From 235a75c03c6dc3aafc8fc1c06328e4e3ae156be4 Mon Sep 17 00:00:00 2001 From: Jon Trulson Date: Fri, 26 Dec 2014 16:23:54 -0700 Subject: [PATCH] dtlogin: Coverity (memory corruption, moderate) --- cde/programs/dtlogin/account.c | 2 +- cde/programs/dtlogin/choose.c | 2 +- cde/programs/dtlogin/dm.c | 14 +++++++++----- cde/programs/dtlogin/error.c | 3 ++- cde/programs/dtlogin/file.c | 20 +++++++++----------- 5 files changed, 22 insertions(+), 19 deletions(-) diff --git a/cde/programs/dtlogin/account.c b/cde/programs/dtlogin/account.c index e6ac2121..828947f5 100644 --- a/cde/programs/dtlogin/account.c +++ b/cde/programs/dtlogin/account.c @@ -187,7 +187,7 @@ Account( struct display *d, char *user, char *line, pid_t pid, #else bzero(&utmp, sizeof(struct utmp)); - strncpy(utmp.ut_id, d->utmpId, sizeof(u->ut_id)); + strncpy(utmp.ut_id, d->utmpId, sizeof(u->ut_id) - 1); utmp.ut_type = LOGIN_PROCESS; setutent(); diff --git a/cde/programs/dtlogin/choose.c b/cde/programs/dtlogin/choose.c index 4e7dc4ad..ea902fcf 100644 --- a/cde/programs/dtlogin/choose.c +++ b/cde/programs/dtlogin/choose.c @@ -273,7 +273,7 @@ RegisterIndirectChoice ( { ChoicePtr c; int insert; - int found; + int found = 0; Debug ("Got indirect choice back (%s)\n", Print8Address(clientAddress)); for (c = choices; c; c = c->next) { diff --git a/cde/programs/dtlogin/dm.c b/cde/programs/dtlogin/dm.c index 99d25a39..b484974c 100644 --- a/cde/programs/dtlogin/dm.c +++ b/cde/programs/dtlogin/dm.c @@ -799,7 +799,7 @@ CheckDisplayStatus( struct display *d ) Debug("Check %s: status=%d wakeupTime=%d\n", d->name, d->status, wakeupTime); if (d->status == suspended && wakeupTime >= 0) - if ( GettyRunning(d) || (strcmp(d->gettyLine,"??") == 0)) + if ( GettyRunning(d) || (d->gettyLine && (strcmp(d->gettyLine,"??") == 0)) ) if ( wakeupTime == 0 ) { Debug("Polling of suspended server %s started.\n", d->name); @@ -1120,7 +1120,7 @@ StartDisplay( p = DisplayName; - strncpy(p, d->name, sizeof(DisplayName)); + strncpy(p, d->name, sizeof(DisplayName) - 1); DisplayName[sizeof(DisplayName)-1] = '\0'; if ( (s = strchr(p,':')) != NULL ) @@ -1750,11 +1750,15 @@ GettyRunning( struct display *d ) strcpy(utmp.ut_line,ttynm); close(fd); } - else - strncpy(utmp.ut_line, d->gettyLine, sizeof(utmp.ut_line)); + else + { + strncpy(utmp.ut_line, d->gettyLine, sizeof(utmp.ut_line) - 1); + utmp.ut_line[sizeof(utmp.ut_line) - 1] = 0; + } #else - strncpy(utmp.ut_line, d->gettyLine, sizeof(utmp.ut_line)); + strncpy(utmp.ut_line, d->gettyLine, sizeof(utmp.ut_line) - 1); + utmp.ut_line[sizeof(utmp.ut_line) - 1] = 0; #endif Debug("Checking for a getty on line %s.\n", utmp.ut_line); diff --git a/cde/programs/dtlogin/error.c b/cde/programs/dtlogin/error.c index 9926f2eb..b60a628a 100644 --- a/cde/programs/dtlogin/error.c +++ b/cde/programs/dtlogin/error.c @@ -236,7 +236,8 @@ TrimErrorFile( void ) return; } - n = read(f2, buf, BUFSIZ); + memset(buf, 0, BUFSIZ); + n = read(f2, buf, BUFSIZ - 1); if ( (p = strchr(buf,'\n')) != NULL ) { p++; diff --git a/cde/programs/dtlogin/file.c b/cde/programs/dtlogin/file.c index c3b388de..30e487c4 100644 --- a/cde/programs/dtlogin/file.c +++ b/cde/programs/dtlogin/file.c @@ -186,7 +186,7 @@ ParseDisplay( char *source, struct passwd *puser) { char **args, **argv, **a; - char *name, *class, *type; + char *name = NULL, *class, *type; struct display *d; int usedDefaultType; int parse_uid; @@ -204,7 +204,7 @@ ParseDisplay( char *source, freeArgs (args); return 0; } - name = args[0]; + name = strdup(args[0]); if (!args[1]) { LogError(ReadCatalog(MC_LOG_SET,MC_LOG_MISS_TYPE,MC_DEF_LOG_MISS_TYPE), @@ -236,22 +236,19 @@ ParseDisplay( char *source, char tname[128]; struct hostent *hostent; - strcpy(tname,""); - gethostname(tname, sizeof(tname)); + memset(tname, 0, 128); + gethostname(tname, 128 - 1); if ( (hostent = gethostbyname(tname)) == NULL ) { LogError( ReadCatalog(MC_LOG_SET,MC_LOG_INV_HOSTNM,MC_DEF_LOG_INV_HOSTNM), tname); - strcpy(tname,""); + tname[0] = 0; } -/* - else - strcpy(tname,hostent->h_name); -*/ - strcat(tname, ":0"); + strncat(tname, ":0", 128 - 1); - name = tname; + free(name); + name = strdup(tname); } /* @@ -372,6 +369,7 @@ ParseDisplay( char *source, freeSomeArgs (args, argv - args); + free(name); return 1; } -- 2.25.1