The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=c04ad15ca7dbe9034b274e404edc0bcf6a5300e0
commit c04ad15ca7dbe9034b274e404edc0bcf6a5300e0 Author: Kyle Evans <[email protected]> AuthorDate: 2023-02-16 20:36:17 +0000 Commit: Kyle Evans <[email protected]> CommitDate: 2023-02-16 20:37:06 +0000 config: address a number of Coverity issues Highlights: - Various memory leaks - FILE* leaks - `tsize` in moveifchanged() is only needed if !changed, and `from_sb` is only valid if !changed. - Simplify trivially true expression - Sanity check elfdump size output (+ fix variable sizes) (des@) CID: 1471167, 1006391, 1505333, 1505275, 1505349, 1505306, 1505232 Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D38643 --- usr.sbin/config/lang.l | 2 ++ usr.sbin/config/main.cc | 10 ++++++---- usr.sbin/config/mkoptions.cc | 20 +++++++++++++++----- 3 files changed, 23 insertions(+), 9 deletions(-) diff --git a/usr.sbin/config/lang.l b/usr.sbin/config/lang.l index ed0b2aa794b3..243b66666d0e 100644 --- a/usr.sbin/config/lang.l +++ b/usr.sbin/config/lang.l @@ -297,6 +297,8 @@ include(const char *fname, int ateof) return (-1); } cfgfile_add(fnamebuf == NULL ? fname : fnamebuf); + free(fnamebuf); + in = malloc(sizeof(*in)); assert(in != NULL); in->in_prev = inclp; diff --git a/usr.sbin/config/main.cc b/usr.sbin/config/main.cc index 66a071401183..f6c99e32c594 100644 --- a/usr.sbin/config/main.cc +++ b/usr.sbin/config/main.cc @@ -616,9 +616,9 @@ moveifchanged(const char *from_name, const char *to_name) if (!changed && from_sb.st_size != to_sb.st_size) changed++; - tsize = (size_t)from_sb.st_size; - if (!changed) { + tsize = (size_t)from_sb.st_size; + p = (char *)mmap(NULL, tsize, PROT_READ, MAP_SHARED, from_fd, (off_t)0); if (p == MAP_FAILED) @@ -736,7 +736,7 @@ kernconfdump(const char *file) struct stat st; FILE *fp, *pp; int error, osz, r; - unsigned int i, off, size, t1, t2, align; + size_t i, off, size, t1, t2, align; char *cmd, *o; r = open(file, O_RDONLY); @@ -765,8 +765,10 @@ kernconfdump(const char *file) free(cmd); (void)fread(o, osz, 1, pp); pclose(pp); - r = sscanf(o, "%d%d%d%d%d", &off, &size, &t1, &t2, &align); + r = sscanf(o, "%zu%zu%zu%zu%zu", &off, &size, &t1, &t2, &align); free(o); + if (size > SIZE_MAX - off || off + size > (size_t)st.st_size) + errx(EXIT_FAILURE, "%s: incoherent ELF headers", file); if (r != 5) errx(EXIT_FAILURE, "File %s doesn't contain configuration " "file. Either unsupported, or not compiled with " diff --git a/usr.sbin/config/mkoptions.cc b/usr.sbin/config/mkoptions.cc index 134c09c2d074..1ffb9722af8b 100644 --- a/usr.sbin/config/mkoptions.cc +++ b/usr.sbin/config/mkoptions.cc @@ -263,7 +263,7 @@ do_option(char *name) if (op == NULL) err(EXIT_FAILURE, "calloc"); op->op_name = ns(name); - op->op_value = value ? ns(value) : NULL; + op->op_value = ns(value); SLIST_INSERT_HEAD(&op_head, op, op_next); } @@ -383,8 +383,10 @@ read_option_file(const char *fname, int flags) } optname = ns(wd); wd = get_word(fp); - if (wd.eof()) - return (1); + if (wd.eof()) { + free(optname); + break; + } if (wd.eol()) { if (flags) { fprintf(stderr, "%s: compat file requires two" @@ -399,10 +401,18 @@ read_option_file(const char *fname, int flags) } else { val = ns(wd); } - if (flags == 0) + + if (flags == 0) { + /* + * insert_option takes possession of `optname` in the + * new option instead of making yet another copy. + */ insert_option(fname, optname, val); - else + } else { update_option(optname, val, flags); + free(optname); + optname = NULL; + } } (void)fclose(fp); return (1);
