From dd299d9babf1bf401dc82c395b901b0324753130 Mon Sep 17 00:00:00 2001 From: Andrey Volk Date: Thu, 30 Jan 2025 23:10:39 +0300 Subject: [PATCH] [xmlrpc-c] Coverity 1024180, 1024205, 1024301, 1024847, 1024848, 1024377, 1024378, 1024379, 1024380, 1024381, 1024584, 1024495, 1214208 fixes. --- libs/xmlrpc-c/lib/abyss/src/handler.c | 2 +- libs/xmlrpc-c/lib/expat/xmlparse/xmlparse.c | 3 +++ libs/xmlrpc-c/lib/libutil/utf8.c | 2 +- libs/xmlrpc-c/src/xmlrpc_decompose.c | 21 +++++++++++++-------- libs/xmlrpc-c/src/xmlrpc_server_abyss.c | 2 ++ libs/xmlrpc-c/src/xmlrpc_server_cgi.c | 11 +++++++---- 6 files changed, 27 insertions(+), 14 deletions(-) diff --git a/libs/xmlrpc-c/lib/abyss/src/handler.c b/libs/xmlrpc-c/lib/abyss/src/handler.c index b26217687d..c61fc3c607 100644 --- a/libs/xmlrpc-c/lib/abyss/src/handler.c +++ b/libs/xmlrpc-c/lib/abyss/src/handler.c @@ -305,7 +305,7 @@ sendDirectoryDocument(TList * const listP, if (k > 24) { snprintf(z1, sizeof(z1), "%.10s...%s", z, z + k - 11); k = 24; - p = z1 + 24; + p = z1 + k; } else { snprintf(z1, sizeof(z1), "%s", z); diff --git a/libs/xmlrpc-c/lib/expat/xmlparse/xmlparse.c b/libs/xmlrpc-c/lib/expat/xmlparse/xmlparse.c index 5b647f1a9e..61bb8e00f6 100644 --- a/libs/xmlrpc-c/lib/expat/xmlparse/xmlparse.c +++ b/libs/xmlrpc-c/lib/expat/xmlparse/xmlparse.c @@ -2416,6 +2416,7 @@ doStartTagNoAtts(XML_Parser const xmlParserP, } tag->buf = malloc(INIT_TAG_BUF_SIZE); if (!tag->buf) { + free(tag); *errorCodeP = XML_ERROR_NO_MEMORY; return; } @@ -3646,8 +3647,10 @@ doProlog(XML_Parser const xmlParserP, switch (tok) { case XML_TOK_PARAM_ENTITY_REF: *errorCodeP = XML_ERROR_PARAM_ENTITY_REF; + break; case XML_TOK_XML_DECL: *errorCodeP = XML_ERROR_MISPLACED_XML_PI; + break; default: *errorCodeP = XML_ERROR_SYNTAX; } diff --git a/libs/xmlrpc-c/lib/libutil/utf8.c b/libs/xmlrpc-c/lib/libutil/utf8.c index 77e436d636..39432e3fd2 100644 --- a/libs/xmlrpc-c/lib/libutil/utf8.c +++ b/libs/xmlrpc-c/lib/libutil/utf8.c @@ -170,7 +170,7 @@ decodeMultibyte(xmlrpc_env * const envP, Return the character in UTF-16 format as *wcP. -----------------------------------------------------------------------------*/ - wchar_t wc; + wchar_t wc = 0; assert(utf8_seq[0] & 0x80); /* High bit set: this is multibyte seq */ diff --git a/libs/xmlrpc-c/src/xmlrpc_decompose.c b/libs/xmlrpc-c/src/xmlrpc_decompose.c index 6323a269ae..adee339a22 100644 --- a/libs/xmlrpc-c/src/xmlrpc_decompose.c +++ b/libs/xmlrpc-c/src/xmlrpc_decompose.c @@ -181,9 +181,10 @@ releaseDecompArray(struct arrayDecomp const arrayDecomp, static void -releaseDecompStruct(struct structDecomp const structDecomp, +releaseDecompStruct(struct structDecomp const *_structDecomp, bool const oldstyleMemMgmt) { + struct structDecomp const structDecomp = *_structDecomp; unsigned int i; for (i = 0; i < structDecomp.mbrCnt; ++i) { releaseDecomposition(structDecomp.mbrArray[i].decompTreeP, @@ -239,7 +240,7 @@ releaseDecomposition(const struct decompTreeNode * const decompRootP, releaseDecompArray(decompRootP->store.Tarray, oldstyleMemMgmt); break; case '{': - releaseDecompStruct(decompRootP->store.Tstruct, oldstyleMemMgmt); + releaseDecompStruct(&decompRootP->store.Tstruct, oldstyleMemMgmt); break; } } @@ -259,8 +260,9 @@ decomposeValueWithTree(xmlrpc_env * const envP, static void validateArraySize(xmlrpc_env * const envP, const xmlrpc_value * const arrayP, - struct arrayDecomp const arrayDecomp) { + struct arrayDecomp const *_arrayDecomp) { + struct arrayDecomp const arrayDecomp = *_arrayDecomp; unsigned int size; size = xmlrpc_array_size(envP, arrayP); @@ -284,10 +286,12 @@ validateArraySize(xmlrpc_env * const envP, static void parsearray(xmlrpc_env * const envP, const xmlrpc_value * const arrayP, - struct arrayDecomp const arrayDecomp, + struct arrayDecomp const *_arrayDecomp, bool const oldstyleMemMgmt) { - validateArraySize(envP, arrayP, arrayDecomp); + struct arrayDecomp const arrayDecomp = *_arrayDecomp; + + validateArraySize(envP, arrayP, &arrayDecomp); if (!envP->fault_occurred) { unsigned int doneCnt; @@ -324,9 +328,10 @@ parsearray(xmlrpc_env * const envP, static void parsestruct(xmlrpc_env * const envP, xmlrpc_value * const structP, - struct structDecomp const structDecomp, + struct structDecomp const *_structDecomp, bool const oldstyleMemMgmt) { + struct structDecomp const structDecomp = *_structDecomp; unsigned int doneCount; doneCount = 0; /* No members done yet */ @@ -569,7 +574,7 @@ decomposeValueWithTree(xmlrpc_env * const envP, "%s, but the '(...)' specifier requires type ARRAY", xmlrpc_type_name(xmlrpc_value_type(valueP))); else - parsearray(envP, valueP, decompRootP->store.Tarray, + parsearray(envP, valueP, &decompRootP->store.Tarray, oldstyleMemMgmt); break; @@ -580,7 +585,7 @@ decomposeValueWithTree(xmlrpc_env * const envP, "%s, but the '{...}' specifier requires type STRUCT", xmlrpc_type_name(xmlrpc_value_type(valueP))); else - parsestruct(envP, valueP, decompRootP->store.Tstruct, + parsestruct(envP, valueP, &decompRootP->store.Tstruct, oldstyleMemMgmt); break; diff --git a/libs/xmlrpc-c/src/xmlrpc_server_abyss.c b/libs/xmlrpc-c/src/xmlrpc_server_abyss.c index 8471c4c910..7c6c3dd726 100644 --- a/libs/xmlrpc-c/src/xmlrpc_server_abyss.c +++ b/libs/xmlrpc-c/src/xmlrpc_server_abyss.c @@ -179,9 +179,11 @@ sendResponse(xmlrpc_env * const envP, ResponseStatus(abyssSessionP, 200); +#if 0 /* Uncomment once http_cookie is not NULL again */ if (http_cookie) /* There's an auth cookie, so pass it back in the response. */ addAuthCookie(envP, abyssSessionP, http_cookie); +#endif if ((size_t)(uint32_t)len != len) xmlrpc_faultf(envP, "XML-RPC method generated a response too " diff --git a/libs/xmlrpc-c/src/xmlrpc_server_cgi.c b/libs/xmlrpc-c/src/xmlrpc_server_cgi.c index f8ab73a7aa..607a739f9a 100644 --- a/libs/xmlrpc-c/src/xmlrpc_server_cgi.c +++ b/libs/xmlrpc-c/src/xmlrpc_server_cgi.c @@ -189,6 +189,7 @@ xmlrpc_server_cgi_process_call(xmlrpc_registry * const registryP) { size_t input_size, output_size; int code; char *message; + char *err = NULL; /* Error-handling preconditions. */ xmlrpc_env_init(&env); @@ -209,13 +210,13 @@ xmlrpc_server_cgi_process_call(xmlrpc_registry * const registryP) { } if (!type || !xmlrpc_strneq(type, "text/xml", strlen("text/xml"))) { char *template = "Expected content type: \"text/xml\", received: \"%s\""; - size_t err_len = strlen(template) + strlen(type) + 1; - char *err = malloc(err_len); + size_t err_len = strlen(template) + (type ? strlen(type) : 0) + 1; - (void)snprintf(err, err_len, template, type); + err = malloc(err_len); + + (void)snprintf(err, err_len, template, (type ? type : "")); code = 400; message = "Bad Request"; XMLRPC_FAIL(&env, XMLRPC_INTERNAL_ERROR, err); - free(err); } if (!length_str) { code = 411; message = "Length Required"; @@ -254,6 +255,8 @@ xmlrpc_server_cgi_process_call(xmlrpc_registry * const registryP) { send_xml(output_data, output_size); cleanup: + if (err) + free(err); if (input) xmlrpc_mem_block_free(input); if (output)