config: address a number of Coverity issues

Highlights: - Various memory leaks - FILE* leaks - `tsize` in moveifchanged() is only needed if !changed, and `from_sb` is only valid if !changed. - Simplify trivially true expression - Sanity check elfdump size output (+ fix variable sizes) (des@) CID: 1471167, 1006391, 1505333, 1505275, 1505349, 1505306, 1505232 Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D38643
2023-02-16 14:36:17 -06:00 · 2023-02-16 14:36:17 -06:00 · c04ad15ca7
commit c04ad15ca7
parent da88842029
3 changed files with 23 additions and 9 deletions
--- a/usr.sbin/config/lang.l
+++ b/usr.sbin/config/lang.l
@ -297,6 +297,8 @@ include(const char *fname, int ateof)
 		return (-1);
 	}
 	cfgfile_add(fnamebuf == NULL ? fname : fnamebuf);
+	free(fnamebuf);
+
 	in = malloc(sizeof(*in));
 	assert(in != NULL);
 	in->in_prev = inclp;
--- a/usr.sbin/config/main.cc
+++ b/usr.sbin/config/main.cc
@ -616,9 +616,9 @@ moveifchanged(const char *from_name, const char *to_name)
 	if (!changed && from_sb.st_size != to_sb.st_size)
 		changed++;

-	tsize = (size_t)from_sb.st_size;
-
 	if (!changed) {
+		tsize = (size_t)from_sb.st_size;
+
 		p = (char *)mmap(NULL, tsize, PROT_READ, MAP_SHARED, from_fd,
 		    (off_t)0);
 		if (p == MAP_FAILED)
@ -736,7 +736,7 @@ kernconfdump(const char *file)
 	struct stat st;
 	FILE *fp, *pp;
 	int error, osz, r;
-	unsigned int i, off, size, t1, t2, align;
+	size_t i, off, size, t1, t2, align;
 	char *cmd, *o;

 	r = open(file, O_RDONLY);
@ -765,8 +765,10 @@ kernconfdump(const char *file)
 	free(cmd);
 	(void)fread(o, osz, 1, pp);
 	pclose(pp);
-	r = sscanf(o, "%d%d%d%d%d", &off, &size, &t1, &t2, &align);
+	r = sscanf(o, "%zu%zu%zu%zu%zu", &off, &size, &t1, &t2, &align);
 	free(o);
+	if (size > SIZE_MAX - off || off + size > (size_t)st.st_size)
+		errx(EXIT_FAILURE, "%s: incoherent ELF headers", file);
 	if (r != 5)
 		errx(EXIT_FAILURE, "File %s doesn't contain configuration "
 		    "file. Either unsupported, or not compiled with "
--- a/usr.sbin/config/mkoptions.cc
+++ b/usr.sbin/config/mkoptions.cc
@ -263,7 +263,7 @@ do_option(char *name)
 		if (op == NULL)
 			err(EXIT_FAILURE, "calloc");
 		op->op_name = ns(name);
-		op->op_value = value ? ns(value) : NULL;
+		op->op_value = ns(value);
 		SLIST_INSERT_HEAD(&op_head, op, op_next);
 	}

@ -383,8 +383,10 @@ read_option_file(const char *fname, int flags)
 		}
 		optname = ns(wd);
 		wd = get_word(fp);
-		if (wd.eof())
-			return (1);
+		if (wd.eof()) {
+			free(optname);
+			break;
+		}
 		if (wd.eol()) {
 			if (flags) {
 				fprintf(stderr, "%s: compat file requires two"
@ -399,10 +401,18 @@ read_option_file(const char *fname, int flags)
 		} else {
 			val = ns(wd);
 		}
-		if (flags == 0)
+
+		if (flags == 0) {
+			/*
+			 * insert_option takes possession of `optname` in the
+			 * new option instead of making yet another copy.
+			 */
 			insert_option(fname, optname, val);
-		else
+		} else {
 			update_option(optname, val, flags);
+			free(optname);
+			optname = NULL;
+		}
 	}
 	(void)fclose(fp);
 	return (1);