search

siva-msft / curl

Other
0 stars 0 forks source link

Potential security issue in src/tool_operate.c: Unchecked return from initialization function #65

Open monocle-ai opened 4 years ago

monocle-ai commented 4 years ago

What is a Conditionally Uninitialized Variable? The return value of a function that is potentially used to initialize a local variable is not checked. Therefore, reading the local variable may result in undefined behavior.

6 instances of this defect were found in the following locations:

Instance 1 File : src/tool_operate.c Function: curl_easy_getinfo https://github.com/siva-msft/curl/blob/91176082b1cf013b3510b7544b589973e541e8b4/src/tool_operate.c#L456 Code extract:

    else if(config->retry_connrefused &&
            (CURLE_COULDNT_CONNECT == result)) {
      long oserrno;
      curl_easy_getinfo(curl, CURLINFO_OS_ERRNO, &oserrno); <------ HERE
      if(ECONNREFUSED == oserrno)
        retry = RETRY_CONNREFUSED;

Instance 2 File : src/tool_operate.c Function: curl_easy_getinfo https://github.com/siva-msft/curl/blob/91176082b1cf013b3510b7544b589973e541e8b4/src/tool_operate.c#L467 Code extract:

         returned due to such an error, check for HTTP transient
         errors to retry on. */
      long protocol;
      curl_easy_getinfo(curl, CURLINFO_PROTOCOL, &protocol); <------ HERE
      if((protocol == CURLPROTO_HTTP) || (protocol == CURLPROTO_HTTPS)) {
        /* This was HTTP(S) */

Instance 3 File : src/tool_operate.c Function: curl_easy_getinfo https://github.com/siva-msft/curl/blob/91176082b1cf013b3510b7544b589973e541e8b4/src/tool_operate.c#L470 Code extract:

      curl_easy_getinfo(curl, CURLINFO_PROTOCOL, &protocol);
      if((protocol == CURLPROTO_HTTP) || (protocol == CURLPROTO_HTTPS)) {
        /* This was HTTP(S) */
        curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &response); <------ HERE

        switch(response) {

Instance 4 File : src/tool_operate.c Function: curl_easy_getinfo https://github.com/siva-msft/curl/blob/91176082b1cf013b3510b7544b589973e541e8b4/src/tool_operate.c#L496 Code extract:

    else if(result) {
      long protocol;

      curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &response); <------ HERE
      curl_easy_getinfo(curl, CURLINFO_PROTOCOL, &protocol);

Instance 5 File : src/tool_operate.c Function: curl_easy_getinfo https://github.com/siva-msft/curl/blob/91176082b1cf013b3510b7544b589973e541e8b4/src/tool_operate.c#L497 Code extract:

      long protocol;

      curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &response);
      curl_easy_getinfo(curl, CURLINFO_PROTOCOL, &protocol); <------ HERE

      if((protocol == CURLPROTO_FTP || protocol == CURLPROTO_FTPS) &&

Instance 6 File : src/tool_operate.c Function: curl_easy_getinfo https://github.com/siva-msft/curl/blob/91176082b1cf013b3510b7544b589973e541e8b4/src/tool_operate.c#L596 Code extract:

      if(effective_url &&
         curl_strnequal(effective_url, "http", 4)) {
        /* This was HTTP(S) */
        curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &response); <------ HERE
        if(response != 200 && response != 206) {
          per->metalink_next_res = 1;