From 0007b4e6ba3675f6b3c9038cb03db2bfc0694817 Mon Sep 17 00:00:00 2001 From: goldsimon Date: Wed, 30 Apr 2014 12:25:40 +0200 Subject: [PATCH] Multiple fixes found by coverity scan --- apps/httpserver_raw/httpd.c | 4 +- apps/httpserver_raw/makefsdata/makefsdata.c | 62 ++++++++++++++------- apps/smtp/smtp.c | 12 ++-- apps/snmp_private_mib/lwip_prvmib.c | 4 +- ports/win32/pcapif.c | 2 +- ports/win32/sio.c | 2 +- 6 files changed, 55 insertions(+), 31 deletions(-) diff --git a/apps/httpserver_raw/httpd.c b/apps/httpserver_raw/httpd.c index a2afb02..e189268 100644 --- a/apps/httpserver_raw/httpd.c +++ b/apps/httpserver_raw/httpd.c @@ -867,8 +867,8 @@ get_tag_insert(struct http_state *hs) #define UNKNOWN_TAG1_LEN 18 #define UNKNOWN_TAG2_TEXT "***" #define UNKNOWN_TAG2_LEN 7 - len = LWIP_MIN(strlen(ssi->tag_name), - LWIP_HTTPD_MAX_TAG_INSERT_LEN - (UNKNOWN_TAG1_LEN + UNKNOWN_TAG2_LEN)); + len = LWIP_MIN(sizeof(ssi->tag_name), LWIP_MIN(strlen(ssi->tag_name), + LWIP_HTTPD_MAX_TAG_INSERT_LEN - (UNKNOWN_TAG1_LEN + UNKNOWN_TAG2_LEN))); MEMCPY(ssi->tag_insert, UNKNOWN_TAG1_TEXT, UNKNOWN_TAG1_LEN); MEMCPY(&ssi->tag_insert[UNKNOWN_TAG1_LEN], ssi->tag_name, len); MEMCPY(&ssi->tag_insert[UNKNOWN_TAG1_LEN + len], UNKNOWN_TAG2_TEXT, UNKNOWN_TAG2_LEN); diff --git a/apps/httpserver_raw/makefsdata/makefsdata.c b/apps/httpserver_raw/makefsdata/makefsdata.c index d52ff54..ab84f0a 100644 --- a/apps/httpserver_raw/makefsdata/makefsdata.c +++ b/apps/httpserver_raw/makefsdata/makefsdata.c @@ -150,11 +150,13 @@ int main(int argc, char *argv[]) } else if (strstr(argv[i], "-c")) { precalcChksum = 1; } else if((argv[i][1] == 'f') && (argv[i][2] == ':')) { - strcpy(targetfile, &argv[i][3]); + strncpy(targetfile, &argv[i][3], sizeof(targetfile) - 1); + targetfile[sizeof(targetfile) - 1] = 0; printf("Writing to file \"%s\"\n", targetfile); } } else { - strcpy(path, argv[i]); + strncpy(path, argv[i], sizeof(path)-1); + path[sizeof(path)-1] = 0; } } @@ -227,8 +229,12 @@ int main(int argc, char *argv[]) concat_files("fsdata.tmp", "fshdr.tmp", targetfile); /* if succeeded, delete the temporary files */ - remove("fsdata.tmp"); - remove("fshdr.tmp"); + if (remove("fsdata.tmp") != 0) { + printf("Warning: failed to delete fsdata.tmp\n"); + } + if (remove("fshdr.tmp") != 0) { + printf("Warning: failed to delete fshdr.tmp\n"); + } printf(NEWLINE "Processed %d files - done." NEWLINE NEWLINE, filesProcessed); @@ -276,26 +282,34 @@ int process_sub(FILE *data_file, FILE *struct_file) FIND_T fInfo; FIND_RET_T fret; int filesProcessed = 0; - char oldSubdir[MAX_PATH_LEN]; if (processSubs) { /* process subs recursively */ - strcpy(oldSubdir, curSubdir); + size_t sublen = strlen(curSubdir); + size_t freelen = sizeof(curSubdir) - sublen - 1; + LWIP_ASSERT("sublen < sizeof(curSubdir)", sublen < sizeof(curSubdir)); fret = FINDFIRST_DIR("*", &fInfo); if (FINDFIRST_SUCCEEDED(fret)) { do { const char *curName = FIND_T_FILENAME(fInfo); - if (curName == NULL) continue; - if (curName[0] == '.') continue; - if (strcmp(curName, "CVS") == 0) continue; - if (!FIND_T_IS_DIR(fInfo)) continue; - CHDIR(curName); - strcat(curSubdir, "/"); - strcat(curSubdir, curName); - printf(NEWLINE "processing subdirectory %s/..." NEWLINE, curSubdir); - filesProcessed += process_sub(data_file, struct_file); - CHDIR(".."); - strcpy(curSubdir, oldSubdir); + if ((curName[0] == '.') || (strcmp(curName, "CVS") == 0)) { + continue; + } + if (!FIND_T_IS_DIR(fInfo)) { + continue; + } + if (freelen > 0) { + CHDIR(curName); + strncat(curSubdir, "/", freelen); + strncat(curSubdir, curName, freelen - 1); + curSubdir[sizeof(curSubdir) - 1] = 0; + printf(NEWLINE "processing subdirectory %s/..." NEWLINE, curSubdir); + filesProcessed += process_sub(data_file, struct_file); + CHDIR(".."); + curSubdir[sublen] = 0; + } else { + printf("WARNING: cannot process sub due to path length restrictions: \"%s/%s\"\n", curSubdir, curName); + } } while (FINDNEXT_SUCCEEDED(FINDNEXT(fret, &fInfo))); } } @@ -339,6 +353,10 @@ void process_file_data(const char *filename, FILE *data_file) size_t len, written, i, src_off=0; source_file = fopen(filename, "rb"); + if (source_file == NULL) { + printf("Failed to open file \"%s\"\n", filename); + exit(-1); + } do { size_t off = 0; @@ -376,7 +394,7 @@ int write_checksums(FILE *struct_file, const char *filename, const char *varname memset(file_buffer_raw, 0xab, sizeof(file_buffer_raw)); f = fopen(filename, "rb"); - if (f == INVALID_HANDLE_VALUE) { + if (f == NULL) { printf("Failed to open file \"%s\"\n", filename); exit(-1); } @@ -600,9 +618,11 @@ int file_write_http_header(FILE *data_file, const char *filename, int file_size, } file_ext = filename; - while(strstr(file_ext, ".") != NULL) { - file_ext = strstr(file_ext, "."); - file_ext++; + if (file_ext != NULL) { + while(strstr(file_ext, ".") != NULL) { + file_ext = strstr(file_ext, "."); + file_ext++; + } } if((file_ext == NULL) || (*file_ext == 0)) { printf("failed to get extension for file \"%s\", using default.\n", filename); diff --git a/apps/smtp/smtp.c b/apps/smtp/smtp.c index 85481c1..90b2728 100644 --- a/apps/smtp/smtp.c +++ b/apps/smtp/smtp.c @@ -385,10 +385,14 @@ smtp_set_auth(const char* username, const char* pass) #endif /* SMTP_SUPPORT_AUTH_LOGIN || SMTP_SUPPORT_AUTH_PLAIN */ } *smtp_auth_plain = 0; - smtp_username = smtp_auth_plain + 1; - strcpy(smtp_username, username); - smtp_pass = smtp_auth_plain + uname_len + 2; - strcpy(smtp_pass, pass); + if (username != NULL) { + smtp_username = smtp_auth_plain + 1; + strcpy(smtp_username, username); + } + if (pass != NULL) { + smtp_pass = smtp_auth_plain + uname_len + 2; + strcpy(smtp_pass, pass); + } smtp_auth_plain_len = uname_len + pass_len + 2; return ERR_OK; diff --git a/apps/snmp_private_mib/lwip_prvmib.c b/apps/snmp_private_mib/lwip_prvmib.c index 3541b9d..a41bcf5 100644 --- a/apps/snmp_private_mib/lwip_prvmib.c +++ b/apps/snmp_private_mib/lwip_prvmib.c @@ -510,7 +510,7 @@ sensorentry_get_value_a(u8_t rid, struct obj_def *od, u16_t len, void *value) fclose(sensf); } #else /* SENSORS_USE_FILES */ - if (i <= SENSOR_COUNT) { + if (i < SENSOR_COUNT) { *temperature = sensor_values[i]; } #endif /* SENSORS_USE_FILES */ @@ -587,7 +587,7 @@ sensorentry_set_value_a(u8_t rid, struct obj_def *od, u16_t len, void *value) fclose(sensf); } #else /* SENSORS_USE_FILES */ - if (i <= SENSOR_COUNT) { + if (i < SENSOR_COUNT) { sensor_values[i] = *temperature; } #endif /* SENSORS_USE_FILES */ diff --git a/ports/win32/pcapif.c b/ports/win32/pcapif.c index 701cbb2..1e54c3f 100644 --- a/ports/win32/pcapif.c +++ b/ports/win32/pcapif.c @@ -379,7 +379,7 @@ pcapif_init_adapter(int adapter_num, void *arg) #endif errbuf); /* error buffer */ if (pa->adapter == NULL) { - printf("\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name); + printf("\nUnable to open the adapter. %s is not supported by WinPcap\n", used_adapter->name); /* Free the device list */ pcap_freealldevs(alldevs); free(pa); diff --git a/ports/win32/sio.c b/ports/win32/sio.c index 137971e..9f6d330 100644 --- a/ports/win32/sio.c +++ b/ports/win32/sio.c @@ -256,7 +256,7 @@ u32_t sio_tryread(sio_fd_t fd, u8_t* data, u32_t len) DWORD dwNbBytesReadden = 0; LWIP_DEBUGF(SIO_DEBUG, ("sio_read()...\n")); ret = ReadFile((HANDLE)(fd), data, len, &dwNbBytesReadden, NULL); - LWIP_DEBUGF(SIO_DEBUG, ("sio_read()=%lu bytes -> \n", dwNbBytesReadden, ret)); + LWIP_DEBUGF(SIO_DEBUG, ("sio_read()=%lu bytes -> %d\n", dwNbBytesReadden, ret)); return dwNbBytesReadden; }