Hi everyone,
there is patchset for init.c source for several Coverity issues.
1. Add return validation for fscanf() in get_record(), if fscanf()
return less then 0, then oops_error was set to -1 and return NULL.
2. Change handler variable for console_open() descriptor from f to ftty.
It's my first patch, so I'm waiting for suggestions or comments :-)
Patch in attachment.
--
Michal Kulling
--- init.c-orig 2014-02-09 22:40:02.440139479 +0100
+++ init.c 2014-02-10 01:09:10.896352153 +0100
@@ -372,34 +372,75 @@
case C_REC:
break;
case D_RUNLEVEL:
- fscanf(f, "%c\n", &runlevel);
+ if(fscanf(f, "%c\n", &runlevel) < 0){
+ fprintf(stderr, "Read state pipe: %s\n", strerror(errno));
+ oops_error = -1;
+ return NULL;
+ }
break;
case D_THISLEVEL:
- fscanf(f, "%c\n", &thislevel);
+ if(fscanf(f, "%c\n", &thislevel) < 0){
+ fprintf(stderr, "Read state pipe: %s\n", strerror(errno));
+ oops_error = -1;
+ return NULL;
+ }
+
break;
case D_PREVLEVEL:
- fscanf(f, "%c\n", &prevlevel);
+ if(fscanf(f, "%c\n", &prevlevel) < 0){
+ fprintf(stderr, "Read state pipe: %s\n", strerror(errno));
+ oops_error = -1;
+ return NULL;
+ }
break;
case D_GOTSIGN:
- fscanf(f, "%u\n", &got_signals);
+ if(fscanf(f, "%u\n", &got_signals) < 0){
+ fprintf(stderr, "Read state pipe: %s\n", strerror(errno));
+ oops_error = -1;
+ return NULL;
+ }
break;
case D_WROTE_WTMP_REBOOT:
- fscanf(f, "%d\n", &wrote_wtmp_reboot);
+ if(fscanf(f, "%d\n", &wrote_wtmp_reboot) < 0){
+ fprintf(stderr, "Read state pipe: %s\n", strerror(errno));
+ oops_error = -1;
+ return NULL;
+ }
break;
case D_WROTE_UTMP_REBOOT:
- fscanf(f, "%d\n", &wrote_utmp_reboot);
+ if(fscanf(f, "%d\n", &wrote_utmp_reboot) < 0){
+ fprintf(stderr, "Read state pipe: %s\n", strerror(errno));
+ oops_error = -1;
+ return NULL;
+ }
break;
case D_SLTIME:
- fscanf(f, "%d\n", &sltime);
+ if(fscanf(f, "%d\n", &sltime) < 0){
+ fprintf(stderr, "Read state pipe: %s\n", strerror(errno));
+ oops_error = -1;
+ return NULL;
+ }
break;
case D_DIDBOOT:
- fscanf(f, "%d\n", &did_boot);
+ if(fscanf(f, "%d\n", &did_boot) < 0){
+ fprintf(stderr, "Read state pipe: %s\n", strerror(errno));
+ oops_error = -1;
+ return NULL;
+ }
break;
case D_WROTE_WTMP_RLEVEL:
- fscanf(f, "%d\n", &wrote_wtmp_rlevel);
+ if(fscanf(f, "%d\n", &wrote_wtmp_rlevel) < 0){
+ fprintf(stderr, "Read state pipe: %s\n", strerror(errno));
+ oops_error = -1;
+ return NULL;
+ }
break;
case D_WROTE_UTMP_RLEVEL:
- fscanf(f, "%d\n", &wrote_utmp_rlevel);
+ if(fscanf(f, "%d\n", &wrote_utmp_rlevel) < 0){
+ fprintf(stderr, "Read state pipe: %s\n", strerror(errno));
+ oops_error = -1;
+ return NULL;
+ }
break;
default:
if (cmd > 0 || cmd == C_EOF) {
@@ -418,10 +459,17 @@
get_void(f);
break;
case C_PID:
- fscanf(f, "%d\n", &(p->pid));
+ if(fscanf(f, "%d\n", &(p->pid)) < 0){
+ fprintf(stderr, "Failed to read PID: %s\n", strerror(errno));
+ return NULL;
+ }
break;
case C_EXS:
- fscanf(f, "%u\n", &(p->exstat));
+ if(fscanf(f, "%u\n", &(p->exstat)) < 0){
+ fprintf(stderr, "Failed to read EXS: %s\n", strerror(errno));
+ oops_error = -1;
+ return NULL;
+ }
break;
case C_LEV:
get_string(p->rlevel, sizeof(p->rlevel), f);
@@ -978,6 +1026,7 @@
char *args[16]; /* Argv array */
char buf[136]; /* Line buffer */
int f, st; /* Scratch variables */
+ int ftty; /* Handler for tty controlling */
char *ptr; /* Ditto */
time_t t; /* System time */
int oldAlarm; /* Previous alarm value */
@@ -1107,11 +1156,17 @@
* of the console after exit of the leader.
*/
setsid();
- if ((f = console_open(O_RDWR|O_NOCTTY)) >= 0) {
+ if ((ftty = console_open(O_RDWR|O_NOCTTY)) >= 0) {
/* Take over controlling tty by force */
- (void)ioctl(f, TIOCSCTTY, 1);
- dup(f);
- dup(f);
+ (void)ioctl(ftty, TIOCSCTTY, 1);
+
+ if(dup(ftty) < 0){
+ initlog(L_VB, "cannot duplicate console fd");
+ }
+
+ if(dup(ftty) < 0){
+ initlog(L_VB, "cannot duplicate console fd");
+ }
}
/*
@@ -1145,7 +1200,7 @@
* Small optimization. See if stealing
* controlling tty back is needed.
*/
- pgrp = tcgetpgrp(f);
+ pgrp = tcgetpgrp(ftty);
if (pgrp != getpid())
exit(0);
@@ -1160,7 +1215,7 @@
}
if (pid == 0) {
setsid();
- (void)ioctl(f, TIOCSCTTY, 1);
+ (void)ioctl(ftty, TIOCSCTTY, 1);
exit(0);
}
while((rc = waitpid(pid, &st, 0)) != pid)
@@ -1180,8 +1235,16 @@
strerror(errno));
fd = open("/dev/null", O_RDWR);
}
- dup(fd);
- dup(fd);
+
+ if(dup(fd) < 0){
+ initlog(L_VB, "cannot duplicate /dev/null fd");
+ }
+
+ if(dup(fd) < 0){
+ initlog(L_VB, "cannot duplicate /dev/null fd");
+ }
+
+
}
/*
