dtlogin: Coverity (memory corruption, moderate)

diff --git a/cde/programs/dtlogin/account.c b/cde/programs/dtlogin/account.c
index e6ac21212786820ae3e3bdc869f7a867c62fbb9c..828947f504b6c2d51ef1cd6f3a3567eb132653fc 100644 (file)
--- a/cde/programs/dtlogin/account.c
+++ b/cde/programs/dtlogin/account.c
@@ -187,7 +187,7 @@ Account( struct display *d, char *user, char *line, pid_t pid,
 #else
     bzero(&utmp, sizeof(struct utmp));
 
-    strncpy(utmp.ut_id, d->utmpId, sizeof(u->ut_id));
+    strncpy(utmp.ut_id, d->utmpId, sizeof(u->ut_id) - 1);
     utmp.ut_type = LOGIN_PROCESS;
     
     setutent();

diff --git a/cde/programs/dtlogin/choose.c b/cde/programs/dtlogin/choose.c
index 4e7dc4ad68819373990ec3d412bcbb508a5f1aeb..ea902fcff56da4ce92dd60895bfe79ae91008d78 100644 (file)
--- a/cde/programs/dtlogin/choose.c
+++ b/cde/programs/dtlogin/choose.c
@@ -273,7 +273,7 @@ RegisterIndirectChoice (
 {
     ChoicePtr  c;
     int                insert;
-    int                found;
+    int                found = 0;
 
     Debug ("Got indirect choice back (%s)\n", Print8Address(clientAddress));
     for (c = choices; c; c = c->next) {

diff --git a/cde/programs/dtlogin/dm.c b/cde/programs/dtlogin/dm.c
index 99d25a39641147c7e917d33386b7b3736b728464..b484974c94a75b907aed413dcc965e24673e1d85 100644 (file)
--- a/cde/programs/dtlogin/dm.c
+++ b/cde/programs/dtlogin/dm.c
@@ -799,7 +799,7 @@ CheckDisplayStatus( struct display *d )
             Debug("Check %s: status=%d wakeupTime=%d\n", d->name,
                   d->status, wakeupTime);
            if (d->status == suspended && wakeupTime >= 0)
-               if ( GettyRunning(d) || (strcmp(d->gettyLine,"??") == 0))
+              if ( GettyRunning(d) || (d->gettyLine && (strcmp(d->gettyLine,"??") == 0)) )
                    if ( wakeupTime == 0 ) {
                        Debug("Polling of suspended server %s started.\n",
                                d->name);
@@ -1120,7 +1120,7 @@ StartDisplay(
            
            p = DisplayName;
            
-           strncpy(p, d->name, sizeof(DisplayName));
+           strncpy(p, d->name, sizeof(DisplayName) - 1);
            DisplayName[sizeof(DisplayName)-1] = '\0';
            
            if ( (s = strchr(p,':')) != NULL )
@@ -1750,11 +1750,15 @@ GettyRunning( struct display *d )
         strcpy(utmp.ut_line,ttynm);
         close(fd);
     }
-    else
-        strncpy(utmp.ut_line, d->gettyLine, sizeof(utmp.ut_line));
+   else
+     {
+        strncpy(utmp.ut_line, d->gettyLine, sizeof(utmp.ut_line) - 1);
+        utmp.ut_line[sizeof(utmp.ut_line) - 1] = 0;
+     }
 
 #else
-    strncpy(utmp.ut_line, d->gettyLine, sizeof(utmp.ut_line));
+    strncpy(utmp.ut_line, d->gettyLine, sizeof(utmp.ut_line) - 1);
+    utmp.ut_line[sizeof(utmp.ut_line) - 1] = 0;
 #endif
     
     Debug("Checking for a getty on line %s.\n", utmp.ut_line);

diff --git a/cde/programs/dtlogin/error.c b/cde/programs/dtlogin/error.c
index 9926f2ebbc8451a07f45be789278e2b74d22506a..b60a628a4a14f93ab4c3a2b10a726252fe0a0e5c 100644 (file)
--- a/cde/programs/dtlogin/error.c
+++ b/cde/programs/dtlogin/error.c
@@ -236,7 +236,8 @@ TrimErrorFile( void )
            return;
        }
 
-       n = read(f2, buf, BUFSIZ);
+        memset(buf, 0, BUFSIZ);
+       n = read(f2, buf, BUFSIZ - 1);
 
        if ( (p = strchr(buf,'\n')) != NULL ) {
            p++; 

diff --git a/cde/programs/dtlogin/file.c b/cde/programs/dtlogin/file.c
index c3b388def6be1fd24f20b9f94077b3ffcc13f4f2..30e487c4d25584a5910ec1db5e795ada2c50da46 100644 (file)
--- a/cde/programs/dtlogin/file.c
+++ b/cde/programs/dtlogin/file.c
@@ -186,7 +186,7 @@ ParseDisplay( char *source,
              struct passwd *puser)
 {
     char               **args, **argv, **a;
-    char               *name, *class, *type;
+    char               *name = NULL, *class, *type;
     struct display     *d;
     int                        usedDefaultType;
     int                        parse_uid;
@@ -204,7 +204,7 @@ ParseDisplay( char *source,
        freeArgs (args);
        return 0;
     }
-    name = args[0];
+    name = strdup(args[0]);
     if (!args[1])
     {
        LogError(ReadCatalog(MC_LOG_SET,MC_LOG_MISS_TYPE,MC_DEF_LOG_MISS_TYPE),
@@ -236,22 +236,19 @@ ParseDisplay( char *source,
        char            tname[128];
        struct hostent  *hostent;
 
-       strcpy(tname,"");
-       gethostname(tname, sizeof(tname));
+        memset(tname, 0, 128);
+       gethostname(tname, 128 - 1);
        if ( (hostent = gethostbyname(tname)) == NULL ) {
            LogError(
                ReadCatalog(MC_LOG_SET,MC_LOG_INV_HOSTNM,MC_DEF_LOG_INV_HOSTNM),
                      tname);
-           strcpy(tname,"");
+           tname[0] = 0;
        }
-/*
-       else
-           strcpy(tname,hostent->h_name);
-*/
 
-       strcat(tname, ":0");
+       strncat(tname, ":0", 128 - 1);
        
-       name = tname;
+        free(name);
+       name = strdup(tname);
     }
 
     /*
@@ -372,6 +369,7 @@ ParseDisplay( char *source,
 
 
     freeSomeArgs (args, argv - args);
+    free(name);
 
     return 1;
 }