From: Jeremy Harris Date: Mon, 7 Mar 2016 18:46:41 +0000 (+0000) Subject: tidying: coverity issues X-Git-Tag: exim-4_87_RC6^0 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/dc8091e7b9eb80b77699ac59de3f39eedef65c04?ds=sidebyside tidying: coverity issues --- diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 211588b40..a36633d21 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -186,6 +186,10 @@ JH/44 Bug 1800: The combination of a -bhc commandline option and cutthrough JH/45 Fix cutthrough, when connection not opened by verify and target hard- rejects a recipient: pass the reject to the originator. +JH/46 Multiple issues raised by Coverity. Some were obvious or plausible bugs. + Many were false-positives and ignorable, but it's worth fixing the + former class. + Exim version 4.86 diff --git a/src/src/dcc.c b/src/src/dcc.c index 5d5c0b022..60615ec3e 100644 --- a/src/src/dcc.c +++ b/src/src/dcc.c @@ -79,50 +79,41 @@ dcc_process(uschar **listptr) /* grep 1st option */ if ((dcc_acl_options = string_nextinlist(&list, &sep, - dcc_acl_options_buffer, - sizeof(dcc_acl_options_buffer))) != NULL) - { + dcc_acl_options_buffer, sizeof(dcc_acl_options_buffer)))) + { /* parse 1st option */ - if ( (strcmpic(dcc_acl_options,US"false") == 0) || - (Ustrcmp(dcc_acl_options,"0") == 0) ) { - /* explicitly no matching */ - return FAIL; - }; - - /* special cases (match anything except empty) */ - if ( (strcmpic(dcc_acl_options,US"true") == 0) || - (Ustrcmp(dcc_acl_options,"*") == 0) || - (Ustrcmp(dcc_acl_options,"1") == 0) ) { - dcc_acl_options = dcc_acl_options; - }; - } - else { - /* empty means "don't match anything" */ - return FAIL; - }; + if ( strcmpic(dcc_acl_options, US"false") == 0 + || Ustrcmp(dcc_acl_options, "0") == 0 + ) + return FAIL; /* explicitly no matching */ + } + else + return FAIL; /* empty means "don't match anything" */ sep = 0; /* if we scanned this message last time, just return */ - if ( dcc_ok ) - return dcc_rc; + if (dcc_ok) + return dcc_rc; /* open the spooled body */ message_subdir[1] = '\0'; - for (i = 0; i < 2; i++) { + for (i = 0; i < 2; i++) + { message_subdir[0] = (split_spool_directory == (i == 0))? message_id[5] : 0; sprintf(CS mbox_path, "%s/input/%s/%s-D", spool_directory, message_subdir, message_id); data_file = Ufopen(mbox_path,"rb"); if (data_file != NULL) break; - }; + } - if (data_file == NULL) { + if (data_file == NULL) + { /* error while spooling */ log_write(0, LOG_MAIN|LOG_PANIC, "dcc acl condition: error while opening spool file"); return DEFER; - }; + } /* Initialize the variables */ diff --git a/src/src/deliver.c b/src/src/deliver.c index d5a9c1bac..a5cefeee7 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -2220,6 +2220,7 @@ for (addr2 = addr; addr2; addr2 = addr2->next) if (message_length > 0) { len = read(pfd[pipe_read], big_buffer, message_length); + big_buffer[big_buffer_size-1] = '\0'; /* guard byte */ if (len > 0) *sptr = string_copy(big_buffer); } } @@ -3855,7 +3856,8 @@ static void rmt_dlv_checked_write(int fd, char id, char subid, void * buf, int size) { uschar writebuffer[PIPE_HEADER_SIZE + BIG_BUFFER_SIZE]; -int header_length; +int header_length; +int ret; /* we assume that size can't get larger then BIG_BUFFER_SIZE which currently is set to 16k */ /* complain to log if someone tries with buffer sizes we can't handle*/ @@ -3885,8 +3887,7 @@ if (buf && size > 0) memcpy(writebuffer + PIPE_HEADER_SIZE, buf, size); size += PIPE_HEADER_SIZE; -int ret = write(fd, writebuffer, size); -if(ret != size) +if ((ret = write(fd, writebuffer, size)) != size) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Failed writing transport result to pipe: %s\n", ret == -1 ? strerror(errno) : "short write"); } diff --git a/src/src/host.c b/src/src/host.c index 8e71aec5f..f94de5eab 100644 --- a/src/src/host.c +++ b/src/src/host.c @@ -2920,6 +2920,12 @@ for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); NEXT_MX_RR: continue; } +if (!last) /* No rr of correct type; give up */ + { + yield = HOST_FIND_FAILED; + goto out; + } + /* If the list of hosts was obtained from SRV records, there are two things to do. First, if there is only one host, and it's name is ".", it means there is no SMTP service at this domain. Otherwise, we have to sort the hosts of equal @@ -2946,7 +2952,7 @@ if (ind_type == T_SRV) debug_printf(" %s P=%d W=%d\n", h->name, h->mx, h->sort_key % 1000); } - for (pptr = &host, h = host; h != last; pptr = &(h->next), h = h->next) + for (pptr = &host, h = host; h != last; pptr = &h->next, h = h->next) { int sum = 0; host_item *hh; @@ -3051,7 +3057,8 @@ dns_init(FALSE, FALSE, /* Disable qualify_single and search_parents */ for (h = host; h != last->next; h = h->next) { - if (h->address != NULL) continue; /* Inserted by a multihomed host */ + if (h->address) continue; /* Inserted by a multihomed host */ + rc = set_address_from_dns(h, &last, ignore_target_hosts, allow_mx_to_ip, NULL, dnssec_request, dnssec_require); if (rc != HOST_FOUND) @@ -3063,7 +3070,7 @@ for (h = host; h != last->next; h = h->next) h->why = hwhy_deferred; } else - h->why = (rc == HOST_IGNORED)? hwhy_ignored : hwhy_failed; + h->why = rc == HOST_IGNORED ? hwhy_ignored : hwhy_failed; } } diff --git a/src/src/routers/redirect.c b/src/src/routers/redirect.c index 2efb42160..a69d36e39 100644 --- a/src/src/routers/redirect.c +++ b/src/src/routers/redirect.c @@ -655,8 +655,8 @@ if (!ugid.gid_set && pw != NULL) // eximsrs_db_set(FALSE, NULL); */ - if(ob->srs_alias != NULL ? (usedomain = expand_string(ob->srs_alias)) == NULL : 1) - usedomain = deliver_domain; + if (!(usedomain = ob->srs_alias ? expand_string(ob->srs_alias) : NULL)) + usedomain = string_copy(deliver_domain); if((n_srs = eximsrs_forward(&res, sender_address, usedomain)) == OK) { diff --git a/src/src/spool_in.c b/src/src/spool_in.c index 992e08886..5100eeb30 100644 --- a/src/src/spool_in.c +++ b/src/src/spool_in.c @@ -513,7 +513,8 @@ for (;;) if (Ustrncmp(p, "rozen", 5) == 0) { deliver_freeze = TRUE; - sscanf(CS big_buffer+7, TIME_T_FMT, &deliver_frozen_at); + if (sscanf(CS big_buffer+7, TIME_T_FMT, &deliver_frozen_at) != 1) + goto SPOOL_READ_ERROR; } break; diff --git a/src/src/transports/appendfile.c b/src/src/transports/appendfile.c index c8abe9bc5..3a53c3d42 100644 --- a/src/src/transports/appendfile.c +++ b/src/src/transports/appendfile.c @@ -679,15 +679,16 @@ if (len == 0) return tblock; /* Search the formats for a match */ -while ((s = string_nextinlist(&format,&sep,big_buffer,big_buffer_size))!= NULL) +while ((s = string_nextinlist(&format,&sep,big_buffer,big_buffer_size))) { int slen = Ustrlen(s); BOOL match = len >= slen && Ustrncmp(data, s, slen) == 0; uschar *tp = string_nextinlist(&format, &sep, big_buffer, big_buffer_size); - if (match) + + if (match && tp) { transport_instance *tt; - for (tt = transports; tt != NULL; tt = tt->next) + for (tt = transports; tt; tt = tt->next) if (Ustrcmp(tp, tt->name) == 0) { DEBUG(D_transport)