On Mon, 25 Sep 2023, Sergey Bronnikov via curl-library wrote:
1. 1568154 Use of 32-bit time_t
The time value stored in this integer will represent a different, but
possibly valid, time.
In Curl_hostcache_prune: A 64-bit time_t value is stored in a smaller
width integer. (CWE-197)
This is a false positive. The timeout there is the relative time from last use
until now - in seconds - which is likely to always fit in an int, even in the
most extreme cases.
It could possibly be rewritten to aovid triggering Coverity.
2. 1568144 Out-of-bounds access
Access of memory not owned by this buffer may cause crashes or incorrect
computations.
In Curl_sock_assign_addr: Out-of-bounds access to a buffer (CWE-119)
Relevant part of source code, ./lib/cf-socket.c:250:
<snipped>
dest->addrlen = ai->ai_addrlen;
if(dest->addrlen > sizeof(struct Curl_sockaddr_storage))
dest->addrlen = sizeof(struct Curl_sockaddr_storage);
memcpy(&dest->sa_addr, ai->ai_addr, dest->addrlen);
^^^^^^^^
This is a false positive. Because 'dest->sa_addr' is here is part of a union,
where the only other union member is a 'struct Curl_sockaddr_storage' and thus
it will not overwrite memory outside the struct.
This too could be rewritten to avoid the warning, but would probably instead
need more typecasts.
--
/ daniel.haxx.se
| Commercial curl support up to 24x7 is available!
| Private help, bug fixes, support, ports, new features
| https://curl.se/support.html
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
