On Wednesday 19 November 2014 18:17:15 Darshit Shah wrote: > I just ran the latest HEAD of our repository through Coverity's static > analysis engine.
Here are two patches for three of the reports (the 4th seems to be a false positive). Please have a look. Tim
From 02c3a2a3af08c662e3c3a33a5c538f58b6fcb1d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim Rühsen?= <[email protected]> Date: Wed, 19 Nov 2014 14:55:34 +0100 Subject: [PATCH] Use random() and srandom() if available. Reported-by: Coverity scanner --- ChangeLog | 4 ++++ configure.ac | 2 +- src/ChangeLog | 7 +++++++ src/utils.c | 13 +++++++++++-- 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 15580c4..0be7e9f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2014-11-19 Tim Ruehsen <[email protected]> + + * configure.ac: Check for random() + 2014-11-17 Tim Ruehsen <[email protected]> * bootstrap.conf (gnulib_modules): Add module c-strcase diff --git a/configure.ac b/configure.ac index 298aede..e589b93 100644 --- a/configure.ac +++ b/configure.ac @@ -241,7 +241,7 @@ AC_FUNC_MMAP AC_FUNC_FSEEKO AC_CHECK_FUNCS(strptime timegm vsnprintf vasprintf drand48 pathconf) AC_CHECK_FUNCS(strtoll usleep ftello sigblock sigsetjmp memrchr wcwidth mbtowc) -AC_CHECK_FUNCS(sleep symlink utime strlcpy) +AC_CHECK_FUNCS(sleep symlink utime strlcpy random) if test x"$ENABLE_OPIE" = xyes; then AC_LIBOBJ([ftp-opie]) diff --git a/src/ChangeLog b/src/ChangeLog index d6a0ceb..281cb20 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,12 @@ 2014-11-19 Tim Ruehsen <[email protected]> + * utils.c (random_float, random_number): Use random() and + srandom() if available. + + Reported-by: Coverity scanner + +2014-11-19 Tim Ruehsen <[email protected]> + * ftp-basic.c (ftp_epsv): Fix loop check Reported-by: Coverity scanner diff --git a/src/utils.c b/src/utils.c index 3280294..f40480f 100644 --- a/src/utils.c +++ b/src/utils.c @@ -1846,7 +1846,14 @@ static int rnd_seeded; int random_number (int max) { -#ifdef HAVE_DRAND48 +#ifdef HAVE_RANDOM + if (!rnd_seeded) + { + srandom ((long) time (NULL) ^ (long) getpid ()); + rnd_seeded = 1; + } + return random () % max; +#elif defined HAVE_DRAND48 if (!rnd_seeded) { srand48 ((long) time (NULL) ^ (long) getpid ()); @@ -1881,7 +1888,9 @@ random_number (int max) double random_float (void) { -#ifdef HAVE_DRAND48 +#ifdef HAVE_RANDOM + return ((double) random_number (RAND_MAX)) / RAND_MAX; +#elif defined HAVE_DRAND48 if (!rnd_seeded) { srand48 ((long) time (NULL) ^ (long) getpid ()); -- 2.1.3
From 6d2b42cbd049c8e54ec11663c3bea8ddd022c6ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim Rühsen?= <[email protected]> Date: Wed, 19 Nov 2014 14:35:40 +0100 Subject: [PATCH] Fix loop check --- src/ChangeLog | 6 ++++++ src/ftp-basic.c | 14 ++++++-------- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index f78b85e..d6a0ceb 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,11 @@ 2014-11-19 Tim Ruehsen <[email protected]> + * ftp-basic.c (ftp_epsv): Fix loop check + + Reported-by: Coverity scanner + +2014-11-19 Tim Ruehsen <[email protected]> + * openssl.c (ssl_check_certificate): Fix memory leak 2014-11-19 Tim Ruehsen <[email protected]> diff --git a/src/ftp-basic.c b/src/ftp-basic.c index b6e67e2..83cc447 100644 --- a/src/ftp-basic.c +++ b/src/ftp-basic.c @@ -784,15 +784,13 @@ ftp_epsv (int csock, ip_address *ip, int *port) } /* Finally, get the port number */ - tport = 0; - for (i = 1; c_isdigit (*s); s++) - { - if (i > 5) - { - xfree (respline); - return FTPINVPASV; - } + for (tport = 0, i = 0; i < 5 && c_isdigit (*s); i++, s++) tport = (*s - '0') + 10 * tport; + + if (i >= 5) + { + xfree (respline); + return FTPINVPASV; } /* Make sure that the response terminates correcty */ -- 2.1.3
signature.asc
Description: This is a digitally signed message part.
