[Minor] Fix some issues in the contrib libraries

Found by: coverity scan

diff --git a/contrib/librdns/curve.c b/contrib/librdns/curve.c
index c6479c31ee31762cdf47d90925f090fbfd4cc664..19ec2508cd706511311283c5e3dca4d6aa205b63 100644 (file)
--- a/contrib/librdns/curve.c
+++ b/contrib/librdns/curve.c
@@ -715,6 +715,7 @@ rdns_curve_send (struct rdns_request *req, void *plugin_data,
                boxed_len = req->pos + crypto_box_ZEROBYTES;
                m = malloc (boxed_len);
                if (m == NULL) {
+                       free(creq);
                        return -1;
                }
 

diff --git a/contrib/librdns/packet.c b/contrib/librdns/packet.c
index 99536668c84fe9f1c089d9d373bdf275d717f233..5c822ffefc3b578b1e0f67a8ea93e46c78d3a30a 100644 (file)
--- a/contrib/librdns/packet.c
+++ b/contrib/librdns/packet.c
@@ -92,7 +92,7 @@ rdns_format_dns_name (struct rdns_resolver *resolver, const char *in,
        char *o;
        int labels = 0;
        size_t label_len, olen, remain;
-       uint32_t *uclabel;
+       uint32_t *uclabel = NULL;
        size_t punylabel_len, uclabel_len;
        char tmp_label[DNS_D_MAXLABEL];
        bool need_encode = false;
@@ -163,6 +163,7 @@ rdns_format_dns_name (struct rdns_resolver *resolver, const char *in,
                                }
 
                                free (uclabel);
+                               uclabel = NULL;
 
                                if (dot) {
                                        p = dot + 1;
@@ -230,9 +231,11 @@ rdns_format_dns_name (struct rdns_resolver *resolver, const char *in,
 
        return true;
 
-       err:
+err:
        free (*out);
        *out = NULL;
+       free (uclabel);
+
        return false;
 }
 

diff --git a/contrib/librdns/parse.c b/contrib/librdns/parse.c
index 18bb6a6946e11030ccf2663eddc1b5846a8e4209..1a9c01838d8f64bac59621f3b49982f89da900df 100644 (file)
--- a/contrib/librdns/parse.c
+++ b/contrib/librdns/parse.c
@@ -351,6 +351,10 @@ rdns_parse_rr (struct rdns_resolver *resolver,
        case DNS_T_TXT:
        case DNS_T_SPF:
                if (datalen <= *remain) {
+                       if (datalen > UINT16_MAX / 2) {
+                               rdns_info ("too large datalen; domain %s", rep->requested_name);
+                               return -1;
+                       }
                        elt->content.txt.data = malloc(datalen + 1);
                        if (elt->content.txt.data == NULL) {
                                rdns_err ("failed to allocate %d bytes for TXT record; domain %s",
@@ -413,6 +417,10 @@ rdns_parse_rr (struct rdns_resolver *resolver,
                        rdns_info ("stripped dns reply while reading TLSA record; domain %s", rep->requested_name);
                        return -1;
                }
+               if (datalen > UINT16_MAX / 2) {
+                       rdns_info ("too large datalen; domain %s", rep->requested_name);
+                       return -1;
+               }
                GET8 (elt->content.tlsa.usage);
                GET8 (elt->content.tlsa.selector);
                GET8 (elt->content.tlsa.match_type);

diff --git a/contrib/librdns/resolver.c b/contrib/librdns/resolver.c
index 6e3792f7e035dcce35d15777dea487c90eb8b5e2..2c402077c48f63c91c8f1b57ed7b0e468a66b57a 100644 (file)
--- a/contrib/librdns/resolver.c
+++ b/contrib/librdns/resolver.c
@@ -150,13 +150,7 @@ rdns_make_reply (struct rdns_request *req, enum dns_rcode rcode)
                rep->code = rcode;
                req->reply = rep;
                rep->authenticated = false;
-
-               if (req) {
-                       rep->requested_name = req->requested_names[0].name;
-               }
-               else {
-                       rep->requested_name = NULL;
-               }
+               rep->requested_name = req->requested_names[0].name;
        }
 
        return rep;
@@ -1133,4 +1127,6 @@ void rdns_resolver_set_fake_reply (struct rdns_resolver *resolver,
 
                HASH_ADD (hh, resolver->fake_elts, key, sizeof (*srch) + len, fake_rep);
        }
+
+       free (srch);
 }

diff --git a/contrib/librdns/util.c b/contrib/librdns/util.c
index 920e94b9986c46b43b0e44a83b34057259563f44..be31c8f14dcea659d91098d27859e6bbb47f99ca 100644 (file)
--- a/contrib/librdns/util.c
+++ b/contrib/librdns/util.c
@@ -207,7 +207,7 @@ rdns_make_client_socket (const char *credits,
                hints.ai_flags |= AI_NUMERICHOST | AI_NUMERICSERV;
 
                snprintf (portbuf, sizeof (portbuf), "%d", (int)port);
-               if ((r = getaddrinfo (credits, portbuf, &hints, &res)) == 0) {
+               if (getaddrinfo (credits, portbuf, &hints, &res) == 0) {
                        r = rdns_make_inet_socket (type, res, psockaddr, psocklen);
 
                        if (r != -1 && psockaddr) {
@@ -217,6 +217,7 @@ rdns_make_client_socket (const char *credits,
 
                                if (cpy == NULL) {
                                        close (r);
+                                       freeaddrinfo (res);
 
                                        return -1;
                                }

diff --git a/contrib/libucl/ucl_parser.c b/contrib/libucl/ucl_parser.c
index 5b5681863a083a03b5d5e6deed1c2bad525a052a..1d285f27d0c370be6c3cdc07ccc61e6261ebf0fd 100644 (file)
--- a/contrib/libucl/ucl_parser.c
+++ b/contrib/libucl/ucl_parser.c
@@ -685,6 +685,8 @@ ucl_parser_add_container (ucl_object_t *obj, struct ucl_parser *parser,
                        ucl_object_unref (obj);
                }
 
+               UCL_FREE(sizeof (struct ucl_stack), st);
+
                return NULL;
        }
 
@@ -2888,7 +2890,9 @@ ucl_parser_add_chunk_full (struct ucl_parser *parser, const unsigned char *data,
 
                                if (!special_handler->handler (parser, data, len, &ndata, &nlen,
                                                special_handler->user_data)) {
+                                       UCL_FREE(sizeof (struct ucl_chunk), chunk);
                                        ucl_create_err (&parser->err, "call for external handler failed");
+
                                        return false;
                                }
 

diff --git a/contrib/libucl/ucl_util.c b/contrib/libucl/ucl_util.c
index 830aaa14c93ad9e07f67c1eb01b04212d9bddb06..e97e3ab9b265095d1271c25968dc35d95bd60fc0 100644 (file)
--- a/contrib/libucl/ucl_util.c
+++ b/contrib/libucl/ucl_util.c
@@ -887,44 +887,49 @@ ucl_fetch_file (const unsigned char *filename, unsigned char **buf, size_t *bufl
 {
        int fd;
        struct stat st;
+       if ((fd = open (filename, O_RDONLY)) == -1) {
+               ucl_create_err (err, "cannot open file %s: %s",
+                               filename, strerror (errno));
+               return false;
+       }
 
-       if (stat (filename, &st) == -1) {
+       if (fstat (fd, &st) == -1) {
                if (must_exist || errno == EPERM) {
                        ucl_create_err (err, "cannot stat file %s: %s",
                                        filename, strerror (errno));
                }
+               close (fd);
+
                return false;
        }
        if (!S_ISREG (st.st_mode)) {
                if (must_exist) {
                        ucl_create_err (err, "file %s is not a regular file", filename);
                }
+               close (fd);
 
                return false;
        }
+
        if (st.st_size == 0) {
                /* Do not map empty files */
                *buf = NULL;
                *buflen = 0;
        }
        else {
-               if ((fd = open (filename, O_RDONLY)) == -1) {
-                       ucl_create_err (err, "cannot open file %s: %s",
-                                       filename, strerror (errno));
-                       return false;
-               }
-               if ((*buf = ucl_mmap (NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0)) == MAP_FAILED) {
-                       close (fd);
-                       ucl_create_err (err, "cannot mmap file %s: %s",
-                                       filename, strerror (errno));
+               if ((*buf = ucl_mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0)) == MAP_FAILED) {
+                       close(fd);
+                       ucl_create_err(err, "cannot mmap file %s: %s",
+                                       filename, strerror(errno));
                        *buf = NULL;
 
                        return false;
                }
                *buflen = st.st_size;
-               close (fd);
        }
 
+       close (fd);
+
        return true;
 }
 
@@ -1136,6 +1141,10 @@ ucl_include_file_single (const unsigned char *data, size_t len,
                /* We need to check signature first */
                snprintf (filebuf, sizeof (filebuf), "%s.sig", realbuf);
                if (!ucl_fetch_file (filebuf, &sigbuf, &siglen, &parser->err, true)) {
+                       if (buf) {
+                               ucl_munmap (buf, buflen);
+                       }
+
                        return false;
                }
                if (!ucl_sig_check (buf, buflen, sigbuf, siglen, parser)) {
@@ -1145,8 +1154,13 @@ ucl_include_file_single (const unsigned char *data, size_t len,
                        if (sigbuf) {
                                ucl_munmap (sigbuf, siglen);
                        }
+                       if (buf) {
+                               ucl_munmap (buf, buflen);
+                       }
+
                        return false;
                }
+
                if (sigbuf) {
                        ucl_munmap (sigbuf, siglen);
                }
@@ -1255,6 +1269,8 @@ ucl_include_file_single (const unsigned char *data, size_t len,
                                                        ucl_munmap (buf, buflen);
                                                }
 
+                                               ucl_object_unref (new_obj);
+
                                                return false;
                                        }
                                        nest_obj->prev = nest_obj;