From 806c3df997132e99f4abade6d00be18930695408 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Thu, 3 Mar 2016 22:55:34 +0000
Subject: [PATCH] tidying: coverity issues

---
 src/src/dcc.c                  |  4 ++--
 src/src/dns.c                  | 14 +++++++++-----
 src/src/exim_dbutil.c          |  2 +-
 src/src/routers/queryprogram.c |  1 +
 src/src/spam.c                 |  2 +-
 src/src/spool_in.c             |  6 ++++--
 src/src/transport.c            |  2 +-
 src/src/verify.c               |  4 ++--
 8 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/src/src/dcc.c b/src/src/dcc.c
index b03690ca6..c374cf91c 100644
--- a/src/src/dcc.c
+++ b/src/src/dcc.c
@@ -216,9 +216,9 @@ dcc_process(uschar **listptr)
     }
   } else {
     /* connecting to the dccifd UNIX socket */
-    bzero((char *)&serv_addr,sizeof(serv_addr));
+    bzero(&serv_addr, sizeof(serv_addr));
     serv_addr.sun_family = AF_UNIX;
-    Ustrcpy(serv_addr.sun_path, sockpath);
+    Ustrncpy(serv_addr.sun_path, sockpath, sizeof(serv_addr.sun_path));
     if ((sockfd = socket(AF_UNIX, SOCK_STREAM,0)) < 0){
       DEBUG(D_acl)
         debug_printf("DCC: Creating UNIX socket connection failed: %s\n", strerror(errno));
diff --git a/src/src/dns.c b/src/src/dns.c
index bb6693254..17152d9a6 100644
--- a/src/src/dns.c
+++ b/src/src/dns.c
@@ -868,7 +868,7 @@ BOOL secure_so_far = TRUE;
 
 for (i = 0; i < 10; i++)
   {
-  uschar data[256];
+  uschar * data;
   dns_record *rr, cname_rr, type_rr;
   dns_scan dnss;
   int datalen, rc;
@@ -918,7 +918,7 @@ for (i = 0; i < 10; i++)
 
   /* If any data records of the correct type were found, we are done. */
 
-  if (type_rr.data != NULL)
+  if (type_rr.data)
     {
     if (!secure_so_far)	/* mark insecure if any element of CNAME chain was */
       dns_set_insecure(dnsa);
@@ -930,10 +930,14 @@ for (i = 0; i < 10; i++)
   have had a failure from dns_lookup). However code against the possibility of
   its not existing. */
 
-  if (cname_rr.data == NULL) return DNS_FAIL;
+  if (!cname_rr.data)
+    return DNS_FAIL;
+
+  data = store_get(256);
   datalen = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen,
-    cname_rr.data, (DN_EXPAND_ARG4_TYPE)data, sizeof(data));
-  if (datalen < 0) return DNS_FAIL;
+    cname_rr.data, (DN_EXPAND_ARG4_TYPE)data, 256);
+  if (datalen < 0)
+    return DNS_FAIL;
   name = data;
 
   if (!dns_is_secure(dnsa))
diff --git a/src/src/exim_dbutil.c b/src/src/exim_dbutil.c
index 417a42db6..262e39044 100644
--- a/src/src/exim_dbutil.c
+++ b/src/src/exim_dbutil.c
@@ -259,7 +259,7 @@ uschar buffer[256];
 ensures that Exim has exclusive use of the database before it even tries to
 open it. If there is a database, there should be a lock file in existence. */
 
-sprintf(CS buffer, "%s/db/%s.lockfile", spool_directory, name);
+sprintf(CS buffer, "%s/db/%.200s.lockfile", spool_directory, name);
 
 dbblock->lockfd = Uopen(buffer, flags, 0);
 if (dbblock->lockfd < 0)
diff --git a/src/src/routers/queryprogram.c b/src/src/routers/queryprogram.c
index 018e4c831..9970c8299 100644
--- a/src/src/routers/queryprogram.c
+++ b/src/src/routers/queryprogram.c
@@ -214,6 +214,7 @@ ugid.uid_set = ugid.gid_set = FALSE;
 /* Set up the propagated data block with the current address_data and the
 errors address and extra header stuff. */
 
+bzero(&addr_prop, sizeof(addr_prop));
 addr_prop.address_data = deliver_address_data;
 
 rc = rf_get_errors_address(addr, rblock, verify, &addr_prop.errors_address);
diff --git a/src/src/spam.c b/src/src/spam.c
index 6a0ca3c20..51ae88f50 100644
--- a/src/src/spam.c
+++ b/src/src/spam.c
@@ -139,7 +139,7 @@ long rnd, weights;
 unsigned pri;
 static BOOL srandomed = FALSE;
 
-/* seedup, if we have only 1 server */
+/* speedup, if we have only 1 server */
 if (num_servers == 1)
   return (spamds[0]->is_failed ? -1 : 0);
 
diff --git a/src/src/spool_in.c b/src/src/spool_in.c
index 59192ef30..992e08886 100644
--- a/src/src/spool_in.c
+++ b/src/src/spool_in.c
@@ -473,11 +473,13 @@ for (;;)
       int index, count;
       uschar name[20];   /* Need plenty of space for %d format */
       tree_node *node;
-      if (sscanf(CS big_buffer + 5, "%d %d", &index, &count) != 2)
+      if (  sscanf(CS big_buffer + 5, "%d %d", &index, &count) != 2
+	 || index >= 20
+         )
         goto SPOOL_FORMAT_ERROR;
       if (index < 10)
         (void) string_format(name, sizeof(name), "%c%d", 'c', index);
-      else if (index < 20) /* ignore out-of-range index */
+      else
         (void) string_format(name, sizeof(name), "%c%d", 'm', index - 10);
       node = acl_var_create(name);
       node->data.ptr = store_get(count + 1);
diff --git a/src/src/transport.c b/src/src/transport.c
index 13f3c07fc..c14b60f4e 100644
--- a/src/src/transport.c
+++ b/src/src/transport.c
@@ -1205,7 +1205,7 @@ transport_write_message(address_item *addr, int fd, int options,
 BOOL use_crlf;
 BOOL last_filter_was_NL = TRUE;
 int rc, len, yield, fd_read, fd_write, save_errno;
-int pfd[2];
+int pfd[2] = {-1, -1};
 pid_t filter_pid, write_pid;
 
 transport_filter_timed_out = FALSE;
diff --git a/src/src/verify.c b/src/src/verify.c
index 6aa425a54..3d4f88550 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -458,7 +458,7 @@ can do it there for the non-rcpt-verify case.  For this we keep an addresscount.
 	     && port == cutthrough.host.port
 	     )
 	    {
-	    uschar * resp;
+	    uschar * resp = NULL;
 
 	    /* Match!  Send the RCPT TO, append the addr, set done */
 	    done =
@@ -485,7 +485,7 @@ can do it there for the non-rcpt-verify case.  For this we keep an addresscount.
 	    else
 	      {
 	      cancel_cutthrough_connection("recipient rejected");
-	      if (errno == ETIMEDOUT)
+	      if (!resp || errno == ETIMEDOUT)
 		{
 		HDEBUG(D_verify) debug_printf("SMTP timeout\n");
 		}
-- 
2.30.2