From: Erez Zadok Date: Mon, 20 Mar 2006 16:59:30 +0000 (+0000) Subject: * libamu/wire.c: avoid potential dereferencing of a NULL pointer X-Git-Tag: am-utils-6_2a2~19 X-Git-Url: https://git.fsl.cs.sunysb.edu/?a=commitdiff_plain;h=df352d2088711fc0126d055bb28820bda0dfb3fc;p=am-utils-6.1.git * libamu/wire.c: avoid potential dereferencing of a NULL pointer (Coverity). * hlfsd/homedir.c (delay): remove unnecessary check for NULL pointer (Coverity). * fsinfo/fsi_analyze.c (analyze_dkmounts, analyze_mounts, analyze_mounts): avoid potential dereferencing of a NULL pointer (Coverity). * conf/transp/transp_sockets.c (create_amq_service): avoid potential dereferencing of a NULL pointer (Coverity). * amd/sched.c (sigchld): properly check for the end of the waiting process list (Coverity). * amd/mapc.c (mapc_create): initialize 'modify' to zero (Coverity). * amd/autil.c (amfs_mkcacheref, am_unmounted): avoid potential dereferencing of a NULL pointer (Coverity). * amd/amfs_generic.c (amfs_lookup_mntfs): free def_opts before reusing it (memory leak bug detected by Coverity). (amfs_bgmount): avoid potential dereferencing of a NULL pointer (Coverity). * amd/am_ops.c (merge_opts): no need to check if newstr is NULL (bug detected by Coverity). --- diff --git a/ChangeLog b/ChangeLog index 3bbd5e5..975f5ce 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,34 @@ +2006-03-20 Christos Zoulas + + * libamu/wire.c: avoid potential dereferencing of a NULL pointer + (Coverity). + + * hlfsd/homedir.c (delay): remove unnecessary check for NULL + pointer (Coverity). + + * fsinfo/fsi_analyze.c (analyze_dkmounts, analyze_mounts, + analyze_mounts): avoid potential dereferencing of a NULL pointer + (Coverity). + + * conf/transp/transp_sockets.c (create_amq_service): avoid + potential dereferencing of a NULL pointer (Coverity). + + * amd/sched.c (sigchld): properly check for the end of the waiting + process list (Coverity). + + * amd/mapc.c (mapc_create): initialize 'modify' to zero (Coverity). + + * amd/autil.c (amfs_mkcacheref, am_unmounted): avoid potential + dereferencing of a NULL pointer (Coverity). + + * amd/amfs_generic.c (amfs_lookup_mntfs): free def_opts before + reusing it (memory leak bug detected by Coverity). + (amfs_bgmount): avoid potential dereferencing of a NULL pointer + (Coverity). + + * amd/am_ops.c (merge_opts): no need to check if newstr is NULL + (bug detected by Coverity). + 2006-03-08 Ion Badulescu * amd/nfs_subr.c (mp_to_fh): fixed old-style filehandles--the pid diff --git a/NEWS b/NEWS index 9d878be..963b42b 100644 --- a/NEWS +++ b/NEWS @@ -10,6 +10,8 @@ shortname, user=N, group=N, mask=N, and dirmask=N. i386-unknown-openbsd3.8 - Bugs fixed: + * one serious memory leak in amfs_generic (caught by Coverity) + * assorted potential (but rare) NULL pointer dereferences (Coverity) * correctly print nfs_args->addr info (sin_family/port/addr) * pawd should resolve path repeatedly until no more to do * handle old-style filehandles correctly (for mount points longer diff --git a/amd/am_ops.c b/amd/am_ops.c index 1a3ead0..ad2eaeb 100644 --- a/amd/am_ops.c +++ b/amd/am_ops.c @@ -337,7 +337,7 @@ merge_opts(const char *opts1, const char *opts2) if (amu_hasmntopt(&mnt2, oneopt) || amu_hasmntopt(&mnt2, revoneopt)) continue; /* add option to returned string */ - if (newstr && newstr[0]) { + if (newstr[0]) { xstrlcat(newstr, ",", len); xstrlcat(newstr, tmpstr, len); } else { diff --git a/amd/amfs_generic.c b/amd/amfs_generic.c index 5a1f19a..b1941a6 100644 --- a/amd/amfs_generic.c +++ b/amd/amfs_generic.c @@ -414,6 +414,7 @@ amfs_lookup_mntfs(am_node *new_mp, int *error_return) /* * Pick up new defaults */ + XFREE(def_opts); def_opts = str3cat((char *) NULL, def_opts, ";", *cur_ivec + 1); dlog("Setting def_opts to \"%s\"", def_opts); continue; @@ -767,7 +768,7 @@ amfs_bgmount(struct continuation *cp) goto already_mounted; } - if (mf->mf_fo->fs_mtab) { + if (mf->mf_fo && mf->mf_fo->fs_mtab) { plog(XLOG_MAP, "Trying mount of %s on %s fstype %s mount_type %s", mf->mf_fo->fs_mtab, mf->mf_mount, p->fs_type, mp->am_flags & AMF_AUTOFS ? "autofs" : "non-autofs"); @@ -781,7 +782,7 @@ amfs_bgmount(struct continuation *cp) if (this_error < 0) goto retry; - if (mf->mf_fo->opt_delay) { + if (mf->mf_fo && mf->mf_fo->opt_delay) { /* * If there is a delay timer on the mount * then don't try to mount if the timer diff --git a/amd/autil.c b/amd/autil.c index 8d72c88..7966b02 100644 --- a/amd/autil.c +++ b/amd/autil.c @@ -397,7 +397,7 @@ amfs_mkcacheref(mntfs *mf) cache = "none"; mf->mf_private = (opaque_t) mapc_find(mf->mf_info, cache, - mf->mf_fo->opt_maptype, + (mf->mf_fo ? mf->mf_fo->opt_maptype : NULL), mf->mf_mount); mf->mf_prfree = mapc_free; } @@ -711,7 +711,7 @@ am_unmounted(am_node *mp) if (mp->am_parent && mp->am_parent->am_mnt) clocktime(&mp->am_parent->am_fattr.na_mtime); - if (mp->am_flags & AMF_REMOUNT) { + if (mp->am_parent && (mp->am_flags & AMF_REMOUNT)) { char *fname = strdup(mp->am_name); am_node *mp_parent = mp->am_parent; mntfs *mf_parent = mp_parent->am_mnt; diff --git a/amd/mapc.c b/amd/mapc.c index 98def58..0fafc1e 100644 --- a/amd/mapc.c +++ b/amd/mapc.c @@ -640,7 +640,7 @@ mapc_create(char *map, char *opt, const char *type, const char *mntpt) { mnt_map *m = ALLOC(struct mnt_map); map_type *mt; - time_t modify; + time_t modify = 0; u_int alloc = 0; cmdoption(opt, mapc_opt, &alloc); diff --git a/amd/sched.c b/amd/sched.c index 8028172..d4a6481 100644 --- a/amd/sched.c +++ b/amd/sched.c @@ -283,7 +283,7 @@ sigchld(int sig) } } /* end of for loop */ - if (!p) + if (p == HEAD(pjob, &proc_wait_list)) dlog("can't locate task block for pid %d", pid); /* diff --git a/conf/transp/transp_sockets.c b/conf/transp/transp_sockets.c index 7e8bca3..53e1648 100644 --- a/conf/transp/transp_sockets.c +++ b/conf/transp/transp_sockets.c @@ -338,7 +338,7 @@ create_amq_service(int *udp_soAMQp, # ifndef RPC_MAXDATASIZE # define RPC_MAXDATASIZE 9000 # endif /* not RPC_MAXDATASIZE */ - { + if (tcp_amqpp) { int maxrec = RPC_MAXDATASIZE; SVC_CONTROL(*tcp_amqpp, SVCSET_CONNMAXREC, &maxrec); } diff --git a/fsinfo/fsi_analyze.c b/fsinfo/fsi_analyze.c index 76e193b..cd5d296 100644 --- a/fsinfo/fsi_analyze.c +++ b/fsinfo/fsi_analyze.c @@ -281,7 +281,7 @@ analyze_dkmounts(disk_fs *dk, qelem *q) /* * Now see if a default mount point is required */ - if (STREQ(mp2->m_name, "default")) { + if (mp2 && STREQ(mp2->m_name, "default")) { if (ISSET(mp2->m_mask, DM_VOLNAME)) { char nbuf[1024]; compute_automount_point(nbuf, sizeof(nbuf), dk->d_host, mp2->m_volname); @@ -516,7 +516,8 @@ analyze_mounts(host *hp) ITER(dd, dict_data, &de->de_q) { fsi_mount *mp = (fsi_mount *) dd->dd_data; - if (STREQ(mp->m_dk->d_host->h_hostname, fp->f_from)) { + if (fp->f_from && + STREQ(mp->m_dk->d_host->h_hostname, fp->f_from)) { mp2 = mp; break; } @@ -542,7 +543,8 @@ analyze_mounts(host *hp) lerror(fp->f_ioloc, "volname %s unknown", fp->f_volname); } else if (matched) { - fixup_required_mount_info(fp, de); + if (de) + fixup_required_mount_info(fp, de); req = ~fp->f_mask & FM_REQUIRED; if (req) { show_required(fp->f_ioloc, req, fp->f_volname, hp->h_hostname, diff --git a/hlfsd/homedir.c b/hlfsd/homedir.c index 2f70cd5..dc57fd6 100644 --- a/hlfsd/homedir.c +++ b/hlfsd/homedir.c @@ -266,8 +266,7 @@ delay(uid2home_t *found, int secs) { struct timeval tv; - if (found) - dlog("delaying on child %ld for %d seconds", (long) found->child, secs); + dlog("delaying on child %ld for %d seconds", (long) found->child, secs); tv.tv_usec = 0; diff --git a/libamu/wire.c b/libamu/wire.c index 3b1b100..b760043 100644 --- a/libamu/wire.c +++ b/libamu/wire.c @@ -398,7 +398,7 @@ getwire(char **name1, char **number1) al = getwire_lookup(S2IN(ifap->ifa_dstaddr), 0xffffffff, 1); /* append to the end of the list */ - if (!localnets) { + if (!localnets || tail == NULL) { localnets = tail = al; tail->ip_next = NULL; } else {