From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sun, 3 Feb 2013 08:49:00 +0000 (-0700)
Subject: Fix lots of SNMP alignment, sizeof(), and memory uninitialized erorrs
X-Git-Tag: SQUID_3_4_0_1~320
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5d5ef07ea99ae33815c88fd7180eee670d6c5af9;p=thirdparty%2Fsquid.git

Fix lots of SNMP alignment, sizeof(), and memory uninitialized erorrs

They all stem from a few uses of "sizeof(name)" where name is a pointer
to an OID object rather than the object itself. This code is present as
far back as squid-2.6 and probably a lot further.

It appears to not have been causing obvious problems due to the
sizeof(oid*) [4 or 8 octets] on a pointer being larger than the
sizeof(oid) [1 or 2 octets] on the object stored into the allocated
memory.

 Detected by Coverity Scan. Issues 740305, 740306, 740306, 740307,
    740308, 740459, 740460, 740461, 740462, 740465, 740466, 740467,
    740468, 740469, 740470, 740471, 740472.
---

diff --git a/src/snmp_core.cc b/src/snmp_core.cc
index 1c4d8d1844..485c3f7f48 100644
--- a/src/snmp_core.cc
+++ b/src/snmp_core.cc
@@ -705,8 +705,8 @@ static_Inst(oid * name, snint * len, mib_tree_entry * current, oid_ParseFn ** Fn
 {
     oid *instance = NULL;
     if (*len <= current->len) {
-        instance = (oid *)xmalloc(sizeof(name) * (*len + 1));
-        memcpy(instance, name, (sizeof(name) * *len));
+        instance = (oid *)xmalloc(sizeof(*name) * (*len + 1));
+        memcpy(instance, name, sizeof(*name) * (*len));
         instance[*len] = 0;
         *len += 1;
     }
@@ -722,8 +722,8 @@ time_Inst(oid * name, snint * len, mib_tree_entry * current, oid_ParseFn ** Fn)
     int index[TIME_INDEX_LEN] = {TIME_INDEX};
 
     if (*len <= current->len) {
-        instance = (oid *)xmalloc(sizeof(name) * (*len + 1));
-        memcpy(instance, name, (sizeof(name) * *len));
+        instance = (oid *)xmalloc(sizeof(*name) * (*len + 1));
+        memcpy(instance, name, sizeof(*name) * (*len));
         instance[*len] = *index;
         *len += 1;
     } else {
@@ -733,8 +733,8 @@ time_Inst(oid * name, snint * len, mib_tree_entry * current, oid_ParseFn ** Fn)
             ++loop;
 
         if (loop < (TIME_INDEX_LEN - 1)) {
-            instance = (oid *)xmalloc(sizeof(name) * (*len));
-            memcpy(instance, name, (sizeof(name) * *len));
+            instance = (oid *)xmalloc(sizeof(*name) * (*len));
+            memcpy(instance, name, sizeof(*name) * (*len));
             instance[*len - 1] = index[++loop];
         }
     }
@@ -761,8 +761,8 @@ peer_Inst(oid * name, snint * len, mib_tree_entry * current, oid_ParseFn ** Fn)
         instance = client_Inst(current->name, len, current, Fn);
     } else if (*len <= current->len) {
         debugs(49, 6, "snmp peer_Inst: *len <= current->len ???");
-        instance = (oid *)xmalloc(sizeof(name) * ( *len + 1));
-        memcpy(instance, name, (sizeof(name) * *len));
+        instance = (oid *)xmalloc(sizeof(*name) * ( *len + 1));
+        memcpy(instance, name, sizeof(*name) * (*len));
         instance[*len] = 1 ;
         *len += 1;
     } else {
@@ -773,8 +773,8 @@ peer_Inst(oid * name, snint * len, mib_tree_entry * current, oid_ParseFn ** Fn)
 
         if (peers) {
             debugs(49, 6, "snmp peer_Inst: Encode peer #" << i);
-            instance = (oid *)xmalloc(sizeof(name) * (current->len + 1 ));
-            memcpy(instance, name, (sizeof(name) * current->len ));
+            instance = (oid *)xmalloc(sizeof(*name) * (current->len + 1 ));
+            memcpy(instance, name, (sizeof(*name) * current->len ));
             instance[current->len] = no + 1 ; // i.e. the next index on cache_peeer table.
         } else {
             debugs(49, 6, "snmp peer_Inst: We have " << i << " peers. Can't find #" << no);
@@ -808,8 +808,8 @@ client_Inst(oid * name, snint * len, mib_tree_entry * current, oid_ParseFn ** Fn
 
         debugs(49, 6, HERE << "len" << *len << ", current-len" << current->len << ", addr=" << laddr << ", size=" << size);
 
-        instance = (oid *)xmalloc(sizeof(name) * (*len + size ));
-        memcpy(instance, name, (sizeof(name) * (*len)));
+        instance = (oid *)xmalloc(sizeof(*name) * (*len + size ));
+        memcpy(instance, name, (sizeof(*name) * (*len)));
 
         if ( !laddr.IsAnyAddr() ) {
             addr2oid(laddr, &instance[ *len]);  // the addr
@@ -832,8 +832,8 @@ client_Inst(oid * name, snint * len, mib_tree_entry * current, oid_ParseFn ** Fn
 
             debugs(49, 6, HERE << "len" << *len << ", current-len" << current->len << ", addr=" << laddr << ", newshift=" << newshift);
 
-            instance = (oid *)xmalloc(sizeof(name) * (current->len +  newshift));
-            memcpy(instance, name, (sizeof(name) * (current->len)));
+            instance = (oid *)xmalloc(sizeof(*name) * (current->len +  newshift));
+            memcpy(instance, name, (sizeof(*name) * (current->len)));
             addr2oid(laddr, &instance[current->len]);  // the addr.
             *len = current->len + newshift ;
         }