/clientserver.c:643: leaked_storage: Variable "module_chdir" going out of scope leaks the storage it points to. ># 641| *p = '/'; ># 642| if (!(p = normalize_path(p + 2, True, &module_dirlen))) ># 643|-> return path_failure(f_out, strstr(module_dir, "/./"), False); ># 644| if (!(full_module_path = normalize_path(module_dir, False, NULL))) ># 645| full_module_path = module_dir; > >Error: RESOURCE_LEAK (CWE-772): [#def37] >rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". >rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". >rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". >rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". >rsync-3.1.3/clientserver.c:643: leaked_storage: Variable "name" going out of scope leaks the storage it points to. ># 641| *p = '/'; ># 642| if (!(p = normalize_path(p + 2, True, &module_dirlen))) ># 643|-> return path_failure(f_out, strstr(module_dir, "/./"), False); ># 644| if (!(full_module_path = normalize_path(module_dir, False, NULL))) ># 645| full_module_path = module_dir; > >Error: RESOURCE_LEAK (CWE-772): [#def38] >rsync-3.1.3/clientserver.c:630: alloc_fn: Storage is returned from allocation function "lp_path". >rsync-3.1.3/loadparm.c:487:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:487:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:630: var_assign: Assigning: "module_dir" = storage returned from "lp_path(i)". >rsync-3.1.3/clientserver.c:637: identity_transfer: Passing "module_dir" as argument 1 to function "strstr", which returns an offset off that argument. >rsync-3.1.3/clientserver.c:637: noescape: Resource "module_dir" is not freed or pointed-to in "strstr". >rsync-3.1.3/clientserver.c:637: var_assign: Assigning: "p" = storage returned from "strstr(module_dir, "/./")". >rsync-3.1.3/clientserver.c:639: noescape: Resource "module_dir" is not freed or pointed-to in "normalize_path". >rsync-3.1.3/util.c:1146:28: noescape: "normalize_path(char *, int, unsigned int *)" does not free or save its parameter "path". >rsync-3.1.3/clientserver.c:642: noescape: Resource "p + 2" is not freed or pointed-to in "normalize_path". >rsync-3.1.3/util.c:1146:28: noescape: "normalize_path(char *, int, unsigned int *)" does not free or save its parameter "path". >rsync-3.1.3/clientserver.c:644: noescape: Resource "module_dir" is not freed or pointed-to in "normalize_path". >rsync-3.1.3/util.c:1146:28: noescape: "normalize_path(char *, int, unsigned int *)" does not free or save its parameter "path". >rsync-3.1.3/clientserver.c:646: overwrite_var: Overwriting "module_dir" in "module_dir = p" leaks the storage that "module_dir" points to. ># 644| if (!(full_module_path = normalize_path(module_dir, False, NULL))) ># 645| full_module_path = module_dir; ># 646|-> module_dir = p; ># 647| } else { ># 648| if (!(module_chdir = normalize_path(module_dir, False, NULL))) > >Error: RESOURCE_LEAK (CWE-772): [#def39] >rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". >rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". >rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". >rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". >rsync-3.1.3/clientserver.c:649: leaked_storage: Variable "name" going out of scope leaks the storage it points to. ># 647| } else { ># 648| if (!(module_chdir = normalize_path(module_dir, False, NULL))) ># 649|-> return path_failure(f_out, module_dir, False); ># 650| full_module_path = module_chdir; ># 651| module_dir = "/"; > >Error: RESOURCE_LEAK (CWE-772): [#def40] >rsync-3.1.3/clientserver.c:630: alloc_fn: Storage is returned from allocation function "lp_path". >rsync-3.1.3/loadparm.c:487:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:487:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:630: var_assign: Assigning: "module_dir" = storage returned from "lp_path(i)". >rsync-3.1.3/clientserver.c:637: noescape: Resource "module_dir" is not freed or pointed-to in "strstr". >rsync-3.1.3/clientserver.c:648: noescape: Resource "module_dir" is not freed or pointed-to in "normalize_path". >rsync-3.1.3/util.c:1146:28: noescape: "normalize_path(char *, int, unsigned int *)" does not free or save its parameter "path". >rsync-3.1.3/clientserver.c:651: overwrite_var: Overwriting "module_dir" in "module_dir = "/"" leaks the storage that "module_dir" points to. ># 649| return path_failure(f_out, module_dir, False); ># 650| full_module_path = module_chdir; ># 651|-> module_dir = "/"; ># 652| module_dirlen = 1; ># 653| } > >Error: RESOURCE_LEAK (CWE-772): [#def41] >rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". >rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". >rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". >rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". >rsync-3.1.3/clientserver.c:656: leaked_storage: Variable "name" going out of scope leaks the storage it points to. ># 654| } else { ># 655| if (!(module_chdir = normalize_path(module_dir, False, &module_dirlen))) ># 656|-> return path_failure(f_out, module_dir, False); ># 657| full_module_path = module_dir = module_chdir; ># 658| } > >Error: RESOURCE_LEAK (CWE-772): [#def42] >rsync-3.1.3/clientserver.c:630: alloc_fn: Storage is returned from allocation function "lp_path". >rsync-3.1.3/loadparm.c:487:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:487:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:630: var_assign: Assigning: "module_dir" = storage returned from "lp_path(i)". >rsync-3.1.3/clientserver.c:655: noescape: Resource "module_dir" is not freed or pointed-to in "normalize_path". >rsync-3.1.3/util.c:1146:28: noescape: "normalize_path(char *, int, unsigned int *)" does not free or save its parameter "path". >rsync-3.1.3/clientserver.c:657: overwrite_var: Overwriting "module_dir" in "module_dir = module_chdir" leaks the storage that "module_dir" points to. ># 655| if (!(module_chdir = normalize_path(module_dir, False, &module_dirlen))) ># 656| return path_failure(f_out, module_dir, False); ># 657|-> full_module_path = module_dir = module_chdir; ># 658| } ># 659| set_env_str("RSYNC_MODULE_PATH", full_module_path); > >Error: RESOURCE_LEAK (CWE-772): [#def43] >rsync-3.1.3/clientserver.c:691: alloc_fn: Storage is returned from allocation function "lp_postxfer_exec". >rsync-3.1.3/loadparm.c:488:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:488:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:691: leaked_storage: Failing to save or free storage allocated by "lp_postxfer_exec(i)" leaks it. ># 689| ># 690| #ifdef HAVE_PUTENV ># 691|-> if (*lp_prexfer_exec(i) || *lp_postxfer_exec(i)) { ># 692| int status; ># 693| > >Error: RESOURCE_LEAK (CWE-772): [#def44] >rsync-3.1.3/clientserver.c:691: alloc_fn: Storage is returned from allocation function "lp_prexfer_exec". >rsync-3.1.3/loadparm.c:489:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:489:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:691: leaked_storage: Failing to save or free storage allocated by "lp_prexfer_exec(i)" leaks it. ># 689| ># 690| #ifdef HAVE_PUTENV ># 691|-> if (*lp_prexfer_exec(i) || *lp_postxfer_exec(i)) { ># 692| int status; ># 693| > >Error: RESOURCE_LEAK (CWE-772): [#def45] >rsync-3.1.3/clientserver.c:697: alloc_fn: Storage is returned from allocation function "lp_postxfer_exec". >rsync-3.1.3/loadparm.c:488:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:488:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:697: leaked_storage: Failing to save or free storage allocated by "lp_postxfer_exec(i)" leaks it. ># 695| * daemon while this process waits for the exit status and ># 696| * runs the indicated command at that point. */ ># 697|-> if (*lp_postxfer_exec(i)) { ># 698| pid_t pid = fork(); ># 699| if (pid < 0) { > >Error: RESOURCE_LEAK (CWE-772): [#def46] >rsync-3.1.3/clientserver.c:639: alloc_fn: Storage is returned from allocation function "normalize_path". >rsync-3.1.3/util.c:1156:3: alloc_fn: Storage is returned from allocation function "strdup". >rsync-3.1.3/util.c:1156:3: var_assign: Assigning: "path" = "strdup(curr_dir)". >rsync-3.1.3/util.c:1164:2: noescape: Resource "path" is not freed or pointed-to in function "clean_fname". >rsync-3.1.3/util.c:913:23: noescape: "clean_fname(char *, int)" does not free or save its parameter "name". >rsync-3.1.3/util.c:1169:2: return_alloc: Returning allocated memory "path". >rsync-3.1.3/clientserver.c:639: var_assign: Assigning: "module_chdir" = storage returned from "normalize_path(module_dir, 1, NULL)". >rsync-3.1.3/clientserver.c:702: leaked_storage: Variable "module_chdir" going out of scope leaks the storage it points to. ># 700| rsyserr(FLOG, errno, "fork failed"); ># 701| io_printf(f_out, "@ERROR: fork failed\n"); ># 702|-> return -1; ># 703| } ># 704| if (pid) { > >Error: RESOURCE_LEAK (CWE-772): [#def47] >rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". >rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". >rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". >rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". >rsync-3.1.3/clientserver.c:702: leaked_storage: Variable "name" going out of scope leaks the storage it points to. ># 700| rsyserr(FLOG, errno, "fork failed"); ># 701| io_printf(f_out, "@ERROR: fork failed\n"); ># 702|-> return -1; ># 703| } ># 704| if (pid) { > >Error: RESOURCE_LEAK (CWE-772): [#def48] >rsync-3.1.3/clientserver.c:717: alloc_fn: Storage is returned from allocation function "lp_postxfer_exec". >rsync-3.1.3/loadparm.c:488:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:488:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:717: noescape: Resource "lp_postxfer_exec(i)" is not freed or pointed-to in "system". >rsync-3.1.3/clientserver.c:717: leaked_storage: Failing to save or free storage allocated by "lp_postxfer_exec(i)" leaks it. ># 715| status = -1; ># 716| set_env_num("RSYNC_EXIT_STATUS", status); ># 717|-> if (system(lp_postxfer_exec(i)) < 0) ># 718| status = -1; ># 719| _exit(status); > >Error: RESOURCE_LEAK (CWE-772): [#def49] >rsync-3.1.3/clientserver.c:725: alloc_fn: Storage is returned from allocation function "lp_prexfer_exec". >rsync-3.1.3/loadparm.c:489:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:489:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:725: leaked_storage: Failing to save or free storage allocated by "lp_prexfer_exec(i)" leaks it. ># 723| * command, though it first waits for the parent process to ># 724| * send us the user's request via a pipe. */ ># 725|-> if (*lp_prexfer_exec(i)) { ># 726| int arg_fds[2], error_fds[2]; ># 727| set_env_num("RSYNC_PID", (long)getpid()); > >Error: RESOURCE_LEAK (CWE-772): [#def50] >rsync-3.1.3/clientserver.c:639: alloc_fn: Storage is returned from allocation function "normalize_path". >rsync-3.1.3/util.c:1156:3: alloc_fn: Storage is returned from allocation function "strdup". >rsync-3.1.3/util.c:1156:3: var_assign: Assigning: "path" = "strdup(curr_dir)". >rsync-3.1.3/util.c:1164:2: noescape: Resource "path" is not freed or pointed-to in function "clean_fname". >rsync-3.1.3/util.c:913:23: noescape: "clean_fname(char *, int)" does not free or save its parameter "name". >rsync-3.1.3/util.c:1169:2: return_alloc: Returning allocated memory "path". >rsync-3.1.3/clientserver.c:639: var_assign: Assigning: "module_chdir" = storage returned from "normalize_path(module_dir, 1, NULL)". >rsync-3.1.3/clientserver.c:731: leaked_storage: Variable "module_chdir" going out of scope leaks the storage it points to. ># 729| rsyserr(FLOG, errno, "pre-xfer exec preparation failed"); ># 730| io_printf(f_out, "@ERROR: pre-xfer exec preparation failed\n"); ># 731|-> return -1; ># 732| } ># 733| if (pre_exec_pid == 0) { > >Error: RESOURCE_LEAK (CWE-772): [#def51] >rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". >rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". >rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". >rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". >rsync-3.1.3/clientserver.c:731: leaked_storage: Variable "name" going out of scope leaks the storage it points to. ># 729| rsyserr(FLOG, errno, "pre-xfer exec preparation failed"); ># 730| io_printf(f_out, "@ERROR: pre-xfer exec preparation failed\n"); ># 731|-> return -1; ># 732| } ># 733| if (pre_exec_pid == 0) { > >Error: RESOURCE_LEAK (CWE-772): [#def52] >rsync-3.1.3/clientserver.c:761: alloc_fn: Storage is returned from allocation function "lp_prexfer_exec". >rsync-3.1.3/loadparm.c:489:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:489:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:761: noescape: Resource "lp_prexfer_exec(i)" is not freed or pointed-to in "system". >rsync-3.1.3/clientserver.c:761: leaked_storage: Failing to save or free storage allocated by "lp_prexfer_exec(i)" leaks it. ># 759| dup2(pre_exec_error_fd, STDOUT_FILENO); ># 760| close(pre_exec_error_fd); ># 761|-> status = system(lp_prexfer_exec(i)); ># 762| if (!WIFEXITED(status)) ># 763| _exit(1); > >Error: RESOURCE_LEAK (CWE-772): [#def53] >rsync-3.1.3/clientserver.c:639: alloc_fn: Storage is returned from allocation function "normalize_path". >rsync-3.1.3/util.c:1156:3: alloc_fn: Storage is returned from allocation function "strdup". >rsync-3.1.3/util.c:1156:3: var_assign: Assigning: "path" = "strdup(curr_dir)". >rsync-3.1.3/util.c:1164:2: noescape: Resource "path" is not freed or pointed-to in function "clean_fname". >rsync-3.1.3/util.c:913:23: noescape: "clean_fname(char *, int)" does not free or save its parameter "name". >rsync-3.1.3/util.c:1169:2: return_alloc: Returning allocated memory "path". >rsync-3.1.3/clientserver.c:639: var_assign: Assigning: "module_chdir" = storage returned from "normalize_path(module_dir, 1, NULL)". >rsync-3.1.3/clientserver.c:789: noescape: Resource "module_chdir" is not freed or pointed-to in "chroot". >rsync-3.1.3/clientserver.c:790: noescape: Resource "module_chdir" is not freed or pointed-to in "rsyserr". >rsync-3.1.3/clientserver.c:792: leaked_storage: Variable "module_chdir" going out of scope leaks the storage it points to. ># 790| rsyserr(FLOG, errno, "chroot %s failed", module_chdir); ># 791| io_printf(f_out, "@ERROR: chroot failed\n"); ># 792|-> return -1; ># 793| } ># 794| module_chdir = module_dir; > >Error: RESOURCE_LEAK (CWE-772): [#def54] >rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". >rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". >rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". >rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". >rsync-3.1.3/clientserver.c:792: leaked_storage: Variable "name" going out of scope leaks the storage it points to. ># 790| rsyserr(FLOG, errno, "chroot %s failed", module_chdir); ># 791| io_printf(f_out, "@ERROR: chroot failed\n"); ># 792|-> return -1; ># 793| } ># 794| module_chdir = module_dir; > >Error: RESOURCE_LEAK (CWE-772): [#def55] >rsync-3.1.3/clientserver.c:639: alloc_fn: Storage is returned from allocation function "normalize_path". >rsync-3.1.3/util.c:1156:3: alloc_fn: Storage is returned from allocation function "strdup". >rsync-3.1.3/util.c:1156:3: var_assign: Assigning: "path" = "strdup(curr_dir)". >rsync-3.1.3/util.c:1164:2: noescape: Resource "path" is not freed or pointed-to in function "clean_fname". >rsync-3.1.3/util.c:913:23: noescape: "clean_fname(char *, int)" does not free or save its parameter "name". >rsync-3.1.3/util.c:1169:2: return_alloc: Returning allocated memory "path". >rsync-3.1.3/clientserver.c:639: var_assign: Assigning: "module_chdir" = storage returned from "normalize_path(module_dir, 1, NULL)". >rsync-3.1.3/clientserver.c:789: noescape: Resource "module_chdir" is not freed or pointed-to in "chroot". >rsync-3.1.3/clientserver.c:794: overwrite_var: Overwriting "module_chdir" in "module_chdir = module_dir" leaks the storage that "module_chdir" points to. ># 792| return -1; ># 793| } ># 794|-> module_chdir = module_dir; ># 795| } ># 796| > >Error: RESOURCE_LEAK (CWE-772): [#def56] >rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". >rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". >rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". >rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". >rsync-3.1.3/clientserver.c:798: leaked_storage: Variable "name" going out of scope leaks the storage it points to. ># 796| ># 797| if (!change_dir(module_chdir, CD_NORMAL)) ># 798|-> return path_failure(f_out, module_chdir, True); ># 799| if (module_dirlen || (!use_chroot && !*lp_daemon_chroot())) ># 800| sanitize_paths = 1; > >Error: RESOURCE_LEAK (CWE-772): [#def57] >rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". >rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". >rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". >rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". >rsync-3.1.3/clientserver.c:828: leaked_storage: Variable "name" going out of scope leaks the storage it points to. ># 826| rsyserr(FLOG, errno, "setgroups failed"); ># 827| io_printf(f_out, "@ERROR: setgroups failed\n"); ># 828|-> return -1; ># 829| } ># 830| #endif > >Error: RESOURCE_LEAK (CWE-772): [#def58] >rsync-3.1.3/clientserver.c:510: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:510: var_assign: Assigning: "name" = storage returned from "lp_name(i)". >rsync-3.1.3/clientserver.c:517: noescape: Resource "name" is not freed or pointed-to in "set_env_str". >rsync-3.1.3/clientserver.c:479:54: noescape: "set_env_str(char const *, char const *)" does not free or save its parameter "str". >rsync-3.1.3/clientserver.c:547: noescape: Resource "name" is not freed or pointed-to in "rprintf". >rsync-3.1.3/clientserver.c:850: leaked_storage: Variable "name" going out of scope leaks the storage it points to. ># 848| rsyserr(FLOG, errno, "setuid %ld failed", (long)uid); ># 849| io_printf(f_out, "@ERROR: setuid failed\n"); ># 850|-> return -1; ># 851| } ># 852| > >Error: RESOURCE_LEAK (CWE-772): [#def59] >rsync-3.1.3/clientserver.c:857: alloc_fn: Storage is returned from allocation function "lp_temp_dir". >rsync-3.1.3/loadparm.c:493:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:493:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:857: leaked_storage: Failing to save or free storage allocated by "lp_temp_dir(i)" leaks it. ># 855| } ># 856| ># 857|-> if (lp_temp_dir(i) && *lp_temp_dir(i)) { ># 858| tmpdir = lp_temp_dir(i); ># 859| if (strlen(tmpdir) >= MAXPATHLEN - 10) { > >Error: RESOURCE_LEAK (CWE-772): [#def60] >rsync-3.1.3/clientserver.c:858: alloc_fn: Storage is returned from allocation function "lp_temp_dir". >rsync-3.1.3/loadparm.c:493:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:493:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:858: var_assign: Assigning: "tmpdir" = storage returned from "lp_temp_dir(i)". >rsync-3.1.3/clientserver.c:859: noescape: Resource "tmpdir" is not freed or pointed-to in "strlen". >rsync-3.1.3/clientserver.c:863: overwrite_var: Overwriting "tmpdir" in "tmpdir = NULL" leaks the storage that "tmpdir" points to. ># 861| "the 'temp dir' value for %s is WAY too long -- ignoring.\n", ># 862| name); ># 863|-> tmpdir = NULL; ># 864| } ># 865| } > >Error: RESOURCE_LEAK (CWE-772): [#def61] >rsync-3.1.3/clientserver.c:1021: alloc_fn: Storage is returned from allocation function "lp_comment". >rsync-3.1.3/loadparm.c:471:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:471:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:1021: noescape: Resource "lp_comment(i)" is not freed or pointed-to in "io_printf". >rsync-3.1.3/clientserver.c:1021: leaked_storage: Failing to save or free storage allocated by "lp_comment(i)" leaks it. ># 1019| for (i = 0; i < n; i++) { ># 1020| if (lp_list(i)) ># 1021|-> io_printf(fd, "%-15s\t%s\n", lp_name(i), lp_comment(i)); ># 1022| } ># 1023| > >Error: RESOURCE_LEAK (CWE-772): [#def62] >rsync-3.1.3/clientserver.c:1021: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:1021: noescape: Resource "lp_name(i)" is not freed or pointed-to in "io_printf". >rsync-3.1.3/clientserver.c:1021: leaked_storage: Failing to save or free storage allocated by "lp_name(i)" leaks it. ># 1019| for (i = 0; i < n; i++) { ># 1020| if (lp_list(i)) ># 1021|-> io_printf(fd, "%-15s\t%s\n", lp_name(i), lp_comment(i)); ># 1022| } ># 1023| > >Error: RESOURCE_LEAK (CWE-772): [#def63] >rsync-3.1.3/clientserver.c:1058: alloc_fn: Storage is returned from allocation function "lp_daemon_chroot". >rsync-3.1.3/loadparm.c:459:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:459:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:1058: var_assign: Assigning: "p" = storage returned from "lp_daemon_chroot()". >rsync-3.1.3/clientserver.c:1061: noescape: Resource "p" is not freed or pointed-to in "chroot". >rsync-3.1.3/clientserver.c:1062: noescape: Resource "p" is not freed or pointed-to in "rsyserr". >rsync-3.1.3/clientserver.c:1063: leaked_storage: Variable "p" going out of scope leaks the storage it points to. ># 1061| if (chroot(p) < 0 || chdir("/") < 0) { ># 1062| rsyserr(FLOG, errno, "daemon chroot %s failed", p); ># 1063|-> return -1; ># 1064| } ># 1065| } > >Error: RESOURCE_LEAK (CWE-772): [#def64] >rsync-3.1.3/clientserver.c:1058: alloc_fn: Storage is returned from allocation function "lp_daemon_chroot". >rsync-3.1.3/loadparm.c:459:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:459:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:1058: var_assign: Assigning: "p" = storage returned from "lp_daemon_chroot()". >rsync-3.1.3/clientserver.c:1061: noescape: Resource "p" is not freed or pointed-to in "chroot". >rsync-3.1.3/clientserver.c:1066: overwrite_var: Overwriting "p" in "p = lp_daemon_gid()" leaks the storage that "p" points to. ># 1064| } ># 1065| } ># 1066|-> p = lp_daemon_gid(); ># 1067| if (*p) { ># 1068| gid_t gid; > >Error: RESOURCE_LEAK (CWE-772): [#def65] >rsync-3.1.3/clientserver.c:1066: alloc_fn: Storage is returned from allocation function "lp_daemon_gid". >rsync-3.1.3/loadparm.c:460:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:460:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:1066: var_assign: Assigning: "p" = storage returned from "lp_daemon_gid()". >rsync-3.1.3/clientserver.c:1079: overwrite_var: Overwriting "p" in "p = lp_daemon_uid()" leaks the storage that "p" points to. ># 1077| our_gid = MY_GID(); ># 1078| } ># 1079|-> p = lp_daemon_uid(); ># 1080| if (*p) { ># 1081| uid_t uid; > >Error: RESOURCE_LEAK (CWE-772): [#def66] >rsync-3.1.3/clientserver.c:1079: alloc_fn: Storage is returned from allocation function "lp_daemon_uid". >rsync-3.1.3/loadparm.c:461:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:461:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:1079: var_assign: Assigning: "p" = storage returned from "lp_daemon_uid()". >rsync-3.1.3/clientserver.c:1104: leaked_storage: Variable "p" going out of scope leaks the storage it points to. ># 1102| ># 1103| if (exchange_protocols(f_in, f_out, line, sizeof line, 0) < 0) ># 1104|-> return -1; ># 1105| ># 1106| line[0] = 0; > >Error: RESOURCE_LEAK (CWE-772): [#def67] >rsync-3.1.3/clientserver.c:1140: alloc_fn: Storage is returned from allocation function "lp_pid_file". >rsync-3.1.3/loadparm.c:463:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:463:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:1140: var_assign: Assigning: "pid_file" = storage returned from "lp_pid_file()". >rsync-3.1.3/clientserver.c:1146: leaked_storage: Variable "pid_file" going out of scope leaks the storage it points to. ># 1144| ># 1145| if (!pid_file || !*pid_file) ># 1146|-> return; ># 1147| ># 1148| cleanup_set_pid(pid); > >Error: RESOURCE_LEAK (CWE-772): [#def68] >rsync-3.1.3/clientserver.c:1193: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.] >rsync-3.1.3/clientserver.c:1193: leaked_handle: Ignoring handle opened by "open("/dev/null", 2)" leaks it. ># 1191| for (i = 0; i < 3; i++) { ># 1192| close(i); ># 1193|-> open("/dev/null", O_RDWR); ># 1194| } ># 1195| } > >Error: RESOURCE_LEAK (CWE-772): [#def69] >rsync-3.1.3/clientserver.c:1207: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.] >rsync-3.1.3/clientserver.c:1207: leaked_handle: Ignoring handle opened by "open("/dev/null", 2)" leaks it. ># 1205| for (i = 1; i < 3; i++) { ># 1206| close(i); ># 1207|-> open("/dev/null", O_RDWR); ># 1208| } ># 1209| > >Error: RESOURCE_LEAK (CWE-772): [#def70] >rsync-3.1.3/clientserver.c:1226: alloc_fn: Storage is returned from allocation function "lp_bind_address". >rsync-3.1.3/loadparm.c:458:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:458:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/clientserver.c:1226: leaked_storage: Failing to save or free storage allocated by "lp_bind_address()" leaks it. ># 1224| if (rsync_port == 0 && (rsync_port = lp_rsync_port()) == 0) ># 1225| rsync_port = RSYNC_PORT; ># 1226|-> if (bind_address == NULL && *lp_bind_address()) ># 1227| bind_address = lp_bind_address(); ># 1228| > >Error: RESOURCE_LEAK (CWE-772): [#def71] >rsync-3.1.3/connection.c:32: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.] >rsync-3.1.3/connection.c:32: var_assign: Assigning: "fd" = handle returned from "open(fname, 66, 384)". >rsync-3.1.3/connection.c:37: noescape: Resource "fd" is not freed or pointed-to in "lock_range". >rsync-3.1.3/util.c:578:20: noescape: "lock_range(int, int, int)" does not free or save its parameter "fd". >rsync-3.1.3/connection.c:38: leaked_handle: Handle variable "fd" going out of scope leaks the handle. ># 36| for (i = 0; i < max_connections; i++) { ># 37| if (lock_range(fd, i*4, 4)) ># 38|-> return 1; ># 39| } ># 40| > >Error: RESOURCE_LEAK (CWE-772): [#def72] >rsync-3.1.3/flist.c:1407: alloc_fn: Storage is returned from allocation function "make_file". >rsync-3.1.3/flist.c:1313:3: alloc_fn: Storage is returned from allocation function "_new_array". >rsync-3.1.3/util2.c:68:2: alloc_fn: Storage is returned from allocation function "calloc". >rsync-3.1.3/util2.c:68:2: return_alloc_fn: Directly returning storage allocated by "calloc". >rsync-3.1.3/flist.c:1313:3: var_assign: Assigning: "bp" = "_new_array(alloc_len, 1U, 0)". >rsync-3.1.3/flist.c:1317:2: noescape: Resource "bp" is not freed or pointed-to in function "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] >rsync-3.1.3/flist.c:1319:2: var_assign: Assigning: "file" = "bp". >rsync-3.1.3/flist.c:1322:2: noescape: Resource "bp" is not freed or pointed-to in function "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.] >rsync-3.1.3/flist.c:1392:2: return_alloc: Returning allocated memory "file". >rsync-3.1.3/flist.c:1407: var_assign: Assigning: "file" = storage returned from "make_file(fname, flist, stp, flags, filter_level)". >rsync-3.1.3/flist.c:1434: noescape: Resource "file" is not freed or pointed-to in "f_name". >rsync-3.1.3/flist.c:3199:40: noescape: "f_name(struct file_struct const *, char *)" does not free or save its parameter "f". >rsync-3.1.3/flist.c:1438: leaked_storage: Variable "file" going out of scope leaks the storage it points to. ># 1436| "skipping symlink with 0-length value: %s\n", ># 1437| full_fname(fbuf)); ># 1438|-> return NULL; ># 1439| } ># 1440| } else { > >Error: RESOURCE_LEAK (CWE-772): [#def73] >rsync-3.1.3/flist.c:1407: alloc_fn: Storage is returned from allocation function "make_file". >rsync-3.1.3/flist.c:1313:3: alloc_fn: Storage is returned from allocation function "_new_array". >rsync-3.1.3/util2.c:68:2: alloc_fn: Storage is returned from allocation function "calloc". >rsync-3.1.3/util2.c:68:2: return_alloc_fn: Directly returning storage allocated by "calloc". >rsync-3.1.3/flist.c:1313:3: var_assign: Assigning: "bp" = "_new_array(alloc_len, 1U, 0)". >rsync-3.1.3/flist.c:1317:2: noescape: Resource "bp" is not freed or pointed-to in function "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] >rsync-3.1.3/flist.c:1319:2: var_assign: Assigning: "file" = "bp". >rsync-3.1.3/flist.c:1322:2: noescape: Resource "bp" is not freed or pointed-to in function "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.] >rsync-3.1.3/flist.c:1392:2: return_alloc: Returning allocated memory "file". >rsync-3.1.3/flist.c:1407: var_assign: Assigning: "file" = storage returned from "make_file(fname, flist, stp, flags, filter_level)". >rsync-3.1.3/flist.c:1465: noescape: Resource "file" is not freed or pointed-to in "f_name". >rsync-3.1.3/flist.c:3199:40: noescape: "f_name(struct file_struct const *, char *)" does not free or save its parameter "f". >rsync-3.1.3/flist.c:1468: leaked_storage: Variable "file" going out of scope leaks the storage it points to. ># 1466| "[%s] cannot convert filename: %s (%s)\n", ># 1467| who_am_i(), f_name(file, fbuf), strerror(errno)); ># 1468|-> return NULL; ># 1469| } ># 1470| fbuf[outbuf.len] = '\0'; > >Error: RESOURCE_LEAK (CWE-772): [#def74] >rsync-3.1.3/flist.c:2618: alloc_fn: Storage is returned from allocation function "recv_file_list". >rsync-3.1.3/flist.c:2446:2: alloc_fn: Storage is returned from allocation function "flist_new". >rsync-3.1.3/flist.c:2744:2: alloc_fn: Storage is returned from allocation function "calloc". >rsync-3.1.3/flist.c:2744:2: var_assign: Assigning: "flist" = "calloc(1UL, 88UL)". >rsync-3.1.3/flist.c:2780:2: return_alloc: Returning allocated memory "flist". >rsync-3.1.3/flist.c:2446:2: var_assign: Assigning: "flist" = "flist_new(0, "recv_file_list")". >rsync-3.1.3/flist.c:2525:3: noescape: Resource "flist" is not freed or pointed-to in function "finish_filelist_progress". >rsync-3.1.3/flist.c:174:62: noescape: "finish_filelist_progress(struct file_list const *)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2558:3: noescape: Resource "flist" is not freed or pointed-to in function "flist_done_allocating". >rsync-3.1.3/flist.c:319:53: noescape: "flist_done_allocating(struct file_list *)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2569:2: noescape: Resource "flist" is not freed or pointed-to in function "flist_sort_and_clean". >rsync-3.1.3/flist.c:2820:52: noescape: "flist_sort_and_clean(struct file_list *, int)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2582:3: noescape: Resource "flist" is not freed or pointed-to in function "output_flist". >rsync-3.1.3/flist.c:2991:44: noescape: "output_flist(struct file_list *)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2590:2: return_alloc: Returning allocated memory "flist". >rsync-3.1.3/flist.c:2618: var_assign: Assigning: "flist" = storage returned from "recv_file_list(f, ndx)". >rsync-3.1.3/flist.c:2621: leaked_storage: Variable "flist" going out of scope leaks the storage it points to. ># 2619| flist->parent_ndx = ndx; ># 2620| } ># 2621|-> } ># 2622| ># 2623| /* Search for an identically-named item in the file list. Note that the > >Error: RESOURCE_LEAK (CWE-772): [#def75] >rsync-3.1.3/io.c:1688: alloc_fn: Storage is returned from allocation function "recv_file_list". >rsync-3.1.3/flist.c:2446:2: alloc_fn: Storage is returned from allocation function "flist_new". >rsync-3.1.3/flist.c:2744:2: alloc_fn: Storage is returned from allocation function "calloc". >rsync-3.1.3/flist.c:2744:2: var_assign: Assigning: "flist" = "calloc(1UL, 88UL)". >rsync-3.1.3/flist.c:2780:2: return_alloc: Returning allocated memory "flist". >rsync-3.1.3/flist.c:2446:2: var_assign: Assigning: "flist" = "flist_new(0, "recv_file_list")". >rsync-3.1.3/flist.c:2525:3: noescape: Resource "flist" is not freed or pointed-to in function "finish_filelist_progress". >rsync-3.1.3/flist.c:174:62: noescape: "finish_filelist_progress(struct file_list const *)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2558:3: noescape: Resource "flist" is not freed or pointed-to in function "flist_done_allocating". >rsync-3.1.3/flist.c:319:53: noescape: "flist_done_allocating(struct file_list *)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2569:2: noescape: Resource "flist" is not freed or pointed-to in function "flist_sort_and_clean". >rsync-3.1.3/flist.c:2820:52: noescape: "flist_sort_and_clean(struct file_list *, int)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2582:3: noescape: Resource "flist" is not freed or pointed-to in function "output_flist". >rsync-3.1.3/flist.c:2991:44: noescape: "output_flist(struct file_list *)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2590:2: return_alloc: Returning allocated memory "flist". >rsync-3.1.3/io.c:1688: var_assign: Assigning: "flist" = storage returned from "recv_file_list(iobuf.in_fd, ndx)". >rsync-3.1.3/io.c:1695: leaked_storage: Variable "flist" going out of scope leaks the storage it points to. ># 1693| #endif ># 1694| flist_receiving_enabled = True; ># 1695|-> } ># 1696| } ># 1697| } > >Error: CPPCHECK_WARNING (CWE-401): [#def76] >rsync-3.1.3/lib/pool_alloc.c:58: error[memleak]: Memory leak: pool ># 56| if (bomb) ># 57| (*bomb)("Compiler error: MINALIGN is not a power of 2\n"); ># 58|-> return NULL; ># 59| } ># 60| > >Error: BAD_FREE (CWE-763): [#def77] >rsync-3.1.3/lib/pool_alloc.c:104: offset_free: "free" frees address offset from "cur->start". ># 102| next = cur->next; ># 103| if (pool->flags & POOL_PREPEND) ># 104|-> free(PTR_ADD(cur->start, -sizeof (struct pool_extent))); ># 105| else { ># 106| free(cur->start); > >Error: BAD_FREE (CWE-763): [#def78] >rsync-3.1.3/lib/pool_alloc.c:239: offset_free: "free" frees address offset from "cur->start". ># 237| prev->next = cur->next; ># 238| if (pool->flags & POOL_PREPEND) ># 239|-> free(PTR_ADD(cur->start, -sizeof (struct pool_extent))); ># 240| else { ># 241| free(cur->start); > >Error: BAD_FREE (CWE-763): [#def79] >rsync-3.1.3/lib/pool_alloc.c:296: offset_free: "free" frees address offset from "cur->start". ># 294| next = cur->next; ># 295| if (pool->flags & POOL_PREPEND) ># 296|-> free(PTR_ADD(cur->start, -sizeof (struct pool_extent))); ># 297| else { ># 298| free(cur->start); > >Error: RESOURCE_LEAK (CWE-772): [#def80] >rsync-3.1.3/loadparm.c:687: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:687: var_assign: Assigning: "parmvalue" = storage returned from "expand_vars(parmvalue)". >rsync-3.1.3/loadparm.c:693: noescape: Resource "parmvalue" is not freed or pointed-to in "set_boolean". >rsync-3.1.3/loadparm.c:635:41: noescape: "set_boolean(int *, char *)" does not free or save its parameter "parmvalue". >rsync-3.1.3/loadparm.c:740: leaked_storage: Returning without freeing "parmvalue" leaks the storage that it points to. ># 738| } ># 739| ># 740|-> return True; ># 741| } ># 742| > >Error: RESOURCE_LEAK (CWE-772): [#def81] >rsync-3.1.3/loadparm.c:857: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/loadparm.c:857: noescape: Resource "lp_name(i)" is not freed or pointed-to in "strcmp". >rsync-3.1.3/loadparm.c:857: leaked_storage: Failing to save or free storage allocated by "lp_name(i)" leaks it. ># 855| ># 856| for (i = section_list.count - 1; i >= 0; i--) { ># 857|-> if (strcmp(lp_name(i), name) == 0) ># 858| break; ># 859| } > >Error: RESOURCE_LEAK (CWE-772): [#def82] >rsync-3.1.3/log.c:176: alloc_fn: Storage is returned from allocation function "lp_log_file". >rsync-3.1.3/loadparm.c:483:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:483:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/log.c:176: noescape: Resource "lp_log_file(module_id)" is not freed or pointed-to in "strcmp". >rsync-3.1.3/log.c:176: leaked_storage: Failing to save or free storage allocated by "lp_log_file(module_id)" leaks it. ># 174| return; ># 175| assert(logfile_name); /* all am_daemon procs got at least an empty string */ ># 176|-> if (strcmp(logfile_name, lp_log_file(module_id)) != 0) { ># 177| if (logfile_fp) { ># 178| fclose(logfile_fp); > >Error: RESOURCE_LEAK (CWE-772): [#def83] >rsync-3.1.3/log.c:185: alloc_fn: Storage is returned from allocation function "lp_syslog_tag". >rsync-3.1.3/loadparm.c:492:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:492:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/log.c:185: noescape: Resource "lp_syslog_tag(module_id)" is not freed or pointed-to in "strcmp". >rsync-3.1.3/log.c:185: leaked_storage: Failing to save or free storage allocated by "lp_syslog_tag(module_id)" leaks it. ># 183| } else if (*logfile_name) ># 184| return; /* unchanged, non-empty "log file" names */ ># 185|-> else if (lp_syslog_facility(-1) != lp_syslog_facility(module_id) ># 186| || strcmp(lp_syslog_tag(-1), lp_syslog_tag(module_id)) != 0) ># 187| closelog(); > >Error: RESOURCE_LEAK (CWE-772): [#def84] >rsync-3.1.3/log.c:648: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/log.c:648: var_assign: Assigning: "n" = storage returned from "lp_name(module_id)". >rsync-3.1.3/log.c:745: noescape: Resource "n" is not freed or pointed-to in "snprintf". >rsync-3.1.3/log.c:746: overwrite_var: Overwriting "n" in "n = buf2" leaks the storage that "n" points to. ># 744| strlcat(fmt, "s", sizeof fmt); ># 745| snprintf(buf2, sizeof buf2, fmt, n); ># 746|-> n = buf2; ># 747| } ># 748| len = strlen(n); > >Error: RESOURCE_LEAK (CWE-772): [#def85] >rsync-3.1.3/log.c:648: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/log.c:648: var_assign: Assigning: "n" = storage returned from "lp_name(module_id)". >rsync-3.1.3/log.c:748: noescape: Resource "n" is not freed or pointed-to in "strlen". >rsync-3.1.3/log.c:767: noescape: Resource "n" is not freed or pointed-to in "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.] >rsync-3.1.3/log.c:774: leaked_storage: Variable "n" going out of scope leaks the storage it points to. ># 772| ># 773| rwrite(code, buf, total, 0); ># 774|-> } ># 775| ># 776| /* Return 1 if the format escape is in the log-format string (e.g. look for > >Error: RESOURCE_LEAK (CWE-772): [#def86] >rsync-3.1.3/main.c:1210: alloc_fn: Storage is returned from allocation function "recv_file_list". >rsync-3.1.3/flist.c:2446:2: alloc_fn: Storage is returned from allocation function "flist_new". >rsync-3.1.3/flist.c:2744:2: alloc_fn: Storage is returned from allocation function "calloc". >rsync-3.1.3/flist.c:2744:2: var_assign: Assigning: "flist" = "calloc(1UL, 88UL)". >rsync-3.1.3/flist.c:2780:2: return_alloc: Returning allocated memory "flist". >rsync-3.1.3/flist.c:2446:2: var_assign: Assigning: "flist" = "flist_new(0, "recv_file_list")". >rsync-3.1.3/flist.c:2525:3: noescape: Resource "flist" is not freed or pointed-to in function "finish_filelist_progress". >rsync-3.1.3/flist.c:174:62: noescape: "finish_filelist_progress(struct file_list const *)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2558:3: noescape: Resource "flist" is not freed or pointed-to in function "flist_done_allocating". >rsync-3.1.3/flist.c:319:53: noescape: "flist_done_allocating(struct file_list *)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2569:2: noescape: Resource "flist" is not freed or pointed-to in function "flist_sort_and_clean". >rsync-3.1.3/flist.c:2820:52: noescape: "flist_sort_and_clean(struct file_list *, int)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2582:3: noescape: Resource "flist" is not freed or pointed-to in function "output_flist". >rsync-3.1.3/flist.c:2991:44: noescape: "output_flist(struct file_list *)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2590:2: return_alloc: Returning allocated memory "flist". >rsync-3.1.3/main.c:1210: var_assign: Assigning: "flist" = storage returned from "recv_file_list(f_in, -1)". >rsync-3.1.3/main.c:1215: noescape: Resource "flist" is not freed or pointed-to in "get_local_name". >rsync-3.1.3/main.c:579:47: noescape: "get_local_name(struct file_list *, char *)" does not free or save its parameter "flist". >rsync-3.1.3/main.c:1232: leaked_storage: Variable "flist" going out of scope leaks the storage it points to. ># 1230| } ># 1231| ># 1232|-> return MAX(exit_code, exit_code2); ># 1233| } ># 1234| > >Error: RESOURCE_LEAK (CWE-772): [#def87] >rsync-3.1.3/main.c:1272: alloc_arg: "check_for_hostspec" allocates memory that is stored into "shell_machine". >rsync-3.1.3/options.c:2911:3: alloc_fn: Storage is returned from allocation function "parse_hostspec". >rsync-3.1.3/options.c:2892:2: alloc_fn: Storage is returned from allocation function "_new_array". >rsync-3.1.3/util2.c:68:2: alloc_fn: Storage is returned from allocation function "calloc". >rsync-3.1.3/util2.c:68:2: return_alloc_fn: Directly returning storage allocated by "calloc". >rsync-3.1.3/options.c:2892:2: var_assign: Assigning: "ret" = "_new_array(userlen + hostlen + 1, 1U, 0)". >rsync-3.1.3/options.c:2896:2: return_alloc: Returning allocated memory "ret". >rsync-3.1.3/options.c:2911:3: var_assign: Assigning: "*host_ptr" = "parse_hostspec(s + strlen("rsync://"), &path, port_ptr)". >rsync-3.1.3/main.c:1326: overwrite_var: Overwriting "shell_machine" in "shell_machine = NULL" leaks the storage that "shell_machine" points to. ># 1324| exit_cleanup(RERR_SYNTAX); ># 1325| } ># 1326|-> shell_machine = NULL; ># 1327| } else { /* hostspec was found, so dest is remote */ ># 1328| argv[argc] = path; > >Error: RESOURCE_LEAK (CWE-772): [#def88] >rsync-3.1.3/main.c:1352: alloc_arg: "check_for_hostspec" allocates memory that is stored into "dummy_host". >rsync-3.1.3/options.c:2911:3: alloc_fn: Storage is returned from allocation function "parse_hostspec". >rsync-3.1.3/options.c:2892:2: alloc_fn: Storage is returned from allocation function "_new_array". >rsync-3.1.3/util2.c:68:2: alloc_fn: Storage is returned from allocation function "calloc". >rsync-3.1.3/util2.c:68:2: return_alloc_fn: Directly returning storage allocated by "calloc". >rsync-3.1.3/options.c:2892:2: var_assign: Assigning: "ret" = "_new_array(userlen + hostlen + 1, 1U, 0)". >rsync-3.1.3/options.c:2896:2: return_alloc: Returning allocated memory "ret". >rsync-3.1.3/options.c:2911:3: var_assign: Assigning: "*host_ptr" = "parse_hostspec(s + strlen("rsync://"), &path, port_ptr)". >rsync-3.1.3/main.c:1357: leaked_storage: Variable "dummy_host" going out of scope leaks the storage it points to. ># 1355| } ># 1356| } ># 1357|-> } else { ># 1358| char *dummy_host; ># 1359| int dummy_port = rsync_port; > >Error: RESOURCE_LEAK (CWE-772): [#def89] >rsync-3.1.3/main.c:1364: alloc_arg: "check_for_hostspec" allocates memory that is stored into "dummy_host". >rsync-3.1.3/options.c:2911:3: alloc_fn: Storage is returned from allocation function "parse_hostspec". >rsync-3.1.3/options.c:2892:2: alloc_fn: Storage is returned from allocation function "_new_array". >rsync-3.1.3/util2.c:68:2: alloc_fn: Storage is returned from allocation function "calloc". >rsync-3.1.3/util2.c:68:2: return_alloc_fn: Directly returning storage allocated by "calloc". >rsync-3.1.3/options.c:2892:2: var_assign: Assigning: "ret" = "_new_array(userlen + hostlen + 1, 1U, 0)". >rsync-3.1.3/options.c:2896:2: return_alloc: Returning allocated memory "ret". >rsync-3.1.3/options.c:2911:3: var_assign: Assigning: "*host_ptr" = "parse_hostspec(s + strlen("rsync://"), &path, port_ptr)". >rsync-3.1.3/main.c:1370: noescape: Resource "dummy_host" is not freed or pointed-to in "strcmp". >rsync-3.1.3/main.c:1385: leaked_storage: Variable "dummy_host" going out of scope leaks the storage it points to. ># 1383| remote_argv[i] = arg; ># 1384| } ># 1385|-> } ># 1386| ># 1387| if (daemon_over_rsh < 0) > >Error: RESOURCE_LEAK (CWE-772): [#def90] >rsync-3.1.3/main.c:1272: alloc_arg: "check_for_hostspec" allocates memory that is stored into "shell_machine". >rsync-3.1.3/options.c:2911:3: alloc_fn: Storage is returned from allocation function "parse_hostspec". >rsync-3.1.3/options.c:2892:2: alloc_fn: Storage is returned from allocation function "_new_array". >rsync-3.1.3/util2.c:68:2: alloc_fn: Storage is returned from allocation function "calloc". >rsync-3.1.3/util2.c:68:2: return_alloc_fn: Directly returning storage allocated by "calloc". >rsync-3.1.3/options.c:2892:2: var_assign: Assigning: "ret" = "_new_array(userlen + hostlen + 1, 1U, 0)". >rsync-3.1.3/options.c:2896:2: return_alloc: Returning allocated memory "ret". >rsync-3.1.3/options.c:2911:3: var_assign: Assigning: "*host_ptr" = "parse_hostspec(s + strlen("rsync://"), &path, port_ptr)". >rsync-3.1.3/main.c:1290: noescape: Resource "shell_machine" is not freed or pointed-to in "strcmp". >rsync-3.1.3/main.c:1388: noescape: Resource "shell_machine" is not freed or pointed-to in "start_socket_client". >rsync-3.1.3/clientserver.c:103:31: noescape: "start_socket_client(char *, int, char **, int, char **)" does not free or save its parameter "host". >rsync-3.1.3/main.c:1388: leaked_storage: Variable "shell_machine" going out of scope leaks the storage it points to. ># 1386| ># 1387| if (daemon_over_rsh < 0) ># 1388|-> return start_socket_client(shell_machine, remote_argc, remote_argv, argc, argv); ># 1389| ># 1390| if (password_file && !daemon_over_rsh) { > >Error: RESOURCE_LEAK (CWE-772): [#def91] >rsync-3.1.3/options.c:1329: alloc_fn: Storage is returned from allocation function "lp_charset". >rsync-3.1.3/loadparm.c:470:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:470:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/options.c:1329: leaked_storage: Failing to save or free storage allocated by "lp_charset(module_id)" leaks it. ># 1327| set_refuse_options("log-file*"); ># 1328| #ifdef ICONV_OPTION ># 1329|-> if (!*lp_charset(module_id)) ># 1330| set_refuse_options("iconv"); ># 1331| #endif > >Error: RESOURCE_LEAK (CWE-772): [#def92] >rsync-3.1.3/options.c:2338: alloc_arg: "check_for_hostspec" allocates memory that is stored into "h". >rsync-3.1.3/options.c:2911:3: alloc_fn: Storage is returned from allocation function "parse_hostspec". >rsync-3.1.3/options.c:2892:2: alloc_fn: Storage is returned from allocation function "_new_array". >rsync-3.1.3/util2.c:68:2: alloc_fn: Storage is returned from allocation function "calloc". >rsync-3.1.3/util2.c:68:2: return_alloc_fn: Directly returning storage allocated by "calloc". >rsync-3.1.3/options.c:2892:2: var_assign: Assigning: "ret" = "_new_array(userlen + hostlen + 1, 1U, 0)". >rsync-3.1.3/options.c:2896:2: return_alloc: Returning allocated memory "ret". >rsync-3.1.3/options.c:2911:3: var_assign: Assigning: "*host_ptr" = "parse_hostspec(s + strlen("rsync://"), &path, port_ptr)". >rsync-3.1.3/options.c:2342: leaked_storage: Variable "h" going out of scope leaks the storage it points to. ># 2340| snprintf(err_buf, sizeof err_buf, ># 2341| "The --files-from sent to the server cannot specify a host.\n"); ># 2342|-> return 0; ># 2343| } ># 2344| files_from = p; > >Error: RESOURCE_LEAK (CWE-772): [#def93] >rsync-3.1.3/options.c:1479: alloc_fn: Storage is returned from allocation function "sanitize_path". >rsync-3.1.3/util.c:1023:10: alloc_fn: Storage is returned from allocation function "_new_array". >rsync-3.1.3/util2.c:68:2: alloc_fn: Storage is returned from allocation function "calloc". >rsync-3.1.3/util2.c:68:2: return_alloc_fn: Directly returning storage allocated by "calloc". >rsync-3.1.3/util.c:1023:10: var_assign: Assigning: "dest" = "_new_array(((rlen + plen + 1 > 2) ? rlen + plen + 1 : 2), 1U, 0)". >rsync-3.1.3/util.c:1026:4: noescape: Resource "dest" is not freed or pointed-to in function "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.] >rsync-3.1.3/util.c:1037:2: var_assign: Assigning: "sanp" = "dest". >rsync-3.1.3/util.c:1037:2: var_assign: Assigning: "start" = "sanp". >rsync-3.1.3/util.c:1079:2: return_alloc: Returning allocated memory "dest". >rsync-3.1.3/options.c:1479: var_assign: Assigning: "arg" = storage returned from "sanitize_path(NULL, arg, NULL, 0, 0)". >rsync-3.1.3/options.c:1482: noescape: Resource "arg" is not freed or pointed-to in "strdup". >rsync-3.1.3/options.c:2380: leaked_storage: Variable "arg" going out of scope leaks the storage it points to. ># 2378| snprintf(err_buf, sizeof err_buf, ># 2379| "Your options have been rejected by the server.\n"); ># 2380|-> return 0; ># 2381| } ># 2382| > >Error: RESOURCE_LEAK (CWE-772): [#def94] >rsync-3.1.3/rsync.c:369: alloc_fn: Storage is returned from allocation function "recv_file_list". >rsync-3.1.3/flist.c:2446:2: alloc_fn: Storage is returned from allocation function "flist_new". >rsync-3.1.3/flist.c:2744:2: alloc_fn: Storage is returned from allocation function "calloc". >rsync-3.1.3/flist.c:2744:2: var_assign: Assigning: "flist" = "calloc(1UL, 88UL)". >rsync-3.1.3/flist.c:2780:2: return_alloc: Returning allocated memory "flist". >rsync-3.1.3/flist.c:2446:2: var_assign: Assigning: "flist" = "flist_new(0, "recv_file_list")". >rsync-3.1.3/flist.c:2525:3: noescape: Resource "flist" is not freed or pointed-to in function "finish_filelist_progress". >rsync-3.1.3/flist.c:174:62: noescape: "finish_filelist_progress(struct file_list const *)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2558:3: noescape: Resource "flist" is not freed or pointed-to in function "flist_done_allocating". >rsync-3.1.3/flist.c:319:53: noescape: "flist_done_allocating(struct file_list *)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2569:2: noescape: Resource "flist" is not freed or pointed-to in function "flist_sort_and_clean". >rsync-3.1.3/flist.c:2820:52: noescape: "flist_sort_and_clean(struct file_list *, int)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2582:3: noescape: Resource "flist" is not freed or pointed-to in function "output_flist". >rsync-3.1.3/flist.c:2991:44: noescape: "output_flist(struct file_list *)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2590:2: return_alloc: Returning allocated memory "flist". >rsync-3.1.3/rsync.c:369: var_assign: Assigning: "flist" = storage returned from "recv_file_list(f_in, ndx)". >rsync-3.1.3/rsync.c:327: leaked_storage: Variable "flist" going out of scope leaks the storage it points to. ># 325| break; ># 326| if (ndx == NDX_DONE) ># 327|-> return ndx; ># 328| if (ndx == NDX_DEL_STATS) { ># 329| read_del_stats(f_in); > >Error: RESOURCE_LEAK (CWE-772): [#def95] >rsync-3.1.3/rsync.c:369: alloc_fn: Storage is returned from allocation function "recv_file_list". >rsync-3.1.3/flist.c:2446:2: alloc_fn: Storage is returned from allocation function "flist_new". >rsync-3.1.3/flist.c:2744:2: alloc_fn: Storage is returned from allocation function "calloc". >rsync-3.1.3/flist.c:2744:2: var_assign: Assigning: "flist" = "calloc(1UL, 88UL)". >rsync-3.1.3/flist.c:2780:2: return_alloc: Returning allocated memory "flist". >rsync-3.1.3/flist.c:2446:2: var_assign: Assigning: "flist" = "flist_new(0, "recv_file_list")". >rsync-3.1.3/flist.c:2525:3: noescape: Resource "flist" is not freed or pointed-to in function "finish_filelist_progress". >rsync-3.1.3/flist.c:174:62: noescape: "finish_filelist_progress(struct file_list const *)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2558:3: noescape: Resource "flist" is not freed or pointed-to in function "flist_done_allocating". >rsync-3.1.3/flist.c:319:53: noescape: "flist_done_allocating(struct file_list *)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2569:2: noescape: Resource "flist" is not freed or pointed-to in function "flist_sort_and_clean". >rsync-3.1.3/flist.c:2820:52: noescape: "flist_sort_and_clean(struct file_list *, int)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2582:3: noescape: Resource "flist" is not freed or pointed-to in function "output_flist". >rsync-3.1.3/flist.c:2991:44: noescape: "output_flist(struct file_list *)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2590:2: return_alloc: Returning allocated memory "flist". >rsync-3.1.3/rsync.c:369: var_assign: Assigning: "flist" = storage returned from "recv_file_list(f_in, ndx)". >rsync-3.1.3/rsync.c:369: overwrite_var: Overwriting "flist" in "flist = recv_file_list(f_in, ndx)" leaks the storage that "flist" points to. ># 367| /* Send all the data we read for this flist to the generator. */ ># 368| start_flist_forward(ndx); ># 369|-> flist = recv_file_list(f_in, ndx); ># 370| flist->parent_ndx = ndx; ># 371| stop_flist_forward(); > >Error: RESOURCE_LEAK (CWE-772): [#def96] >rsync-3.1.3/rsync.c:369: alloc_fn: Storage is returned from allocation function "recv_file_list". >rsync-3.1.3/flist.c:2446:2: alloc_fn: Storage is returned from allocation function "flist_new". >rsync-3.1.3/flist.c:2744:2: alloc_fn: Storage is returned from allocation function "calloc". >rsync-3.1.3/flist.c:2744:2: var_assign: Assigning: "flist" = "calloc(1UL, 88UL)". >rsync-3.1.3/flist.c:2780:2: return_alloc: Returning allocated memory "flist". >rsync-3.1.3/flist.c:2446:2: var_assign: Assigning: "flist" = "flist_new(0, "recv_file_list")". >rsync-3.1.3/flist.c:2525:3: noescape: Resource "flist" is not freed or pointed-to in function "finish_filelist_progress". >rsync-3.1.3/flist.c:174:62: noescape: "finish_filelist_progress(struct file_list const *)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2558:3: noescape: Resource "flist" is not freed or pointed-to in function "flist_done_allocating". >rsync-3.1.3/flist.c:319:53: noescape: "flist_done_allocating(struct file_list *)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2569:2: noescape: Resource "flist" is not freed or pointed-to in function "flist_sort_and_clean". >rsync-3.1.3/flist.c:2820:52: noescape: "flist_sort_and_clean(struct file_list *, int)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2582:3: noescape: Resource "flist" is not freed or pointed-to in function "output_flist". >rsync-3.1.3/flist.c:2991:44: noescape: "output_flist(struct file_list *)" does not free or save its parameter "flist". >rsync-3.1.3/flist.c:2590:2: return_alloc: Returning allocated memory "flist". >rsync-3.1.3/rsync.c:369: var_assign: Assigning: "flist" = storage returned from "recv_file_list(f_in, ndx)". >rsync-3.1.3/rsync.c:384: overwrite_var: Overwriting "flist" in "flist = flist_for_ndx(ndx, "read_ndx_and_attrs")" leaks the storage that "flist" points to. ># 382| } ># 383| ># 384|-> flist = flist_for_ndx(ndx, "read_ndx_and_attrs"); ># 385| if (flist != cur_flist) { ># 386| cur_flist = flist; > >Error: RESOURCE_LEAK (CWE-772): [#def97] >rsync-3.1.3/socket.c:362: alloc_fn: Storage is returned from allocation function "_new_array". >rsync-3.1.3/util2.c:68:2: alloc_fn: Storage is returned from allocation function "calloc". >rsync-3.1.3/util2.c:68:2: return_alloc_fn: Directly returning storage allocated by "calloc". >rsync-3.1.3/socket.c:362: var_assign: Assigning: "prog" = storage returned from "_new_array(len, 1U, 0)". >rsync-3.1.3/socket.c:364: var_assign: Assigning: "t" = "prog". >rsync-3.1.3/socket.c:371: noescape: Resource "t" is not freed or pointed-to in "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.] >rsync-3.1.3/socket.c:382: leaked_storage: Variable "t" going out of scope leaks the storage it points to. >rsync-3.1.3/socket.c:390: noescape: Resource "prog" is not freed or pointed-to in "sock_exec". >rsync-3.1.3/socket.c:825:34: noescape: "sock_exec(char const *)" does not free or save its parameter "prog". >rsync-3.1.3/socket.c:390: leaked_storage: Variable "prog" going out of scope leaks the storage it points to. ># 388| } ># 389| if (prog) ># 390|-> return sock_exec(prog); ># 391| return open_socket_out(host, port, bind_addr, af_hint); ># 392| } > >Error: RESOURCE_LEAK (CWE-772): [#def98] >rsync-3.1.3/socket.c:437: start: Starting defect path here. >rsync-3.1.3/socket.c:457: alloc_fn: Storage is returned from allocation function "lp_socket_options". >rsync-3.1.3/loadparm.c:464:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:464:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/socket.c:457: noescape: Resource "lp_socket_options()" is not freed or pointed-to in "set_socket_options". >rsync-3.1.3/socket.c:684:39: noescape: "set_socket_options(int, char *)" does not free or save its parameter "options". >rsync-3.1.3/socket.c:457: leaked_storage: Failing to save or free storage allocated by "lp_socket_options()" leaks it. ># 455| set_socket_options(s, sockopts); ># 456| else ># 457|-> set_socket_options(s, lp_socket_options()); ># 458| ># 459| #ifdef IPV6_V6ONLY > >Error: RESOURCE_LEAK (CWE-772): [#def99] >rsync-3.1.3/util.c:338: open_fn: Returning handle opened by "do_open". >rsync-3.1.3/syscall.c:210:2: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.] >rsync-3.1.3/syscall.c:210:2: return_handle_fn: Directly returning handle opened by "open". >rsync-3.1.3/util.c:338: var_assign: Assigning: "ifd" = handle returned from "do_open(source, 0, 0U)". >rsync-3.1.3/util.c:350: leaked_handle: Handle variable "ifd" going out of scope leaks the handle. ># 348| rsyserr(FERROR_XFER, errno, "unlink %s", full_fname(dest)); ># 349| errno = save_errno; ># 350|-> return -1; ># 351| } ># 352| > >Error: RESOURCE_LEAK (CWE-772): [#def100] >rsync-3.1.3/util.c:1196: alloc_fn: Storage is returned from allocation function "lp_name". >rsync-3.1.3/loadparm.c:485:1: alloc_fn: Storage is returned from allocation function "expand_vars". >rsync-3.1.3/loadparm.c:431:2: alloc_fn: Storage is returned from allocation function "realloc". >rsync-3.1.3/loadparm.c:431:2: var_assign: Assigning: "buf" = "realloc(buf, t - buf + 1L)". >rsync-3.1.3/loadparm.c:434:2: return_alloc: Returning allocated memory "buf". >rsync-3.1.3/loadparm.c:485:1: return_alloc_fn: Directly returning storage allocated by "expand_vars". >rsync-3.1.3/util.c:1196: var_assign: Assigning: "m2" = storage returned from "lp_name(module_id)". >rsync-3.1.3/util.c:1201: noescape: Resource "m2" is not freed or pointed-to in "asprintf". >rsync-3.1.3/util.c:1204: leaked_storage: Variable "m2" going out of scope leaks the storage it points to. ># 1202| out_of_memory("full_fname"); ># 1203| ># 1204|-> return result; ># 1205| } ># 1206| > > >---------------------------------------------------------------------------------------------------- >Comment on the covscan review: > >def1, def2, def7, def11: It depends what the expand_vars actually returns. But consider this example: > >char* var = (char *)malloc(100*sizeof(char)); >char* var2 = (char *)calloc(100, sizeof(char)); > >if(var && !*var) { > printf("var not empty\n"); > var = NULL; >} > >if(var2 && !*var2) { > printf("var22 not empty\n"); > var2 = NULL; >} > >malloc or calloc are the two possibilities that new_array called in expand_vars may return. In both cases there is a leak - valgrind confirms this. > >-------- >def3, def4, def5, def6, def8, def9, def10, def12, def13, def15, def17, def18, def19, def21, def22, def23, def24, def25, def26, def27, def28, def29, def30, def31, def32, def33, def34, def35, def37, def38, def39, def40, def41, def42, def43, def44, def45, def47, def48, def49, def51, def52, def54, def56, def57, def58, def59, def60, def61, def62, def63, def64, def65, def66, def67, def70, def81, def82, def83, def84, def85, def91, def98, def100: > >expand_vars returns allocated memory and in most cases it is not being freed. For example consider this in def12: > rprintf(FLOG, "auth failed on module %s from %s (%s): invalid challenge response\n",lp_name(module), host, addr); > >All these defects have to do something with lp_* functions. As far as I can tell, expand_vars always returns some allocated space. > >-------- >def14: Definitely looks like a leak. I have seen the same thing in util.c on line 1160. The pointer is lost since it is overwritten by buffer returned by strdup. > >-------- > >def16: To be honest I couldn't figure this one out. You pass the pointer p to check_for_hostspec function, the pointer is than used to hold some value but is overwritten on return. I am not really sure if this is a mistake or not > >-------- > >def20: free(modname) should be called before return > >-------- > >def36, def46, def50, def53, def55: free(module_chdir) should be called before return > >-------- > >def68, def69: False positive, all gets redirected to /dev/null > >-------- > >def71: The fd probably gets closed somewhere else? but I could not figure out where. > >-------- > >def72, def73: This seems like a false positive. It seems that the newly created struct in make_file is actually saved in pool_alloc function so the new file structure is not actually lost. > >-------- > >def74, def75, def86, def94, def95, def96: Seems like a false positive, flist_new saves the pointer to the newly allocated list if I am not mistaken. > >-------- > >def76: This is a leak. It might be solved by changing the order of the first two ifs. First check the MINALIGN, and if it is OK, try to allocate the pool. > >-------- > >def77, def78, def79: False positive, the offset is negative due to the way this has been allocated > >-------- > >def80: Probably a false positive, the parameter should be saved in the parm_table? > >-------- > >def88, def89: dummy_host here should be freed > >-------- > >def90, def92, def93, def97: these should be probably all freed > >-------- > >def99: ifd should be closed if the robust_unlink function fails
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 13692
: 14689