bk138
commented
2 weeks ago Thanks for spotting - happy about one or three PRs!
Open shaue188 opened 2 weeks ago
bk138
commented
2 weeks ago Thanks for spotting - happy about one or three PRs!
Additional context
Our company uses libvncserver in our product. I am working on static analysis, and one of my tasks was to scan libvncserver package. During the scan, I found some errors in code:
Describe errors
https://github.com/LibVNC/libvncserver/blob/master/src/libvncserver/rfbserver.c#L1409 Handle dirp is created by calling function 'opendir' and lost at https://github.com/LibVNC/libvncserver/blob/master/src/libvncserver/rfbserver.c#L1415, need closedir(dirp) there.
https://github.com/LibVNC/libvncserver/blob/master/src/libvncserver/sockets.c#L1211 Handle 'sock' is created by calling function 'socket' and lost at https://github.com/LibVNC/libvncserver/blob/master/src/libvncserver/sockets.c#L1216 and https://github.com/LibVNC/libvncserver/blob/master/src/libvncserver/sockets.c#L1219, need close(sock) there.
https://github.com/LibVNC/libvncserver/blob/master/src/libvncserver/rfbserver.c#L347 Dynamic memory, referenced by 'cl->host', is allocated by calling function 'strdup' and lost at https://github.com/LibVNC/libvncserver/blob/master/src/libvncserver/rfbserver.c#L364, possibly need rfbCloseClient(cl) there