Changeset 5535a47

Timestamp:

2015-05-07T23:12:06Z (10 years ago)

Author:

dequis <dx@…>

Branches:

master

Children:

088b070

Parents:

81a15da

git-author:

dequis <dx@…> (07-05-15 23:04:47)

git-committer:

dequis <dx@…> (07-05-15 23:12:06)

Message:

More coverity fixes!

CID 18634: 'Logically dead code' in jabber_get_info
CID 18638: 'Dereference after null check' in oauth2_access_token_done
CID 18691: 'Copy into fixed size buffer' in bee_irc_user_new
CID 20274: Leak in bee_irc_chat_invite
CID 20297, CID 20283: Leaks in crypt_main

Some the base64 leaks there weren't detected, needs modeling.

Files:

• irc_im.c (modified) (2 diffs)
• lib/oauth2.c (modified) (1 diff)
• protocols/jabber/jabber.c (modified) (1 diff)
• unix.c (modified) (2 diffs)

irc_im.c

@@ -50 +50 @@
 
         memset(nick, 0, MAX_NICK_LENGTH + 1);
-        strcpy(nick, nick_get(bu));
+        strncpy(nick, nick_get(bu), MAX_NICK_LENGTH);
 
         bu->ui_data = iu = irc_user_new(irc, nick);
@@ -723 +723 @@
                         g_free(channel);
                         channel = s;
+                } else {
+                        g_free(s);
                 }
         }

lib/oauth2.c

@@ -140 +140 @@
         struct oauth2_access_token_data *cb_data = req->data;
         char *atoken = NULL, *rtoken = NULL, *error = NULL;
-        char *content_type;
+        char *content_type = NULL;
 
-        if (getenv("BITLBEE_DEBUG") && req->reply_body) {
+        if (req->status_code <= 0 && !req->reply_body) {
+                cb_data->func(cb_data->data, NULL, NULL, req->status_string);
+                g_free(cb_data);
+                return;
+        }
+
+        if (getenv("BITLBEE_DEBUG")) {
                 printf("%s\n", req->reply_body);
         }

protocols/jabber/jabber.c

@@ -428 +428 @@
         }
 
-        jabber_get_vcard(ic, bud ? bud->full_jid : who);
+        jabber_get_vcard(ic, who);
 }
 

unix.c

@@ -212 +212 @@
                        argv[0], argv[0], argv[0], argv[0], argv[0]);
         } else if (strcmp(argv[2], "enc") == 0) {
-                pass_len = arc_encode(argv[4], strlen(argv[4]), (unsigned char **) &pass_cr, argv[3], 12);
-                printf("%s\n", base64_encode(pass_cr, pass_len));
+                char *encoded;
+
+                pass_len = arc_encode(argv[4], strlen(argv[4]), &pass_cr, argv[3], 12);
+
+                encoded = base64_encode(pass_cr, pass_len);
+                printf("%s\n", encoded);
+                g_free(encoded);
+                g_free(pass_cr);
         } else if (strcmp(argv[2], "dec") == 0) {
-                pass_len = base64_decode(argv[4], (unsigned char **) &pass_cr);
+                pass_len = base64_decode(argv[4], &pass_cr);
                 arc_decode(pass_cr, pass_len, (char **) &pass_cl, argv[3]);
                 printf("%s\n", pass_cl);
+
+                g_free(pass_cr);
+                g_free(pass_cl);
         } else if (strcmp(argv[2], "hash") == 0) {
                 md5_byte_t pass_md5[21];
                 md5_state_t md5_state;
+                char *encoded;
 
                 random_bytes(pass_md5 + 16, 5);
@@ -228 +238 @@
                 md5_finish(&md5_state, pass_md5);
 
-                printf("%s\n", base64_encode(pass_md5, 21));
+                encoded = base64_encode(pass_md5, 21);
+                printf("%s\n", encoded);
+                g_free(encoded);
         } else if (strcmp(argv[2], "unhash") == 0) {
                 printf("Hash %s submitted to a massive Beowulf cluster of\n"