Multiple fixes found by coverity scan

2014-04-30 12:25:40 +02:00 · 2014-04-30 12:25:40 +02:00 · 0007b4e6ba
parent bc4a7f92ad
commit 0007b4e6ba
6 changed files with 55 additions and 31 deletions
--- a/apps/httpserver_raw/httpd.c
+++ b/apps/httpserver_raw/httpd.c
@ -867,8 +867,8 @@ get_tag_insert(struct http_state *hs)
 #define UNKNOWN_TAG1_LEN  18
 #define UNKNOWN_TAG2_TEXT "***</b>"
 #define UNKNOWN_TAG2_LEN  7
-  len = LWIP_MIN(strlen(ssi->tag_name),
-    LWIP_HTTPD_MAX_TAG_INSERT_LEN - (UNKNOWN_TAG1_LEN + UNKNOWN_TAG2_LEN));
+  len = LWIP_MIN(sizeof(ssi->tag_name), LWIP_MIN(strlen(ssi->tag_name),
+    LWIP_HTTPD_MAX_TAG_INSERT_LEN - (UNKNOWN_TAG1_LEN + UNKNOWN_TAG2_LEN)));
  MEMCPY(ssi->tag_insert, UNKNOWN_TAG1_TEXT, UNKNOWN_TAG1_LEN);
  MEMCPY(&ssi->tag_insert[UNKNOWN_TAG1_LEN], ssi->tag_name, len);
  MEMCPY(&ssi->tag_insert[UNKNOWN_TAG1_LEN + len], UNKNOWN_TAG2_TEXT, UNKNOWN_TAG2_LEN);
--- a/apps/httpserver_raw/makefsdata/makefsdata.c
+++ b/apps/httpserver_raw/makefsdata/makefsdata.c
@ -150,11 +150,13 @@ int main(int argc, char *argv[])
      } else if (strstr(argv[i], "-c")) {
        precalcChksum = 1;
      } else if((argv[i][1] == 'f') && (argv[i][2] == ':')) {
-        strcpy(targetfile, &argv[i][3]);
+        strncpy(targetfile, &argv[i][3], sizeof(targetfile) - 1);
+        targetfile[sizeof(targetfile) - 1] = 0;
        printf("Writing to file \"%s\"\n", targetfile);
      }
    } else {
-      strcpy(path, argv[i]);
+      strncpy(path, argv[i], sizeof(path)-1);
+      path[sizeof(path)-1] = 0;
    }
  }

@ -227,8 +229,12 @@ int main(int argc, char *argv[])
  concat_files("fsdata.tmp", "fshdr.tmp", targetfile);

  /* if succeeded, delete the temporary files */
-  remove("fsdata.tmp");
-  remove("fshdr.tmp"); 
+  if (remove("fsdata.tmp") != 0) {
+    printf("Warning: failed to delete fsdata.tmp\n");
+  }
+  if (remove("fshdr.tmp") != 0) {
+    printf("Warning: failed to delete fshdr.tmp\n");
+  }

  printf(NEWLINE "Processed %d files - done." NEWLINE NEWLINE, filesProcessed);

@ -276,26 +282,34 @@ int process_sub(FILE *data_file, FILE *struct_file)
  FIND_T fInfo;
  FIND_RET_T fret;
  int filesProcessed = 0;
-  char oldSubdir[MAX_PATH_LEN];

  if (processSubs) {
    /* process subs recursively */
-    strcpy(oldSubdir, curSubdir);
+    size_t sublen = strlen(curSubdir);
+    size_t freelen = sizeof(curSubdir) - sublen - 1;
+    LWIP_ASSERT("sublen < sizeof(curSubdir)", sublen < sizeof(curSubdir));
    fret = FINDFIRST_DIR("*", &fInfo);
    if (FINDFIRST_SUCCEEDED(fret)) {
      do {
        const char *curName = FIND_T_FILENAME(fInfo);
-        if (curName == NULL) continue;
-        if (curName[0] == '.') continue;
-        if (strcmp(curName, "CVS") == 0) continue;
-        if (!FIND_T_IS_DIR(fInfo)) continue;
-        CHDIR(curName);
-        strcat(curSubdir, "/");
-        strcat(curSubdir, curName);
-        printf(NEWLINE "processing subdirectory %s/..." NEWLINE, curSubdir);
-        filesProcessed += process_sub(data_file, struct_file);
-        CHDIR("..");
-        strcpy(curSubdir, oldSubdir);
+        if ((curName[0] == '.') || (strcmp(curName, "CVS") == 0)) {
+          continue;
+        }
+        if (!FIND_T_IS_DIR(fInfo)) {
+          continue;
+        }
+        if (freelen > 0) {
+           CHDIR(curName);
+           strncat(curSubdir, "/", freelen);
+           strncat(curSubdir, curName, freelen - 1);
+           curSubdir[sizeof(curSubdir) - 1] = 0;
+           printf(NEWLINE "processing subdirectory %s/..." NEWLINE, curSubdir);
+           filesProcessed += process_sub(data_file, struct_file);
+           CHDIR("..");
+           curSubdir[sublen] = 0;
+        } else {
+           printf("WARNING: cannot process sub due to path length restrictions: \"%s/%s\"\n", curSubdir, curName);
+        }
      } while (FINDNEXT_SUCCEEDED(FINDNEXT(fret, &fInfo)));
    }
  }
@ -339,6 +353,10 @@ void process_file_data(const char *filename, FILE *data_file)
  size_t len, written, i, src_off=0;

  source_file = fopen(filename, "rb");
+  if (source_file == NULL) {
+    printf("Failed to open file \"%s\"\n", filename);
+    exit(-1);
+  }

  do {
    size_t off = 0;
@ -376,7 +394,7 @@ int write_checksums(FILE *struct_file, const char *filename, const char *varname

  memset(file_buffer_raw, 0xab, sizeof(file_buffer_raw));
  f = fopen(filename, "rb");
-  if (f == INVALID_HANDLE_VALUE) {
+  if (f == NULL) {
    printf("Failed to open file \"%s\"\n", filename);
    exit(-1);
  }
@ -600,9 +618,11 @@ int file_write_http_header(FILE *data_file, const char *filename, int file_size,
  }

  file_ext = filename;
-  while(strstr(file_ext, ".") != NULL) {
-    file_ext = strstr(file_ext, ".");
-    file_ext++;
+  if (file_ext != NULL) {
+    while(strstr(file_ext, ".") != NULL) {
+      file_ext = strstr(file_ext, ".");
+      file_ext++;
+    }
  }
  if((file_ext == NULL) || (*file_ext == 0)) {
    printf("failed to get extension for file \"%s\", using default.\n", filename);
--- a/apps/smtp/smtp.c
+++ b/apps/smtp/smtp.c
@ -385,10 +385,14 @@ smtp_set_auth(const char* username, const char* pass)
 #endif /* SMTP_SUPPORT_AUTH_LOGIN || SMTP_SUPPORT_AUTH_PLAIN */
  }
  *smtp_auth_plain = 0;
-  smtp_username = smtp_auth_plain + 1;
-  strcpy(smtp_username, username);
-  smtp_pass = smtp_auth_plain + uname_len + 2;
-  strcpy(smtp_pass, pass);
+  if (username != NULL) {
+    smtp_username = smtp_auth_plain + 1;
+    strcpy(smtp_username, username);
+  }
+  if (pass != NULL) {
+    smtp_pass = smtp_auth_plain + uname_len + 2;
+    strcpy(smtp_pass, pass);
+  }
  smtp_auth_plain_len = uname_len + pass_len + 2;

  return ERR_OK;
--- a/apps/snmp_private_mib/lwip_prvmib.c
+++ b/apps/snmp_private_mib/lwip_prvmib.c
@ -510,7 +510,7 @@ sensorentry_get_value_a(u8_t rid, struct obj_def *od, u16_t len, void *value)
    fclose(sensf);
  }
 #else /* SENSORS_USE_FILES */
-  if (i <= SENSOR_COUNT) {
+  if (i < SENSOR_COUNT) {
    *temperature = sensor_values[i];
  }
 #endif /* SENSORS_USE_FILES */
@ -587,7 +587,7 @@ sensorentry_set_value_a(u8_t rid, struct obj_def *od, u16_t len, void *value)
    fclose(sensf);
  }
 #else /* SENSORS_USE_FILES */
-  if (i <= SENSOR_COUNT) {
+  if (i < SENSOR_COUNT) {
    sensor_values[i] = *temperature;
  }
 #endif /* SENSORS_USE_FILES */
--- a/ports/win32/pcapif.c
+++ b/ports/win32/pcapif.c
@ -379,7 +379,7 @@ pcapif_init_adapter(int adapter_num, void *arg)
 #endif
                               errbuf);           /* error buffer */
  if (pa->adapter == NULL) {
-    printf("\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name);
+    printf("\nUnable to open the adapter. %s is not supported by WinPcap\n", used_adapter->name);
    /* Free the device list */
    pcap_freealldevs(alldevs);
    free(pa);
--- a/ports/win32/sio.c
+++ b/ports/win32/sio.c
@ -256,7 +256,7 @@ u32_t sio_tryread(sio_fd_t fd, u8_t* data, u32_t len)
  DWORD dwNbBytesReadden = 0;
  LWIP_DEBUGF(SIO_DEBUG, ("sio_read()...\n"));
  ret = ReadFile((HANDLE)(fd), data, len, &dwNbBytesReadden, NULL);
-  LWIP_DEBUGF(SIO_DEBUG, ("sio_read()=%lu bytes -> \n", dwNbBytesReadden, ret));
+  LWIP_DEBUGF(SIO_DEBUG, ("sio_read()=%lu bytes -> %d\n", dwNbBytesReadden, ret));
  return dwNbBytesReadden;
 }