Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix coverity detected issues in option.c

Browse Source 
Error: STRING_OVERFLOW (CWE-120): [#def99]
dnsmasq-2.86test7/src/option.c:801: fixed_size_dest: You might overrun the 100-character fixed-size string "buff" by copying "usage[i].arg" without checking the length.
#  799|         if (usage[i].arg)
#  800|   	{
#  801|-> 	  strcpy(buff, usage[i].arg);
#  802|   	  for (j = 0; tab[j].handle; j++)
#  803|   	    if (tab[j].handle == *(usage[i].arg))

Error: CLANG_WARNING: [#def100]
dnsmasq-2.86test7/src/option.c:962:3: warning[deadcode.DeadStores]: Value stored to 'domain' is never read
#  960|       }
#  961|
#  962|->   domain += sprintf(domain, "in-addr.arpa");
#  963|
#  964|     return 1;

Error: CLANG_WARNING: [#def101]
dnsmasq-2.86test7/src/option.c:981:3: warning[deadcode.DeadStores]: Value stored to 'domain' is never read
#  979|         domain += sprintf(domain, "%.1x.", (i>>2) & 1 ? dig & 15 : dig >> 4);
#  980|       }
#  981|->   domain += sprintf(domain, "ip6.arpa");
#  982|
#  983|     return 1;

Error: RESOURCE_LEAK (CWE-772): [#def102] [important]
dnsmasq-2.86test7/src/option.c:1809: alloc_fn: Storage is returned from allocation function "opt_malloc".
dnsmasq-2.86test7/src/option.c:1809: var_assign: Assigning: "path" = storage returned from "opt_malloc(strlen(directory) + len + 2UL)".
dnsmasq-2.86test7/src/option.c:1810: noescape: Resource "path" is not freed or pointed-to in "strcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
dnsmasq-2.86test7/src/option.c:1811: noescape: Resource "path" is not freed or pointed-to in "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.]
dnsmasq-2.86test7/src/option.c:1812: noescape: Resource "path" is not freed or pointed-to in "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.]
dnsmasq-2.86test7/src/option.c:1815: noescape: Resource "path" is not freed or pointed-to in "stat".
dnsmasq-2.86test7/src/option.c:1809: overwrite_var: Overwriting "path" in "path = opt_malloc(strlen(directory) + len + 2UL)" leaks the storage that "path" points to.
# 1807|   	      continue;
# 1808|
# 1809|-> 	    path = opt_malloc(strlen(directory) + len + 2);
# 1810|   	    strcpy(path, directory);
# 1811|   	    strcat(path, "/");

Error: RESOURCE_LEAK (CWE-772): [#def103] [important]
dnsmasq-2.86test7/src/option.c:1809: alloc_fn: Storage is returned from allocation function "opt_malloc".
dnsmasq-2.86test7/src/option.c:1809: var_assign: Assigning: "path" = storage returned from "opt_malloc(strlen(directory) + len + 2UL)".
dnsmasq-2.86test7/src/option.c:1810: noescape: Resource "path" is not freed or pointed-to in "strcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
dnsmasq-2.86test7/src/option.c:1811: noescape: Resource "path" is not freed or pointed-to in "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.]
dnsmasq-2.86test7/src/option.c:1812: noescape: Resource "path" is not freed or pointed-to in "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.]
dnsmasq-2.86test7/src/option.c:1815: noescape: Resource "path" is not freed or pointed-to in "stat".
dnsmasq-2.86test7/src/option.c:1858: leaked_storage: Variable "path" going out of scope leaks the storage it points to.
# 1856|   	    free(files);
# 1857|   	  }
# 1858|-> 	break;
# 1859|         }
# 1860|

Error: RESOURCE_LEAK (CWE-772): [#def104] [important]
dnsmasq-2.86test7/src/option.c:1996: alloc_fn: Storage is returned from allocation function "canonicalise_opt".
dnsmasq-2.86test7/src/option.c:1996: var_assign: Assigning: "name" = storage returned from "canonicalise_opt(arg)".
dnsmasq-2.86test7/src/option.c:1998: leaked_storage: Variable "name" going out of scope leaks the storage it points to.
# 1996|   	if (!(name = canonicalise_opt(arg)) ||
# 1997|   	    (comma && !(target = canonicalise_opt(comma))))
# 1998|-> 	  ret_err(_("bad MX name"));
# 1999|
# 2000|   	new = opt_malloc(sizeof(struct mx_srv_record));

Error: RESOURCE_LEAK (CWE-772): [#def106] [important]
dnsmasq-2.86test7/src/option.c:3477: alloc_fn: Storage is returned from allocation function "opt_malloc".
dnsmasq-2.86test7/src/option.c:3477: var_assign: Assigning: "new" = storage returned from "opt_malloc(96UL)".
dnsmasq-2.86test7/src/option.c:3618: leaked_storage: Variable "new" going out of scope leaks the storage it points to.
# 3616|   		      sprintf(errstr, _("duplicate dhcp-host IP address %s"),
# 3617|   			      daemon->addrbuff);
# 3618|-> 		      return 0;
# 3619|   		    }
# 3620|   	      }

Error: RESOURCE_LEAK (CWE-772): [#def108] [important]
dnsmasq-2.86test7/src/option.c:3781: alloc_fn: Storage is returned from allocation function "opt_malloc".
dnsmasq-2.86test7/src/option.c:3781: var_assign: Assigning: "new" = storage returned from "opt_malloc(32UL)".
dnsmasq-2.86test7/src/option.c:3786: leaked_storage: Variable "new" going out of scope leaks the storage it points to.
# 3784|
# 3785|   	if (!(comma = split(arg)) || (len = strlen(comma)) == 0)
# 3786|-> 	  ret_err(gen_err);
# 3787|
# 3788|   	new->wildcard = 0;

Error: RESOURCE_LEAK (CWE-772): [#def109] [important]
dnsmasq-2.86test7/src/option.c:3921: alloc_fn: Storage is returned from allocation function "opt_malloc".
dnsmasq-2.86test7/src/option.c:3921: var_assign: Assigning: "new" = storage returned from "opt_malloc(56UL)".
dnsmasq-2.86test7/src/option.c:3994: leaked_storage: Variable "new" going out of scope leaks the storage it points to.
# 3992|   	   }
# 3993|
# 3994|-> 	 ret_err(gen_err);
# 3995|          }
# 3996|

Error: CLANG_WARNING: [#def111]
dnsmasq-2.86test7/src/option.c:4693:25: warning[deadcode.DeadStores]: Value stored to 'tmp' during its initialization is never read
# 4691|   		if (!canon)
# 4692|                     {
# 4693|-> 		    struct name_list *tmp = new->names, *next;
# 4694|   		    for (tmp = new->names; tmp; tmp = next)
# 4695|
This commit is contained in:
Petr Menšík
2021-09-03 19:23:20 +02:00
committed by Simon Kelley
parent 94a17fd97f
commit 0afeef0e00
1 changed files with 21 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/option.c
View File

@@ -798,7 +798,7 @@ static void do_usage(void)
if (usage[i].arg)
{
strcpy(buff, usage[i].arg);
safe_strncpy(buff, usage[i].arg, sizeof(buff));
for (j = 0; tab[j].handle; j++)
if (tab[j].handle == *(usage[i].arg))
sprintf(buff, "%d", tab[j].val);
@@ -959,7 +959,7 @@ static int domain_rev4(char *domain, struct in_addr addr, int msize)
return 0;
}
domain += sprintf(domain, "in-addr.arpa");
sprintf(domain, "in-addr.arpa");
return 1;
}
@@ -978,7 +978,7 @@ static int domain_rev6(char *domain, struct in6_addr *addr, int msize)
int dig = ((unsigned char *)addr)[i>>3];
domain += sprintf(domain, "%.1x.", (i>>2) & 1 ? dig & 15 : dig >> 4);
}
domain += sprintf(domain, "ip6.arpa");
sprintf(domain, "ip6.arpa");
return 1;
}
@@ -1829,6 +1829,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
new->next = li;
*up = new;
}
else
free(path);
}
@@ -1995,7 +1997,11 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
if (!(name = canonicalise_opt(arg)) ||
(comma && !(target = canonicalise_opt(comma))))
{
free(name);
free(target);
ret_err(_("bad MX name"));
}
new = opt_malloc(sizeof(struct mx_srv_record));
new->next = daemon->mxnames;
@@ -3616,6 +3622,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
inet_ntop(AF_INET, &in, daemon->addrbuff, ADDRSTRLEN);
sprintf(errstr, _("duplicate dhcp-host IP address %s"),
daemon->addrbuff);
dhcp_config_free(new);
return 0;
}
}
@@ -3779,16 +3786,16 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
case LOPT_NAME_MATCH: /* --dhcp-name-match */
{
struct dhcp_match_name *new = opt_malloc(sizeof(struct dhcp_match_name));
struct dhcp_netid *id = opt_malloc(sizeof(struct dhcp_netid));
struct dhcp_match_name *new;
ssize_t len;
if (!(comma = split(arg)) || (len = strlen(comma)) == 0)
ret_err(gen_err);
new = opt_malloc(sizeof(struct dhcp_match_name));
new->wildcard = 0;
new->netid = id;
id->net = opt_string_alloc(set_prefix(arg));
new->netid = opt_malloc(sizeof(struct dhcp_netid));
new->netid->net = opt_string_alloc(set_prefix(arg));
if (comma[len-1] == '*')
{
@@ -3992,6 +3999,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
}
}
dhcp_netid_free(new->netid);
free(new);
ret_err(gen_err);
}
@@ -4367,7 +4376,7 @@ err:
case LOPT_CNAME: /* --cname */
{
struct cname *new;
char *alias, *target, *last, *pen;
char *alias, *target=NULL, *last, *pen;
int ttl = -1;
for (last = pen = NULL, comma = arg; comma; comma = split(comma))
@@ -4382,13 +4391,13 @@ err:
if (pen != arg && atoi_check(last, &ttl))
last = pen;
target = canonicalise_opt(last);
while (arg != last)
{
int arglen = strlen(arg);
alias = canonicalise_opt(arg);
if (!target)
target = canonicalise_opt(last);
if (!alias || !target)
{
free(target);
@@ -4691,7 +4700,7 @@ err:
struct name_list *nl;
if (!canon)
{
struct name_list *tmp = new->names, *next;
struct name_list *tmp, *next;
for (tmp = new->names; tmp; tmp = next)
{
next = tmp->next;