Commit Graph

16407 Commits

Author SHA1 Message Date
Enji Cooper
471761b8bb Remove NO_WERROR and add WARNS?= 6
This now compiles cleanly on all architectures

MFC after: 1 month
Tested with: clang 3.8, gcc 4.2.1, gcc 4.5, make tinderbox
Sponsored by: EMC / Isilon Storage Division
2016-05-15 03:38:40 +00:00
Enji Cooper
99ca491ca6 Remove NO_WERROR.clang from this Makefile
This compiles with clang without warnings

MFC after: 1 month
Sponsored by: EMC / Isilon Storage Division
2016-05-15 00:42:18 +00:00
Enji Cooper
6047e12ca5 Replace malloc + memset(.., 0, ..) with calloc calls
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2016-05-15 00:40:05 +00:00
Enji Cooper
27c7c23864 Use strdup instead of malloc + strlcpy
Fix error messages on failure for calloc/strdup

MFC after: 3 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-15 00:25:36 +00:00
Enji Cooper
229bb4daa1 Correct function names that failed in error messages
It should be calloc/strdup, not malloc

MFC after: 3 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-15 00:24:21 +00:00
Enji Cooper
d208c8fa3f Replace QUADFMT with %ju and QUADXFMT with %jx and cast values with uintmax_t
This will cure some -Wformat warnings

MFC after: 1 week
Reported by: clang, gcc
Sponsored by: EMC / Isilon Storage Division
2016-05-15 00:10:37 +00:00
Enji Cooper
70e366f272 Bump WARNS to 6
MFC after: 1 month
Sponsored by: EMC / Isilon Storage Division
2016-05-15 00:08:09 +00:00
Enji Cooper
92f7f8fb62 Fix up r299769
Similar to r299802, it was noted that using nitems on scalar pointers is
invalid.

Use strdup instead of malloc + strlcpy (which is what the old code was doing
anyhow).

MFC after: 1 week
Pointyhat to: ngie
Sponsored by: EMC / Isilon Storage Division
2016-05-15 00:05:28 +00:00
Enji Cooper
4e312050f0 Replace malloc + memset(.., 0, ..) with calloc calls
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2016-05-15 00:02:55 +00:00
Enji Cooper
2501437203 Fix up both r299764 and r299770
nitems was wrong too, as it was being tested against a pointer instead of a buffer on
the stack.

Since the old code was just doing malloc, then strlcpy'ing the contents of the source
buffer into the destination buffer, replace it all with a call to strdup..

Reported by: bde
MFC after: 1 week
X-MFC with: r299764, r299770
Supersized Duncecap to: ngie
Sponsored by: EMC / Isilon Storage Division
2016-05-15 00:01:23 +00:00
Enji Cooper
4a2b63d5bb Convert tok from enum tok to int32_t in function calls
get_token(..) returns int32_t, not enum tok, and in many cases tests for items
not in enum tok (e.g. '('). Make the typing consistent with get_token, which
includes a domino effect of changing enum tok to int32_t.

MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-14 23:29:41 +00:00
Enji Cooper
5413861b16 Use a consistent errno save/restore pattern before running strtoul
- Save errno
- Set errno to 0
- Call strtoul
- Test errno (optional, but many calls to strtoul did this afterwards)

Some of the code was setting errno = 0 after calling strtoul, not setting
errno = 0, or setting errno to saved_errno after the call, but before the
test. These all have unwanted behavioral side-effects, depending on the
initial value of errno and whether or not the input to strtoul was correct
or incorrect.

MFC after: 3 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-14 23:22:38 +00:00
Enji Cooper
2c0046434b Do minimal work necessary to cure a -Wunused-but-set-variable warning from gcc
How errno is saved before and restored after strtoul calls needs a rethink

MFC after: 1 week
Reported by: gcc 5.x
Sponsored by: EMC / Isilon Storage Division
2016-05-14 23:13:23 +00:00
Enji Cooper
54811dda50 Fix up r299764
I meant to use nitems, not sizeof(..) with the destination buffer. Using sizeof(..)
on a pointer will always truncate the output in the destination buffer incorrectly

Pointyhat to: ngie
MFC after: 1 week
X-MFC with: r299764
Sponsored by: EMC / Isilon Storage Division
2016-05-14 22:43:07 +00:00
Enji Cooper
896f12fec1 Use the size of the destination buffer instead of the malloc size, repeated, in order
to mute a -Wstrlcpy-strlcat-size warning

MFC after: 1 week
Reported by: clang
Sponsored by: EMC / Isilon Storage Division
2016-05-14 22:40:35 +00:00
Enji Cooper
19ffd5ecda Mute sign compare warning by casting rc to u_int to match nbindings' type
rc cannot be negative -- that was already tested for earlier on in
the function

MFC after: 1 week
Reported by: clang, gcc
Sponsored by: EMC / Isilon Storage Division
2016-05-14 22:29:11 +00:00
Enji Cooper
715e3b39a6 Fix logically dead code pointed out by clang/Coverity
parse_context, parse_user_security: test for validity of results from
parse_ascii(..) with by casting to int32_t and comparing to -1; comparing
unsigned types to negative values will always be false.

Reported by: clang, Coverity
CID: 1011432, 1011433
MFC after: 3 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-14 22:04:44 +00:00
Enji Cooper
81910adfc4 Fix theoretical buffer overflow issues in snmp_oid2asn_oid
Increase the size of `string` by 1 to account for the '\0' terminator. In the event
that `str` doesn't contain any non-alpha chars, i would be set to MAXSTR, and
the subsequent strlcpy call would overflow by a character.

Remove unnecessary `string[i] = '\0'` -- this is already handled by strlcpy.

MFC after: 1 week
Reported by: clang
Sponsored by: EMC / Isilon Storage Division
2016-05-14 21:32:52 +00:00
Enji Cooper
78a780e3e5 Use the size of the destination buffer, not the source buffer.
Technically this is a no-op, but mute the clang warning in case the malloc call
above for fstring ever changes in the future

Reported by: clang
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2016-05-14 21:27:33 +00:00
Enji Cooper
6e229b2973 Mute -Wstrlcpy-strlcat-size warning by using nitems with the size of the buffer
This is a no-op as the malloc above set the size of the buffer to the size used
below, but this keeps things consistent in case the malloc call changes somehow.

MFC after: 1 week
Reported by: clang
Sponsored by: EMC / Isilon Storage Division
2016-05-14 20:58:34 +00:00
Enji Cooper
444991f1e6 Mark snmptoolctx unused in parse_authentication(..), parse_privacy(..),
parse_context(..), and parse_user_security(..).

MFC after: 1 week
Reported by: clang, gcc
Sponsored by: EMC / Isilon Storage Division
2016-05-14 20:33:42 +00:00
Enji Cooper
4a8c12cd34 parse_ascii: make count size_t to mute a -Wsign-compare issue
count is always unsigned.

MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2016-05-14 20:31:12 +00:00
Enji Cooper
9a3ebeefc0 Sort variables in parse_ascii(..) per style(9)
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2016-05-14 20:28:23 +00:00
Enji Cooper
031987d916 Use calloc instead of memset(.., 0, ..) + malloc
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2016-05-14 20:25:14 +00:00
Pedro F. Giffuni
c8aa42a2da Undo the bogus gethostname() change from r299709.
The "- 1" is there specifically to enable checking for NUL termination.

I should also admit the rest change was mostly cosmetic and the
overruns can't occur in practice: still I leave them to pacify
static analyzers.

Pointed out by:	bde
2016-05-14 04:29:13 +00:00
Enji Cooper
0150b85a1c Fix some trivial clang/gcc warnings in bsnmptc.c
- By definition, `enum snmp_tc` can't be false (the implied starting sequence
  index for the enum is 0). Don't test for it being < 0.
- Staticize `struct snmp_text_conv` to mute a -Wmissing-variable-declarations
  warning from clang.
- Remove set but unused variable, ptr, in parse_bridge_id(..) and
  parse_bport_id(..) to mute warning from gcc 4.9+.
- Mark value and string unused in snmp_inetaddr2oct(..) and parse_inetaddr(..)
  as they're just stub functions.

MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2016-05-14 04:13:28 +00:00
Enji Cooper
66987347e9 Fold two malloc + memset(.., 0, ..) calls into equivalent calloc calls
MFC after: 3 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-14 04:00:17 +00:00
Enji Cooper
29517fca53 Staticize global variables only used in bsnmpimport.c to fix
-Wmissing-variable-declarations warnings

MFC after: 3 weeks
Reported by: clang
Sponsored by: EMC / Isilon Storage Division
2016-05-14 03:57:18 +00:00
Pedro F. Giffuni
cbc796fb90 timed(8): Use strlcpy() for bounds checking.
Prevent some theorical buffer overruns reported by Coverity.
Cleanup a use of gethostname() while here.

CID:	1006713, 1011166, 1011167, 1011168,
2016-05-14 02:42:09 +00:00
Pedro F. Giffuni
555470a31d timed(8): Use stronger random number generator.
Using arc4random simplifies the code by not having to worry about
seeds which ironically depend on the time.

CID:	1300004
2016-05-14 01:12:23 +00:00
Pedro F. Giffuni
7ffbd1b5b0 timed(8): use NULL instead of zero for pointers. 2016-05-14 00:46:38 +00:00
Enji Cooper
836229c3cf Move _bsnmptools_debug extern from bsnmpmap.c to bsnmptools.h
It was used in bsnmpmap.c but was stored in bsnmptools.c; moving the extern
to the header allows us to cover all of our bases for the variable, and allows
_bsnmptools_debug to be used in the future elsewhere -- not just bsnmpmap.c.

MFC after: 3 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-13 21:26:12 +00:00
Don Lewis
fe579263e0 Another attempt at resolving CID 1305629. The test of cmd == -1
may make Coverity think that other negative values of cmd (used
as an index) are possible.  Testing < 0 is a more common idiom
in any case.

Reported by:	Coverity
CID:		1305629
2016-05-13 17:48:04 +00:00
Pedro F. Giffuni
48235fe344 i2c(8): uninitialized variable (UNINIT).
If i2c_opt.width is somehow zero, buf will be left uninitialized and may
cause trouble later on. This is a followup to r299586.

CID:	1331548
2016-05-13 15:57:55 +00:00
Pedro F. Giffuni
9f3dba686c bhyve: consider the bogus case of a negative bar idx.
This is a followup to r297472 to squelch Coverity.

CID:	1194319
2016-05-13 14:59:02 +00:00
Pedro F. Giffuni
40dbeed32b bhyve: replace uninitialized variable "offset".
Use io->io_req.br_offset instead.

Suggested by:	grehan
CID:		1288937
2016-05-13 14:38:04 +00:00
Don Lewis
7a7c07ef51 Properly compute the size argument to pass to malloc().
Reported by:	Coverity
CID:		1198856
MFC after:	1 week
2016-05-13 06:45:16 +00:00
Don Lewis
ae092f753a Move a call to cam_freeccb() to avoid a use after free error and
a later double free.

Reported by:	Coverity
CID:		1018507
MFC after:	1 week
2016-05-13 06:26:42 +00:00
Don Lewis
aa60f7a6de Revert r299584:
Mark usage() as __dead2 so that Coverity doesn't think that execution
  continues after the call and uses a negative array subscript.

Requested by:	bde
2016-05-13 05:39:29 +00:00
Pedro F. Giffuni
b1f46f712f i2c(8): uninitialized variable (UNINIT).
If i2c_opt.width is somehow zero, the bufsize will be left uninitialized
and make cause trouble later on.

CID:		1331549
2016-05-13 02:58:11 +00:00
Don Lewis
e402dde82d Mark usage() as __dead2 so that Coverity doesn't think that execution
continues after the call and uses a negative array subscript.

Reported by:	Coverity
CID:		1305629
2016-05-13 01:14:38 +00:00
Don Lewis
a5f637460b Avoid indexing an array with a negative value.
Reported by:	Coverity
CID:		971121
2016-05-13 00:58:05 +00:00
Don Lewis
5d29410d37 Use strlcpy() instead of strncpy() to ensure that ret->name is
NUL terminated.  The source and destination buffers are the same
size and the source *should* be NUL terminated, but be paranoid.

Reported by:	Coverity
CID:		1011274
MFC after:	1 week
2016-05-13 00:17:57 +00:00
Don Lewis
3b7e0c53d5 Use strlcpy() instead of strncpy() to ensure that qup->fsname is NUL
terminated.  Don't bother checking for truncation since the subsequent
quota_read() should detect that and fail.

Reported by:	Coverity
CID:		1009980
MFC after:	1 week
2016-05-13 00:02:03 +00:00
Don Lewis
90abdc2dd7 Use strlcpy() instead of strncpy() when copying to dom_domain to
ensure that the latter is NUL terminated since it is passed
as an argument to *printf().

Warn about NIS domains that are too long.

Reported by:	Coverity
CID:		1009620, 1009621
MFH:		1 week
2016-05-12 21:35:40 +00:00
Conrad Meyer
a09a9cbb40 rtadvd(8): Fix use-after-close in cm_handler_client
cm_send() closes 'fd' on error.  In that case, bail out early without trying to
recv from or close 'fd' again.

Reported by:	Coverity
CID:		1006078
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 05:12:24 +00:00
Conrad Meyer
5c4eb89746 rtadvd(8): Don't use-after-free
This whole block of code as committed fully formed in r224144.  I'm not really
sure what the intent was, but it seems plausible that !persist ifis could need
other member cleanup.  Don't free the object until after we've finished
cleaning its members.

Reported by:	Coverity
CID:		1006079
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 04:54:32 +00:00
Conrad Meyer
96aec9a5e9 rtadvd(8): Fix a typo in full msg receive logic
Check against the size of the struct, not the pointer.  Previously, a message
with a cm_len between 9 and 23 (inclusive) could cause int msglen to underflow
and read(2) to be invoked with msglen size (implicitly cast to signed),
overrunning the caller-provided buffer.

All users of cm_recv() supply a stack buffer.

On the other hand, the rtadvd control socket appears to only be writable by the
owner, who is probably root.

While here, correct some types to be size_t or ssize_t.

Reported by:	Coverity
CID:		1008477
Security:	unix socket remotes may overflow stack in rtadvd
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 03:37:17 +00:00
Pedro F. Giffuni
ac97203f5b traceroute6(8): use NULL instead of zero for initializing a pointer. 2016-05-12 02:05:50 +00:00
Conrad Meyer
134fd583cb route6d(8): Fix potential double-free
In the case that the subsequent sysctl(3) call failed, 'buf' could be free(3)ed
repeatedly.  It isn't clear to me that that case is possible, but be clear and
do the right thing in case it is.

Reported by:	Coverity
CID:		272537
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 22:33:20 +00:00