Author: asomers Date: Mon Oct 1 15:47:34 2018 New Revision: 339051 URL: https://svnweb.freebsd.org/changeset/base/339051
Log: MFC r336605: Fix multiple Coverity warnings in tftpd(8) * Initialize uninitialized variable (CID 1006502) * strcpy => strlcpy (CID 1006792, 1006791, 1006790) * Check function return values (CID 1009442, 1009441, 1009440) * Delete dead code in receive_packet (not reported by Coverity) * Remove redundant alarm(3) in receive_packet (not reported by Coverity) Reported by: Coverity CID: 1006502, 1006792, 1006791, 1006790, 1009442, 1009441, 1009440 Differential Revision: https://reviews.freebsd.org/D11287 Modified: stable/11/libexec/tftpd/tftp-file.c stable/11/libexec/tftpd/tftp-io.c stable/11/libexec/tftpd/tftp-utils.c stable/11/libexec/tftpd/tftpd.c Directory Properties: stable/11/ (props changed) Modified: stable/11/libexec/tftpd/tftp-file.c ============================================================================== --- stable/11/libexec/tftpd/tftp-file.c Mon Oct 1 15:45:20 2018 (r339050) +++ stable/11/libexec/tftpd/tftp-file.c Mon Oct 1 15:47:34 2018 (r339051) @@ -34,6 +34,7 @@ __FBSDID("$FreeBSD$"); #include <netinet/in.h> #include <arpa/tftp.h> +#include <assert.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> @@ -78,7 +79,8 @@ convert_from_net(char *buffer, size_t count) if (buffer[i] == '\n') { if (n == 0) { if (ftell(file) != 0) { - fseek(file, -1, SEEK_END); + int r = fseek(file, -1, SEEK_END); + assert(r == 0); convbuffer[n++] = '\n'; } else { /* This shouldn't happen */ Modified: stable/11/libexec/tftpd/tftp-io.c ============================================================================== --- stable/11/libexec/tftpd/tftp-io.c Mon Oct 1 15:45:20 2018 (r339050) +++ stable/11/libexec/tftpd/tftp-io.c Mon Oct 1 15:47:34 2018 (r339051) @@ -34,6 +34,7 @@ __FBSDID("$FreeBSD$"); #include <arpa/tftp.h> #include <arpa/inet.h> +#include <assert.h> #include <errno.h> #include <setjmp.h> #include <signal.h> @@ -393,7 +394,7 @@ receive_packet(int peer, char *data, int size, struct struct sockaddr_storage *pfrom; socklen_t fromlen; int n; - static int waiting; + static int timed_out; if (debug&DEBUG_PACKETS) tftp_log(LOG_DEBUG, @@ -401,23 +402,16 @@ receive_packet(int peer, char *data, int size, struct pkt = (struct tftphdr *)data; - waiting = 0; signal(SIGALRM, timeout); - setjmp(timeoutbuf); + timed_out = setjmp(timeoutbuf); alarm(thistimeout); - if (waiting > 0) { - alarm(0); - return (RP_TIMEOUT); - } - - if (waiting > 0) { + if (timed_out != 0) { tftp_log(LOG_ERR, "receive_packet: timeout"); alarm(0); return (RP_TIMEOUT); } - waiting++; pfrom = (from == NULL) ? &from_local : from; fromlen = sizeof(*pfrom); n = recvfrom(peer, data, size, 0, (struct sockaddr *)pfrom, &fromlen); @@ -430,8 +424,6 @@ receive_packet(int peer, char *data, int size, struct tftp_log(LOG_ERR, "receive_packet: timeout"); return (RP_TIMEOUT); } - - alarm(0); if (n < 0) { /* No idea what could have happened if it isn't a timeout */ Modified: stable/11/libexec/tftpd/tftp-utils.c ============================================================================== --- stable/11/libexec/tftpd/tftp-utils.c Mon Oct 1 15:45:20 2018 (r339050) +++ stable/11/libexec/tftpd/tftp-utils.c Mon Oct 1 15:47:34 2018 (r339051) @@ -268,11 +268,13 @@ char * rp_strerror(int error) { static char s[100]; + size_t space = sizeof(s); int i = 0; while (rp_errors[i].desc != NULL) { if (rp_errors[i].error == error) { - strcpy(s, rp_errors[i].desc); + strlcpy(s, rp_errors[i].desc, space); + space -= strlen(rp_errors[i].desc); } i++; } Modified: stable/11/libexec/tftpd/tftpd.c ============================================================================== --- stable/11/libexec/tftpd/tftpd.c Mon Oct 1 15:45:20 2018 (r339050) +++ stable/11/libexec/tftpd/tftpd.c Mon Oct 1 15:47:34 2018 (r339051) @@ -372,7 +372,10 @@ main(int argc, char *argv[]) exit(1); } chdir("/"); - setgroups(1, &nobody->pw_gid); + if (setgroups(1, &nobody->pw_gid) != 0) { + tftp_log(LOG_ERR, "setgroups failed"); + exit(1); + } if (setuid(nobody->pw_uid) != 0) { tftp_log(LOG_ERR, "setuid failed"); exit(1); @@ -520,7 +523,7 @@ tftp_wrq(int peer, char *recvbuffer, ssize_t size) cp = parse_header(peer, recvbuffer, size, &filename, &mode); size -= (cp - recvbuffer) + 1; - strcpy(fnbuf, filename); + strlcpy(fnbuf, filename, sizeof(fnbuf)); reduce_path(fnbuf); filename = fnbuf; @@ -565,7 +568,7 @@ tftp_rrq(int peer, char *recvbuffer, ssize_t size) cp = parse_header(peer, recvbuffer, size, &filename, &mode); size -= (cp - recvbuffer) + 1; - strcpy(fnbuf, filename); + strlcpy(fnbuf, filename, sizeof(fnbuf)); reduce_path(fnbuf); filename = fnbuf; @@ -802,6 +805,7 @@ tftp_xmitfile(int peer, const char *mode) time_t now; struct tftp_stats ts; + memset(&ts, 0, sizeof(ts)); now = time(NULL); if (debug&DEBUG_SIMPLE) tftp_log(LOG_DEBUG, "Transmitting file"); _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
