diff -up ./src/common/cert_info.c.coverity-2 ./src/common/cert_info.c
--- ./src/common/cert_info.c.coverity-2 2009-12-16 07:01:31.000000000 -0800
+++ ./src/common/cert_info.c 2018-06-21 16:34:04.739470838 -0700
@@ -204,7 +204,8 @@ no_upn:
* @return utf-8 string array with provided information
*/
char **cert_info(X509 *x509, int type, ALGORITHM_TYPE algorithm ) {
- static char *results[CERT_INFO_SIZE];
+ static char *results[CERT_INFO_SIZE+1];
+ const char *const_results[CERT_INFO_SIZE+1];
SECOidData *oid;
int i;
@@ -231,13 +232,13 @@ char **cert_info(X509 *x509, int type, A
cert_fetchOID(&CERT_KerberosPN_OID, &kerberosPN_Entry);
return cert_GetNameElements(&x509->subject, CERT_KerberosPN_OID);
case CERT_EMAIL : /* Certificate e-mail */
- for (i=1, results[0] = CERT_GetFirstEmailAddress(x509);
- results[i-1] && i < CERT_INFO_SIZE; i++) {
- results[i] = CERT_GetNextEmailAddress(x509, results[i-1]);
+ for (i=1, const_results[0] = CERT_GetFirstEmailAddress(x509);
+ const_results[i-1] && i < CERT_INFO_SIZE; i++) {
+ const_results[i] = CERT_GetNextEmailAddress(x509, results[i-1]);
}
- results[i] = NULL;
- for (i=0; results[i]; i++) {
- results[i] = strdup(results[i]);
+ const_results[i] = NULL;
+ for (i=0; const_results[i]; i++) {
+ results[i] = strdup(const_results[i]);
}
break;
/* need oid tag. */
diff -up ./src/common/strings.c.coverity-2 ./src/common/strings.c
--- ./src/common/strings.c.coverity-2 2008-08-28 12:12:45.000000000 -0700
+++ ./src/common/strings.c 2018-06-21 16:34:04.739470838 -0700
@@ -170,7 +170,7 @@ char **split_static(const char *str,char
char *trim(const char *str){
char *from,*to;
int space=1;
- char *res=malloc(strlen(str));
+ char *res=malloc(strlen(str)+1);
if (!res) return NULL;
for(from=(char *)str,to=res;*from;from++) {
if (!isspace(*from)) { space=0;*to++=*from; }
diff -up ./src/common/uri.c.coverity-2 ./src/common/uri.c
--- ./src/common/uri.c.coverity-2 2009-09-02 05:49:05.000000000 -0700
+++ ./src/common/uri.c 2018-06-21 16:34:04.739470838 -0700
@@ -387,6 +387,7 @@ static int get_http(uri_t *uri, unsigned
if (sock == -1) {
freeaddrinfo(info);
set_error("socket() failed: %s", strerror(errno));
+ return -1;
}
DBG("connecting...");
rv = connect(sock, info->ai_addr, info->ai_addrlen);
diff -up ./src/mappers/ldap_mapper.c.coverity-2 ./src/mappers/ldap_mapper.c
--- ./src/mappers/ldap_mapper.c.coverity-2 2018-06-21 16:34:04.733470818 -0700
+++ ./src/mappers/ldap_mapper.c 2018-06-21 16:34:04.739470838 -0700
@@ -842,7 +842,8 @@ ldap_build_filter(const char *filter, co
/* If no user name is specified, this is a search across all users. */
if (login != NULL) {
- escaped = ldap_encode_escapes(login, strlen(login));
+ escaped = ldap_encode_escapes((const unsigned char *)login,
+ strlen(login));
} else {
escaped = strdup("*");
}
diff -up ./src/pam_pkcs11/pam_pkcs11.c.coverity-2 ./src/pam_pkcs11/pam_pkcs11.c
--- ./src/pam_pkcs11/pam_pkcs11.c.coverity-2 2018-06-21 16:34:04.725470792 -0700
+++ ./src/pam_pkcs11/pam_pkcs11.c 2018-06-21 16:35:21.074719244 -0700
@@ -181,7 +181,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
{
int i, rv;
const char *user = NULL;
- char *password;
+ char *password = NULL;
char password_prompt[180];
unsigned int slot_num = 0;
int is_a_screen_saver = 0;
@@ -437,6 +437,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
release_pkcs11_module(ph);
pam_syslog(pamh, LOG_ERR,
"pam_get_pwd() failed: %s", pam_strerror(pamh, rv));
+ if (password) {
+ memset(password, 0, strlen(password));
+ free(password); /* erase and free in-memory password data */
+ }
return pkcs11_pam_fail;
}
#ifndef DEBUG_HIDE_PASSWORD
@@ -611,7 +615,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
*/
snprintf(env_temp, sizeof(env_temp) - 1,
"PKCS11_LOGIN_TOKEN_NAME=%.*s",
- (sizeof(env_temp) - 1) - strlen("PKCS11_LOGIN_TOKEN_NAME="),
+ (int)((sizeof(env_temp) - 1) - strlen("PKCS11_LOGIN_TOKEN_NAME=")),
get_slot_tokenlabel(ph));
rv = pam_putenv(pamh, env_temp);
@@ -627,7 +631,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
if (issuer) {
snprintf(env_temp, sizeof(env_temp) - 1,
"PKCS11_LOGIN_CERT_ISSUER=%.*s",
- (sizeof(env_temp) - 1) - strlen("PKCS11_LOGIN_CERT_ISSUER="),
+ (int)((sizeof(env_temp) - 1) - strlen("PKCS11_LOGIN_CERT_ISSUER=")),
issuer[0]);
rv = pam_putenv(pamh, env_temp);
} else {
@@ -647,7 +651,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
if (serial) {
snprintf(env_temp, sizeof(env_temp) - 1,
"PKCS11_LOGIN_CERT_SERIAL=%.*s",
- (sizeof(env_temp) - 1) - strlen("PKCS11_LOGIN_CERT_SERIAL="),
+ (int)((sizeof(env_temp) - 1) - strlen("PKCS11_LOGIN_CERT_SERIAL=")),
serial[0]);
rv = pam_putenv(pamh, env_temp);
} else {
@@ -678,9 +682,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
DBG("authentication succeeded");
return PAM_SUCCESS;
- /* quick and dirty fail exit point */
- memset(password, 0, strlen(password));
- free(password); /* erase and free in-memory password data */
auth_failed_nopw:
unload_mappers();
diff -up ./src/tools/pkcs11_setup.c.coverity-2 ./src/tools/pkcs11_setup.c
--- ./src/tools/pkcs11_setup.c.coverity-2 2009-12-19 05:07:11.000000000 -0800
+++ ./src/tools/pkcs11_setup.c 2018-06-21 16:34:04.743470851 -0700
@@ -55,6 +55,10 @@ static const char *scconf_replace_str(sc
item = scconf_item_add(NULL, block, NULL, SCCONF_ITEM_TYPE_VALUE, option, list);
/* now clear out the item list */
+ if (item == NULL) {
+ scconf_list_destroy(list);
+ return NULL;
+ }
scconf_list_destroy(item->value.list);
item->value.list = list; /* adopt */
return value;
@@ -84,6 +88,10 @@ static int scconf_replace_str_list(sccon
item = scconf_item_add(NULL, block, NULL, SCCONF_ITEM_TYPE_VALUE, option, list);
+ if (item == NULL) {
+ scconf_list_destroy(list);
+ return 1;
+ }
/* now clear out the item list */
scconf_list_destroy(item->value.list);
item->value.list = list; /* adopt */