From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS22989 209.51.188.0/24 X-Spam-Status: No, score=-3.8 required=3.0 tests=AWL,BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 9B7B21F45F for ; Wed, 8 May 2019 08:16:05 +0000 (UTC) Received: from localhost ([127.0.0.1]:33023 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hOHkC-0002NL-0d for normalperson@yhbt.net; Wed, 08 May 2019 04:16:04 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35683) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hOHk4-0002D7-Qb for bug-gnulib@gnu.org; Wed, 08 May 2019 04:15:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hOHjz-0004gr-82 for bug-gnulib@gnu.org; Wed, 08 May 2019 04:15:52 -0400 Received: from mo6-p00-ob.smtp.rzone.de ([2a01:238:20a:202:5300::10]:28277) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hOHjv-0004b4-WE for bug-gnulib@gnu.org; Wed, 08 May 2019 04:15:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1557303342; s=strato-dkim-0002; d=clisp.org; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender; bh=0KqlupvtDslOnowhThP7TbrNnWXRcVeuzMrXSWPZ+gM=; b=gEZgOcoBf0D9GSneGGhS6IT/zRY6pqHGhZoQYDc14ZRTdzpaciqchf1KXikmKLf58H f4B/r+RCzeYomi/4tJIGHQG15Tv1wxkC7qeODGtf5mJQdsqkhzSs5GWGM4XwSMmWqRFm n1+YjLV1QAtbWOGcYRKb6oAW42isr7Eym0Kl1UOT7j5FaSr7C0UheJKG+oMD/HHMun9a slk9J++f27QE5zFTQO/JO7bocncteAx/CNMnTVoS3SLou9ZV6oG7lastgK9FN4SteFXo Nep8sg9oprwvb1UZ6WmjF3Y+Dw7tjLt2yDjPsR+SmtL+DOjfV4UPj8l1k6h5mhXweemN cWhA== X-RZG-AUTH: ":Ln4Re0+Ic/6oZXR1YgKryK8brlshOcZlIWs+iCP5vnk6shH+AHjwLuWOGaf0y5RW" X-RZG-CLASS-ID: mo00 Received: from bruno.haible.de by smtp.strato.de (RZmta 44.18 DYNA|AUTH) with ESMTPSA id m03afev488FbtD1 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (curve secp521r1 with 521 ECDH bits, eq. 15360 bits RSA)) (Client did not present a certificate); Wed, 8 May 2019 10:15:37 +0200 (CEST) From: Bruno Haible To: bug-gnulib@gnu.org Subject: Re: Coverity false positives triggered by gnulib's implementation of base64 Date: Wed, 08 May 2019 10:15:37 +0200 Message-ID: <5159811.zbjIQrP49G@omega> User-Agent: KMail/5.1.3 (Linux/4.4.0-145-generic; KDE/5.18.0; x86_64; ; ) In-Reply-To: <2475310.f135Qeco9B@kdudka-nb> References: <2475310.f135Qeco9B@kdudka-nb> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2a01:238:20a:202:5300::10 X-BeenThere: bug-gnulib@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Gnulib discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kamil Dudka Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org Sender: "bug-gnulib" Hi Kamil, > Coverity Analysis 2019.03 incorrectly marks the input argument > of base64_encode(), and conseuqnetly base64_encode_alloc(), as > tainted_data_sink because it sees byte-level operations on the input. > > It triggered the following false positives in the cryptsetup project: > > Error: TAINTED_SCALAR: > lib/luks2/luks2_digest_pbkdf2.c:117: tainted_data_argument: Calling function "crypt_random_get" taints argument "salt". > lib/luks2/luks2_digest_pbkdf2.c:157: tainted_data: Passing tainted variable "salt" to a tainted sink. > > Error: TAINTED_SCALAR: > lib/luks2/luks2_keyslot_luks2.c:445: tainted_data_argument: Calling function "crypt_random_get" taints argument "salt". > lib/luks2/luks2_keyslot_luks2.c:448: tainted_data: Passing tainted variable "salt" to a tainted sink. > > > ... but it can affect other gnulib-based projects, too. Would it be > possible to apply the following one-line patch on gnulib source code > to suppress this class of false positives in gnulib-based projects? > > https://gitlab.com/cryptsetup/cryptsetup/commit/75b2610e When I read the description of "tainted data" [1] and of the recommendations how to deal with such warnings [2], it is clear that the warning/error is about the global data flow. Therefore it seems inappropriate to me to put annotations about the global data flow into gnulib (which is shared among multiple packages). Therefore, what I would suggest is that you create an inline function that merely invokes base64_encode_alloc, use it in line 157 of [3], and put your annotation on it. Does it need to be done in the source code at all? Some Coverity tools have a UI that allows the developers to mark the findings as "false positive" or as "handled" without touching the source code, and these marks persist across modifications of the source code. Don't you have this possibility for this Coverity tool? Bruno [1] https://community.synopsys.com/s/article/Tainted-data-in-Coverity [2] https://stackoverflow.com/questions/24772247/how-to-handle-coverity-error-tainted-scalar-in-fread [3] https://fossies.org/linux/cryptsetup/lib/luks2/luks2_digest_pbkdf2.c