From: Michael R Sweet Date: Sun, 17 Nov 2019 15:25:36 +0000 (-0500) Subject: Address multiple minor issues reported by the LGTM security scanner: X-Git-Tag: v2.2.13~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b7961044250e590847aaaa3daf3c327ef93fb42c;p=thirdparty%2Fcups.git Address multiple minor issues reported by the LGTM security scanner: - Lots of usage of localtime and gmtime (use _r/_s versions instead - Issue #5685) - Some unnecessary comparisons - Suppress checks that are not useful (header guards, short global names, and the integer overflow checks which don't reflect the actual range of values) --- diff --git a/backend/lpd.c b/backend/lpd.c index d8c2e6b155..accde240de 100644 --- a/backend/lpd.c +++ b/backend/lpd.c @@ -76,7 +76,11 @@ static int abort_job = 0; /* Non-zero if we get SIGTERM */ */ static int cups_rresvport(int *port, int family); -static int lpd_command(int lpd_fd, char *format, ...); +static int lpd_command(int lpd_fd, char *format, ...) +# ifdef __GNUC__ +__attribute__ ((__format__ (__printf__, 2, 3))) +# endif /* __GNUC__ */ +; static int lpd_queue(const char *hostname, http_addrlist_t *addrlist, const char *printer, int print_fd, int snmp_fd, int mode, const char *user, const char *title, @@ -1052,7 +1056,7 @@ lpd_queue(const char *hostname, /* I - Host to connect to */ * Send the control file... */ - if (lpd_command(fd, "\002%d cfA%03.3d%.15s\n", strlen(control), + if (lpd_command(fd, "\002%d cfA%03.3d%.15s\n", (int)strlen(control), (int)getpid() % 1000, localhost)) { close(fd); @@ -1185,7 +1189,7 @@ lpd_queue(const char *hostname, /* I - Host to connect to */ * Send control file... */ - if (lpd_command(fd, "\002%d cfA%03.3d%.15s\n", strlen(control), + if (lpd_command(fd, "\002%d cfA%03.3d%.15s\n", (int)strlen(control), (int)getpid() % 1000, localhost)) { close(fd); diff --git a/backend/usb-libusb.c b/backend/usb-libusb.c index c03686a633..33e9b4e58e 100644 --- a/backend/usb-libusb.c +++ b/backend/usb-libusb.c @@ -881,7 +881,7 @@ find_device(usb_cb_t cb, /* I - Callback function */ protocol = 0; for (altset = 0, altptr = ifaceptr->altsetting; - altset < ifaceptr->num_altsetting; + altset < (uint8_t)ifaceptr->num_altsetting; altset ++, altptr ++) { /* diff --git a/cgi-bin/var.c b/cgi-bin/var.c index 8b8f26472e..d108401973 100644 --- a/cgi-bin/var.c +++ b/cgi-bin/var.c @@ -987,7 +987,7 @@ cgi_initialize_post(void) */ length = (size_t)strtol(content_length, NULL, 10); - data = malloc(length + 1); + data = malloc(length + 1); /* lgtm [cpp/uncontrolled-allocation-size] */ if (data == NULL) return (0); diff --git a/cups/http-support.c b/cups/http-support.c index 767fbf6892..e7cca8ee00 100644 --- a/cups/http-support.c +++ b/cups/http-support.c @@ -803,14 +803,12 @@ httpGetDateString2(time_t t, /* I - Time in seconds */ char *s, /* I - String buffer */ int slen) /* I - Size of string buffer */ { - struct tm *tdate; /* UNIX date/time data */ + struct tm tdate; /* UNIX date/time data */ - tdate = gmtime(&t); - if (tdate) - snprintf(s, (size_t)slen, "%s, %02d %s %d %02d:%02d:%02d GMT", http_days[tdate->tm_wday], tdate->tm_mday, http_months[tdate->tm_mon], tdate->tm_year + 1900, tdate->tm_hour, tdate->tm_min, tdate->tm_sec); - else - s[0] = '\0'; + gmtime_r(&t, &tdate); + + snprintf(s, (size_t)slen, "%s, %02d %s %d %02d:%02d:%02d GMT", http_days[tdate.tm_wday], tdate.tm_mday, http_months[tdate.tm_mon], tdate.tm_year + 1900, tdate.tm_hour, tdate.tm_min, tdate.tm_sec); return (s); } diff --git a/cups/http.c b/cups/http.c index 3fadb5acb0..7258e91c2f 100644 --- a/cups/http.c +++ b/cups/http.c @@ -1778,7 +1778,7 @@ httpPeek(http_t *http, /* I - HTTP connection */ if (http->used > 0 && ((z_stream *)http->stream)->avail_in < HTTP_MAX_BUFFER) { - size_t buflen = buflen = HTTP_MAX_BUFFER - ((z_stream *)http->stream)->avail_in; + size_t buflen = HTTP_MAX_BUFFER - ((z_stream *)http->stream)->avail_in; /* Number of bytes to copy */ if (((z_stream *)http->stream)->avail_in > 0 && diff --git a/cups/ipp.c b/cups/ipp.c index b0762fdcbf..7e325beb2f 100644 --- a/cups/ipp.c +++ b/cups/ipp.c @@ -4662,7 +4662,7 @@ ippSetVersion(ipp_t *ipp, /* I - IPP message */ const ipp_uchar_t * /* O - RFC-2579 date/time data */ ippTimeToDate(time_t t) /* I - Time in seconds */ { - struct tm *unixdate; /* UNIX unixdate/time info */ + struct tm unixdate; /* UNIX unixdate/time info */ ipp_uchar_t *date = _cupsGlobals()->ipp_date; /* RFC-2579 date/time data */ @@ -4684,16 +4684,16 @@ ippTimeToDate(time_t t) /* I - Time in seconds */ * 10 UTC minutes (0 to 59) */ - unixdate = gmtime(&t); - unixdate->tm_year += 1900; + gmtime_r(&t, &unixdate); + unixdate.tm_year += 1900; - date[0] = (ipp_uchar_t)(unixdate->tm_year >> 8); - date[1] = (ipp_uchar_t)(unixdate->tm_year); - date[2] = (ipp_uchar_t)(unixdate->tm_mon + 1); - date[3] = (ipp_uchar_t)unixdate->tm_mday; - date[4] = (ipp_uchar_t)unixdate->tm_hour; - date[5] = (ipp_uchar_t)unixdate->tm_min; - date[6] = (ipp_uchar_t)unixdate->tm_sec; + date[0] = (ipp_uchar_t)(unixdate.tm_year >> 8); + date[1] = (ipp_uchar_t)(unixdate.tm_year); + date[2] = (ipp_uchar_t)(unixdate.tm_mon + 1); + date[3] = (ipp_uchar_t)unixdate.tm_mday; + date[4] = (ipp_uchar_t)unixdate.tm_hour; + date[5] = (ipp_uchar_t)unixdate.tm_min; + date[6] = (ipp_uchar_t)unixdate.tm_sec; date[7] = 0; date[8] = '+'; date[9] = 0; diff --git a/cups/string.c b/cups/string.c index dd9c12ce83..aa1010fc88 100644 --- a/cups/string.c +++ b/cups/string.c @@ -150,7 +150,7 @@ _cupsStrDate(char *buf, /* I - Buffer */ size_t bufsize, /* I - Size of buffer */ time_t timeval) /* I - Time value */ { - struct tm *dateval; /* Local date/time */ + struct tm date; /* Local date/time */ char temp[1024]; /* Temporary buffer */ _cups_globals_t *cg = _cupsGlobals(); /* Per-thread globals */ @@ -158,15 +158,15 @@ _cupsStrDate(char *buf, /* I - Buffer */ if (!cg->lang_default) cg->lang_default = cupsLangDefault(); - dateval = localtime(&timeval); + localtime_r(&timeval, &date); if (cg->lang_default->encoding != CUPS_UTF8) { - strftime(temp, sizeof(temp), "%c", dateval); + strftime(temp, sizeof(temp), "%c", &date); cupsCharsetToUTF8((cups_utf8_t *)buf, temp, (int)bufsize, cg->lang_default->encoding); } else - strftime(buf, bufsize, "%c", dateval); + strftime(buf, bufsize, "%c", &date); return (buf); } diff --git a/scheduler/auth.c b/scheduler/auth.c index 1fb3ffcc0b..4e9f371c0a 100644 --- a/scheduler/auth.c +++ b/scheduler/auth.c @@ -768,7 +768,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ */ len = (int)strlen(authorization); - input_token.value = malloc((size_t)len); + input_token.value = malloc((size_t)len); /* lgtm [cpp/no-space-for-terminator] */ input_token.value = httpDecode64_2(input_token.value, &len, authorization); input_token.length = (size_t)len; diff --git a/scheduler/classes.c b/scheduler/classes.c index 57f9a8f44f..14660774cc 100644 --- a/scheduler/classes.c +++ b/scheduler/classes.c @@ -661,7 +661,7 @@ cupsdSaveAllClasses(void) cupsd_printer_t *pclass; /* Current printer class */ int i; /* Looping var */ time_t curtime; /* Current time */ - struct tm *curdate; /* Current date */ + struct tm curdate; /* Current date */ cups_option_t *option; /* Current option */ @@ -680,9 +680,9 @@ cupsdSaveAllClasses(void) * Write a small header to the file... */ - curtime = time(NULL); - curdate = localtime(&curtime); - strftime(temp, sizeof(temp) - 1, "%Y-%m-%d %H:%M", curdate); + time(&curtime); + localtime_r(&curtime, &curdate); + strftime(temp, sizeof(temp) - 1, "%Y-%m-%d %H:%M", &curdate); cupsFilePuts(fp, "# Class configuration file for " CUPS_SVERSION "\n"); cupsFilePrintf(fp, "# Written by cupsd on %s\n", temp); diff --git a/scheduler/job.c b/scheduler/job.c index 7c87e76e20..a8373f5ba0 100644 --- a/scheduler/job.c +++ b/scheduler/job.c @@ -2187,7 +2187,7 @@ cupsdSaveAllJobs(void) temp[1024]; /* Temporary string */ cupsd_job_t *job; /* Current job */ time_t curtime; /* Current time */ - struct tm *curdate; /* Current date */ + struct tm curdate; /* Current date */ snprintf(filename, sizeof(filename), "%s/job.cache", CacheDir); @@ -2200,9 +2200,9 @@ cupsdSaveAllJobs(void) * Write a small header to the file... */ - curtime = time(NULL); - curdate = localtime(&curtime); - strftime(temp, sizeof(temp) - 1, "%Y-%m-%d %H:%M", curdate); + time(&curtime); + localtime_r(&curtime, &curdate); + strftime(temp, sizeof(temp) - 1, "%Y-%m-%d %H:%M", &curdate); cupsFilePuts(fp, "# Job cache file for " CUPS_SVERSION "\n"); cupsFilePrintf(fp, "# Written by cupsd on %s\n", temp); @@ -2315,7 +2315,7 @@ cupsdSetJobHoldUntil(cupsd_job_t *job, /* I - Job */ int update)/* I - Update job-hold-until attr? */ { time_t curtime; /* Current time */ - struct tm *curdate; /* Current date */ + struct tm curdate; /* Current date */ int hour; /* Hold hour */ int minute; /* Hold minute */ int second = 0; /* Hold second */ @@ -2384,15 +2384,15 @@ cupsdSetJobHoldUntil(cupsd_job_t *job, /* I - Job */ * Hold to 6am the next morning unless local time is < 6pm. */ - curtime = time(NULL); - curdate = localtime(&curtime); + time(&curtime); + localtime_r(&curtime, &curdate); - if (curdate->tm_hour < 18) + if (curdate.tm_hour < 18) job->hold_until = curtime; else job->hold_until = curtime + - ((29 - curdate->tm_hour) * 60 + 59 - - curdate->tm_min) * 60 + 60 - curdate->tm_sec; + ((29 - curdate.tm_hour) * 60 + 59 - + curdate.tm_min) * 60 + 60 - curdate.tm_sec; } else if (!strcmp(when, "evening") || !strcmp(when, "night")) { @@ -2400,15 +2400,15 @@ cupsdSetJobHoldUntil(cupsd_job_t *job, /* I - Job */ * Hold to 6pm unless local time is > 6pm or < 6am. */ - curtime = time(NULL); - curdate = localtime(&curtime); + time(&curtime); + localtime_r(&curtime, &curdate); - if (curdate->tm_hour < 6 || curdate->tm_hour >= 18) + if (curdate.tm_hour < 6 || curdate.tm_hour >= 18) job->hold_until = curtime; else job->hold_until = curtime + - ((17 - curdate->tm_hour) * 60 + 59 - - curdate->tm_min) * 60 + 60 - curdate->tm_sec; + ((17 - curdate.tm_hour) * 60 + 59 - + curdate.tm_min) * 60 + 60 - curdate.tm_sec; } else if (!strcmp(when, "second-shift")) { @@ -2416,15 +2416,15 @@ cupsdSetJobHoldUntil(cupsd_job_t *job, /* I - Job */ * Hold to 4pm unless local time is > 4pm. */ - curtime = time(NULL); - curdate = localtime(&curtime); + time(&curtime); + localtime_r(&curtime, &curdate); - if (curdate->tm_hour >= 16) + if (curdate.tm_hour >= 16) job->hold_until = curtime; else job->hold_until = curtime + - ((15 - curdate->tm_hour) * 60 + 59 - - curdate->tm_min) * 60 + 60 - curdate->tm_sec; + ((15 - curdate.tm_hour) * 60 + 59 - + curdate.tm_min) * 60 + 60 - curdate.tm_sec; } else if (!strcmp(when, "third-shift")) { @@ -2432,15 +2432,15 @@ cupsdSetJobHoldUntil(cupsd_job_t *job, /* I - Job */ * Hold to 12am unless local time is < 8am. */ - curtime = time(NULL); - curdate = localtime(&curtime); + time(&curtime); + localtime_r(&curtime, &curdate); - if (curdate->tm_hour < 8) + if (curdate.tm_hour < 8) job->hold_until = curtime; else job->hold_until = curtime + - ((23 - curdate->tm_hour) * 60 + 59 - - curdate->tm_min) * 60 + 60 - curdate->tm_sec; + ((23 - curdate.tm_hour) * 60 + 59 - + curdate.tm_min) * 60 + 60 - curdate.tm_sec; } else if (!strcmp(when, "weekend")) { @@ -2448,16 +2448,16 @@ cupsdSetJobHoldUntil(cupsd_job_t *job, /* I - Job */ * Hold to weekend unless we are in the weekend. */ - curtime = time(NULL); - curdate = localtime(&curtime); + time(&curtime); + localtime_r(&curtime, &curdate); - if (curdate->tm_wday == 0 || curdate->tm_wday == 6) + if (curdate.tm_wday == 0 || curdate.tm_wday == 6) job->hold_until = curtime; else job->hold_until = curtime + - (((5 - curdate->tm_wday) * 24 + - (17 - curdate->tm_hour)) * 60 + 59 - - curdate->tm_min) * 60 + 60 - curdate->tm_sec; + (((5 - curdate.tm_wday) * 24 + + (17 - curdate.tm_hour)) * 60 + 59 - + curdate.tm_min) * 60 + 60 - curdate.tm_sec; } else if (sscanf(when, "%d:%d:%d", &hour, &minute, &second) >= 2) { @@ -2465,12 +2465,12 @@ cupsdSetJobHoldUntil(cupsd_job_t *job, /* I - Job */ * Hold to specified GMT time (HH:MM or HH:MM:SS)... */ - curtime = time(NULL); - curdate = gmtime(&curtime); + time(&curtime); + gmtime_r(&curtime, &curdate); job->hold_until = curtime + - ((hour - curdate->tm_hour) * 60 + minute - - curdate->tm_min) * 60 + second - curdate->tm_sec; + ((hour - curdate.tm_hour) * 60 + minute - + curdate.tm_min) * 60 + second - curdate.tm_sec; /* * Hold until next day as needed... @@ -2963,7 +2963,7 @@ dump_job_history(cupsd_job_t *job) /* I - Job */ { int i, /* Looping var */ oldsize; /* Current MaxLogSize */ - struct tm *date; /* Date/time value */ + struct tm date; /* Date/time value */ cupsd_joblog_t *message; /* Current message */ char temp[2048], /* Log message */ *ptr, /* Pointer into log message */ @@ -2991,12 +2991,12 @@ dump_job_history(cupsd_job_t *job) /* I - Job */ */ message = (cupsd_joblog_t *)cupsArrayFirst(job->history); - date = localtime(&(message->time)); - strftime(start, sizeof(start), "%X", date); + localtime_r(&(message->time), &date); + strftime(start, sizeof(start), "%X", &date); message = (cupsd_joblog_t *)cupsArrayLast(job->history); - date = localtime(&(message->time)); - strftime(end, sizeof(end), "%X", date); + localtime_r(&(message->time), &date); + strftime(end, sizeof(end), "%X", &date); snprintf(temp, sizeof(temp), "[Job %d] The following messages were recorded from %s to %s", diff --git a/scheduler/log.c b/scheduler/log.c index bab9187694..a694947adb 100644 --- a/scheduler/log.c +++ b/scheduler/log.c @@ -304,7 +304,7 @@ cupsdGetDateTime(struct timeval *t, /* I - Time value or NULL for current */ cupsd_time_t format) /* I - Format to use */ { struct timeval curtime; /* Current time value */ - struct tm *date; /* Date/time value */ + struct tm date; /* Date/time value */ static struct timeval last_time = { 0, 0 }; /* Last time we formatted */ static char s[1024]; /* Date/time string */ @@ -354,23 +354,23 @@ cupsdGetDateTime(struct timeval *t, /* I - Time value or NULL for current */ * (*BSD and Darwin store the timezone offset in the tm structure) */ - date = localtime(&(t->tv_sec)); + localtime_r(&(t->tv_sec), &date); if (format == CUPSD_TIME_STANDARD) snprintf(s, sizeof(s), "[%02d/%s/%04d:%02d:%02d:%02d %+03ld%02ld]", - date->tm_mday, months[date->tm_mon], 1900 + date->tm_year, - date->tm_hour, date->tm_min, date->tm_sec, + date.tm_mday, months[date.tm_mon], 1900 + date.tm_year, + date.tm_hour, date.tm_min, date.tm_sec, #ifdef HAVE_TM_GMTOFF - date->tm_gmtoff / 3600, (date->tm_gmtoff / 60) % 60); + date.tm_gmtoff / 3600, (date.tm_gmtoff / 60) % 60); #else timezone / 3600, (timezone / 60) % 60); #endif /* HAVE_TM_GMTOFF */ else snprintf(s, sizeof(s), "[%02d/%s/%04d:%02d:%02d:%02d.%06d %+03ld%02ld]", - date->tm_mday, months[date->tm_mon], 1900 + date->tm_year, - date->tm_hour, date->tm_min, date->tm_sec, (int)t->tv_usec, + date.tm_mday, months[date.tm_mon], 1900 + date.tm_year, + date.tm_hour, date.tm_min, date.tm_sec, (int)t->tv_usec, #ifdef HAVE_TM_GMTOFF - date->tm_gmtoff / 3600, (date->tm_gmtoff / 60) % 60); + date.tm_gmtoff / 3600, (date.tm_gmtoff / 60) % 60); #else timezone / 3600, (timezone / 60) % 60); #endif /* HAVE_TM_GMTOFF */ diff --git a/scheduler/printers.c b/scheduler/printers.c index 9c1e186008..22f5ad2615 100644 --- a/scheduler/printers.c +++ b/scheduler/printers.c @@ -1427,7 +1427,7 @@ cupsdSaveAllPrinters(void) *name; /* Current user/group name */ cupsd_printer_t *printer; /* Current printer class */ time_t curtime; /* Current time */ - struct tm *curdate; /* Current date */ + struct tm curdate; /* Current date */ cups_option_t *option; /* Current option */ ipp_attribute_t *marker; /* Current marker attribute */ @@ -1447,9 +1447,9 @@ cupsdSaveAllPrinters(void) * Write a small header to the file... */ - curtime = time(NULL); - curdate = localtime(&curtime); - strftime(temp, sizeof(temp) - 1, "%Y-%m-%d %H:%M", curdate); + time(&curtime); + localtime_r(&curtime, &curdate); + strftime(temp, sizeof(temp) - 1, "%Y-%m-%d %H:%M", &curdate); cupsFilePuts(fp, "# Printer configuration file for " CUPS_SVERSION "\n"); cupsFilePrintf(fp, "# Written by cupsd on %s\n", temp); diff --git a/scheduler/subscriptions.c b/scheduler/subscriptions.c index 4bdd1f00ed..d2c6361664 100644 --- a/scheduler/subscriptions.c +++ b/scheduler/subscriptions.c @@ -1062,7 +1062,7 @@ cupsdSaveAllSubscriptions(void) temp[1024]; /* Temporary string */ cupsd_subscription_t *sub; /* Current subscription */ time_t curtime; /* Current time */ - struct tm *curdate; /* Current date */ + struct tm curdate; /* Current date */ unsigned mask; /* Current event mask */ const char *name; /* Current event name */ int hex; /* Non-zero if we are writing hex data */ @@ -1083,9 +1083,9 @@ cupsdSaveAllSubscriptions(void) * Write a small header to the file... */ - curtime = time(NULL); - curdate = localtime(&curtime); - strftime(temp, sizeof(temp) - 1, "%Y-%m-%d %H:%M", curdate); + time(&curtime); + localtime_r(&curtime, &curdate); + strftime(temp, sizeof(temp) - 1, "%Y-%m-%d %H:%M", &curdate); cupsFilePuts(fp, "# Subscription configuration file for " CUPS_SVERSION "\n"); cupsFilePrintf(fp, "# Written by cupsd on %s\n", temp); diff --git a/vcnet/config.h b/vcnet/config.h index 3a6b3fc7b4..d1b0c76c0b 100644 --- a/vcnet/config.h +++ b/vcnet/config.h @@ -51,6 +51,14 @@ #define write _write +/* + * Microsoft "safe" functions use a different argument order than POSIX... + */ + +#define gmtime_r(t,tm) gmtime_s(tm,t) +#define localtime_r(t,tm) localtime_s(tm,t) + + /* * Map the POSIX strcasecmp() and strncasecmp() functions to the Win32 * _stricmp() and _strnicmp() functions...