From ee9990317b920b9dd254831d0e9c17c73272db08 Mon Sep 17 00:00:00 2001 From: Daiyuu Nobori Date: Fri, 28 Sep 2018 22:39:38 +0900 Subject: [PATCH] Fix bugs reported by Coverity Scan. --- src/Cedar/Client.c | 4 ++-- src/Cedar/Connection.c | 2 +- src/Cedar/Hub.c | 7 +++++-- src/Cedar/Protocol.c | 2 +- src/Cedar/Server.c | 6 ++++++ src/Cedar/Virtual.c | 2 +- src/Cedar/WebUI.c | 4 ++-- src/Mayaqua/Kernel.c | 2 +- src/Mayaqua/Network.c | 2 +- src/Mayaqua/Secure.c | 2 +- src/Mayaqua/TcpIp.c | 9 ++++++--- src/Mayaqua/Unix.c | 2 ++ 12 files changed, 29 insertions(+), 15 deletions(-) diff --git a/src/Cedar/Client.c b/src/Cedar/Client.c index ddc391d6..2b74d2ff 100644 --- a/src/Cedar/Client.c +++ b/src/Cedar/Client.c @@ -9982,7 +9982,7 @@ char *DecryptPassword(BUF *b) } str = ZeroMalloc(b->Size + 1); - c = NewCrypt(key, sizeof(key)); + c = NewCrypt(key, sizeof(key)); // NOTE by Daiyuu Nobori 2018-09-28: This is not a bug! Do not try to fix it!! Encrypt(c, str, b->Buf, b->Size); FreeCrypt(c); @@ -10028,7 +10028,7 @@ BUF *EncryptPassword(char *password) size = StrLen(password) + 1; tmp = ZeroMalloc(size); - c = NewCrypt(key, sizeof(key)); + c = NewCrypt(key, sizeof(key)); // NOTE by Daiyuu Nobori 2018-09-28: This is not a bug! Do not try to fix it!! Encrypt(c, tmp, password, size - 1); FreeCrypt(c); diff --git a/src/Cedar/Connection.c b/src/Cedar/Connection.c index 86b6d831..f2d4c3a1 100644 --- a/src/Cedar/Connection.c +++ b/src/Cedar/Connection.c @@ -1579,7 +1579,7 @@ SEND_START: { // Packet data array void **datas = MallocFast(sizeof(void *) * num_packet); - UINT *sizes = MallocFast(sizeof(UINT *) * num_packet); + UINT *sizes = MallocFast(sizeof(UINT) * num_packet); UINT i; i = 0; diff --git a/src/Cedar/Hub.c b/src/Cedar/Hub.c index b109cfa6..92d40801 100644 --- a/src/Cedar/Hub.c +++ b/src/Cedar/Hub.c @@ -3717,9 +3717,12 @@ bool HubPaPutPacket(SESSION *s, void *data, UINT size) CancelList(s->CancelList); // Yield - if (hub->Option != NULL && hub->Option->YieldAfterStorePacket) + if (hub != NULL) { - YieldCpu(); + if (hub->Option != NULL && hub->Option->YieldAfterStorePacket) + { + YieldCpu(); + } } return true; diff --git a/src/Cedar/Protocol.c b/src/Cedar/Protocol.c index dc47c39d..b5e8ed79 100644 --- a/src/Cedar/Protocol.c +++ b/src/Cedar/Protocol.c @@ -6011,7 +6011,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str) { // Compare posted data with the WaterMark if ((data_size == StrLen(HTTP_VPN_TARGET_POSTDATA) && (Cmp(data, HTTP_VPN_TARGET_POSTDATA, data_size) == 0)) - || (Cmp(data, WaterMark, SizeOfWaterMark()) == 0)) + || ((data_size >= SizeOfWaterMark()) && Cmp(data, WaterMark, SizeOfWaterMark()) == 0)) { // Check the WaterMark Free(data); diff --git a/src/Cedar/Server.c b/src/Cedar/Server.c index 44857643..2929d10e 100644 --- a/src/Cedar/Server.c +++ b/src/Cedar/Server.c @@ -2054,6 +2054,12 @@ UINT SiCalcPoint(SERVER *s, UINT num, UINT weight) server_max_sessions = GetServerCapsInt(s, "i_max_sessions"); + if (server_max_sessions == 0) + { + // Avoid divide by zero + server_max_sessions = 1; + } + return (UINT)(((double)server_max_sessions - MIN((double)num * 100.0 / (double)weight, (double)server_max_sessions)) * (double)FARM_BASE_POINT / (double)server_max_sessions); diff --git a/src/Cedar/Virtual.c b/src/Cedar/Virtual.c index 4ba884ab..3b4780cb 100644 --- a/src/Cedar/Virtual.c +++ b/src/Cedar/Virtual.c @@ -5307,7 +5307,7 @@ TCP_RESET: seq64 = n->RecvSeq + (UINT64)seq - (n->RecvSeqInit + n->RecvSeq) % X32; if ((n->RecvSeqInit + n->RecvSeq) % X32 > seq) { - if (((n->RecvSeqInit + n->RecvSeq) % X32 - ack) >= 0x80000000) + if (((n->RecvSeqInit + n->RecvSeq) % X32 - seq) >= 0x80000000) { seq64 = n->RecvSeq + (UINT64)seq + X32 - (n->RecvSeqInit + n->RecvSeq) % X32; } diff --git a/src/Cedar/WebUI.c b/src/Cedar/WebUI.c index ef5a8c87..fd63493d 100644 --- a/src/Cedar/WebUI.c +++ b/src/Cedar/WebUI.c @@ -1222,7 +1222,7 @@ static wchar_t *WpSecureNAT(WEBUI *wu, LIST *params) // Get the enable / disable state of the current SecureNAT { RPC_HUB_STATUS t; - Zero(&t, sizeof(&t)); + Zero(&t, sizeof(t)); StrCpy(t.HubName, sizeof(t.HubName), hubname); retcode = StGetHubStatus(context->Admin, &t); @@ -1649,7 +1649,7 @@ static LIST *WuAnalyzeTarget(char *target,char *filename, UINT size) while(*body != '=' && *body != '\0') { - *body ++; + body++; } if(*body == '=') { diff --git a/src/Mayaqua/Kernel.c b/src/Mayaqua/Kernel.c index 1340c35f..43dfc805 100644 --- a/src/Mayaqua/Kernel.c +++ b/src/Mayaqua/Kernel.c @@ -513,7 +513,7 @@ void GetHomeDirW(wchar_t *path, UINT size) if (GetEnvW(L"HOMEDRIVE", drive, sizeof(drive)) && GetEnvW(L"HOMEPATH", hpath, sizeof(hpath))) { - UniFormat(path, sizeof(path), L"%s%s", drive, hpath); + UniFormat(path, size, L"%s%s", drive, hpath); } else { diff --git a/src/Mayaqua/Network.c b/src/Mayaqua/Network.c index 1b77f891..f2d9e16d 100644 --- a/src/Mayaqua/Network.c +++ b/src/Mayaqua/Network.c @@ -15081,7 +15081,7 @@ void GetMachineNameEx(char *name, UINT size, bool no_load_hosts) { if (GetMachineNameFromHosts(tmp2, sizeof(tmp2))) { - StrCpy(name, sizeof(name), tmp2); + StrCpy(name, size, tmp2); } } } diff --git a/src/Mayaqua/Secure.c b/src/Mayaqua/Secure.c index f102595f..1cf81944 100644 --- a/src/Mayaqua/Secure.c +++ b/src/Mayaqua/Secure.c @@ -1824,7 +1824,7 @@ SECURE *OpenSec(UINT id) return NULL; } - sec->SlotIdList = (UINT *)ZeroMalloc(sizeof(UINT *) * sec->NumSlot); + sec->SlotIdList = (UINT *)ZeroMalloc(sizeof(UINT) * sec->NumSlot); if (sec->Api->C_GetSlotList(TRUE, sec->SlotIdList, &sec->NumSlot) != CKR_OK) { diff --git a/src/Mayaqua/TcpIp.c b/src/Mayaqua/TcpIp.c index 5b3dfbf0..985d9419 100644 --- a/src/Mayaqua/TcpIp.c +++ b/src/Mayaqua/TcpIp.c @@ -999,7 +999,7 @@ BUF *BuildICMPv6NeighborSoliciation(IPV6_ADDR *src_ip, IPV6_ADDR *target_ip, UCH UCHAR IPv6GetNextHeaderFromQueue(QUEUE *q) { UINT *p; - UCHAR v; + UCHAR v = 0; // Validate arguments if (q == NULL) { @@ -1007,8 +1007,11 @@ UCHAR IPv6GetNextHeaderFromQueue(QUEUE *q) } p = (UINT *)GetNext(q); - v = (UCHAR)(*p); - Free(p); + if (p != NULL) + { + v = (UCHAR)(*p); + Free(p); + } return v; } diff --git a/src/Mayaqua/Unix.c b/src/Mayaqua/Unix.c index 92e835b6..4897c422 100755 --- a/src/Mayaqua/Unix.c +++ b/src/Mayaqua/Unix.c @@ -906,6 +906,8 @@ void *UnixNewSingleInstance(char *instance_name) if (fcntl(fd, F_SETLK, &lock) == -1) { + close(fd); + (void)remove(name); return NULL; } else