From: Michael R Sweet Date: Sun, 17 Nov 2019 15:18:09 +0000 (-0500) Subject: Address multiple minor issues reported by the LGTM security scanner: X-Git-Tag: v2.3.1~25 X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fcups.git;a=commitdiff_plain;h=f4a99aeb0252068ee78bf2158fb01fef6f4599ca Address multiple minor issues reported by the LGTM security scanner: - Lots of usage of localtime and gmtime (use _r/_s versions instead - Issue #5685) - Some unnecessary comparisons - Suppress checks that are not useful (header guards, short global names, and the integer overflow checks which don't reflect the actual range of values) --- diff --git a/backend/lpd.c b/backend/lpd.c index 45cdde8e7..efc7a9acc 100644 --- a/backend/lpd.c +++ b/backend/lpd.c @@ -71,7 +71,11 @@ static int abort_job = 0; /* Non-zero if we get SIGTERM */ */ static int cups_rresvport(int *port, int family); -static int lpd_command(int lpd_fd, char *format, ...); +static int lpd_command(int lpd_fd, char *format, ...) +# ifdef __GNUC__ +__attribute__ ((__format__ (__printf__, 2, 3))) +# endif /* __GNUC__ */ +; static int lpd_queue(const char *hostname, http_addrlist_t *addrlist, const char *printer, int print_fd, int snmp_fd, int mode, const char *user, const char *title, int copies, int banner, int format, int order, int reserve, int manual_copies, int timeout, int contimeout, const char *orighost) _CUPS_NONNULL((1,2,3,7,8,17)); static ssize_t lpd_write(int lpd_fd, char *buffer, size_t length); static void sigterm_handler(int sig); @@ -1042,7 +1046,7 @@ lpd_queue(const char *hostname, /* I - Host to connect to */ * Send the control file... */ - if (lpd_command(fd, "\002%d cfA%03.3d%.15s\n", strlen(control), + if (lpd_command(fd, "\002%d cfA%03.3d%.15s\n", (int)strlen(control), (int)getpid() % 1000, localhost)) { close(fd); @@ -1175,7 +1179,7 @@ lpd_queue(const char *hostname, /* I - Host to connect to */ * Send control file... */ - if (lpd_command(fd, "\002%d cfA%03.3d%.15s\n", strlen(control), + if (lpd_command(fd, "\002%d cfA%03.3d%.15s\n", (int)strlen(control), (int)getpid() % 1000, localhost)) { close(fd); diff --git a/backend/usb-libusb.c b/backend/usb-libusb.c index 1c4d9f117..9740c14d5 100644 --- a/backend/usb-libusb.c +++ b/backend/usb-libusb.c @@ -878,7 +878,7 @@ find_device(usb_cb_t cb, /* I - Callback function */ protocol = 0; for (altset = 0, altptr = ifaceptr->altsetting; - altset < ifaceptr->num_altsetting; + altset < (uint8_t)ifaceptr->num_altsetting; altset ++, altptr ++) { /* diff --git a/cgi-bin/var.c b/cgi-bin/var.c index fb9d051c0..c5fde0124 100644 --- a/cgi-bin/var.c +++ b/cgi-bin/var.c @@ -983,7 +983,7 @@ cgi_initialize_post(void) */ length = (size_t)strtol(content_length, NULL, 10); - data = malloc(length + 1); + data = malloc(length + 1); /* lgtm [cpp/uncontrolled-allocation-size] */ if (data == NULL) return (0); diff --git a/cups/encode.c b/cups/encode.c index 2469406e2..5bcbf6fe5 100644 --- a/cups/encode.c +++ b/cups/encode.c @@ -523,7 +523,7 @@ _cupsEncodeOption( quote = *sep; } - else if (*sep == ',' && count > 1) + else if (*sep == ',') break; else if (*sep == '\\' && sep[1]) { diff --git a/cups/http-support.c b/cups/http-support.c index 824b8dcf1..63175145e 100644 --- a/cups/http-support.c +++ b/cups/http-support.c @@ -799,14 +799,12 @@ httpGetDateString2(time_t t, /* I - Time in seconds */ char *s, /* I - String buffer */ int slen) /* I - Size of string buffer */ { - struct tm *tdate; /* UNIX date/time data */ + struct tm tdate; /* UNIX date/time data */ - tdate = gmtime(&t); - if (tdate) - snprintf(s, (size_t)slen, "%s, %02d %s %d %02d:%02d:%02d GMT", http_days[tdate->tm_wday], tdate->tm_mday, http_months[tdate->tm_mon], tdate->tm_year + 1900, tdate->tm_hour, tdate->tm_min, tdate->tm_sec); - else - s[0] = '\0'; + gmtime_r(&t, &tdate); + + snprintf(s, (size_t)slen, "%s, %02d %s %d %02d:%02d:%02d GMT", http_days[tdate.tm_wday], tdate.tm_mday, http_months[tdate.tm_mon], tdate.tm_year + 1900, tdate.tm_hour, tdate.tm_min, tdate.tm_sec); return (s); } diff --git a/cups/http.c b/cups/http.c index fbb1bf13c..8d69ce31f 100644 --- a/cups/http.c +++ b/cups/http.c @@ -1733,7 +1733,7 @@ httpPeek(http_t *http, /* I - HTTP connection */ if (http->used > 0 && ((z_stream *)http->stream)->avail_in < HTTP_MAX_BUFFER) { - size_t buflen = buflen = HTTP_MAX_BUFFER - ((z_stream *)http->stream)->avail_in; + size_t buflen = HTTP_MAX_BUFFER - ((z_stream *)http->stream)->avail_in; /* Number of bytes to copy */ if (((z_stream *)http->stream)->avail_in > 0 && diff --git a/cups/ipp.c b/cups/ipp.c index 1bd59cef1..d0cac8cfe 100644 --- a/cups/ipp.c +++ b/cups/ipp.c @@ -4659,7 +4659,7 @@ ippSetVersion(ipp_t *ipp, /* I - IPP message */ const ipp_uchar_t * /* O - RFC-2579 date/time data */ ippTimeToDate(time_t t) /* I - Time in seconds */ { - struct tm *unixdate; /* UNIX unixdate/time info */ + struct tm unixdate; /* UNIX unixdate/time info */ ipp_uchar_t *date = _cupsGlobals()->ipp_date; /* RFC-2579 date/time data */ @@ -4681,16 +4681,16 @@ ippTimeToDate(time_t t) /* I - Time in seconds */ * 10 UTC minutes (0 to 59) */ - unixdate = gmtime(&t); - unixdate->tm_year += 1900; + gmtime_r(&t, &unixdate); + unixdate.tm_year += 1900; - date[0] = (ipp_uchar_t)(unixdate->tm_year >> 8); - date[1] = (ipp_uchar_t)(unixdate->tm_year); - date[2] = (ipp_uchar_t)(unixdate->tm_mon + 1); - date[3] = (ipp_uchar_t)unixdate->tm_mday; - date[4] = (ipp_uchar_t)unixdate->tm_hour; - date[5] = (ipp_uchar_t)unixdate->tm_min; - date[6] = (ipp_uchar_t)unixdate->tm_sec; + date[0] = (ipp_uchar_t)(unixdate.tm_year >> 8); + date[1] = (ipp_uchar_t)(unixdate.tm_year); + date[2] = (ipp_uchar_t)(unixdate.tm_mon + 1); + date[3] = (ipp_uchar_t)unixdate.tm_mday; + date[4] = (ipp_uchar_t)unixdate.tm_hour; + date[5] = (ipp_uchar_t)unixdate.tm_min; + date[6] = (ipp_uchar_t)unixdate.tm_sec; date[7] = 0; date[8] = '+'; date[9] = 0; diff --git a/cups/string.c b/cups/string.c index 54f7bd0cf..93cdad19d 100644 --- a/cups/string.c +++ b/cups/string.c @@ -146,7 +146,7 @@ _cupsStrDate(char *buf, /* I - Buffer */ size_t bufsize, /* I - Size of buffer */ time_t timeval) /* I - Time value */ { - struct tm *dateval; /* Local date/time */ + struct tm date; /* Local date/time */ char temp[1024]; /* Temporary buffer */ _cups_globals_t *cg = _cupsGlobals(); /* Per-thread globals */ @@ -154,15 +154,15 @@ _cupsStrDate(char *buf, /* I - Buffer */ if (!cg->lang_default) cg->lang_default = cupsLangDefault(); - dateval = localtime(&timeval); + localtime_r(&timeval, &date); if (cg->lang_default->encoding != CUPS_UTF8) { - strftime(temp, sizeof(temp), "%c", dateval); + strftime(temp, sizeof(temp), "%c", &date); cupsCharsetToUTF8((cups_utf8_t *)buf, temp, (int)bufsize, cg->lang_default->encoding); } else - strftime(buf, bufsize, "%c", dateval); + strftime(buf, bufsize, "%c", &date); return (buf); } diff --git a/lgtm.yaml b/lgtm.yaml new file mode 100644 index 000000000..626551724 --- /dev/null +++ b/lgtm.yaml @@ -0,0 +1,4 @@ +queries: + - exclude: cpp/integer-multiplication-cast-to-long + - exclude: cpp/missing-header-guard + - exclude: cpp/short-global-name diff --git a/scheduler/classes.c b/scheduler/classes.c index 776e79a91..14d2558bf 100644 --- a/scheduler/classes.c +++ b/scheduler/classes.c @@ -664,7 +664,7 @@ cupsdSaveAllClasses(void) cupsd_printer_t *pclass; /* Current printer class */ int i; /* Looping var */ time_t curtime; /* Current time */ - struct tm *curdate; /* Current date */ + struct tm curdate; /* Current date */ cups_option_t *option; /* Current option */ @@ -683,9 +683,9 @@ cupsdSaveAllClasses(void) * Write a small header to the file... */ - curtime = time(NULL); - curdate = localtime(&curtime); - strftime(temp, sizeof(temp) - 1, "%Y-%m-%d %H:%M", curdate); + time(&curtime); + localtime_r(&curtime, &curdate); + strftime(temp, sizeof(temp) - 1, "%Y-%m-%d %H:%M", &curdate); cupsFilePuts(fp, "# Class configuration file for " CUPS_SVERSION "\n"); cupsFilePrintf(fp, "# Written by cupsd on %s\n", temp); diff --git a/scheduler/job.c b/scheduler/job.c index 2cfb1b03d..e20e7c563 100644 --- a/scheduler/job.c +++ b/scheduler/job.c @@ -2183,7 +2183,7 @@ cupsdSaveAllJobs(void) temp[1024]; /* Temporary string */ cupsd_job_t *job; /* Current job */ time_t curtime; /* Current time */ - struct tm *curdate; /* Current date */ + struct tm curdate; /* Current date */ snprintf(filename, sizeof(filename), "%s/job.cache", CacheDir); @@ -2196,9 +2196,9 @@ cupsdSaveAllJobs(void) * Write a small header to the file... */ - curtime = time(NULL); - curdate = localtime(&curtime); - strftime(temp, sizeof(temp) - 1, "%Y-%m-%d %H:%M", curdate); + time(&curtime); + localtime_r(&curtime, &curdate); + strftime(temp, sizeof(temp) - 1, "%Y-%m-%d %H:%M", &curdate); cupsFilePuts(fp, "# Job cache file for " CUPS_SVERSION "\n"); cupsFilePrintf(fp, "# Written by cupsd on %s\n", temp); @@ -2311,7 +2311,7 @@ cupsdSetJobHoldUntil(cupsd_job_t *job, /* I - Job */ int update)/* I - Update job-hold-until attr? */ { time_t curtime; /* Current time */ - struct tm *curdate; /* Current date */ + struct tm curdate; /* Current date */ int hour; /* Hold hour */ int minute; /* Hold minute */ int second = 0; /* Hold second */ @@ -2380,15 +2380,15 @@ cupsdSetJobHoldUntil(cupsd_job_t *job, /* I - Job */ * Hold to 6am the next morning unless local time is < 6pm. */ - curtime = time(NULL); - curdate = localtime(&curtime); + time(&curtime); + localtime_r(&curtime, &curdate); - if (curdate->tm_hour < 18) + if (curdate.tm_hour < 18) job->hold_until = curtime; else job->hold_until = curtime + - ((29 - curdate->tm_hour) * 60 + 59 - - curdate->tm_min) * 60 + 60 - curdate->tm_sec; + ((29 - curdate.tm_hour) * 60 + 59 - + curdate.tm_min) * 60 + 60 - curdate.tm_sec; } else if (!strcmp(when, "evening") || !strcmp(when, "night")) { @@ -2396,15 +2396,15 @@ cupsdSetJobHoldUntil(cupsd_job_t *job, /* I - Job */ * Hold to 6pm unless local time is > 6pm or < 6am. */ - curtime = time(NULL); - curdate = localtime(&curtime); + time(&curtime); + localtime_r(&curtime, &curdate); - if (curdate->tm_hour < 6 || curdate->tm_hour >= 18) + if (curdate.tm_hour < 6 || curdate.tm_hour >= 18) job->hold_until = curtime; else job->hold_until = curtime + - ((17 - curdate->tm_hour) * 60 + 59 - - curdate->tm_min) * 60 + 60 - curdate->tm_sec; + ((17 - curdate.tm_hour) * 60 + 59 - + curdate.tm_min) * 60 + 60 - curdate.tm_sec; } else if (!strcmp(when, "second-shift")) { @@ -2412,15 +2412,15 @@ cupsdSetJobHoldUntil(cupsd_job_t *job, /* I - Job */ * Hold to 4pm unless local time is > 4pm. */ - curtime = time(NULL); - curdate = localtime(&curtime); + time(&curtime); + localtime_r(&curtime, &curdate); - if (curdate->tm_hour >= 16) + if (curdate.tm_hour >= 16) job->hold_until = curtime; else job->hold_until = curtime + - ((15 - curdate->tm_hour) * 60 + 59 - - curdate->tm_min) * 60 + 60 - curdate->tm_sec; + ((15 - curdate.tm_hour) * 60 + 59 - + curdate.tm_min) * 60 + 60 - curdate.tm_sec; } else if (!strcmp(when, "third-shift")) { @@ -2428,15 +2428,15 @@ cupsdSetJobHoldUntil(cupsd_job_t *job, /* I - Job */ * Hold to 12am unless local time is < 8am. */ - curtime = time(NULL); - curdate = localtime(&curtime); + time(&curtime); + localtime_r(&curtime, &curdate); - if (curdate->tm_hour < 8) + if (curdate.tm_hour < 8) job->hold_until = curtime; else job->hold_until = curtime + - ((23 - curdate->tm_hour) * 60 + 59 - - curdate->tm_min) * 60 + 60 - curdate->tm_sec; + ((23 - curdate.tm_hour) * 60 + 59 - + curdate.tm_min) * 60 + 60 - curdate.tm_sec; } else if (!strcmp(when, "weekend")) { @@ -2444,16 +2444,16 @@ cupsdSetJobHoldUntil(cupsd_job_t *job, /* I - Job */ * Hold to weekend unless we are in the weekend. */ - curtime = time(NULL); - curdate = localtime(&curtime); + time(&curtime); + localtime_r(&curtime, &curdate); - if (curdate->tm_wday == 0 || curdate->tm_wday == 6) + if (curdate.tm_wday == 0 || curdate.tm_wday == 6) job->hold_until = curtime; else job->hold_until = curtime + - (((5 - curdate->tm_wday) * 24 + - (17 - curdate->tm_hour)) * 60 + 59 - - curdate->tm_min) * 60 + 60 - curdate->tm_sec; + (((5 - curdate.tm_wday) * 24 + + (17 - curdate.tm_hour)) * 60 + 59 - + curdate.tm_min) * 60 + 60 - curdate.tm_sec; } else if (sscanf(when, "%d:%d:%d", &hour, &minute, &second) >= 2) { @@ -2461,12 +2461,12 @@ cupsdSetJobHoldUntil(cupsd_job_t *job, /* I - Job */ * Hold to specified GMT time (HH:MM or HH:MM:SS)... */ - curtime = time(NULL); - curdate = gmtime(&curtime); + time(&curtime); + gmtime_r(&curtime, &curdate); job->hold_until = curtime + - ((hour - curdate->tm_hour) * 60 + minute - - curdate->tm_min) * 60 + second - curdate->tm_sec; + ((hour - curdate.tm_hour) * 60 + minute - + curdate.tm_min) * 60 + second - curdate.tm_sec; /* * Hold until next day as needed... @@ -2957,7 +2957,7 @@ dump_job_history(cupsd_job_t *job) /* I - Job */ { int i, /* Looping var */ oldsize; /* Current MaxLogSize */ - struct tm *date; /* Date/time value */ + struct tm date; /* Date/time value */ cupsd_joblog_t *message; /* Current message */ char temp[2048], /* Log message */ *ptr, /* Pointer into log message */ @@ -2985,12 +2985,12 @@ dump_job_history(cupsd_job_t *job) /* I - Job */ */ message = (cupsd_joblog_t *)cupsArrayFirst(job->history); - date = localtime(&(message->time)); - strftime(start, sizeof(start), "%X", date); + localtime_r(&(message->time), &date); + strftime(start, sizeof(start), "%X", &date); message = (cupsd_joblog_t *)cupsArrayLast(job->history); - date = localtime(&(message->time)); - strftime(end, sizeof(end), "%X", date); + localtime_r(&(message->time), &date); + strftime(end, sizeof(end), "%X", &date); snprintf(temp, sizeof(temp), "[Job %d] The following messages were recorded from %s to %s", diff --git a/scheduler/log.c b/scheduler/log.c index cdb5437dc..2bd1952f7 100644 --- a/scheduler/log.c +++ b/scheduler/log.c @@ -301,7 +301,7 @@ cupsdGetDateTime(struct timeval *t, /* I - Time value or NULL for current */ cupsd_time_t format) /* I - Format to use */ { struct timeval curtime; /* Current time value */ - struct tm *date; /* Date/time value */ + struct tm date; /* Date/time value */ static struct timeval last_time = { 0, 0 }; /* Last time we formatted */ static char s[1024]; /* Date/time string */ @@ -351,23 +351,23 @@ cupsdGetDateTime(struct timeval *t, /* I - Time value or NULL for current */ * (*BSD and Darwin store the timezone offset in the tm structure) */ - date = localtime(&(t->tv_sec)); + localtime_r(&(t->tv_sec), &date); if (format == CUPSD_TIME_STANDARD) snprintf(s, sizeof(s), "[%02d/%s/%04d:%02d:%02d:%02d %+03ld%02ld]", - date->tm_mday, months[date->tm_mon], 1900 + date->tm_year, - date->tm_hour, date->tm_min, date->tm_sec, + date.tm_mday, months[date.tm_mon], 1900 + date.tm_year, + date.tm_hour, date.tm_min, date.tm_sec, #ifdef HAVE_TM_GMTOFF - date->tm_gmtoff / 3600, (date->tm_gmtoff / 60) % 60); + date.tm_gmtoff / 3600, (date.tm_gmtoff / 60) % 60); #else timezone / 3600, (timezone / 60) % 60); #endif /* HAVE_TM_GMTOFF */ else snprintf(s, sizeof(s), "[%02d/%s/%04d:%02d:%02d:%02d.%06d %+03ld%02ld]", - date->tm_mday, months[date->tm_mon], 1900 + date->tm_year, - date->tm_hour, date->tm_min, date->tm_sec, (int)t->tv_usec, + date.tm_mday, months[date.tm_mon], 1900 + date.tm_year, + date.tm_hour, date.tm_min, date.tm_sec, (int)t->tv_usec, #ifdef HAVE_TM_GMTOFF - date->tm_gmtoff / 3600, (date->tm_gmtoff / 60) % 60); + date.tm_gmtoff / 3600, (date.tm_gmtoff / 60) % 60); #else timezone / 3600, (timezone / 60) % 60); #endif /* HAVE_TM_GMTOFF */ diff --git a/scheduler/printers.c b/scheduler/printers.c index 75ef4c0d2..80690397d 100644 --- a/scheduler/printers.c +++ b/scheduler/printers.c @@ -1478,7 +1478,7 @@ cupsdSaveAllPrinters(void) *name; /* Current user/group name */ cupsd_printer_t *printer; /* Current printer class */ time_t curtime; /* Current time */ - struct tm *curdate; /* Current date */ + struct tm curdate; /* Current date */ cups_option_t *option; /* Current option */ ipp_attribute_t *marker; /* Current marker attribute */ @@ -1498,9 +1498,9 @@ cupsdSaveAllPrinters(void) * Write a small header to the file... */ - curtime = time(NULL); - curdate = localtime(&curtime); - strftime(temp, sizeof(temp) - 1, "%Y-%m-%d %H:%M", curdate); + time(&curtime); + localtime_r(&curtime, &curdate); + strftime(temp, sizeof(temp) - 1, "%Y-%m-%d %H:%M", &curdate); cupsFilePuts(fp, "# Printer configuration file for " CUPS_SVERSION "\n"); cupsFilePrintf(fp, "# Written by cupsd on %s\n", temp); diff --git a/scheduler/subscriptions.c b/scheduler/subscriptions.c index 3267a2ff6..15acedca8 100644 --- a/scheduler/subscriptions.c +++ b/scheduler/subscriptions.c @@ -1025,7 +1025,7 @@ cupsdSaveAllSubscriptions(void) temp[1024]; /* Temporary string */ cupsd_subscription_t *sub; /* Current subscription */ time_t curtime; /* Current time */ - struct tm *curdate; /* Current date */ + struct tm curdate; /* Current date */ unsigned mask; /* Current event mask */ const char *name; /* Current event name */ int hex; /* Non-zero if we are writing hex data */ @@ -1046,9 +1046,9 @@ cupsdSaveAllSubscriptions(void) * Write a small header to the file... */ - curtime = time(NULL); - curdate = localtime(&curtime); - strftime(temp, sizeof(temp) - 1, "%Y-%m-%d %H:%M", curdate); + time(&curtime); + localtime_r(&curtime, &curdate); + strftime(temp, sizeof(temp) - 1, "%Y-%m-%d %H:%M", &curdate); cupsFilePuts(fp, "# Subscription configuration file for " CUPS_SVERSION "\n"); cupsFilePrintf(fp, "# Written by cupsd on %s\n", temp); diff --git a/tools/ippeveprinter.c b/tools/ippeveprinter.c index 62489430b..2b921e235 100644 --- a/tools/ippeveprinter.c +++ b/tools/ippeveprinter.c @@ -7645,10 +7645,12 @@ time_string(time_t tv, /* I - Time value */ char *buffer, /* I - Buffer */ size_t bufsize) /* I - Size of buffer */ { - struct tm *curtime = localtime(&tv); - /* Local time */ + struct tm date; /* Local time and date */ + + localtime_r(&tv, &date); + + strftime(buffer, bufsize, "%X", &date); - strftime(buffer, bufsize, "%X", curtime); return (buffer); } diff --git a/tools/ipptool.c b/tools/ipptool.c index e54b78ad3..a3a694d5f 100644 --- a/tools/ipptool.c +++ b/tools/ipptool.c @@ -2162,16 +2162,16 @@ static char * /* O - ISO 8601 date/time string */ iso_date(const ipp_uchar_t *date) /* I - IPP (RFC 1903) date/time value */ { time_t utctime; /* UTC time since 1970 */ - struct tm *utcdate; /* UTC date/time */ + struct tm utcdate; /* UTC date/time */ static char buffer[255]; /* String buffer */ utctime = ippDateToTime(date); - utcdate = gmtime(&utctime); + gmtime_r(&utctime, &utcdate); snprintf(buffer, sizeof(buffer), "%04d-%02d-%02dT%02d:%02d:%02dZ", - utcdate->tm_year + 1900, utcdate->tm_mon + 1, utcdate->tm_mday, - utcdate->tm_hour, utcdate->tm_min, utcdate->tm_sec); + utcdate.tm_year + 1900, utcdate.tm_mon + 1, utcdate.tm_mday, + utcdate.tm_hour, utcdate.tm_min, utcdate.tm_sec); return (buffer); } diff --git a/vcnet/config.h b/vcnet/config.h index d85865a6f..4ad1dc8f1 100644 --- a/vcnet/config.h +++ b/vcnet/config.h @@ -46,6 +46,14 @@ #define write _write +/* + * Microsoft "safe" functions use a different argument order than POSIX... + */ + +#define gmtime_r(t,tm) gmtime_s(tm,t) +#define localtime_r(t,tm) localtime_s(tm,t) + + /* * Map the POSIX strcasecmp() and strncasecmp() functions to the Win32 * _stricmp() and _strnicmp() functions...