summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStef Walter <stef@thewalter.net>2013-07-17 08:03:38 +0200
committerStef Walter <stef@thewalter.net>2013-07-18 07:56:01 +0200
commiteb8f5859b1349f8147ba47a1da8032df192f2370 (patch)
treea2fab941c7e96f641f99805ed701bded9366b9e2
parentab1caffd9e09fd4d6ab92713de29436db0da6dea (diff)
Fix various issues highlighted by coverity scanner
Among others fix possible usage of large stack allocation.
-rw-r--r--common/hash.c1
-rw-r--r--common/lexer.c3
-rw-r--r--p11-kit/iter.c12
-rw-r--r--p11-kit/p11-kit.c6
-rw-r--r--p11-kit/tests/test-init.c3
-rw-r--r--trust/extract.c20
-rw-r--r--trust/index.c18
-rw-r--r--trust/parser.c2
-rw-r--r--trust/tests/frob-nss-trust.c1
-rw-r--r--trust/tests/test-index.c7
10 files changed, 43 insertions, 30 deletions
diff --git a/common/hash.c b/common/hash.c
index 68a6d40..5572085 100644
--- a/common/hash.c
+++ b/common/hash.c
@@ -143,6 +143,7 @@ p11_hash_murmur3 (void *hash,
h1 = rotl (h1, 13);
h1 = h1 * 5 + 0xe6546b64;
}
+ va_end (va);
/* tail */
diff --git a/common/lexer.c b/common/lexer.c
index 329881f..6253492 100644
--- a/common/lexer.c
+++ b/common/lexer.c
@@ -102,7 +102,8 @@ p11_lexer_next (p11_lexer *lexer,
return_val_if_fail (lexer != NULL, false);
clear_state (lexer);
- *failed = false;
+ if (failed)
+ *failed = false;
/* Go through lines and process them */
while (lexer->remaining != 0) {
diff --git a/p11-kit/iter.c b/p11-kit/iter.c
index a59944a..124d990 100644
--- a/p11-kit/iter.c
+++ b/p11-kit/iter.c
@@ -87,12 +87,12 @@ struct p11_kit_iter {
CK_OBJECT_HANDLE object;
/* And various flags */
- int searching : 1;
- int searched : 1;
- int iterating : 1;
- int match_nothing : 1;
- int keep_session : 1;
- int preload_results : 1;
+ unsigned int searching : 1;
+ unsigned int searched : 1;
+ unsigned int iterating : 1;
+ unsigned int match_nothing : 1;
+ unsigned int keep_session : 1;
+ unsigned int preload_results : 1;
};
/**
diff --git a/p11-kit/p11-kit.c b/p11-kit/p11-kit.c
index 28c6f4a..34b9476 100644
--- a/p11-kit/p11-kit.c
+++ b/p11-kit/p11-kit.c
@@ -84,6 +84,9 @@ p11_kit_external (int argc,
/* At this point we have no command */
p11_message ("'%s' is not a valid command. See 'p11-kit --help'", argv[0]);
+
+ free (filename);
+ free (path);
return 2;
}
@@ -109,6 +112,9 @@ p11_kit_extract (int argc,
/* At this point we have no command */
p11_message ("'%s' is not a valid command. See 'p11-kit --help'", argv[0]);
+
+ free (path);
+ free (args);
return 2;
}
diff --git a/p11-kit/tests/test-init.c b/p11-kit/tests/test-init.c
index 76805ee..ebc0666 100644
--- a/p11-kit/tests/test-init.c
+++ b/p11-kit/tests/test-init.c
@@ -233,8 +233,11 @@ test_threaded_initialization (void)
module.C_Finalize = mock_C_Finalize__threaded_race;
memset (&data, 0, sizeof (data));
+
+ p11_mutex_lock (&race_mutex);
initialization_count = 0;
finalization_count = 0;
+ p11_mutex_unlock (&race_mutex);
p11_lock ();
diff --git a/trust/extract.c b/trust/extract.c
index b80fd80..1aec3e6 100644
--- a/trust/extract.c
+++ b/trust/extract.c
@@ -353,39 +353,39 @@ p11_trust_extract (int argc,
break;
case opt_filter:
if (!filter_argument (optarg, &uri, &match, &ex.flags))
- return 2;
+ exit (2);
break;
case opt_purpose:
if (!purpose_argument (optarg, &ex))
- return 2;
+ exit (2);
break;
case opt_format:
if (!format_argument (optarg, &format))
- return 2;
+ exit (2);
break;
case 'h':
p11_tool_usage (usages, options);
- return 0;
+ exit (0);
case '?':
- return 2;
+ exit (2);
default:
assert_not_reached ();
break;
}
- } while (opt != -1);
+ }
argc -= optind;
argv += optind;
if (argc != 1) {
p11_message ("specify one destination file or directory");
- return 2;
+ exit (2);
}
ex.destination = argv[0];
if (!format) {
p11_message ("no output format specified");
- return 2;
+ exit (2);
}
/* If nothing that was useful to enumerate was specified, then bail */
@@ -395,7 +395,7 @@ p11_trust_extract (int argc,
}
if (!validate_filter_and_format (&ex, format, match))
- return 1;
+ exit (1);
if (uri && p11_kit_uri_any_unrecognized (uri))
p11_message ("uri contained unrecognized components, nothing will be extracted");
@@ -410,7 +410,7 @@ p11_trust_extract (int argc,
modules = p11_kit_modules_load_and_initialize (flags);
if (!modules)
- return 1;
+ exit (1);
if (modules[0] == NULL)
p11_message ("no modules containing trust policy are registered");
diff --git a/trust/index.c b/trust/index.c
index 5707714..83f0dc0 100644
--- a/trust/index.c
+++ b/trust/index.c
@@ -728,7 +728,7 @@ index_select (p11_index *index,
index_sink sink,
void *data)
{
- index_bucket *buckets[NUM_BUCKETS];
+ index_bucket *selected[MAX_SELECT];
CK_OBJECT_HANDLE handle;
index_object *obj;
unsigned int hash;
@@ -741,10 +741,10 @@ index_select (p11_index *index,
for (n = 0, num = 0; n < count && num < MAX_SELECT; n++) {
if (is_indexable (index, match[n].type)) {
hash = p11_attr_hash (match + n);
- buckets[num] = index->buckets + (hash % NUM_BUCKETS);
+ selected[num] = index->buckets + (hash % NUM_BUCKETS);
/* If any index is empty, then obviously no match */
- if (!buckets[num]->num)
+ if (!selected[num]->num)
return;
num++;
@@ -761,15 +761,15 @@ index_select (p11_index *index,
return;
}
- for (i = 0; i < buckets[0]->num; i++) {
+ for (i = 0; i < selected[0]->num; i++) {
/* A candidate match from first bucket */
- handle = buckets[0]->elem[i];
+ handle = selected[0]->elem[i];
/* Check if the candidate is in other buckets */
for (j = 1; j < num; j++) {
- assert (buckets[j]->elem); /* checked above */
- at = binary_search (buckets[j]->elem, 0, buckets[j]->num, handle);
- if (at >= buckets[j]->num || buckets[j]->elem[at] != handle) {
+ assert (selected[j]->elem); /* checked above */
+ at = binary_search (selected[j]->elem, 0, selected[j]->num, handle);
+ if (at >= selected[j]->num || selected[j]->elem[at] != handle) {
handle = 0;
break;
}
@@ -874,7 +874,7 @@ p11_index_snapshot (p11_index *index,
return_val_if_fail (index != NULL, NULL);
- if (count < 0)
+ if (count < (CK_ULONG)0UL)
count = p11_attrs_count (attrs);
index_select (index, attrs, count, sink_any, &handles);
diff --git a/trust/parser.c b/trust/parser.c
index 97f549d..b433508 100644
--- a/trust/parser.c
+++ b/trust/parser.c
@@ -454,7 +454,7 @@ build_openssl_extensions (p11_parser *parser,
* Otherwise a 'TRUSTED CERTIFICATE' in an input directory is enough to
* mark this as a trusted certificate.
*/
- } else if (p11_dict_size (trust) > 0) {
+ } else if (trust && p11_dict_size (trust) > 0) {
trusted = CK_TRUE;
distrust = CK_FALSE;
}
diff --git a/trust/tests/frob-nss-trust.c b/trust/tests/frob-nss-trust.c
index fd74db7..fd69573 100644
--- a/trust/tests/frob-nss-trust.c
+++ b/trust/tests/frob-nss-trust.c
@@ -73,6 +73,7 @@ dump_object (P11KitIter *iter,
free (string);
free (label.pValue);
+ free (name);
}
static int
diff --git a/trust/tests/test-index.c b/trust/tests/test-index.c
index cf856ee..074ab2d 100644
--- a/trust/tests/test-index.c
+++ b/trust/tests/test-index.c
@@ -397,6 +397,7 @@ handles_are (CK_OBJECT_HANDLE *handles,
...)
{
CK_OBJECT_HANDLE handle;
+ bool matched = true;
int count;
int num;
va_list va;
@@ -410,7 +411,7 @@ handles_are (CK_OBJECT_HANDLE *handles,
va_start (va, handles);
- for (count = 0; true; count++) {
+ for (count = 0; matched; count++) {
handle = va_arg (va, CK_OBJECT_HANDLE);
if (handle == 0)
break;
@@ -421,12 +422,12 @@ handles_are (CK_OBJECT_HANDLE *handles,
}
if (handles[i] != handle)
- return false;
+ matched = false;
}
va_end (va);
- return (count == num);
+ return matched && (count == num);
}
static void