From b5aa9a3bffd6ab09f565575348078ef9038c4248 Mon Sep 17 00:00:00 2001 From: Michael R Sweet Date: Tue, 2 Nov 2021 15:39:28 -0400 Subject: [PATCH] Another set of changes to resolve Coverity-detected issues. --- backend/dnssd.c | 7 ++- backend/snmp.c | 21 ++++--- cups/adminutil.c | 7 +-- cups/dest-options.c | 42 ++++++------- cups/dest.c | 14 +++-- cups/http-addrlist.c | 7 ++- cups/http-support.c | 9 --- cups/http.c | 3 +- cups/thread.c | 5 +- filter/gziptoany.c | 15 +++-- scheduler/cups-lpd.c | 23 +++---- scheduler/ipp.c | 1 + scheduler/log.c | 8 ++- scheduler/type.c | 136 ++++++++++++++++++++++++++++++------------ tools/ippeveprinter.c | 4 +- tools/ippeveps.c | 11 +++- tools/ippfind.c | 4 +- tools/ipptool.c | 11 +++- 18 files changed, 205 insertions(+), 123 deletions(-) diff --git a/backend/dnssd.c b/backend/dnssd.c index e570291780..610f3bc19e 100644 --- a/backend/dnssd.c +++ b/backend/dnssd.c @@ -887,7 +887,12 @@ get_device(cups_array_t *devices, /* I - Device array */ * Yes, add the device... */ - device = calloc(sizeof(cups_device_t), 1); + if ((device = calloc(sizeof(cups_device_t), 1)) == NULL) + { + perror("DEBUG: Out of memory adding a device"); + return (NULL); + } + device->name = strdup(serviceName); device->domain = strdup(replyDomain); device->type = key.type; diff --git a/backend/snmp.c b/backend/snmp.c index c7806572b1..a90515e3d5 100644 --- a/backend/snmp.c +++ b/backend/snmp.c @@ -619,22 +619,25 @@ get_interface_addresses( return (NULL); for (addr = addrs, first = NULL, last = NULL; addr; addr = addr->ifa_next) + { if ((addr->ifa_flags & IFF_BROADCAST) && addr->ifa_broadaddr && addr->ifa_broadaddr->sa_family == AF_INET && (!ifname || !strcmp(ifname, addr->ifa_name))) { - current = calloc(1, sizeof(http_addrlist_t)); - - memcpy(&(current->addr), addr->ifa_broadaddr, - sizeof(struct sockaddr_in)); + if ((current = calloc(1, sizeof(http_addrlist_t))) != NULL) + { + memcpy(&(current->addr), addr->ifa_broadaddr, + sizeof(struct sockaddr_in)); - if (!last) - first = current; - else - last->next = current; + if (!last) + first = current; + else + last->next = current; - last = current; + last = current; + } } + } freeifaddrs(addrs); diff --git a/cups/adminutil.c b/cups/adminutil.c index 69b5f6c761..2f277cc582 100644 --- a/cups/adminutil.c +++ b/cups/adminutil.c @@ -264,18 +264,17 @@ cupsAdminGetServerSettings( ) remote_access = 1; } - else if (!_cups_strcasecmp(line, "Browsing")) + else if (!_cups_strcasecmp(line, "Browsing") && value) { browsing = !_cups_strcasecmp(value, "yes") || !_cups_strcasecmp(value, "on") || !_cups_strcasecmp(value, "true"); } - else if (!_cups_strcasecmp(line, "LogLevel")) + else if (!_cups_strcasecmp(line, "LogLevel") && value) { debug_logging = !_cups_strncasecmp(value, "debug", 5); } - else if (!_cups_strcasecmp(line, "key) - strlcpy(size->media, best->key, sizeof(size->media)); - else if (best->size_name) - strlcpy(size->media, best->size_name, sizeof(size->media)); - else if (pwg && pwg->pwg) - strlcpy(size->media, pwg->pwg, sizeof(size->media)); - else - strlcpy(size->media, "unknown", sizeof(size->media)); + /* + * Return the matching size... + */ - size->width = best->width; - size->length = best->length; - size->bottom = best->bottom; - size->left = best->left; - size->right = best->right; - size->top = best->top; + if (best->key) + strlcpy(size->media, best->key, sizeof(size->media)); + else if (best->size_name) + strlcpy(size->media, best->size_name, sizeof(size->media)); + else if (pwg->pwg) + strlcpy(size->media, pwg->pwg, sizeof(size->media)); + else + strlcpy(size->media, "unknown", sizeof(size->media)); - return (1); - } + size->width = best->width; + size->length = best->length; + size->bottom = best->bottom; + size->left = best->left; + size->right = best->right; + size->top = best->top; - return (0); + return (1); } diff --git a/cups/dest.c b/cups/dest.c index 2ca2246d54..e4edef1ff3 100644 --- a/cups/dest.c +++ b/cups/dest.c @@ -2831,14 +2831,16 @@ cups_dnssd_get_device( !strcmp(regtype, "_ipps._tcp") ? "IPPS" : "IPP", replyDomain)); - device = calloc(sizeof(_cups_dnssd_device_t), 1); - device->dest.name = _cupsStrAlloc(name); - device->domain = _cupsStrAlloc(replyDomain); - device->regtype = _cupsStrAlloc(regtype); + if ((device = calloc(sizeof(_cups_dnssd_device_t), 1)) != NULL) + { + device->dest.name = _cupsStrAlloc(name); + device->domain = _cupsStrAlloc(replyDomain); + device->regtype = _cupsStrAlloc(regtype); - device->dest.num_options = cupsAddOption("printer-info", serviceName, 0, &device->dest.options); + device->dest.num_options = cupsAddOption("printer-info", serviceName, 0, &device->dest.options); - cupsArrayAdd(data->devices, device); + cupsArrayAdd(data->devices, device); + } } /* diff --git a/cups/http-addrlist.c b/cups/http-addrlist.c index dbe08d551c..6e73464cd9 100644 --- a/cups/http-addrlist.c +++ b/cups/http-addrlist.c @@ -1,6 +1,7 @@ /* * HTTP address list routines for CUPS. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2007-2021 by Apple Inc. * Copyright © 1997-2007 by Easy Software Products, all rights reserved. * @@ -500,6 +501,9 @@ httpAddrGetList(const char *hostname, /* I - Hostname, IP address, or NULL for p http_addrlist_t *first, /* First address in list */ *addr, /* Current address in list */ *temp; /* New address */ + char ipv6[64], /* IPv6 address */ + *ipv6zone; /* Pointer to zone separator */ + int ipv6len; /* Length of IPv6 address */ _cups_globals_t *cg = _cupsGlobals(); /* Global data */ @@ -569,9 +573,6 @@ httpAddrGetList(const char *hostname, /* I - Hostname, IP address, or NULL for p struct addrinfo hints, /* Address lookup hints */ *results, /* Address lookup results */ *current; /* Current result */ - char ipv6[64], /* IPv6 address */ - *ipv6zone; /* Pointer to zone separator */ - int ipv6len; /* Length of IPv6 address */ int error; /* getaddrinfo() error */ diff --git a/cups/http-support.c b/cups/http-support.c index f442268da2..209235ee6a 100644 --- a/cups/http-support.c +++ b/cups/http-support.c @@ -2565,15 +2565,6 @@ http_resolve_cb( * Figure out the scheme from the full name... */ - if (strstr(type, "_ipp.")) - scheme = "ipp"; - else if (strstr(type, "_printer.")) - scheme = "lpd"; - else if (strstr(type, "_pdl-datastream.")) - scheme = "socket"; - else - scheme = "riousbprint"; - if (!strncmp(type, "_ipps.", 6) || !strncmp(type, "_ipp-tls.", 9)) scheme = "ipps"; else if (!strncmp(type, "_ipp.", 5) || !strncmp(type, "_fax-ipp.", 9)) diff --git a/cups/http.c b/cups/http.c index ac0ba16d99..66dd3b071e 100644 --- a/cups/http.c +++ b/cups/http.c @@ -3627,7 +3627,8 @@ http_add_field(http_t *http, /* I - HTTP connection */ if (!valuelen) { - http->_fields[field][0] = '\0'; + if (field < HTTP_FIELD_ACCEPT_ENCODING) + http->_fields[field][0] = '\0'; return; } diff --git a/cups/thread.c b/cups/thread.c index fcab938267..0e01cbfcd9 100644 --- a/cups/thread.c +++ b/cups/thread.c @@ -1,6 +1,7 @@ /* * Threading primitives for CUPS. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2009-2018 by Apple Inc. * * Licensed under Apache License v2.0. See the file "LICENSE" for more @@ -62,10 +63,10 @@ _cupsCondWait(_cups_cond_t *cond, /* I - Condition */ abstime.tv_sec ++; }; - pthread_cond_timedwait(cond, mutex, &abstime); + (void)pthread_cond_timedwait(cond, mutex, &abstime); } else - pthread_cond_wait(cond, mutex); + (void)pthread_cond_wait(cond, mutex); } diff --git a/filter/gziptoany.c b/filter/gziptoany.c index 5d216e84fb..c2c8bc00d3 100644 --- a/filter/gziptoany.c +++ b/filter/gziptoany.c @@ -1,10 +1,12 @@ /* * GZIP/raw pre-filter for CUPS. * - * Copyright 2007-2015 by Apple Inc. - * Copyright 1993-2007 by Easy Software Products. + * Copyright © 2021 by OpenPrinting. + * Copyright © 2007-2015 by Apple Inc. + * Copyright © 1993-2007 by Easy Software Products. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ /* @@ -46,9 +48,14 @@ main(int argc, /* I - Number of command-line arguments */ */ if (!getenv("FINAL_CONTENT_TYPE")) - copies = atoi(argv[4]); + { + if ((copies = atoi(argv[4])) < 1) + copies = 1; + } else + { copies = 1; + } /* * Open the file... diff --git a/scheduler/cups-lpd.c b/scheduler/cups-lpd.c index 6b2c9708fc..843065471e 100644 --- a/scheduler/cups-lpd.c +++ b/scheduler/cups-lpd.c @@ -285,24 +285,19 @@ main(int argc, /* I - Number of command-line arguments */ break; case 0x05 : /* Remove jobs */ - if (list) - { - /* - * Grab the agent and skip to the list of users and/or jobs. - */ + /* + * Grab the agent and skip to the list of users and/or jobs. + */ - agent = list; + agent = list; - for (; *list && !isspace(*list & 255); list ++); - while (isspace(*list & 255)) - *list++ = '\0'; + for (; *list && !isspace(*list & 255); list ++); + while (isspace(*list & 255)) + *list++ = '\0'; - syslog(LOG_INFO, "Remove jobs %s on %s by %s", list, dest, agent); + syslog(LOG_INFO, "Remove jobs %s on %s by %s", list, dest, agent); - status = (char)remove_jobs(dest, agent, list); - } - else - status = 1; + status = (char)remove_jobs(dest, agent, list); putchar(status); break; diff --git a/scheduler/ipp.c b/scheduler/ipp.c index 2156a095c1..5972b9955c 100644 --- a/scheduler/ipp.c +++ b/scheduler/ipp.c @@ -6790,6 +6790,7 @@ get_jobs(cupsd_client_t *con, /* I - Client connection */ { send_ipp_status(con, IPP_NOT_FOUND, _("Job #%d does not exist."), job_ids->values[i].integer); + cupsArrayDelete(ra); return; } diff --git a/scheduler/log.c b/scheduler/log.c index 41ddb4cb99..0fe7f3a2bc 100644 --- a/scheduler/log.c +++ b/scheduler/log.c @@ -1,6 +1,7 @@ /* * Log file routines for the CUPS scheduler. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2007-2018 by Apple Inc. * Copyright © 1997-2007 by Easy Software Products, all rights reserved. * @@ -915,8 +916,11 @@ cupsdLogPage(cupsd_job_t *job, /* I - Job being printed */ { pwg_media_t *pwg = pwgMediaForSize(ippGetInteger(x_dimension, 0), ippGetInteger(y_dimension, 0)); /* PWG media name */ - strlcpy(bufptr, pwg->pwg, sizeof(buffer) - (size_t)(bufptr - buffer)); - break; + if (pwg) + { + strlcpy(bufptr, pwg->pwg, sizeof(buffer) - (size_t)(bufptr - buffer)); + break; + } } } diff --git a/scheduler/type.c b/scheduler/type.c index f547b83583..95ab46aa08 100644 --- a/scheduler/type.c +++ b/scheduler/type.c @@ -1,6 +1,7 @@ /* * MIME typing routines for CUPS. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2007-2019 by Apple Inc. * Copyright © 1997-2006 by Easy Software Products, all rights reserved. * @@ -797,10 +798,16 @@ mime_check_rules( * Reload file buffer... */ - cupsFileSeek(fb->fp, rules->offset); - fb->length = cupsFileRead(fb->fp, (char *)fb->buffer, - sizeof(fb->buffer)); - fb->offset = rules->offset; + if (cupsFileSeek(fb->fp, rules->offset) < 0) + { + fb->length = 0; + fb->offset = 0; + } + else + { + fb->length = cupsFileRead(fb->fp, (char *)fb->buffer, sizeof(fb->buffer)); + fb->offset = rules->offset; + } DEBUG_printf(("4mime_check_rules: MIME_MAGIC_ASCII fb->length=%d", fb->length)); } @@ -841,10 +848,16 @@ mime_check_rules( * Reload file buffer... */ - cupsFileSeek(fb->fp, rules->offset); - fb->length = cupsFileRead(fb->fp, (char *)fb->buffer, - sizeof(fb->buffer)); - fb->offset = rules->offset; + if (cupsFileSeek(fb->fp, rules->offset) < 0) + { + fb->length = 0; + fb->offset = 0; + } + else + { + fb->length = cupsFileRead(fb->fp, (char *)fb->buffer, sizeof(fb->buffer)); + fb->offset = rules->offset; + } DEBUG_printf(("4mime_check_rules: MIME_MAGIC_PRINTABLE fb->length=%d", fb->length)); } @@ -890,10 +903,16 @@ mime_check_rules( * Reload file buffer... */ - cupsFileSeek(fb->fp, rules->offset); - fb->length = cupsFileRead(fb->fp, (char *)fb->buffer, - sizeof(fb->buffer)); - fb->offset = rules->offset; + if (cupsFileSeek(fb->fp, rules->offset) < 0) + { + fb->length = 0; + fb->offset = 0; + } + else + { + fb->length = cupsFileRead(fb->fp, (char *)fb->buffer, sizeof(fb->buffer)); + fb->offset = rules->offset; + } DEBUG_printf(("4mime_check_rules: MIME_MAGIC_REGEX fb->length=%d", fb->length)); @@ -936,10 +955,16 @@ mime_check_rules( * Reload file buffer... */ - cupsFileSeek(fb->fp, rules->offset); - fb->length = cupsFileRead(fb->fp, (char *)fb->buffer, - sizeof(fb->buffer)); - fb->offset = rules->offset; + if (cupsFileSeek(fb->fp, rules->offset) < 0) + { + fb->length = 0; + fb->offset = 0; + } + else + { + fb->length = cupsFileRead(fb->fp, (char *)fb->buffer, sizeof(fb->buffer)); + fb->offset = rules->offset; + } DEBUG_printf(("4mime_check_rules: MIME_MAGIC_STRING fb->length=%d", fb->length)); @@ -973,10 +998,16 @@ mime_check_rules( * Reload file buffer... */ - cupsFileSeek(fb->fp, rules->offset); - fb->length = cupsFileRead(fb->fp, (char *)fb->buffer, - sizeof(fb->buffer)); - fb->offset = rules->offset; + if (cupsFileSeek(fb->fp, rules->offset) < 0) + { + fb->length = 0; + fb->offset = 0; + } + else + { + fb->length = cupsFileRead(fb->fp, (char *)fb->buffer, sizeof(fb->buffer)); + fb->offset = rules->offset; + } DEBUG_printf(("4mime_check_rules: MIME_MAGIC_ISTRING fb->length=%d", fb->length)); } @@ -1003,10 +1034,16 @@ mime_check_rules( * Reload file buffer... */ - cupsFileSeek(fb->fp, rules->offset); - fb->length = cupsFileRead(fb->fp, (char *)fb->buffer, - sizeof(fb->buffer)); - fb->offset = rules->offset; + if (cupsFileSeek(fb->fp, rules->offset) < 0) + { + fb->length = 0; + fb->offset = 0; + } + else + { + fb->length = cupsFileRead(fb->fp, (char *)fb->buffer, sizeof(fb->buffer)); + fb->offset = rules->offset; + } DEBUG_printf(("4mime_check_rules: MIME_MAGIC_CHAR fb->length=%d", fb->length)); } @@ -1019,8 +1056,7 @@ mime_check_rules( if (fb->length < 1) result = 0; else - result = (fb->buffer[rules->offset - fb->offset] == - rules->value.charv); + result = (fb->buffer[rules->offset - fb->offset] == rules->value.charv); break; case MIME_MAGIC_SHORT : @@ -1035,10 +1071,16 @@ mime_check_rules( * Reload file buffer... */ - cupsFileSeek(fb->fp, rules->offset); - fb->length = cupsFileRead(fb->fp, (char *)fb->buffer, - sizeof(fb->buffer)); - fb->offset = rules->offset; + if (cupsFileSeek(fb->fp, rules->offset) < 0) + { + fb->length = 0; + fb->offset = 0; + } + else + { + fb->length = cupsFileRead(fb->fp, (char *)fb->buffer, sizeof(fb->buffer)); + fb->offset = rules->offset; + } DEBUG_printf(("4mime_check_rules: MIME_MAGIC_SHORT fb->length=%d", fb->length)); } @@ -1049,7 +1091,9 @@ mime_check_rules( */ if (fb->length < 2) + { result = 0; + } else { bufptr = fb->buffer + rules->offset - fb->offset; @@ -1070,10 +1114,16 @@ mime_check_rules( * Reload file buffer... */ - cupsFileSeek(fb->fp, rules->offset); - fb->length = cupsFileRead(fb->fp, (char *)fb->buffer, - sizeof(fb->buffer)); - fb->offset = rules->offset; + if (cupsFileSeek(fb->fp, rules->offset) < 0) + { + fb->length = 0; + fb->offset = 0; + } + else + { + fb->length = cupsFileRead(fb->fp, (char *)fb->buffer, sizeof(fb->buffer)); + fb->offset = rules->offset; + } DEBUG_printf(("4mime_check_rules: MIME_MAGIC_INT fb->length=%d", fb->length)); } @@ -1084,7 +1134,9 @@ mime_check_rules( */ if (fb->length < 4) + { result = 0; + } else { bufptr = fb->buffer + rules->offset - fb->offset; @@ -1113,10 +1165,16 @@ mime_check_rules( * Reload file buffer... */ - cupsFileSeek(fb->fp, rules->offset); - fb->length = cupsFileRead(fb->fp, (char *)fb->buffer, - sizeof(fb->buffer)); - fb->offset = rules->offset; + if (cupsFileSeek(fb->fp, rules->offset) < 0) + { + fb->length = 0; + fb->offset = 0; + } + else + { + fb->length = cupsFileRead(fb->fp, (char *)fb->buffer, sizeof(fb->buffer)); + fb->offset = rules->offset; + } DEBUG_printf(("4mime_check_rules: MIME_MAGIC_CONTAINS fb->length=%d", fb->length)); } @@ -1127,7 +1185,9 @@ mime_check_rules( */ if ((rules->offset + rules->length) > (fb->offset + fb->length)) + { result = 0; + } else { if (fb->length > rules->region) diff --git a/tools/ippeveprinter.c b/tools/ippeveprinter.c index cf128dfbec..2da5ed526c 100644 --- a/tools/ippeveprinter.c +++ b/tools/ippeveprinter.c @@ -7025,8 +7025,6 @@ process_job(ippeve_job_t *job) /* I - Job */ #endif /* !_WIN32 */ job->state = IPP_JSTATE_ABORTED; } - else if (status < 0) - job->state = IPP_JSTATE_ABORTED; else fprintf(stderr, "[Job %d] Command \"%s\" completed successfully.\n", job->id, job->printer->command); @@ -8049,6 +8047,8 @@ show_media(ippeve_client_t *client) /* I - Client connection */ else html_printf(client, "\n"); + cupsFreeOptions(num_options, options); + html_footer(client); return (1); diff --git a/tools/ippeveps.c b/tools/ippeveps.c index 0550755b7f..8cebc5bf99 100644 --- a/tools/ippeveps.c +++ b/tools/ippeveps.c @@ -73,7 +73,10 @@ main(int argc, /* I - Number of command-line arguments */ num_options = get_options(&options); if ((ipp_copies = getenv("IPP_COPIES")) != NULL) - copies = atoi(ipp_copies); + { + if ((copies = atoi(ipp_copies)) < 1) + copies = 1; + } else copies = 1; @@ -952,7 +955,11 @@ ps_to_ps(const char *filename, /* I - Filename */ if (!strncmp(line, "%%Page:", 7)) break; - first_pos = ftell(fp); + if ((first_pos = ftell(fp)) < 0) + { + perror("DEBUG: ftell failed"); + first_pos = 0; + } if (line[0] != '%') fputs(line, stdout); diff --git a/tools/ippfind.c b/tools/ippfind.c index e0ea856704..7b5b7a919f 100644 --- a/tools/ippfind.c +++ b/tools/ippfind.c @@ -2167,7 +2167,9 @@ get_service(cups_array_t *services, /* I - Service array */ * Yes, add the service... */ - service = calloc(sizeof(ippfind_srv_t), 1); + if ((service = calloc(sizeof(ippfind_srv_t), 1)) == NULL) + return (NULL); + service->name = strdup(serviceName); service->domain = strdup(replyDomain); service->regtype = strdup(regtype); diff --git a/tools/ipptool.c b/tools/ipptool.c index b562d52e43..64d38111f1 100644 --- a/tools/ipptool.c +++ b/tools/ipptool.c @@ -4368,8 +4368,15 @@ token_cb(_ipp_file_t *f, /* I - IPP file data */ * Name of test... */ - _ippFileReadToken(f, temp, sizeof(temp)); - _ippVarsExpand(vars, data->name, temp, sizeof(data->name)); + if (_ippFileReadToken(f, temp, sizeof(temp))) + { + _ippVarsExpand(vars, data->name, temp, sizeof(data->name)); + } + else + { + print_fatal_error(data, "Missing NAME string on line %d of \"%s\".", f->linenum, f->filename); + return (0); + } } else if (!_cups_strcasecmp(token, "PAUSE")) { -- 2.47.2