|
|
33b374 |
From 7ab5d6bd1f8b018c73341f50a395405dee6873d8 Mon Sep 17 00:00:00 2001
|
|
|
33b374 |
From: rpm-build <rpm-build>
|
|
|
33b374 |
Date: Wed, 15 Mar 2017 14:26:04 +0100
|
|
|
33b374 |
Subject: [PATCH] Coverity fixes
|
|
|
33b374 |
|
|
|
33b374 |
---
|
|
|
33b374 |
src/dbus.c | 2 +-
|
|
|
33b374 |
src/dhcp-common.c | 2 +-
|
|
|
33b374 |
src/dhcp.c | 4 ++--
|
|
|
33b374 |
src/dnsmasq.h | 2 +-
|
|
|
33b374 |
src/edns0.c | 2 ++
|
|
|
33b374 |
src/inotify.c | 9 ++++++---
|
|
|
33b374 |
src/lease.c | 4 ++--
|
|
|
33b374 |
src/network.c | 8 ++++----
|
|
|
33b374 |
src/option.c | 16 +++++++++++-----
|
|
|
33b374 |
src/tftp.c | 2 +-
|
|
|
33b374 |
src/util.c | 2 +-
|
|
|
33b374 |
11 files changed, 32 insertions(+), 21 deletions(-)
|
|
|
33b374 |
|
|
|
33b374 |
diff --git a/src/dbus.c b/src/dbus.c
|
|
|
33b374 |
index 2e1a48e..f27ec3e 100644
|
|
|
33b374 |
--- a/src/dbus.c
|
|
|
33b374 |
+++ b/src/dbus.c
|
|
|
33b374 |
@@ -550,7 +550,7 @@ static DBusMessage *dbus_add_lease(DBusMessage* message)
|
|
|
33b374 |
"Invalid IP address '%s'", ipaddr);
|
|
|
33b374 |
|
|
|
33b374 |
hw_len = parse_hex((char*)hwaddr, dhcp_chaddr, DHCP_CHADDR_MAX, NULL, &hw_type);
|
|
|
33b374 |
- if (hw_type == 0 && hw_len != 0)
|
|
|
33b374 |
+ if (hw_type == 0 && hw_len > 0)
|
|
|
33b374 |
hw_type = ARPHRD_ETHER;
|
|
|
33b374 |
|
|
|
33b374 |
lease_set_hwaddr(lease, dhcp_chaddr, clid, hw_len, hw_type,
|
|
|
33b374 |
diff --git a/src/dhcp-common.c b/src/dhcp-common.c
|
|
|
33b374 |
index 08528e8..ebf06b6 100644
|
|
|
33b374 |
--- a/src/dhcp-common.c
|
|
|
33b374 |
+++ b/src/dhcp-common.c
|
|
|
33b374 |
@@ -487,7 +487,7 @@ void bindtodevice(char *device, int fd)
|
|
|
33b374 |
{
|
|
|
33b374 |
struct ifreq ifr;
|
|
|
33b374 |
|
|
|
33b374 |
- strcpy(ifr.ifr_name, device);
|
|
|
33b374 |
+ strncpy(ifr.ifr_name, device, IF_NAMESIZE-1);
|
|
|
33b374 |
/* only allowed by root. */
|
|
|
33b374 |
if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr)) == -1 &&
|
|
|
33b374 |
errno != EPERM)
|
|
|
33b374 |
diff --git a/src/dhcp.c b/src/dhcp.c
|
|
|
33b374 |
index 10f1fb9..37bb71e 100644
|
|
|
33b374 |
--- a/src/dhcp.c
|
|
|
33b374 |
+++ b/src/dhcp.c
|
|
|
33b374 |
@@ -246,7 +246,7 @@ void dhcp_packet(time_t now, int pxe_fd)
|
|
|
33b374 |
}
|
|
|
33b374 |
else
|
|
|
33b374 |
{
|
|
|
33b374 |
- strncpy(ifr.ifr_name, bridge->iface, IF_NAMESIZE);
|
|
|
33b374 |
+ strncpy(ifr.ifr_name, bridge->iface, IF_NAMESIZE-1);
|
|
|
33b374 |
break;
|
|
|
33b374 |
}
|
|
|
33b374 |
}
|
|
|
33b374 |
@@ -270,7 +270,7 @@ void dhcp_packet(time_t now, int pxe_fd)
|
|
|
33b374 |
is_relay_reply = 1;
|
|
|
33b374 |
iov.iov_len = sz;
|
|
|
33b374 |
#ifdef HAVE_LINUX_NETWORK
|
|
|
33b374 |
- strncpy(arp_req.arp_dev, ifr.ifr_name, 16);
|
|
|
33b374 |
+ strncpy(arp_req.arp_dev, ifr.ifr_name, IF_NAMESIZE-1);
|
|
|
33b374 |
#endif
|
|
|
33b374 |
}
|
|
|
33b374 |
else
|
|
|
33b374 |
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
|
|
|
33b374 |
index dfd15aa..1179492 100644
|
|
|
33b374 |
--- a/src/dnsmasq.h
|
|
|
33b374 |
+++ b/src/dnsmasq.h
|
|
|
33b374 |
@@ -180,7 +180,7 @@ struct event_desc {
|
|
|
33b374 |
#define EC_INIT_OFFSET 10
|
|
|
33b374 |
|
|
|
33b374 |
/* Trust the compiler dead-code eliminator.... */
|
|
|
33b374 |
-#define option_bool(x) (((x) < 32) ? daemon->options & (1u << (x)) : daemon->options2 & (1u << ((x) - 32)))
|
|
|
33b374 |
+#define option_bool(x) (((x) < 32) ? daemon->options & (1u << ((x)&0x1F)) : daemon->options2 & (1u << ((x) - 32)))
|
|
|
33b374 |
|
|
|
33b374 |
#define OPT_BOGUSPRIV 0
|
|
|
33b374 |
#define OPT_FILTER 1
|
|
|
33b374 |
diff --git a/src/edns0.c b/src/edns0.c
|
|
|
33b374 |
index c7a101e..d2b514b 100644
|
|
|
33b374 |
--- a/src/edns0.c
|
|
|
33b374 |
+++ b/src/edns0.c
|
|
|
33b374 |
@@ -263,6 +263,8 @@ static size_t add_dns_client(struct dns_header *header, size_t plen, unsigned ch
|
|
|
33b374 |
encode[8] = 0;
|
|
|
33b374 |
}
|
|
|
33b374 |
}
|
|
|
33b374 |
+ else
|
|
|
33b374 |
+ encode[0] = '\0';
|
|
|
33b374 |
|
|
|
33b374 |
return add_pseudoheader(header, plen, limit, PACKETSZ, EDNS0_OPTION_NOMDEVICEID, (unsigned char *)encode, strlen(encode), 0, replace);
|
|
|
33b374 |
}
|
|
|
33b374 |
diff --git a/src/inotify.c b/src/inotify.c
|
|
|
33b374 |
index 603ce9d..fcc0d97 100644
|
|
|
33b374 |
--- a/src/inotify.c
|
|
|
33b374 |
+++ b/src/inotify.c
|
|
|
33b374 |
@@ -224,17 +224,20 @@ int inotify_check(time_t now)
|
|
|
33b374 |
|
|
|
33b374 |
if (rc <= 0)
|
|
|
33b374 |
break;
|
|
|
33b374 |
+ else
|
|
|
33b374 |
+ inotify_buffer[rc] = '\0';
|
|
|
33b374 |
|
|
|
33b374 |
for (p = inotify_buffer; rc - (p - inotify_buffer) >= (int)sizeof(struct inotify_event); p += sizeof(struct inotify_event) + in->len)
|
|
|
33b374 |
{
|
|
|
33b374 |
in = (struct inotify_event*)p;
|
|
|
33b374 |
-
|
|
|
33b374 |
+
|
|
|
33b374 |
for (res = daemon->resolv_files; res; res = res->next)
|
|
|
33b374 |
- if (res->wd == in->wd && in->len != 0 && strcmp(res->file, in->name) == 0)
|
|
|
33b374 |
+ if (res->wd == in->wd && in->len != 0 && strncmp(res->file, in->name, NAME_MAX) == 0)
|
|
|
33b374 |
hit = 1;
|
|
|
33b374 |
|
|
|
33b374 |
/* ignore emacs backups and dotfiles */
|
|
|
33b374 |
- if (in->len == 0 ||
|
|
|
33b374 |
+ if (in->len == 0 ||
|
|
|
33b374 |
+ in->len > NAME_MAX+1 ||
|
|
|
33b374 |
in->name[in->len - 1] == '~' ||
|
|
|
33b374 |
(in->name[0] == '#' && in->name[in->len - 1] == '#') ||
|
|
|
33b374 |
in->name[0] == '.')
|
|
|
33b374 |
diff --git a/src/lease.c b/src/lease.c
|
|
|
33b374 |
index 20cac90..9ad106d 100644
|
|
|
33b374 |
--- a/src/lease.c
|
|
|
33b374 |
+++ b/src/lease.c
|
|
|
33b374 |
@@ -827,9 +827,9 @@ void lease_set_hwaddr(struct dhcp_lease *lease, const unsigned char *hwaddr,
|
|
|
33b374 |
|
|
|
33b374 |
if (hw_len != lease->hwaddr_len ||
|
|
|
33b374 |
hw_type != lease->hwaddr_type ||
|
|
|
33b374 |
- (hw_len != 0 && memcmp(lease->hwaddr, hwaddr, hw_len) != 0))
|
|
|
33b374 |
+ (hw_len > 0 && memcmp(lease->hwaddr, hwaddr, hw_len) != 0))
|
|
|
33b374 |
{
|
|
|
33b374 |
- if (hw_len != 0)
|
|
|
33b374 |
+ if (hw_len > 0)
|
|
|
33b374 |
memcpy(lease->hwaddr, hwaddr, hw_len);
|
|
|
33b374 |
lease->hwaddr_len = hw_len;
|
|
|
33b374 |
lease->hwaddr_type = hw_type;
|
|
|
33b374 |
diff --git a/src/network.c b/src/network.c
|
|
|
33b374 |
index 6119039..fcd9d8d 100644
|
|
|
33b374 |
--- a/src/network.c
|
|
|
33b374 |
+++ b/src/network.c
|
|
|
33b374 |
@@ -188,7 +188,7 @@ int loopback_exception(int fd, int family, struct all_addr *addr, char *name)
|
|
|
33b374 |
struct ifreq ifr;
|
|
|
33b374 |
struct irec *iface;
|
|
|
33b374 |
|
|
|
33b374 |
- strncpy(ifr.ifr_name, name, IF_NAMESIZE);
|
|
|
33b374 |
+ strncpy(ifr.ifr_name, name, IF_NAMESIZE-1);
|
|
|
33b374 |
if (ioctl(fd, SIOCGIFFLAGS, &ifr) != -1 &&
|
|
|
33b374 |
ifr.ifr_flags & IFF_LOOPBACK)
|
|
|
33b374 |
{
|
|
|
33b374 |
@@ -1206,7 +1206,7 @@ int local_bind(int fd, union mysockaddr *addr, char *intname, int is_tcp)
|
|
|
33b374 |
return 0;
|
|
|
33b374 |
|
|
|
33b374 |
#if defined(SO_BINDTODEVICE)
|
|
|
33b374 |
- if (intname[0] != 0 &&
|
|
|
33b374 |
+ if (intname && intname[0] != 0 &&
|
|
|
33b374 |
setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, intname, IF_NAMESIZE) == -1)
|
|
|
33b374 |
return 0;
|
|
|
33b374 |
#endif
|
|
|
33b374 |
@@ -1245,7 +1245,7 @@ static struct serverfd *allocate_sfd(union mysockaddr *addr, char *intname)
|
|
|
33b374 |
/* may have a suitable one already */
|
|
|
33b374 |
for (sfd = daemon->sfds; sfd; sfd = sfd->next )
|
|
|
33b374 |
if (sockaddr_isequal(&sfd->source_addr, addr) &&
|
|
|
33b374 |
- strcmp(intname, sfd->interface) == 0 &&
|
|
|
33b374 |
+ intname && strcmp(intname, sfd->interface) == 0 &&
|
|
|
33b374 |
ifindex == sfd->ifindex)
|
|
|
33b374 |
return sfd;
|
|
|
33b374 |
|
|
|
33b374 |
@@ -1437,7 +1437,7 @@ void add_update_server(int flags,
|
|
|
33b374 |
serv->flags |= SERV_HAS_DOMAIN;
|
|
|
33b374 |
|
|
|
33b374 |
if (interface)
|
|
|
33b374 |
- strcpy(serv->interface, interface);
|
|
|
33b374 |
+ strncpy(serv->interface, interface, sizeof(serv->interface)-1);
|
|
|
33b374 |
if (addr)
|
|
|
33b374 |
serv->addr = *addr;
|
|
|
33b374 |
if (source_addr)
|
|
|
33b374 |
diff --git a/src/option.c b/src/option.c
|
|
|
33b374 |
index 5503b79..eb78b1a 100644
|
|
|
33b374 |
--- a/src/option.c
|
|
|
33b374 |
+++ b/src/option.c
|
|
|
33b374 |
@@ -3929,13 +3929,15 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
|
|
|
33b374 |
|
|
|
33b374 |
case LOPT_HOST_REC: /* --host-record */
|
|
|
33b374 |
{
|
|
|
33b374 |
- struct host_record *new = opt_malloc(sizeof(struct host_record));
|
|
|
33b374 |
- memset(new, 0, sizeof(struct host_record));
|
|
|
33b374 |
- new->ttl = -1;
|
|
|
33b374 |
+ struct host_record *new;
|
|
|
33b374 |
|
|
|
33b374 |
if (!arg || !(comma = split(arg)))
|
|
|
33b374 |
ret_err(_("Bad host-record"));
|
|
|
33b374 |
|
|
|
33b374 |
+ new = opt_malloc(sizeof(struct host_record));
|
|
|
33b374 |
+ memset(new, 0, sizeof(struct host_record));
|
|
|
33b374 |
+ new->ttl = -1;
|
|
|
33b374 |
+
|
|
|
33b374 |
while (arg)
|
|
|
33b374 |
{
|
|
|
33b374 |
struct all_addr addr;
|
|
|
33b374 |
@@ -3956,10 +3958,11 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
|
|
|
33b374 |
{
|
|
|
33b374 |
int nomem;
|
|
|
33b374 |
char *canon = canonicalise(arg, &nomem);
|
|
|
33b374 |
- struct name_list *nl = opt_malloc(sizeof(struct name_list));
|
|
|
33b374 |
+ struct name_list *nl;
|
|
|
33b374 |
if (!canon)
|
|
|
33b374 |
ret_err(_("Bad name in host-record"));
|
|
|
33b374 |
|
|
|
33b374 |
+ nl = opt_malloc(sizeof(struct name_list));
|
|
|
33b374 |
nl->name = canon;
|
|
|
33b374 |
/* keep order, so that PTR record goes to first name */
|
|
|
33b374 |
nl->next = NULL;
|
|
|
33b374 |
@@ -4023,7 +4026,10 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
|
|
|
33b374 |
!atoi_check8(algo, &new->algo) ||
|
|
|
33b374 |
!atoi_check8(digest, &new->digest_type) ||
|
|
|
33b374 |
!(new->name = canonicalise_opt(arg)))
|
|
|
33b374 |
- ret_err(_("bad trust anchor"));
|
|
|
33b374 |
+ {
|
|
|
33b374 |
+ free(new);
|
|
|
33b374 |
+ ret_err(_("bad trust anchor"));
|
|
|
33b374 |
+ }
|
|
|
33b374 |
|
|
|
33b374 |
/* Upper bound on length */
|
|
|
33b374 |
len = (2*strlen(keyhex))+1;
|
|
|
33b374 |
diff --git a/src/tftp.c b/src/tftp.c
|
|
|
33b374 |
index 5e4a32a..bd8c622 100644
|
|
|
33b374 |
--- a/src/tftp.c
|
|
|
33b374 |
+++ b/src/tftp.c
|
|
|
33b374 |
@@ -234,7 +234,7 @@ void tftp_request(struct listener *listen, time_t now)
|
|
|
33b374 |
#endif
|
|
|
33b374 |
}
|
|
|
33b374 |
|
|
|
33b374 |
- strncpy(ifr.ifr_name, name, IF_NAMESIZE);
|
|
|
33b374 |
+ strncpy(ifr.ifr_name, name, IF_NAMESIZE-1);
|
|
|
33b374 |
if (ioctl(listen->tftpfd, SIOCGIFMTU, &ifr) != -1)
|
|
|
33b374 |
{
|
|
|
33b374 |
mtu = ifr.ifr_mtu;
|
|
|
33b374 |
diff --git a/src/util.c b/src/util.c
|
|
|
33b374 |
index 93b24f5..1a9f228 100644
|
|
|
33b374 |
--- a/src/util.c
|
|
|
33b374 |
+++ b/src/util.c
|
|
|
33b374 |
@@ -491,7 +491,7 @@ int parse_hex(char *in, unsigned char *out, int maxlen,
|
|
|
33b374 |
int j, bytes = (1 + (r - in))/2;
|
|
|
33b374 |
for (j = 0; j < bytes; j++)
|
|
|
33b374 |
{
|
|
|
33b374 |
- char sav = sav;
|
|
|
33b374 |
+ char sav;
|
|
|
33b374 |
if (j < bytes - 1)
|
|
|
33b374 |
{
|
|
|
33b374 |
sav = in[(j+1)*2];
|
|
|
33b374 |
--
|
|
|
33b374 |
2.9.3
|
|
|
33b374 |
|