Blame SOURCES/dnsmasq-2.76-coverity.patch

33b374
From 7ab5d6bd1f8b018c73341f50a395405dee6873d8 Mon Sep 17 00:00:00 2001
33b374
From: rpm-build <rpm-build>
33b374
Date: Wed, 15 Mar 2017 14:26:04 +0100
33b374
Subject: [PATCH] Coverity fixes
33b374
33b374
---
33b374
 src/dbus.c        |  2 +-
33b374
 src/dhcp-common.c |  2 +-
33b374
 src/dhcp.c        |  4 ++--
33b374
 src/dnsmasq.h     |  2 +-
33b374
 src/edns0.c       |  2 ++
33b374
 src/inotify.c     |  9 ++++++---
33b374
 src/lease.c       |  4 ++--
33b374
 src/network.c     |  8 ++++----
33b374
 src/option.c      | 16 +++++++++++-----
33b374
 src/tftp.c        |  2 +-
33b374
 src/util.c        |  2 +-
33b374
 11 files changed, 32 insertions(+), 21 deletions(-)
33b374
33b374
diff --git a/src/dbus.c b/src/dbus.c
33b374
index 2e1a48e..f27ec3e 100644
33b374
--- a/src/dbus.c
33b374
+++ b/src/dbus.c
33b374
@@ -550,7 +550,7 @@ static DBusMessage *dbus_add_lease(DBusMessage* message)
33b374
 					 "Invalid IP address '%s'", ipaddr);
33b374
    
33b374
   hw_len = parse_hex((char*)hwaddr, dhcp_chaddr, DHCP_CHADDR_MAX, NULL, &hw_type);
33b374
-  if (hw_type == 0 && hw_len != 0)
33b374
+  if (hw_type == 0 && hw_len > 0)
33b374
     hw_type = ARPHRD_ETHER;
33b374
   
33b374
   lease_set_hwaddr(lease, dhcp_chaddr, clid, hw_len, hw_type,
33b374
diff --git a/src/dhcp-common.c b/src/dhcp-common.c
33b374
index 08528e8..ebf06b6 100644
33b374
--- a/src/dhcp-common.c
33b374
+++ b/src/dhcp-common.c
33b374
@@ -487,7 +487,7 @@ void  bindtodevice(char *device, int fd)
33b374
 {
33b374
   struct ifreq ifr;
33b374
   
33b374
-  strcpy(ifr.ifr_name, device);
33b374
+  strncpy(ifr.ifr_name, device, IF_NAMESIZE-1);
33b374
   /* only allowed by root. */
33b374
   if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr)) == -1 &&
33b374
       errno != EPERM)
33b374
diff --git a/src/dhcp.c b/src/dhcp.c
33b374
index 10f1fb9..37bb71e 100644
33b374
--- a/src/dhcp.c
33b374
+++ b/src/dhcp.c
33b374
@@ -246,7 +246,7 @@ void dhcp_packet(time_t now, int pxe_fd)
33b374
 	      }
33b374
 	    else 
33b374
 	      {
33b374
-		strncpy(ifr.ifr_name,  bridge->iface, IF_NAMESIZE);
33b374
+		strncpy(ifr.ifr_name,  bridge->iface, IF_NAMESIZE-1);
33b374
 		break;
33b374
 	      }
33b374
 	  }
33b374
@@ -270,7 +270,7 @@ void dhcp_packet(time_t now, int pxe_fd)
33b374
       is_relay_reply = 1; 
33b374
       iov.iov_len = sz;
33b374
 #ifdef HAVE_LINUX_NETWORK
33b374
-      strncpy(arp_req.arp_dev, ifr.ifr_name, 16);
33b374
+      strncpy(arp_req.arp_dev, ifr.ifr_name, IF_NAMESIZE-1);
33b374
 #endif 
33b374
     }
33b374
   else
33b374
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
33b374
index dfd15aa..1179492 100644
33b374
--- a/src/dnsmasq.h
33b374
+++ b/src/dnsmasq.h
33b374
@@ -180,7 +180,7 @@ struct event_desc {
33b374
 #define EC_INIT_OFFSET 10
33b374
 
33b374
 /* Trust the compiler dead-code eliminator.... */
33b374
-#define option_bool(x) (((x) < 32) ? daemon->options & (1u << (x)) : daemon->options2 & (1u << ((x) - 32)))
33b374
+#define option_bool(x) (((x) < 32) ? daemon->options & (1u << ((x)&0x1F)) : daemon->options2 & (1u << ((x) - 32)))
33b374
 
33b374
 #define OPT_BOGUSPRIV      0
33b374
 #define OPT_FILTER         1
33b374
diff --git a/src/edns0.c b/src/edns0.c
33b374
index c7a101e..d2b514b 100644
33b374
--- a/src/edns0.c
33b374
+++ b/src/edns0.c
33b374
@@ -263,6 +263,8 @@ static size_t add_dns_client(struct dns_header *header, size_t plen, unsigned ch
33b374
 	  encode[8] = 0;
33b374
 	}
33b374
     }
33b374
+  else
33b374
+    encode[0] = '\0';
33b374
 
33b374
   return add_pseudoheader(header, plen, limit, PACKETSZ, EDNS0_OPTION_NOMDEVICEID, (unsigned char *)encode, strlen(encode), 0, replace); 
33b374
 }
33b374
diff --git a/src/inotify.c b/src/inotify.c
33b374
index 603ce9d..fcc0d97 100644
33b374
--- a/src/inotify.c
33b374
+++ b/src/inotify.c
33b374
@@ -224,17 +224,20 @@ int inotify_check(time_t now)
33b374
       
33b374
       if (rc <= 0)
33b374
 	break;
33b374
+      else
33b374
+        inotify_buffer[rc] = '\0';
33b374
       
33b374
       for (p = inotify_buffer; rc - (p - inotify_buffer) >= (int)sizeof(struct inotify_event); p += sizeof(struct inotify_event) + in->len) 
33b374
 	{
33b374
 	  in = (struct inotify_event*)p;
33b374
-	  
33b374
+
33b374
 	  for (res = daemon->resolv_files; res; res = res->next)
33b374
-	    if (res->wd == in->wd && in->len != 0 && strcmp(res->file, in->name) == 0)
33b374
+	    if (res->wd == in->wd && in->len != 0 && strncmp(res->file, in->name, NAME_MAX) == 0)
33b374
 	      hit = 1;
33b374
 
33b374
 	  /* ignore emacs backups and dotfiles */
33b374
-	  if (in->len == 0 || 
33b374
+	  if (in->len == 0 ||
33b374
+	      in->len > NAME_MAX+1 ||
33b374
 	      in->name[in->len - 1] == '~' ||
33b374
 	      (in->name[0] == '#' && in->name[in->len - 1] == '#') ||
33b374
 	      in->name[0] == '.')
33b374
diff --git a/src/lease.c b/src/lease.c
33b374
index 20cac90..9ad106d 100644
33b374
--- a/src/lease.c
33b374
+++ b/src/lease.c
33b374
@@ -827,9 +827,9 @@ void lease_set_hwaddr(struct dhcp_lease *lease, const unsigned char *hwaddr,
33b374
 
33b374
   if (hw_len != lease->hwaddr_len ||
33b374
       hw_type != lease->hwaddr_type || 
33b374
-      (hw_len != 0 && memcmp(lease->hwaddr, hwaddr, hw_len) != 0))
33b374
+      (hw_len > 0 && memcmp(lease->hwaddr, hwaddr, hw_len) != 0))
33b374
     {
33b374
-      if (hw_len != 0)
33b374
+      if (hw_len > 0)
33b374
 	memcpy(lease->hwaddr, hwaddr, hw_len);
33b374
       lease->hwaddr_len = hw_len;
33b374
       lease->hwaddr_type = hw_type;
33b374
diff --git a/src/network.c b/src/network.c
33b374
index 6119039..fcd9d8d 100644
33b374
--- a/src/network.c
33b374
+++ b/src/network.c
33b374
@@ -188,7 +188,7 @@ int loopback_exception(int fd, int family, struct all_addr *addr, char *name)
33b374
   struct ifreq ifr;
33b374
   struct irec *iface;
33b374
 
33b374
-  strncpy(ifr.ifr_name, name, IF_NAMESIZE);
33b374
+  strncpy(ifr.ifr_name, name, IF_NAMESIZE-1);
33b374
   if (ioctl(fd, SIOCGIFFLAGS, &ifr) != -1 &&
33b374
       ifr.ifr_flags & IFF_LOOPBACK)
33b374
     {
33b374
@@ -1206,7 +1206,7 @@ int local_bind(int fd, union mysockaddr *addr, char *intname, int is_tcp)
33b374
     return 0;
33b374
     
33b374
 #if defined(SO_BINDTODEVICE)
33b374
-  if (intname[0] != 0 &&
33b374
+  if (intname && intname[0] != 0 &&
33b374
       setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, intname, IF_NAMESIZE) == -1)
33b374
     return 0;
33b374
 #endif
33b374
@@ -1245,7 +1245,7 @@ static struct serverfd *allocate_sfd(union mysockaddr *addr, char *intname)
33b374
   /* may have a suitable one already */
33b374
   for (sfd = daemon->sfds; sfd; sfd = sfd->next )
33b374
     if (sockaddr_isequal(&sfd->source_addr, addr) &&
33b374
-	strcmp(intname, sfd->interface) == 0 &&
33b374
+	intname && strcmp(intname, sfd->interface) == 0 &&
33b374
 	ifindex == sfd->ifindex) 
33b374
       return sfd;
33b374
   
33b374
@@ -1437,7 +1437,7 @@ void add_update_server(int flags,
33b374
 	serv->flags |= SERV_HAS_DOMAIN;
33b374
       
33b374
       if (interface)
33b374
-	strcpy(serv->interface, interface);      
33b374
+	strncpy(serv->interface, interface, sizeof(serv->interface)-1);
33b374
       if (addr)
33b374
 	serv->addr = *addr;
33b374
       if (source_addr)
33b374
diff --git a/src/option.c b/src/option.c
33b374
index 5503b79..eb78b1a 100644
33b374
--- a/src/option.c
33b374
+++ b/src/option.c
33b374
@@ -3929,13 +3929,15 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
33b374
       
33b374
     case LOPT_HOST_REC: /* --host-record */
33b374
       {
33b374
-	struct host_record *new = opt_malloc(sizeof(struct host_record));
33b374
-	memset(new, 0, sizeof(struct host_record));
33b374
-	new->ttl = -1;
33b374
+	struct host_record *new;
33b374
 
33b374
 	if (!arg || !(comma = split(arg)))
33b374
 	  ret_err(_("Bad host-record"));
33b374
 	
33b374
+	new = opt_malloc(sizeof(struct host_record));
33b374
+	memset(new, 0, sizeof(struct host_record));
33b374
+	new->ttl = -1;
33b374
+
33b374
 	while (arg)
33b374
 	  {
33b374
 	    struct all_addr addr;
33b374
@@ -3956,10 +3958,11 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
33b374
 	      {
33b374
 		int nomem;
33b374
 		char *canon = canonicalise(arg, &nomem);
33b374
-		struct name_list *nl = opt_malloc(sizeof(struct name_list));
33b374
+		struct name_list *nl;
33b374
 		if (!canon)
33b374
 		  ret_err(_("Bad name in host-record"));
33b374
 
33b374
+		nl = opt_malloc(sizeof(struct name_list));
33b374
 		nl->name = canon;
33b374
 		/* keep order, so that PTR record goes to first name */
33b374
 		nl->next = NULL;
33b374
@@ -4023,7 +4026,10 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
33b374
 	    !atoi_check8(algo, &new->algo) ||
33b374
 	    !atoi_check8(digest, &new->digest_type) ||
33b374
 	    !(new->name = canonicalise_opt(arg)))
33b374
-	  ret_err(_("bad trust anchor"));
33b374
+	  {
33b374
+	    free(new);
33b374
+	    ret_err(_("bad trust anchor"));
33b374
+	  }
33b374
 	    
33b374
 	/* Upper bound on length */
33b374
 	len = (2*strlen(keyhex))+1;
33b374
diff --git a/src/tftp.c b/src/tftp.c
33b374
index 5e4a32a..bd8c622 100644
33b374
--- a/src/tftp.c
33b374
+++ b/src/tftp.c
33b374
@@ -234,7 +234,7 @@ void tftp_request(struct listener *listen, time_t now)
33b374
 #endif
33b374
 	}
33b374
 
33b374
-      strncpy(ifr.ifr_name, name, IF_NAMESIZE);
33b374
+      strncpy(ifr.ifr_name, name, IF_NAMESIZE-1);
33b374
       if (ioctl(listen->tftpfd, SIOCGIFMTU, &ifr) != -1)
33b374
 	{
33b374
 	  mtu = ifr.ifr_mtu;  
33b374
diff --git a/src/util.c b/src/util.c
33b374
index 93b24f5..1a9f228 100644
33b374
--- a/src/util.c
33b374
+++ b/src/util.c
33b374
@@ -491,7 +491,7 @@ int parse_hex(char *in, unsigned char *out, int maxlen,
33b374
 		  int j, bytes = (1 + (r - in))/2;
33b374
 		  for (j = 0; j < bytes; j++)
33b374
 		    { 
33b374
-		      char sav = sav;
33b374
+		      char sav;
33b374
 		      if (j < bytes - 1)
33b374
 			{
33b374
 			  sav = in[(j+1)*2];
33b374
-- 
33b374
2.9.3
33b374