From 0713ad38b105f9aef7d4ce68a99e668631cb3939 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Wed, 25 Nov 2020 11:04:58 +0000 Subject: [PATCH] Silence Coverity Scan's concern over password_cmd derefencing. This is a false positive, the conditions to trigger a NULL derefence rely on argc changing value. However, this makes it impossible to go wrong anyway. Coverity Scan 1436868. --- apps/mosquitto_passwd/mosquitto_passwd.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/apps/mosquitto_passwd/mosquitto_passwd.c b/apps/mosquitto_passwd/mosquitto_passwd.c index a2d7b782..3c8ee1a8 100644 --- a/apps/mosquitto_passwd/mosquitto_passwd.c +++ b/apps/mosquitto_passwd/mosquitto_passwd.c @@ -125,6 +125,10 @@ int output_new_password(FILE *fptr, const char *username, const char *password, char *salt64 = NULL, *hash64 = NULL; struct mosquitto_pw pw; + if(password == NULL){ + fprintf(stderr, "Error: Internal error, no password given.\n"); + return 1; + } memset(&pw, 0, sizeof(pw)); pw.hashtype = hashtype;