From eb8f5859b1349f8147ba47a1da8032df192f2370 Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@thewalter.net>
Date: Wed, 17 Jul 2013 08:03:38 +0200
Subject: Fix various issues highlighted by coverity scanner

Among others fix possible usage of large stack allocation.
---
 trust/extract.c              | 20 ++++++++++----------
 trust/index.c                | 18 +++++++++---------
 trust/parser.c               |  2 +-
 trust/tests/frob-nss-trust.c |  1 +
 trust/tests/test-index.c     |  7 ++++---
 5 files changed, 25 insertions(+), 23 deletions(-)

(limited to 'trust')

diff --git a/trust/extract.c b/trust/extract.c
index b80fd80..1aec3e6 100644
--- a/trust/extract.c
+++ b/trust/extract.c
@@ -353,39 +353,39 @@ p11_trust_extract (int argc,
 			break;
 		case opt_filter:
 			if (!filter_argument (optarg, &uri, &match, &ex.flags))
-				return 2;
+				exit (2);
 			break;
 		case opt_purpose:
 			if (!purpose_argument (optarg, &ex))
-				return 2;
+				exit (2);
 			break;
 		case opt_format:
 			if (!format_argument (optarg, &format))
-				return 2;
+				exit (2);
 			break;
 		case 'h':
 			p11_tool_usage (usages, options);
-			return 0;
+			exit (0);
 		case '?':
-			return 2;
+			exit (2);
 		default:
 			assert_not_reached ();
 			break;
 		}
-	} while (opt != -1);
+	}
 
 	argc -= optind;
 	argv += optind;
 
 	if (argc != 1) {
 		p11_message ("specify one destination file or directory");
-		return 2;
+		exit (2);
 	}
 	ex.destination = argv[0];
 
 	if (!format) {
 		p11_message ("no output format specified");
-		return 2;
+		exit (2);
 	}
 
 	/* If nothing that was useful to enumerate was specified, then bail */
@@ -395,7 +395,7 @@ p11_trust_extract (int argc,
 	}
 
 	if (!validate_filter_and_format (&ex, format, match))
-		return 1;
+		exit (1);
 
 	if (uri && p11_kit_uri_any_unrecognized (uri))
 		p11_message ("uri contained unrecognized components, nothing will be extracted");
@@ -410,7 +410,7 @@ p11_trust_extract (int argc,
 
 	modules = p11_kit_modules_load_and_initialize (flags);
 	if (!modules)
-		return 1;
+		exit (1);
 
 	if (modules[0] == NULL)
 		p11_message ("no modules containing trust policy are registered");
diff --git a/trust/index.c b/trust/index.c
index 5707714..83f0dc0 100644
--- a/trust/index.c
+++ b/trust/index.c
@@ -728,7 +728,7 @@ index_select (p11_index *index,
               index_sink sink,
               void *data)
 {
-	index_bucket *buckets[NUM_BUCKETS];
+	index_bucket *selected[MAX_SELECT];
 	CK_OBJECT_HANDLE handle;
 	index_object *obj;
 	unsigned int hash;
@@ -741,10 +741,10 @@ index_select (p11_index *index,
 	for (n = 0, num = 0; n < count && num < MAX_SELECT; n++) {
 		if (is_indexable (index, match[n].type)) {
 			hash = p11_attr_hash (match + n);
-			buckets[num] = index->buckets + (hash % NUM_BUCKETS);
+			selected[num] = index->buckets + (hash % NUM_BUCKETS);
 
 			/* If any index is empty, then obviously no match */
-			if (!buckets[num]->num)
+			if (!selected[num]->num)
 				return;
 
 			num++;
@@ -761,15 +761,15 @@ index_select (p11_index *index,
 		return;
 	}
 
-	for (i = 0; i < buckets[0]->num; i++) {
+	for (i = 0; i < selected[0]->num; i++) {
 		/* A candidate match from first bucket */
-		handle = buckets[0]->elem[i];
+		handle = selected[0]->elem[i];
 
 		/* Check if the candidate is in other buckets */
 		for (j = 1; j < num; j++) {
-			assert (buckets[j]->elem); /* checked above */
-			at = binary_search (buckets[j]->elem, 0, buckets[j]->num, handle);
-			if (at >= buckets[j]->num || buckets[j]->elem[at] != handle) {
+			assert (selected[j]->elem); /* checked above */
+			at = binary_search (selected[j]->elem, 0, selected[j]->num, handle);
+			if (at >= selected[j]->num || selected[j]->elem[at] != handle) {
 				handle = 0;
 				break;
 			}
@@ -874,7 +874,7 @@ p11_index_snapshot (p11_index *index,
 
 	return_val_if_fail (index != NULL, NULL);
 
-	if (count < 0)
+	if (count < (CK_ULONG)0UL)
 		count = p11_attrs_count (attrs);
 
 	index_select (index, attrs, count, sink_any, &handles);
diff --git a/trust/parser.c b/trust/parser.c
index 97f549d..b433508 100644
--- a/trust/parser.c
+++ b/trust/parser.c
@@ -454,7 +454,7 @@ build_openssl_extensions (p11_parser *parser,
 	 * Otherwise a 'TRUSTED CERTIFICATE' in an input directory is enough to
 	 * mark this as a trusted certificate.
 	 */
-	} else if (p11_dict_size (trust) > 0) {
+	} else if (trust && p11_dict_size (trust) > 0) {
 		trusted = CK_TRUE;
 		distrust = CK_FALSE;
 	}
diff --git a/trust/tests/frob-nss-trust.c b/trust/tests/frob-nss-trust.c
index fd74db7..fd69573 100644
--- a/trust/tests/frob-nss-trust.c
+++ b/trust/tests/frob-nss-trust.c
@@ -73,6 +73,7 @@ dump_object (P11KitIter *iter,
 	free (string);
 
 	free (label.pValue);
+	free (name);
 }
 
 static int
diff --git a/trust/tests/test-index.c b/trust/tests/test-index.c
index cf856ee..074ab2d 100644
--- a/trust/tests/test-index.c
+++ b/trust/tests/test-index.c
@@ -397,6 +397,7 @@ handles_are (CK_OBJECT_HANDLE *handles,
              ...)
 {
 	CK_OBJECT_HANDLE handle;
+	bool matched = true;
 	int count;
 	int num;
 	va_list va;
@@ -410,7 +411,7 @@ handles_are (CK_OBJECT_HANDLE *handles,
 
 	va_start (va, handles);
 
-	for (count = 0; true; count++) {
+	for (count = 0; matched; count++) {
 		handle = va_arg (va, CK_OBJECT_HANDLE);
 		if (handle == 0)
 			break;
@@ -421,12 +422,12 @@ handles_are (CK_OBJECT_HANDLE *handles,
 		}
 
 		if (handles[i] != handle)
-			return false;
+			matched = false;
 	}
 
 	va_end (va);
 
-	return (count == num);
+	return matched && (count == num);
 }
 
 static void
-- 
cgit v1.1