From 0e270dbe709e743ec840999c05e35f4d63be69b4 Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Sun, 15 Jan 2017 20:23:35 +0000 Subject: [PATCH] [Fix] Fix couple of issues Found by: Coverity --- src/controller.c | 26 +++++++++++++++++++------- src/fuzzy_storage.c | 18 ++++++++---------- src/libmime/archives.c | 2 +- src/libmime/content_type.c | 3 ++- src/libmime/message.c | 2 +- src/libserver/dns.c | 4 ++-- src/libstat/backends/redis_backend.c | 4 +--- src/libutil/addr.c | 2 +- src/libutil/map.c | 4 ---- src/libutil/sqlite_utils.c | 1 - src/lua/lua_cryptobox.c | 4 ++++ src/lua/lua_fann.c | 2 ++ src/lua/lua_html.c | 4 ++-- src/lua/lua_map.c | 5 +++-- src/lua/lua_redis.c | 28 +++++++++++++++------------- src/lua/lua_trie.c | 6 +++--- 16 files changed, 64 insertions(+), 51 deletions(-) diff --git a/src/controller.c b/src/controller.c index 25eb54db8..48c89c408 100644 --- a/src/controller.c +++ b/src/controller.c @@ -1276,7 +1276,7 @@ rspamd_controller_handle_graph ( k = 0; /* Create window */ - step = (rrd_result->rra_rows / desired_points + 0.5); + step = ceil (((gdouble)rrd_result->rra_rows) / desired_points); g_assert (step >= 1); acc = g_malloc0 (sizeof (double) * rrd_result->ds_count * step); @@ -1996,15 +1996,22 @@ rspamd_controller_handle_saveactions ( } parser = ucl_parser_new (0); - ucl_parser_add_chunk (parser, msg->body_buf.begin, msg->body_buf.len); + if (!ucl_parser_add_chunk (parser, msg->body_buf.begin, msg->body_buf.len)) { + if ((error = ucl_parser_get_error (parser)) != NULL) { + msg_err_session ("cannot parse input: %s", error); + rspamd_controller_send_error (conn_ent, 400, "Cannot parse input"); + ucl_parser_free (parser); + return 0; + } - if ((error = ucl_parser_get_error (parser)) != NULL) { - msg_err_session ("cannot parse input: %s", error); + msg_err_session ("cannot parse input: unknown error"); rspamd_controller_send_error (conn_ent, 400, "Cannot parse input"); ucl_parser_free (parser); return 0; } + + obj = ucl_parser_get_object (parser); ucl_parser_free (parser); @@ -2110,10 +2117,15 @@ rspamd_controller_handle_savesymbols ( } parser = ucl_parser_new (0); - ucl_parser_add_chunk (parser, msg->body_buf.begin, msg->body_buf.len); + if (!ucl_parser_add_chunk (parser, msg->body_buf.begin, msg->body_buf.len)) { + if ((error = ucl_parser_get_error (parser)) != NULL) { + msg_err_session ("cannot parse input: %s", error); + rspamd_controller_send_error (conn_ent, 400, "Cannot parse input"); + ucl_parser_free (parser); + return 0; + } - if ((error = ucl_parser_get_error (parser)) != NULL) { - msg_err_session ("cannot parse input: %s", error); + msg_err_session ("cannot parse input: unknown error"); rspamd_controller_send_error (conn_ent, 400, "Cannot parse input"); ucl_parser_free (parser); return 0; diff --git a/src/fuzzy_storage.c b/src/fuzzy_storage.c index 3e2c00f74..94dfa906c 100644 --- a/src/fuzzy_storage.c +++ b/src/fuzzy_storage.c @@ -1080,7 +1080,7 @@ rspamd_fuzzy_mirror_process_update (struct fuzzy_master_update_session *session, */ p = rspamd_http_message_get_body (msg, &remain); - if (remain > sizeof (gint32) * 2) { + if (p && remain > sizeof (gint32) * 2) { memcpy (&revision, p, sizeof (gint32)); revision = GINT32_TO_LE (revision); @@ -1322,6 +1322,7 @@ rspamd_fuzzy_mirror_finish_handler (struct rspamd_http_connection *conn, if (!rspamd_http_message_get_body (msg, NULL) || !msg->url || msg->url->len == 0) { msg_err_fuzzy_update ("empty update message, not processing"); + err_str = "Empty update"; goto end; } @@ -1883,18 +1884,15 @@ fuzzy_storage_parse_mirror (rspamd_mempool_t *pool, return TRUE; err: + g_free (up->name); + rspamd_upstreams_destroy (up->u); - if (up) { - g_free (up->name); - rspamd_upstreams_destroy (up->u); - - if (up->key) { - rspamd_pubkey_unref (up->key); - } - - g_slice_free1 (sizeof (*up), up); + if (up->key) { + rspamd_pubkey_unref (up->key); } + g_slice_free1 (sizeof (*up), up); + return FALSE; } diff --git a/src/libmime/archives.c b/src/libmime/archives.c index c78b8c976..4187e86fa 100644 --- a/src/libmime/archives.c +++ b/src/libmime/archives.c @@ -244,7 +244,7 @@ rspamd_archive_rar_read_vint (const guchar *start, gsize remain, guint64 *res) msg_debug_task ("rar archive is invalid (bad int32)"); \ return; \ } \ - n = p[0] + (p[1] << 8) + (p[2] << 16) + (p[3] << 24); \ + n = (guint)p[0] + ((guint)p[1] << 8) + ((guint)p[2] << 16) + ((guint)p[3] << 24); \ p += sizeof (guint32); \ } while (0) diff --git a/src/libmime/content_type.c b/src/libmime/content_type.c index 9f37a8782..ba4807e0f 100644 --- a/src/libmime/content_type.c +++ b/src/libmime/content_type.c @@ -184,12 +184,13 @@ rspamd_content_disposition_add_param (rspamd_mempool_t *pool, nparam->name.len = name_end - name_start; decoded = rspamd_mime_header_decode (pool, value_start, value_end - value_start); RSPAMD_FTOK_FROM_STR (&nparam->value, decoded); - DL_APPEND (found, nparam); if (!found) { g_hash_table_insert (cd->attrs, &nparam->name, nparam); } + DL_APPEND (found, nparam); + srch.begin = "filename"; srch.len = 8; diff --git a/src/libmime/message.c b/src/libmime/message.c index eba213898..6692c76e2 100644 --- a/src/libmime/message.c +++ b/src/libmime/message.c @@ -692,7 +692,7 @@ rspamd_message_parse (struct rspamd_task *task) rspamd_images_process (task); rspamd_archives_process (task); - if (task->received && task->received->len > 0) { + if (task->received->len > 0) { gboolean need_recv_correction = FALSE; rspamd_inet_addr_t *raddr; diff --git a/src/libserver/dns.c b/src/libserver/dns.c index b6a38dab0..5d662d835 100644 --- a/src/libserver/dns.c +++ b/src/libserver/dns.c @@ -257,8 +257,8 @@ dns_resolver_init (rspamd_logger_t *logger, if (cfg == NULL || cfg->nameservers == NULL) { /* Parse resolv.conf */ if (!rdns_resolver_parse_resolv_conf (dns_resolver->r, "/etc/resolv.conf")) { - msg_err_config ( - "cannot parse resolv.conf and no nameservers defined, so no ways to resolve addresses"); + msg_err ("cannot parse resolv.conf and no nameservers defined, " + "so no ways to resolve addresses"); rdns_resolver_release (dns_resolver->r); dns_resolver->r = NULL; diff --git a/src/libstat/backends/redis_backend.c b/src/libstat/backends/redis_backend.c index b747fd75f..d5df2234e 100644 --- a/src/libstat/backends/redis_backend.c +++ b/src/libstat/backends/redis_backend.c @@ -126,9 +126,7 @@ rspamd_redis_expand_object (const gchar *pattern, g_assert (ctx != NULL); stcf = ctx->stcf; - if (task) { - L = task->cfg->lua_state; - } + L = task->cfg->lua_state; if (ctx->enable_users) { if (ctx->cbref_user == -1) { diff --git a/src/libutil/addr.c b/src/libutil/addr.c index 728189068..c72727c38 100644 --- a/src/libutil/addr.c +++ b/src/libutil/addr.c @@ -1341,7 +1341,7 @@ rspamd_inet_address_apply_mask (rspamd_inet_addr_t *addr, guint mask) p += 3; for (;;) { - if (mask > 32) { + if (mask >= 32) { mask -= 32; *p = 0; } diff --git a/src/libutil/map.c b/src/libutil/map.c index 361abcee4..3794cfcfa 100644 --- a/src/libutil/map.c +++ b/src/libutil/map.c @@ -1465,10 +1465,6 @@ err: g_slice_free1 (sizeof (*hdata), hdata); } - if (fdata) { - g_slice_free1 (sizeof (*fdata), fdata); - } - return NULL; } diff --git a/src/libutil/sqlite_utils.c b/src/libutil/sqlite_utils.c index 9686d221a..7da003fa5 100644 --- a/src/libutil/sqlite_utils.c +++ b/src/libutil/sqlite_utils.c @@ -220,7 +220,6 @@ rspamd_sqlite3_wait (rspamd_mempool_t *pool, const gchar *lock) return FALSE; } if (nanosleep (&sleep_ts, NULL) == -1 && errno != EINTR) { - close (fd); msg_err_pool_check ("cannot sleep open lock file %s: %s", lock, strerror (errno)); diff --git a/src/lua/lua_cryptobox.c b/src/lua/lua_cryptobox.c index 94dec34f5..534ffc0e5 100644 --- a/src/lua/lua_cryptobox.c +++ b/src/lua/lua_cryptobox.c @@ -1131,6 +1131,10 @@ lua_cryptobox_verify_file (lua_State *L) } } else { + if (map != NULL) { + munmap (map, len); + } + return luaL_error (L, "invalid arguments"); } diff --git a/src/lua/lua_fann.c b/src/lua/lua_fann.c index ba57b414a..884a40293 100644 --- a/src/lua/lua_fann.c +++ b/src/lua/lua_fann.c @@ -213,6 +213,8 @@ rspamd_fann_create_train (guint num_data, guint num_input, guint num_output) fann_type *inp, *outp; guint i; + g_assert (num_data > 0 && num_input > 0 && num_output > 0); + t = calloc (1, sizeof (*t)); g_assert (t != NULL); diff --git a/src/lua/lua_html.c b/src/lua/lua_html.c index 0fdd61929..0ec561338 100644 --- a/src/lua/lua_html.c +++ b/src/lua/lua_html.c @@ -374,9 +374,9 @@ lua_html_get_blocks (lua_State *L) guint i; if (hc != NULL) { - lua_createtable (L, hc->blocks->len, 0); - if (hc->blocks && hc->blocks->len > 0) { + lua_createtable (L, hc->blocks->len, 0); + for (i = 0; i < hc->blocks->len; i ++) { bl = g_ptr_array_index (hc->blocks, i); lua_html_push_block (L, bl); diff --git a/src/lua/lua_map.c b/src/lua/lua_map.c index 1ed4aff7d..f4d3a6b88 100644 --- a/src/lua/lua_map.c +++ b/src/lua/lua_map.c @@ -356,8 +356,9 @@ lua_map_fin (struct map_cb_data *data) lua_pop (cbdata->L, 1); } } - - cbdata->data = rspamd_fstring_assign (cbdata->data, "", 0); + else if (cbdata->data != NULL) { + cbdata->data = rspamd_fstring_assign (cbdata->data, "", 0); + } } gint diff --git a/src/lua/lua_redis.c b/src/lua/lua_redis.c index 2307db835..acb355faa 100644 --- a/src/lua/lua_redis.c +++ b/src/lua/lua_redis.c @@ -533,6 +533,7 @@ rspamd_lua_redis_prepare_connection (lua_State *L, gint *pcbref) if (lua_istable (L, 1)) { /* Table version */ + lua_pushvalue (L, 1); lua_pushstring (L, "task"); lua_gettable (L, -2); if (lua_type (L, -1) == LUA_TUSERDATA) { @@ -621,6 +622,7 @@ rspamd_lua_redis_prepare_connection (lua_State *L, gint *pcbref) dbname = lua_tostring (L, -1); } lua_pop (L, 1); + lua_pop (L, 1); /* table */ if (ret && addr != NULL) { @@ -817,6 +819,7 @@ lua_redis_make_request_sync (lua_State *L) redisReply *r; if (lua_istable (L, 1)) { + lua_pushvalue (L, 1); lua_pushstring (L, "cmd"); lua_gettable (L, -2); @@ -848,9 +851,13 @@ lua_redis_make_request_sync (lua_State *L) } lua_pop (L, 1); - lua_pushstring (L, "args"); - lua_gettable (L, -2); - lua_redis_parse_args (L, -1, cmd, &args, &arglens, &nargs); + if (cmd) { + lua_pushstring (L, "args"); + lua_gettable (L, -2); + lua_redis_parse_args (L, -1, cmd, &args, &arglens, &nargs); + lua_pop (L, 1); + } + lua_pop (L, 1); if (addr && cmd) { @@ -928,7 +935,6 @@ lua_redis_connect (lua_State *L) struct lua_redis_userdata *ud; struct lua_redis_ctx *ctx, **pctx; gdouble timeout = REDIS_DEFAULT_TIMEOUT; - gboolean ret = FALSE; ctx = rspamd_lua_redis_prepare_connection (L, NULL); @@ -936,10 +942,11 @@ lua_redis_connect (lua_State *L) ud = &ctx->d.async; lua_pushstring (L, "timeout"); - lua_gettable (L, -2); + lua_gettable (L, 1); if (lua_type (L, -1) == LUA_TNUMBER) { timeout = lua_tonumber (L, -1); } + lua_pop (L, 1); ud->timeout = timeout; } @@ -950,14 +957,9 @@ lua_redis_connect (lua_State *L) return 2; } - if (ret) { - pctx = lua_newuserdata (L, sizeof (ctx)); - *pctx = ctx; - rspamd_lua_setclass (L, "rspamd{redis}", -1); - } - else { - lua_pushnil (L); - } + pctx = lua_newuserdata (L, sizeof (ctx)); + *pctx = ctx; + rspamd_lua_setclass (L, "rspamd{redis}", -1); return 1; } diff --git a/src/lua/lua_trie.c b/src/lua/lua_trie.c index 0531197a2..5911842b9 100644 --- a/src/lua/lua_trie.c +++ b/src/lua/lua_trie.c @@ -256,7 +256,7 @@ lua_trie_search_mime (lua_State *L) gsize len, i; gboolean found = FALSE; - if (trie) { + if (trie && task) { for (i = 0; i < task->text_parts->len; i ++) { part = g_ptr_array_index (task->text_parts, i); @@ -292,7 +292,7 @@ lua_trie_search_rawmsg (lua_State *L) gsize len; gboolean found = FALSE; - if (trie) { + if (trie && task) { text = task->msg.begin; len = task->msg.len; @@ -322,7 +322,7 @@ lua_trie_search_rawbody (lua_State *L) gsize len; gboolean found = FALSE; - if (trie) { + if (trie && task) { if (task->raw_headers_content.len > 0) { text = task->msg.begin + task->raw_headers_content.len; len = task->msg.len - task->raw_headers_content.len; -- 2.39.5