rpms / vino

Clone
Source Code
GIT

Blame SOURCES/Fix-various-defects-reported-by-covscan.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   c8-beta
  2.   SOURCES
  3.   Fix-various-defects-reported-by-covscan.patch
Blob History Raw
c7eb99 
From af30833fe2c7629ee2102853a4c01b71f56acf43 Mon Sep 17 00:00:00 2001
c7eb99 
From: Ondrej Holy <oholy@redhat.com>
c7eb99 
Date: Tue, 28 Aug 2018 14:24:08 +0200
c7eb99 
Subject: [PATCH] Fix various defects reported by covscan
c7eb99
c7eb99 
This patch fixes the following important defects reported by covscan:
c7eb99 
server/libvncserver/main.c:178: leaked_storage: Variable "i" going out of scope leaks the storage it points to.
c7eb99 
server/libvncserver/rfbserver.c:195: leaked_storage: Variable "cl" going out of scope leaks the storage it points to.
c7eb99 
server/libvncserver/rfbserver.c:1161: overwrite_var: Overwriting "i" in "i = sraRgnGetIterator(updateRegion)" leaks the storage that "i"
c7eb99 
server/libvncserver/rfbserver.c:1232: deref_arg: Calling "sraRgnReleaseIterator" dereferences freed pointer "i".
c7eb99 
server/libvncserver/rfbserver.c:1291: leaked_storage: Variable "i" going out of scope leaks the storage it points to.
c7eb99 
server/libvncserver/sockets.c:635: leaked_handle: Handle variable "sock" going out of scope leaks the handle.
c7eb99 
server/libvncserver/sockets.c:635: leaked_handle: Handle variable "sock6" going out of scope leaks the handle.
c7eb99 
server/libvncserver/sockets.c:639: leaked_handle: Handle variable "sock" going out of scope leaks the handle.
c7eb99 
server/libvncserver/sockets.c:639: leaked_handle: Handle variable "sock6" going out of scope leaks the handle.
c7eb99 
server/libvncserver/sockets.c:663: overwrite_var: Overwriting handle "sock" in "sock = NewSocketListenTCP((struct sockaddr *)s4, 16U)" leaks the handle.
c7eb99 
server/libvncserver/sockets.c:677: overwrite_var: Overwriting handle "sock" in "sock = NewSocketListenTCP((struct sockaddr *)s6, 46U)" leaks the handle.
c7eb99 
server/libvncserver/sockets.c:691: leaked_handle: Handle variable "sock" going out of scope leaks the handle.
c7eb99 
server/libvncserver/tableinit24.c:150:7: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
c7eb99 
server/miniupnp/minissdpc.c:43: buffer_size_warning: Calling strncpy with a maximum size argument of 108 bytes on destination array "addr.sun_path" of size 108 bytes might leave the destination string unterminated.
c7eb99 
server/miniupnp/miniupnpc.c:405: leaked_handle: Handle variable "sudp" going out of scope leaks the handle.
c7eb99 
server/smclient/eggsmclient-xsmp.c:1171: missing_va_end: va_end was not called for "ap".
c7eb99 
---
c7eb99 
 server/libvncserver/main.c         | 2 ++
c7eb99 
 server/libvncserver/rfbserver.c    | 7 +++++++
c7eb99 
 server/libvncserver/sockets.c      | 6 +++---
c7eb99 
 server/libvncserver/tableinit24.c  | 8 ++++----
c7eb99 
 server/miniupnp/minissdpc.c        | 2 +-
c7eb99 
 server/miniupnp/miniupnpc.c        | 1 +
c7eb99 
 server/smclient/eggsmclient-xsmp.c | 1 +
c7eb99 
 7 files changed, 19 insertions(+), 8 deletions(-)
c7eb99
c7eb99 
diff --git a/server/libvncserver/main.c b/server/libvncserver/main.c
c7eb99 
index 016bbff..0d9a737 100644
c7eb99 
--- a/server/libvncserver/main.c
c7eb99 
+++ b/server/libvncserver/main.c
c7eb99 
@@ -175,6 +175,8 @@ void rfbDoCopyRegion(rfbScreenInfoPtr rfbScreen,sraRegionPtr copyRegion,int dx,i
c7eb99 
    }
c7eb99
c7eb99 
    rfbScheduleCopyRegion(rfbScreen,copyRegion,dx,dy);
c7eb99 
+
c7eb99 
+   sraRgnReleaseIterator(i);
c7eb99 
 }
c7eb99
c7eb99 
 void rfbDoCopyRect(rfbScreenInfoPtr rfbScreen,int x1,int y1,int x2,int y2,int dx,int dy)
c7eb99 
diff --git a/server/libvncserver/rfbserver.c b/server/libvncserver/rfbserver.c
c7eb99 
index 0a60fb2..a880b53 100644
c7eb99 
--- a/server/libvncserver/rfbserver.c
c7eb99 
+++ b/server/libvncserver/rfbserver.c
c7eb99 
@@ -192,6 +192,7 @@ rfbNewClient(rfbScreenInfoPtr rfbScreen,
c7eb99 
       if (fcntl(sock, F_SETFL, O_NONBLOCK) < 0) {
c7eb99 
 	rfbLogPerror("fcntl failed");
c7eb99 
 	close(sock);
c7eb99 
+	free(cl);
c7eb99 
 	return NULL;
c7eb99 
       }
c7eb99 
 #endif
c7eb99 
@@ -200,6 +201,7 @@ rfbNewClient(rfbScreenInfoPtr rfbScreen,
c7eb99 
 		     (char *)&one, sizeof(one)) < 0) {
c7eb99 
 	rfbLogPerror("setsockopt failed");
c7eb99 
 	close(sock);
c7eb99 
+	free(cl);
c7eb99 
 	return NULL;
c7eb99 
       }
c7eb99
c7eb99 
@@ -1089,6 +1091,7 @@ rfbSendFramebufferUpdate(rfbClientPtr cl,
c7eb99 
             int h = rect.y2 - y;
c7eb99 
 	    nUpdateRegionRects += (((h-1) / (ZLIB_MAX_SIZE( w ) / w)) + 1);
c7eb99 
 	}
c7eb99 
+	sraRgnReleaseIterator(i);
c7eb99 
 #ifdef VINO_HAVE_JPEG
c7eb99 
     } else if (cl->preferredEncoding == rfbEncodingTight) {
c7eb99 
 	nUpdateRegionRects = 0;
c7eb99 
@@ -1141,6 +1144,8 @@ rfbSendFramebufferUpdate(rfbClientPtr cl,
c7eb99
c7eb99 
     UNLOCK(cl->cursorMutex);
c7eb99
c7eb99 
+   i = NULL;
c7eb99 
+
c7eb99 
    if (sendCursorShape) {
c7eb99 
 	cl->cursorWasChanged = FALSE;
c7eb99 
 	if (!rfbSendCursorShape(cl))
c7eb99 
@@ -1288,6 +1293,8 @@ rfbSendCopyRegion(rfbClientPtr cl,
c7eb99
c7eb99 
     }
c7eb99
c7eb99 
+    sraRgnReleaseIterator(i);
c7eb99 
+
c7eb99 
     return TRUE;
c7eb99 
 }
c7eb99
c7eb99 
diff --git a/server/libvncserver/sockets.c b/server/libvncserver/sockets.c
c7eb99 
index ee755eb..2366e19 100644
c7eb99 
--- a/server/libvncserver/sockets.c
c7eb99 
+++ b/server/libvncserver/sockets.c
c7eb99 
@@ -625,12 +625,12 @@ ListenOnTCPPort(rfbScreenInfoPtr rfbScreen, int port, const char *netIface)
c7eb99 
       rfbLog("Listening IPv4://0.0.0.0:%d\n", port);
c7eb99
c7eb99 
 #ifdef VINO_ENABLE_IPV6
c7eb99 
-    if(sock6 > 0) {
c7eb99 
+    if(sock6 >= 0) {
c7eb99 
        psock[*ptot] = sock6;
c7eb99 
       *ptot        += 1;
c7eb99 
     }
c7eb99 
 #endif
c7eb99 
-    if(sock > 0) {
c7eb99 
+    if(sock >= 0) {
c7eb99 
        psock[*ptot] = sock;
c7eb99 
       *ptot        += 1;
c7eb99 
     }
c7eb99 
@@ -683,7 +683,7 @@ ListenOnTCPPort(rfbScreenInfoPtr rfbScreen, int port, const char *netIface)
c7eb99 
     }
c7eb99 
 #endif
c7eb99
c7eb99 
-    if(sock > 0) {
c7eb99 
+    if(sock >= 0) {
c7eb99 
        psock[*ptot] = sock;
c7eb99 
       *ptot        += 1;
c7eb99 
        sock         = -1;
c7eb99 
diff --git a/server/libvncserver/tableinit24.c b/server/libvncserver/tableinit24.c
c7eb99 
index 39e9920..575a501 100644
c7eb99 
--- a/server/libvncserver/tableinit24.c
c7eb99 
+++ b/server/libvncserver/tableinit24.c
c7eb99 
@@ -149,9 +149,9 @@ rfbInitOneRGBTable24 (uint8_t *table, int inMax, int outMax, int outShift,
c7eb99 
       *(uint32_t *)&table[3*i] = outValue;
c7eb99 
       if(!rfbEndianTest)
c7eb99 
 	memmove(table+3*i,table+3*i+1,3);
c7eb99 
-        if (swap) {
c7eb99 
-	  c = table[3*i]; table[3*i] = table[3*i+2];
c7eb99 
-	  table[3*i+2] = c;
c7eb99 
-        }
c7eb99 
+      if (swap) {
c7eb99 
+	c = table[3*i]; table[3*i] = table[3*i+2];
c7eb99 
+	table[3*i+2] = c;
c7eb99 
+      }
c7eb99 
     }
c7eb99 
 }
c7eb99 
diff --git a/server/miniupnp/minissdpc.c b/server/miniupnp/minissdpc.c
c7eb99 
index d37599f..64772f9 100644
c7eb99 
--- a/server/miniupnp/minissdpc.c
c7eb99 
+++ b/server/miniupnp/minissdpc.c
c7eb99 
@@ -40,7 +40,7 @@ getDevicesFromMiniSSDPD(const char * devtype, const char * socketpath)
c7eb99 
 		return NULL;
c7eb99 
 	}
c7eb99 
 	addr.sun_family = AF_UNIX;
c7eb99 
-	strncpy(addr.sun_path, socketpath, sizeof(addr.sun_path));
c7eb99 
+	strncpy(addr.sun_path, socketpath, sizeof(addr.sun_path) - 1);
c7eb99 
 	if(connect(s, (struct sockaddr *)&addr, sizeof(struct sockaddr_un)) < 0)
c7eb99 
 	{
c7eb99 
 		/*syslog(LOG_WARNING, "connect(\"%s\"): %m", socketpath);*/
c7eb99 
diff --git a/server/miniupnp/miniupnpc.c b/server/miniupnp/miniupnpc.c
c7eb99 
index f9d620e..718526a 100644
c7eb99 
--- a/server/miniupnp/miniupnpc.c
c7eb99 
+++ b/server/miniupnp/miniupnpc.c
c7eb99 
@@ -402,6 +402,7 @@ struct UPNPDev * upnpDiscover(int delay, const char * multicastif,
c7eb99 
 #endif
c7eb99 
 	{
c7eb99 
 		PRINT_SOCKET_ERROR("setsockopt");
c7eb99 
+		closesocket(sudp);
c7eb99 
 		return NULL;
c7eb99 
 	}
c7eb99
c7eb99 
diff --git a/server/smclient/eggsmclient-xsmp.c b/server/smclient/eggsmclient-xsmp.c
c7eb99 
index d5cf3b5..5ca976f 100644
c7eb99 
--- a/server/smclient/eggsmclient-xsmp.c
c7eb99 
+++ b/server/smclient/eggsmclient-xsmp.c
c7eb99 
@@ -1162,6 +1162,7 @@ array_prop (const char *name, ...)
c7eb99 
       pv.value = value;
c7eb99 
       g_array_append_val (vals, pv);
c7eb99 
     }
c7eb99 
+  va_end (ap);
c7eb99
c7eb99 
   prop->num_vals = vals->len;
c7eb99 
   prop->vals = (SmPropValue *)vals->data;
c7eb99 
--
c7eb99 
2.19.0
c7eb99

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation