Ferry Huberts [Fri, 26 Oct 2012 13:15:03 +0000 (15:15 +0200)]
cookie: add an assert
Coverity doesn't understand the olsr_exit
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Fri, 26 Oct 2012 12:50:44 +0000 (14:50 +0200)]
cookie: an array already is a pointer
Coverity:
CID 739655 (#1 of 1): Dereference after null check (FORWARD_NULL)
At (8): Passing null pointer "&branding->cmb_sig" to function
"memcpy(void * restrict, void const * restrict, size_t)", which
dereferences it.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Fri, 26 Oct 2012 11:28:16 +0000 (13:28 +0200)]
Merge branch 'lua-official-502'
* lua-official-502:
tas: lua: run gnu-indent.sh script
use the POSIX standard '__linux__' macro instead of 'linux'
Patch ALIGN_NOWARN_ARM macro for better priority handling.
ARM alignment warnings fixed
Fix sytax errs and line break quirks for gnu-indent
* added -Wcast-qual: this killed lots of unnecessary type-casts
* added -Wbad-function-cast
cleanup, 1. step (to get some local changes away):
x86_64 patch from Bernd
tas: lua: official source code for 5.0.2
Ferry Huberts [Fri, 26 Oct 2012 11:27:29 +0000 (13:27 +0200)]
tas: lua: sync up to official source code with fixes
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Fri, 26 Oct 2012 11:15:36 +0000 (13:15 +0200)]
tas: lua: run gnu-indent.sh script
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Fri, 26 Oct 2012 08:38:04 +0000 (10:38 +0200)]
use the POSIX standard '__linux__' macro instead of 'linux'
"Use __linux__ for this purpose, not linux. Although the latter is defined, it is not POSIX compliant."
http://www.faqs.org/docs/Linux-HOWTO/GCC-HOWTO.html#INDEX.25
from:
485c4d5ca8ad403b27afd39d3016f9741f28867a
Ferry Huberts [Fri, 26 Oct 2012 08:27:50 +0000 (10:27 +0200)]
Patch ALIGN_NOWARN_ARM macro for better priority handling.
from:
7fce805df297d920e5c65e537f610fa7da75bab5
Ferry Huberts [Fri, 26 Oct 2012 08:25:52 +0000 (10:25 +0200)]
Ferry Huberts [Fri, 26 Oct 2012 10:43:15 +0000 (12:43 +0200)]
Fix sytax errs and line break quirks for gnu-indent
from:
0e3c43820a333bea7863e08208de22d77dc828aa
corrected gnu-indent quirks
from:
29d2799ba478fc0354596ff132128e873454bb20
Ferry Huberts [Fri, 26 Oct 2012 10:42:21 +0000 (12:42 +0200)]
* added -Wcast-qual: this killed lots of unnecessary type-casts
from:
17271941ffaa174ee45959effee041831b489d00
Bernd Petrovitsch [Fri, 16 Nov 2007 19:34:26 +0000 (19:34 +0000)]
Ferry Huberts [Fri, 26 Oct 2012 11:06:40 +0000 (13:06 +0200)]
cleanup, 1. step (to get some local changes away):
from:
6ff6c1cc6464a9ca6ac1d3961fc044960a402e5b
Ferry Huberts [Fri, 26 Oct 2012 10:40:36 +0000 (12:40 +0200)]
tas: lua: run gnu-indent.sh script
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Andreas Tonnesen [Sat, 19 Nov 2005 08:39:26 +0000 (08:39 +0000)]
Ferry Huberts [Fri, 26 Oct 2012 10:35:23 +0000 (12:35 +0200)]
tas: lua: official source code for 5.0.2
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Wed, 24 Oct 2012 13:22:18 +0000 (15:22 +0200)]
defs: fix strscpy null pointer dereference
Coverity:
CID 739649 (#1 of 1): Dereference after null check (FORWARD_NULL)
At (5): Passing null pointer "dest" to function
"strncpy(char * restrict, char const * restrict, size_t)", which
dereferences it.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Wed, 24 Oct 2012 13:07:34 +0000 (15:07 +0200)]
linux: sanitise ACPI battery data
Coverity:
CID 739695 (#1 of 1): Use of untrusted scalar value (TAINTED_SCALAR)
At (23): Using tainted variable "bat_max" as the divisor in
"bat_val * 100 / bat_max".
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Thu, 18 Oct 2012 09:44:27 +0000 (11:44 +0200)]
gateway: walk the gateway tree to properly cleanup
No need to explicitly remove the tunnels, since these are
removed by the olsr_delete_gateway_entry function.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Thu, 18 Oct 2012 09:14:36 +0000 (11:14 +0200)]
gateway: split olsr_delete_gateway_entry
The olsr_delete_gateway_entry function now is a wrapper around
the olsr_delete_gateway_tree_entry function. The latter function
will be used by the cleanup function later on, to prevent needless
iterations on the gateway tree.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Thu, 18 Oct 2012 09:09:02 +0000 (11:09 +0200)]
gateway: allow immediate removal of a gateway entry
This is going to be used by the cleanup function later on.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Thu, 18 Oct 2012 08:57:13 +0000 (10:57 +0200)]
gateway: minor simplification in olsr_delete_gateway_entry
Do an early return if the gw is NULL
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Thu, 18 Oct 2012 09:40:12 +0000 (11:40 +0200)]
gateway: ensure cleanup uses the reverse order of init
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Thu, 18 Oct 2012 09:18:08 +0000 (11:18 +0200)]
gateway: cleanup: free the allocated memory cookie
This was forgotten
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Thu, 18 Oct 2012 09:16:54 +0000 (11:16 +0200)]
gateway: initialise the handler before setting up the tunnel
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Wed, 24 Oct 2012 08:51:43 +0000 (10:51 +0200)]
pud: fix alignment warning
src/netTools.c: In function 'getIPv4Address':
src/netTools.c:102:11: warning: cast increases required alignment of target type [-Wcast-align]
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 14:11:42 +0000 (16:11 +0200)]
android: fix type punning warning
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 12:45:29 +0000 (14:45 +0200)]
lq: make sure last_ip != NULL
Coverity:
CID 739653 (#1 of 1): Explicit null dereferenced (FORWARD_NULL)
At (11): Passing null pointer "last_ip" to function
"calculate_border_flag(void *, void *)", which dereferences it.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 12:42:32 +0000 (14:42 +0200)]
lq: make sure that info_head != NULL
Coverity:
CID 739652 (#1 of 1): Explicit null dereferenced (FORWARD_NULL)
At (88): Dereferencing null pointer "info_head".
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 12:14:44 +0000 (14:14 +0200)]
olsr_switch: fix a memory leak
Coverity:
CID 739687 (#1 of 1): Resource leak (RESOURCE_LEAK)
At (16): Variable "oc" going out of scope leaks the storage it points to.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 12:12:33 +0000 (14:12 +0200)]
linux: apm: fix retry opening of apm proc file
Coverity:
CID 739684 (#1 of 1): Resource leak (RESOURCE_LEAK)
At (6): Variable "apm_procfile" going out of scope leaks the storage it
points to.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 12:38:22 +0000 (14:38 +0200)]
cfgparser: fix dereference before assert
Coverity:
CID 739688 (#1 of 1): Dereference before null check (REVERSE_INULL)
Null-checking "in->cnf" suggests that it may be null, but it has already
been dereferenced on all paths leading to the check.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 12:06:55 +0000 (14:06 +0200)]
cfgparser: fix a copy/paste error and resulting memory leak
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 12:06:12 +0000 (14:06 +0200)]
cfgparser: fix some memory leaks
Coverity:
CID 739682 (#1 of 2): Resource leak (RESOURCE_LEAK)
At (84): Variable "in" going out of scope leaks the storage it points to.
CID 739682 (#2 of 2): Resource leak (RESOURCE_LEAK)
At (89): Variable "in" going out of scope leaks the storage it points to.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 11:52:10 +0000 (13:52 +0200)]
main: fix an Out-of-bounds access
Coverity:
CID 739670 (#1 of 1): Out-of-bounds access (OVERRUN)
At (46): Overrunning struct type in_addr of 4 bytes by passing it to a
function which accesses it at byte offset 15 using argument
"16UL".
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 09:31:31 +0000 (11:31 +0200)]
txtinfo: remove some dead code
Coverity:
CID 739639 (#1 of 1): Logically dead code (DEADCODE)
Execution cannot reach this expression "97" inside statement
"v4 = (autoV4 ? 97 : 115);".
CID 739640 (#1 of 1): Logically dead code (DEADCODE)
Execution cannot reach this expression "97" inside statement
"v6 = (autoV6 ? 97 : 115);".
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 08:35:00 +0000 (10:35 +0200)]
tas: fix a memory leak
Coverity:
CID 739681 (#1 of 1): Resource leak (RESOURCE_LEAK)
At (21): Variable "walker" going out of scope leaks the storage it points to.
At (22): Variable "mess" going out of scope leaks the storage it points to.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 11:32:51 +0000 (13:32 +0200)]
quagga: explicitly ignore return value of fcntl
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 09:03:03 +0000 (11:03 +0200)]
pud: remove some dead code
Coverity:
CID 739635 (#1 of 1): Logically dead code (DEADCODE)
Execution cannot reach this expression ""disable"" inside statement
"pudError(true, "Could not %...".
CID 739636: Logically dead code (DEADCODE)
Execution cannot reach this expression ""enable"" inside statement
"pudError(true, "Could not %...".
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 11:03:07 +0000 (13:03 +0200)]
bmf: do not close an fd that is not open
CID 739656 (#1 of 4): Argument cannot be negative (NEGATIVE_RETURNS)
At (7): "encapsulatingSkfd" is passed to a parameter that cannot be
negative.
CID 739656 (#2 of 4): Argument cannot be negative (NEGATIVE_RETURNS)
At (9): "encapsulatingSkfd" is passed to a parameter that cannot be
negative.
CID 739656 (#3 of 4): Argument cannot be negative (NEGATIVE_RETURNS)
At (12): "capturingSkfd" is passed to a parameter that cannot be
negative.
CID 739656 (#4 of 4): Argument cannot be negative (NEGATIVE_RETURNS)
At (11): "encapsulatingSkfd" is passed to a parameter that cannot be
negative.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 11:14:31 +0000 (13:14 +0200)]
p2pd: remove some dead code
Coverity:
CID 739634 (#1 of 1): Dead default in switch (DEADCODE)
Execution cannot reach this statement "default:".
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 10:12:46 +0000 (12:12 +0200)]
p2pd: do not close an fd that is not open
Coverity:
CID 739656 (#6 of 8): Argument cannot be negative (NEGATIVE_RETURNS)
At (7): "capturingSkfd" is passed to a parameter that cannot be negative.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 10:10:30 +0000 (12:10 +0200)]
p2pd: do not close an fd that is not open
Coverity:
CID 739656 (#5 of 8): Argument cannot be negative (NEGATIVE_RETURNS)
At (6): "encapsulatingSkfd" is passed to a parameter that cannot be
negative.
CID 739656 (#7-8 of 8): Argument cannot be negative (NEGATIVE_RETURNS)
At (8): "encapsulatingSkfd" is passed to a parameter that cannot be
negative.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 10:32:33 +0000 (12:32 +0200)]
mdns: check return value of sendto
Coverity:
CID 739617 (#1 of 1): Unchecked return value (CHECKED_RETURN)
At (7): Calling function "sendto(walker->helloSkfd, (char const *)hello,
25UL, 0, (struct sockaddr *)&dest, 16U)" without checking return
value. This library function may fail and return an error code.
At (8): No check of the return value of "sendto(walker->helloSkfd, (
char const *)hello, 25UL, 0, (struct sockaddr *)&dest, 16U)".
CID 739617 (#2 of 2): Unchecked return value (CHECKED_RETURN)
At (7): Calling function "sendto(walker->helloSkfd, (char const *)hello,
25UL, 0, (struct sockaddr *)&dest6, 28U)" without checking
return value. This library function may fail and return an error
code.
At (8): No check of the return value of "sendto(walker->helloSkfd, (
char const *)hello, 25UL, 0, (struct sockaddr *)&dest6, 28U)".
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 10:27:10 +0000 (12:27 +0200)]
mdns: check return value of inet_pton
Coverity:
CID 739616 (#1 of 2): Unchecked return value (CHECKED_RETURN)
At (8): Calling function "inet_pton(int, char const * restrict,
void * restrict)" without checking
return value (as is done elsewhere 23 out of 25 times).
At (9): No check of the return value of "inet_pton(2, "224.0.0.2",
&mc_settings.imr_multiaddr.s_addr)".
CID 739616 (#2 of 2): Unchecked return value (CHECKED_RETURN)
At (7): Calling function "inet_pton(int, char const * restrict,
void * restrict)" without checking
return value (as is done elsewhere 23 out of 25 times).
At (8): No check of the return value of "inet_pton(10, "ff02::2",
&mc6_settings.ipv6mr_multiaddr.__in6_u.__u6_addr8)".
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 09:52:23 +0000 (11:52 +0200)]
mdns: do not close an fd that is not open
Coverity:
CID 739659 (#1 of 1): Argument cannot be negative (NEGATIVE_RETURNS)
At (7): "capturingSkfd" is passed to a parameter that cannot be negative.
CID 739660 (#1 of 1): Argument cannot be negative (NEGATIVE_RETURNS)
At (8): "electionSkfd" is passed to a parameter that cannot be negative.
CID 739661 (#1 of 1): Argument cannot be negative (NEGATIVE_RETURNS)
At (9): "helloSkfd" is passed to a parameter that cannot be negative.
CID 739656 (#6 of 14): Argument cannot be negative (NEGATIVE_RETURNS)
At (7): "capturingSkfd" is passed to a parameter that cannot be negative.
CID 739656 (#9 of 14): Argument cannot be negative (NEGATIVE_RETURNS)
At (7): "electionSkfd" is passed to a parameter that cannot be negative.
CID 739656 (#10 of 14): Argument cannot be negative (NEGATIVE_RETURNS)
At (7): "helloSkfd" is passed to a parameter that cannot be negative.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 09:45:03 +0000 (11:45 +0200)]
mdns: do not close an fd that is not open
Coverity:
CID 739656 (#5 of 14): Argument cannot be negative (NEGATIVE_RETURNS)
At (8): "encapsulatingSkfd" is passed to a parameter that cannot be
negative.
CID 739656 (#7-8 of 14): Argument cannot be negative (NEGATIVE_RETURNS)
At (10): "encapsulatingSkfd" is passed to a parameter that cannot be
negative.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 09:38:15 +0000 (11:38 +0200)]
mdns: remove some dead code
Coverity:
CID 739631 (#1 of 1): Logically dead code (DEADCODE)
Execution cannot reach this expression ""enable"" inside statement
"BmfPError("Could not %s mul...".
CID 739632 (#1 of 1): Logically dead code (DEADCODE)
Execution cannot reach this expression ""disable"" inside statement
"BmfPError("Could not %s mul...".
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 08:51:55 +0000 (10:51 +0200)]
mdns: suppress a Coverity warning
Coverity:
CID 739612 (#1 of 1): Buffer not null terminated (BUFFER_SIZE)
At (5): Calling strncpy with a source string whose length (4 chars) is
greater than or equal to the size argument (4) will fail to
null-terminate "hello->head".
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 09:35:11 +0000 (11:35 +0200)]
jsoninfo: remove pointless compare
Coverity:
CID 739666 (#1 of 1): Array compared against 0 (NO_EFFECT)
Comparing an array to null is not useful: "linkpath != NULL".
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 09:33:14 +0000 (11:33 +0200)]
jsoninfo: remove some dead code
Coverity:
CID 739629 (#1 of 1): Logically dead code (DEADCODE)
Execution cannot reach this expression ""auto"" inside statement
"v4 = (autoV4 ? "auto" : "s");".
CID 739630 (#1 of 1): Logically dead code (DEADCODE)
Execution cannot reach this expression ""auto"" inside statement
"v6 = (autoV6 ? "auto" : "s");".
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 08:16:47 +0000 (10:16 +0200)]
jsoninfo: make sure that uuid is null-terminated
Since it's used as a string.
Coverity:
CID 739693 (#1 of 1): String not null terminated (STRING_NULL)
At (2): Function "fread(void * restrict, size_t, size_t, FILE * restrict)"
does not terminate string "*uuid".
At (4): Passing unterminated string "uuid" to "strchr(char const *, int)",
which expects a null-terminated string.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 08:46:08 +0000 (10:46 +0200)]
jsoninfo: fix a resource leak
Coverity:
CID 739677 (#1 of 1): Resource leak (RESOURCE_LEAK)
At (6): Variable "f" going out of scope leaks the storage it points to.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 11:21:05 +0000 (13:21 +0200)]
nameservice: remove some dead code
Coverity:
CID 739633 (#1 of 1): Logically dead code (DEADCODE)
Execution cannot reach this expression "127" inside statement
"tmp->len = ((len_of_name > ...".
(The condition "len_of_name > 127U" cannot be true.)
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 11:18:05 +0000 (13:18 +0200)]
nameservice: do not close an fd that is not open
Coverity:
CID 739644 (#1 of 1): Dereference after null check (FORWARD_NULL)At (11): Passing null pointer "add_hosts" to function "fclose(FILE *)", which dereferences it.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 10:40:45 +0000 (12:40 +0200)]
nameservice: check return value of fcntl
Coverity:
CID 739618 (#1 of 1): Unchecked return value (CHECKED_RETURN)
At (4): Calling function "fcntl(fd, 4, 1)" without checking return value.
This library function may fail and return an error code.
At (5): No check of the return value of "fcntl(fd, 4, 1)".
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 10:07:15 +0000 (12:07 +0200)]
nameservice: fix wrong size argument
Coverity:
CID 739689 (#1 of 1): Wrong sizeof argument (SIZEOF_MISMATCH)
Passing argument "ip" of type "union olsr_ip_addr *" and argument
"8UL /* sizeof (ip) */" to function "memset(void *, int, size_t)" is
suspicious. Did you intend to use "sizeof(*ip)" instead of "sizeof (ip)"?
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 08:39:48 +0000 (10:39 +0200)]
nameservice: fix a resource leak
Coverity:
CID 739678 (#1 of 1): Resource leak (RESOURCE_LEAK)
At (24): Handle variable "fd" going out of scope leaks the handle.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 08:06:28 +0000 (10:06 +0200)]
secure: initialise cmsg correctly
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 08:06:01 +0000 (10:06 +0200)]
secure: decrease a (stack allocated) buffer size
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 08:05:46 +0000 (10:05 +0200)]
secure: do not hard-code a sizeof()
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 08:05:27 +0000 (10:05 +0200)]
secure: can only work for IPv4, so assert on it
Because of:
memcpy(&cmsg.destination, new_host, olsr_cnf->ipsize);
with
cmsg.destination being an uint32_t
Ferry Huberts [Tue, 23 Oct 2012 07:58:49 +0000 (09:58 +0200)]
secure: initialise crmsg correctly
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 07:58:38 +0000 (09:58 +0200)]
secure: decrease a (stack allocated) buffer size
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 07:58:27 +0000 (09:58 +0200)]
secure: use sizeof() of the fields being copied
Ferry Huberts [Tue, 23 Oct 2012 07:57:53 +0000 (09:57 +0200)]
secure: decrease a (stack allocated) buffer size
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 07:57:40 +0000 (09:57 +0200)]
secure: do not hard-code a sizeof()
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 07:57:06 +0000 (09:57 +0200)]
secure: can only work for IPv4, so assert on it
Because of:
memcpy(&crmsg.destination, to, olsr_cnf->ipsize);
with
crmsg.destination being an uint32_t
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 07:52:00 +0000 (09:52 +0200)]
secure: initialise rrmsg correctly
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 07:51:41 +0000 (09:51 +0200)]
secure: decrease a (stack allocated) buffer size
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 07:51:21 +0000 (09:51 +0200)]
secure: use sizeof() of the fields being copied
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 07:45:42 +0000 (09:45 +0200)]
secure: decrease a (stack allocated) buffer size
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 07:44:57 +0000 (09:44 +0200)]
secure: do not hard-code a sizeof()
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Tue, 23 Oct 2012 07:43:25 +0000 (09:43 +0200)]
secure: can only work for IPv4, so assert on it
Because of:
memcpy(&rrmsg.destination, to, olsr_cnf->ipsize);
with
rrmsg.destination being an uint32_t
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Mon, 22 Oct 2012 13:45:07 +0000 (15:45 +0200)]
httpdinfo: fix resource leak
Coverity:
CID 739676 (#1 of 1): Resource leak (RESOURCE_LEAK)
At (18): Handle variable "client_socket" going out of scope leaks the
handle.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Mon, 22 Oct 2012 13:31:51 +0000 (15:31 +0200)]
httpinfo: do not close an 'error' socket return value
Coverity:
CID 739658 (#1 of 1): Argument cannot be negative (NEGATIVE_RETURNS)
At (5): "client_socket" is passed to a parameter that cannot be negative.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Mon, 22 Oct 2012 13:29:15 +0000 (15:29 +0200)]
bmf: do not dereference NULL pointer
Coverity:
CID 739667 (#1 of 1): Dereference null return value (NULL_RETURNS)
At (31): Dereferencing a null pointer "bestIntf".
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Mon, 22 Oct 2012 13:27:00 +0000 (15:27 +0200)]
bmf: do not close an 'error' socket return value
Coverity:
CID 739657 (#1 of 1): Argument cannot be negative (NEGATIVE_RETURNS)
At (12): "listeningSkfd" is passed to a parameter that cannot be negative.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Mon, 22 Oct 2012 13:24:25 +0000 (15:24 +0200)]
bmf: explicitly cast fgetc result into a char
Coverity:
CID 739615 (#1 of 1): Truncated stdio return value (CHAR_IO)
Assigning the return value of "fgetc(FILE *)" to char "EthTapSpoofState"
truncates its value.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Henning Rogge [Mon, 22 Oct 2012 13:25:18 +0000 (15:25 +0200)]
Fix scanf() format vulnerabilities
Henning Rogge [Mon, 22 Oct 2012 13:13:46 +0000 (15:13 +0200)]
Close file descriptor if error happens
Coverity:
CID 739686 (#1 of 3): Resource leak (RESOURCE_LEAK)
At (8): Handle variable "fd" going out of scope leaks the handle.
CID 739686: Resource leak (RESOURCE_LEAK)
At (12): Handle variable "fd" going out of scope leaks the handle.
CID 739686: Resource leak (RESOURCE_LEAK)
At (14): Handle variable "fd" going out of scope leaks the handle.
Signed-off-by: Henning Rogge <henning.rogge@fkie.fraunhofer.de>
Henning Rogge [Mon, 22 Oct 2012 13:08:56 +0000 (15:08 +0200)]
Check inet_pton return value
Coverity:
CID 739622 (#1 of 1): Unchecked return value (CHECKED_RETURN)
At (8): Calling function "inet_pton(int, char const * restrict, void * restrict)" without checking return value (as is done elsewhere 22 out of 25 times).
Signed-off-by: Henning Rogge <henning.rogge@fkie.fraunhofer.de>
Henning Rogge [Mon, 22 Oct 2012 13:06:57 +0000 (15:06 +0200)]
Use strscpy instead of strncpy.
Coverity:
CID 739613 (#1 of 1): Buffer not null terminated (BUFFER_SIZE_WARNING)
At (6): Calling strncpy with a maximum size argument of 16 bytes on destination array "t->if_name" of size 16 bytes might leave the destination string unterminated.
CID 739614 (#1 of 3): Buffer not null terminated (BUFFER_SIZE_WARNING)
At (4): Calling strncpy with a maximum size argument of 16 bytes on destination array "p4.name" of size 16 bytes might leave the destination string unterminated.
CID 739614 (#2 of 3): Buffer not null terminated (BUFFER_SIZE_WARNING)
At (4): Calling strncpy with a maximum size argument of 16 bytes on destination array "p6.name" of size 16 bytes might leave the destination string unterminated.
CID 739614 (#3 of 3): Buffer not null terminated (BUFFER_SIZE_WARNING)
At (5): Calling strncpy with a maximum size argument of 16 bytes on destination array "ifr.ifr_ifrn.ifrn_name" of size 16 bytes might leave the destination string unterminated.
Signed-off-by: Henning Rogge <henning.rogge@fkie.fraunhofer.de>
Henning Rogge [Mon, 22 Oct 2012 13:03:20 +0000 (15:03 +0200)]
Merge branch 'master' of http://olsr.org/git/olsrd
Ferry Huberts [Mon, 22 Oct 2012 12:46:14 +0000 (14:46 +0200)]
sgwdynspeed: fix resource leak and file stat/use race
Coverity:
CID 739680 (#1 of 1): Resource leak (RESOURCE_LEAK)
At (32): Variable "fd" going out of scope leaks the storage it points to.
CID 739697 (#1 of 1): Time of check time of use (TOCTOU)
At (1): Calling function "stat(char const * restrict,
struct stat * restrict)"
to perform check on "fileName".
At (4): Calling function "fopen(char const * restrict,
char const * restrict)"
that uses "fileName" after a check function. This can cause a
time-of-check, time-of-use race condition.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Mon, 22 Oct 2012 12:37:23 +0000 (14:37 +0200)]
pud: fix checking of downlink message IP version
Coverity:
CID 739637 (#1 of 1): Logically dead code (DEADCODE)
Execution cannot reach this expression ""false"" inside statement
"pudError(false, "Received w...".
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Mon, 22 Oct 2012 12:20:16 +0000 (14:20 +0200)]
pud: fix closing fd
Coverity:
CID 739704 (#1 of 1): Argument cannot be negative (NEGATIVE_RETURNS)
At (7): "fd" is passed to a parameter that cannot be negative.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Mon, 22 Oct 2012 12:28:45 +0000 (14:28 +0200)]
pud: nmealib: fix invalid format string conversion
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Mon, 22 Oct 2012 12:28:36 +0000 (14:28 +0200)]
pud: nmealib: fix invalid format string conversion
Coverity:
CID 739671 (#1 of 1): Printf format string issue (PW.BAD_PRINTF_FORMAT_STRING)
At (1): invalid format string conversion
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Mon, 22 Oct 2012 12:55:33 +0000 (14:55 +0200)]
add a COVERITY instructions text file
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Henning Rogge [Mon, 22 Oct 2012 13:02:33 +0000 (15:02 +0200)]
Close socket if bind() fails.
Coverity:
CID 739685 (#1 of 1): Resource leak (RESOURCE_LEAK)
At (8): Handle variable "sock" going out of scope leaks the handle.
Signed-off-by: Henning Rogge <henning.rogge@fkie.fraunhofer.de>
Henning Rogge [Mon, 22 Oct 2012 12:57:56 +0000 (14:57 +0200)]
Protect against stupid data from ACPI
Coverity:
CID 739643 (#1 of 1): Division or modulo by zero (DIVIDE_BY_ZERO)
At (29): In expression "bat_val * 100 / bat_max", division by expression "bat_max" which may be zero has undefined behavior.
Signed-off-by: Henning Rogge <henning.rogge@fkie.fraunhofer.de>
Henning Rogge [Mon, 22 Oct 2012 12:48:30 +0000 (14:48 +0200)]
Convert allocated memory into temporary variable
Coverity:
CID 739683 (#1 of 1): Resource leak (RESOURCE_LEAK)
At (14): Variable "net_msg" going out of scope leaks the storage it points to.
Signed-off-by: Henning Rogge <henning.rogge@fkie.fraunhofer.de>
Henning Rogge [Mon, 22 Oct 2012 12:34:31 +0000 (14:34 +0200)]
fix wrong sizeof() parameter
Coverity:
CID 739610 (#1 of 1): Incorrect sizeof expression (BAD_SIZEOF)
Taking the size of pointer parameter "lower_border_ip" is suspicious.
CID 739611 (#1 of 1): Incorrect sizeof expression (BAD_SIZEOF)
Taking the size of pointer parameter "upper_border_ip" is suspicious.
CID 739692 (#1 of 2): Wrong sizeof argument (SIZEOF_MISMATCH)
Passing argument "lower_border_ip" of type "union olsr_ip_addr *" and argument "8UL /* sizeof (lower_border_ip) */" to function "memset(void *, int, size_t)" is suspicious. Did you intend to use "sizeof(*lower_border_ip)" instead of "sizeof (lower_border_ip)" ?
CID 739692 (#2 of 2): Wrong sizeof argument (SIZEOF_MISMATCH)
Passing argument "upper_border_ip" of type "union olsr_ip_addr *" and argument "8UL /* sizeof (upper_border_ip) */" to function "memset(void *, int, size_t)" is suspicious. Did you intend to use "sizeof(*upper_border_ip)" instead of "sizeof (upper_border_ip)" ?
Signed-off-by: Henning Rogge <henning.rogge@fkie.fraunhofer.de>
Henning Rogge [Mon, 22 Oct 2012 12:29:30 +0000 (14:29 +0200)]
fix control flow if kill() command fails to end program
Coverity:
CID 739665 (#1 of 1): Argument cannot be negative (NEGATIVE_RETURNS)
At (17): "ifp->olsr_socket" is passed to a parameter that cannot be negative.
Signed-off-by: Henning Rogge <henning.rogge@fkie.fraunhofer.de>
Ferry Huberts [Mon, 22 Oct 2012 10:14:05 +0000 (12:14 +0200)]
pud: nmealib: fix invalid format string conversion
Coverity:
CID 739674 (#1 of 1): Printf format string issue (PW.BAD_PRINTF_FORMAT_STRING)
At (1): invalid format string conversion
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Mon, 22 Oct 2012 10:08:32 +0000 (12:08 +0200)]
pud: nmealib: fix buffer overrun
Coverity:
CID 739669 (#1 of 1): Out-of-bounds write (OVERRUN)
At (11): Overrunning array of 64 bytes at byte offset 64 by dereferencing
pointer "psSatInfo".
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Mon, 22 Oct 2012 10:07:54 +0000 (12:07 +0200)]
pud: nmealib: fix buffer overrun
Coverity:
CID 739668 (#1 of 1): Out-of-bounds write (OVERRUN)
At (10): Overrunning array of 64 bytes at byte offset 64 by dereferencing
pointer "psSatPrn".
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Mon, 22 Oct 2012 09:50:59 +0000 (11:50 +0200)]
pud: nmealib: fix copy/paste error
Coverity:
CID 739627 (#1 of 1): Copy-paste error (COPY_PASTE_ERROR)
"lat" in "pos->lat" looks like a copy-paste error.
Should it say "lon" instead?
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Mon, 22 Oct 2012 11:01:18 +0000 (13:01 +0200)]
pud: fix getBestUplinkGateway
Coverity:
CID 739645 (#1 of 1): Explicit null dereferenced (FORWARD_NULL)
At (18): Passing null pointer "&gw_best->originator.v4" to function
"ip4cmp(struct in_addr const *, struct in_addr const *)", which
dereferences it.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Ferry Huberts [Mon, 22 Oct 2012 10:48:29 +0000 (12:48 +0200)]
pud: fix position file stat/use race
Coverity:
CID 739696 (#1 of 1): Time of check time of use (TOCTOU)
At (1): Calling function "stat(char const * restrict,
struct stat * restrict)"
to perform check on "fileName".
At (4): Calling function "fopen(char const * restrict,
char const * restrict)"
that uses "fileName" after a check function. This can cause a
time-of-check, time-of-use race condition.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>