From: Dave Hart <hart@ntp.org>
Date: Fri, 15 Apr 2011 19:53:04 +0000 (+0000)
Subject: A few more Coverity Scan cleanups.
X-Git-Tag: NTP_4_2_7P153~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bd12b6a96aa3a14d77dacc00cad49b83571f4ccd;p=thirdparty%2Fntp.git

A few more Coverity Scan cleanups.

bk: 4da8a220Nizg3obDySlpBPoJquH0yA
---

diff --git a/ChangeLog b/ChangeLog
index a9399788b..ce78bda74 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,4 @@
+* A few more Coverity Scan cleanups.
 (4.2.7p152) 2011/04/15 Released by Harlan Stenn <stenn@ntp.org>
 * Update embedded libevent to current 2.1 git HEAD.
 (4.2.7p151) 2011/04/14 Released by Harlan Stenn <stenn@ntp.org>
diff --git a/lib/isc/inet_ntop.c b/lib/isc/inet_ntop.c
index 3eee8feb7..8b7931bab 100644
--- a/lib/isc/inet_ntop.c
+++ b/lib/isc/inet_ntop.c
@@ -89,14 +89,15 @@ inet_ntop4(const unsigned char *src, char *dst, size_t size)
 {
 	static const char *fmt = "%u.%u.%u.%u";
 	char tmp[sizeof("255.255.255.255")];
+	int len;
 
-	if (snprintf(tmp, sizeof(tmp), fmt, src[0], src[1], src[2],
-		     src[3]) >= size)
+	len = snprintf(tmp, sizeof(tmp), fmt, src[0], src[1], src[2], src[3]);
+	if (len < 0 || len >= size)
 	{
 		errno = ENOSPC;
 		return (NULL);
 	}
-	strcpy(dst, tmp);
+	memcpy(dst, tmp, 1 + len);
 
 	return (dst);
 }
@@ -178,7 +179,7 @@ inet_ntop6(const unsigned char *src, char *dst, size_t size)
 			tp += strlen(tp);
 			break;
 		}
-		tp += sprintf(tp, "%x", words[i]);
+		tp += snprintf(tp, sizeof(tmp) - (tp - tmp), "%x", words[i]);
 	}
 	/* Was it a trailing run of 0x00's? */
 	if (best.base != -1 && (best.base + best.len) ==
@@ -193,7 +194,7 @@ inet_ntop6(const unsigned char *src, char *dst, size_t size)
 		errno = ENOSPC;
 		return (NULL);
 	}
-	strcpy(dst, tmp);
+	memcpy(dst, tmp, (size_t)(tp - tmp));
 	return (dst);
 }
 #endif /* AF_INET6 */
diff --git a/lib/isc/log.c b/lib/isc/log.c
index e19c9ba98..6ffc638c6 100644
--- a/lib/isc/log.c
+++ b/lib/isc/log.c
@@ -41,6 +41,7 @@
 #include <isc/string.h>
 #include <isc/time.h>
 #include <isc/util.h>
+#include "l_stdlib.h"		/* NTP change for strlcpy, strlcat */
 
 #define LCTX_MAGIC		ISC_MAGIC('L', 'c', 't', 'x')
 #define VALID_CONTEXT(lctx)	ISC_MAGIC_VALID(lctx, LCTX_MAGIC)
@@ -1408,6 +1409,7 @@ isc_log_doit(isc_log_t *lctx, isc_logcategory_t *category,
 	int syslog_level;
 	char time_string[64];
 	char level_string[24];
+	size_t octets;
 	const char *iformat;
 	struct stat statbuf;
 	isc_boolean_t matched = ISC_FALSE;
@@ -1618,16 +1620,17 @@ isc_log_doit(isc_log_t *lctx, isc_logcategory_t *category,
 				 * It wasn't in the duplicate interval,
 				 * so add it to the message list.
 				 */
+				octets = strlen(lctx->buffer) + 1;
 				new = isc_mem_get(lctx->mctx,
 						  sizeof(isc_logmessage_t) +
-						  strlen(lctx->buffer) + 1);
+						  octets);
 				if (new != NULL) {
 					/*
 					 * Put the text immediately after
 					 * the struct.  The strcpy is safe.
 					 */
 					new->text = (char *)(new + 1);
-					strcpy(new->text, lctx->buffer);
+					strlcpy(new->text, lctx->buffer, octets);
 
 					TIME_NOW(&new->time);
 
diff --git a/lib/isc/netaddr.c b/lib/isc/netaddr.c
index 2d745feb8..84f399d85 100644
--- a/lib/isc/netaddr.c
+++ b/lib/isc/netaddr.c
@@ -31,6 +31,7 @@
 #include <isc/sockaddr.h>
 #include <isc/string.h>
 #include <isc/util.h>
+#include "l_stdlib.h"		/* NTP change for strlcpy, strlcat */
 
 isc_boolean_t
 isc_netaddr_equal(const isc_netaddr_t *a, const isc_netaddr_t *b) {
@@ -308,7 +309,7 @@ isc_netaddr_frompath(isc_netaddr_t *netaddr, const char *path) {
 
         memset(netaddr, 0, sizeof(*netaddr));
         netaddr->family = AF_UNIX;
-        strcpy(netaddr->type.un, path);
+	strlcpy(netaddr->type.un, path, sizeof(netaddr->type.un));
         netaddr->zone = 0;
         return (ISC_R_SUCCESS);
 #else 
diff --git a/lib/isc/task.c b/lib/isc/task.c
index 0b6d297fc..0bd631bdc 100644
--- a/lib/isc/task.c
+++ b/lib/isc/task.c
@@ -1019,14 +1019,16 @@ static void
 manager_free(isc_taskmgr_t *manager) {
 	isc_mem_t *mctx;
 
+	LOCK(&manager->lock);
 #ifdef ISC_PLATFORM_USETHREADS
 	(void)isc_condition_destroy(&manager->exclusive_granted);
 	(void)isc_condition_destroy(&manager->work_available);
 	isc_mem_free(manager->mctx, manager->threads);
 #endif /* ISC_PLATFORM_USETHREADS */
 	manager->magic = 0;
-	DESTROYLOCK(&manager->lock);
 	mctx = manager->mctx;
+	UNLOCK(&manager->lock);
+	DESTROYLOCK(&manager->lock);
 	isc_mem_put(mctx, manager, sizeof(*manager));
 	isc_mem_detach(&mctx);
 }
diff --git a/lib/isc/unix/dir.c b/lib/isc/unix/dir.c
index 924414759..de89a08e6 100644
--- a/lib/isc/unix/dir.c
+++ b/lib/isc/unix/dir.c
@@ -35,6 +35,7 @@
 #include <isc/util.h>
 
 #include "errno2result.h"
+#include "l_stdlib.h"		/* NTP change for strlcpy, strlcat */
 
 #define ISC_DIR_MAGIC		ISC_MAGIC('D', 'I', 'R', '*')
 #define VALID_DIR(dir)		ISC_MAGIC_VALID(dir, ISC_DIR_MAGIC)
@@ -58,6 +59,7 @@ isc_dir_init(isc_dir_t *dir) {
 isc_result_t
 isc_dir_open(isc_dir_t *dir, const char *dirname) {
 	char *p;
+	size_t octets;
 	isc_result_t result = ISC_R_SUCCESS;
 
 	REQUIRE(VALID_DIR(dir));
@@ -67,10 +69,11 @@ isc_dir_open(isc_dir_t *dir, const char *dirname) {
 	 * Copy directory name.  Need to have enough space for the name,
 	 * a possible path separator, the wildcard, and the final NUL.
 	 */
-	if (strlen(dirname) + 3 > sizeof(dir->dirname))
+	octets = strlen(dirname) + 1;
+	if (octets + 2 > sizeof(dir->dirname))
 		/* XXXDCL ? */
 		return (ISC_R_NOSPACE);
-	strcpy(dir->dirname, dirname);
+	strlcpy(dir->dirname, dirname, octets);
 
 	/*
 	 * Append path separator, if needed, and "*".
@@ -102,6 +105,7 @@ isc_dir_open(isc_dir_t *dir, const char *dirname) {
 isc_result_t
 isc_dir_read(isc_dir_t *dir) {
 	struct dirent *entry;
+	size_t octets;
 
 	REQUIRE(VALID_DIR(dir) && dir->handle != NULL);
 
@@ -116,10 +120,11 @@ isc_dir_read(isc_dir_t *dir) {
 	/*
 	 * Make sure that the space for the name is long enough.
 	 */
-	if (sizeof(dir->entry.name) <= strlen(entry->d_name))
-	    return (ISC_R_UNEXPECTED);
+	octets = strlen(entry->d_name) + 1;
+	if (sizeof(dir->entry.name) < octets)
+		return (ISC_R_UNEXPECTED);
 
-	strcpy(dir->entry.name, entry->d_name);
+	strlcpy(dir->entry.name, entry->d_name, octets);
 
 	/*
 	 * Some dirents have d_namlen, but it is not portable.
diff --git a/lib/isc/unix/file.c b/lib/isc/unix/file.c
index 748aee889..6894df311 100644
--- a/lib/isc/unix/file.c
+++ b/lib/isc/unix/file.c
@@ -74,6 +74,7 @@
 #include <isc/util.h>
 
 #include "errno2result.h"
+#include "l_stdlib.h"		/* NTP change for strlcpy, strlcat */
 
 /*
  * XXXDCL As the API for accessing file statistics undoubtedly gets expanded,
@@ -183,14 +184,14 @@ isc_file_template(const char *path, const char *templet, char *buf,
 		if ((s - path + 1 + strlen(templet) + 1) > buflen)
 			return (ISC_R_NOSPACE);
 
-		strncpy(buf, path, s - path + 1);
+		strlcpy(buf, path, buflen);
 		buf[s - path + 1] = '\0';
-		strcat(buf, templet);
+		strlcat(buf, templet, buflen);
 	} else {
 		if ((strlen(templet) + 1) > buflen)
 			return (ISC_R_NOSPACE);
 
-		strcpy(buf, templet);
+		strlcpy(buf, templet, buflen);
 	}
 
 	return (ISC_R_SUCCESS);
@@ -416,7 +417,7 @@ dir_current(char *dirname, size_t length) {
 		if (strlen(dirname) + 1 == length)
 			result = ISC_R_NOSPACE;
 		else if (dirname[1] != '\0')
-			strcat(dirname, "/");
+			strlcat(dirname, "/", length);
 	}
 
 	return (result);
@@ -430,7 +431,7 @@ isc_file_absolutepath(const char *filename, char *path, size_t pathlen) {
 		return (result);
 	if (strlen(path) + strlen(filename) + 1 > pathlen)
 		return (ISC_R_NOSPACE);
-	strcat(path, filename);
+	strlcat(path, filename, pathlen);
 	return (ISC_R_SUCCESS);
 }
 
diff --git a/libntp/icom.c b/libntp/icom.c
index f6be65e6b..c981d8548 100644
--- a/libntp/icom.c
+++ b/libntp/icom.c
@@ -151,7 +151,7 @@ icom_init(
 	ttyb.c_cc[VTIME] = 5;	/* receive timeout */
 	cfsetispeed(&ttyb, (u_int)speed);
 	cfsetospeed(&ttyb, (u_int)speed);
-	tcsetattr(fd, TCSANOW, &ttyb);
+	rc = tcsetattr(fd, TCSANOW, &ttyb);
 	if (rc < 0) {
 		saved_errno = errno;
 		close(fd);
diff --git a/libntp/work_thread.c b/libntp/work_thread.c
index 532fafc94..562eb0493 100644
--- a/libntp/work_thread.c
+++ b/libntp/work_thread.c
@@ -205,10 +205,12 @@ send_blocking_req_internal(
 	blocking_pipe_header *	threadcopy;
 
 	REQUIRE(hdr != NULL);
-	REQUIRE(hdr->octets > sizeof(*hdr));
 	REQUIRE(data != NULL);
 	DEBUG_REQUIRE(BLOCKING_REQ_MAGIC == hdr->magic_sig);
 
+	if (sizeof(*hdr) < hdr->octets)
+		return 1;	/* failure */
+
 	ensure_workitems_empty_slot(c);
 	if (NULL == c->thread_ref) {
 		ensure_workresp_empty_slot(c);
diff --git a/ntpd/refclock_datum.c b/ntpd/refclock_datum.c
index e9b73f487..abd18f887 100644
--- a/ntpd/refclock_datum.c
+++ b/ntpd/refclock_datum.c
@@ -220,6 +220,7 @@ datum_pts_start(
 	struct datum_pts_unit *datum_pts;
 	int fd;
 #ifdef HAVE_TERMIOS
+	int rc;
 	struct termios arg;
 #endif
 
@@ -273,7 +274,12 @@ datum_pts_start(
 	arg.c_cc[VMIN] = 0;		/* start timeout timer right away (not used) */
 	arg.c_cc[VTIME] = 30;		/* 3 second timout on reads (not used) */
 
-	tcsetattr(datum_pts->PTS_fd, TCSANOW, &arg);
+	rc = tcsetattr(datum_pts->PTS_fd, TCSANOW, &arg);
+	if (rc < 0) {
+		msyslog(LOG_ERR, "Datum_PTS: tcsetattr(\"%s\") failed: %m", DATUM_DEV);
+		close(datum_pts->PTS_fd);
+		return 0;
+	}
 
 	/*
 	** Initialize the ntpd IO structure