Merge pull request #2404 from brauner/2018-06-14/coverity

bugfixes
2025-07-27 09:48:32 +00:00 · 2018-06-14 19:03:03 -04:00 · 2018-06-14 19:03:03 -04:00 · fbab55f369
commit fbab55f369
parent 48cfd5db4f dd90a3bfab
7 changed files with 44 additions and 25 deletions
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@ -924,16 +924,9 @@ static int lxc_setup_ttys(struct lxc_conf *conf)
 			/* If we populated /dev, then we need to create
 			 * /dev/ttyN
 			 */
-			ret = access(path, F_OK);
-			if (ret < 0) {
-				ret = creat(path, 0660);
-				if (ret < 0) {
-					SYSERROR("Failed to create \"%s\"", path);
-					/* this isn't fatal, continue */
-				} else {
-					close(ret);
-				}
-			}
+			ret = mknod(path, S_IFREG | 0000, 0);
+			if (ret < 0) /* this isn't fatal, continue */
+				ERROR("%s - Failed to create \"%s\"", strerror(errno), path);

 			ret = mount(tty->name, path, "none", MS_BIND, 0);
 			if (ret < 0) {
@ -941,8 +934,7 @@ static int lxc_setup_ttys(struct lxc_conf *conf)
 				continue;
 			}

-			DEBUG("Bind mounted \"%s\" onto \"%s\"", tty->name,
-			      path);
+			DEBUG("Bind mounted \"%s\" onto \"%s\"", tty->name, path);
 		}

 		if (!append_ttyname(&conf->ttys.tty_names, tty->name)) {
@ -1581,13 +1573,13 @@ static int lxc_setup_devpts(struct lxc_conf *conf)
 	DEBUG("Mount new devpts instance with options \"%s\"", devpts_mntopts);

 	/* Remove any pre-existing /dev/ptmx file. */
-	ret = access("/dev/ptmx", F_OK);
-	if (!ret) {
 	ret = remove("/dev/ptmx");
 	if (ret < 0) {
+		if (errno != ENOENT) {
 			SYSERROR("Failed to remove existing \"/dev/ptmx\" file");
 			return -1;
 		}
+	} else {
 		DEBUG("Removed existing \"/dev/ptmx\" file");
 	}

--- a/src/lxc/criu.c
+++ b/src/lxc/criu.c
@ -900,6 +900,7 @@ static bool criu_ok(struct lxc_container *c, char **criu_version)

 static bool restore_net_info(struct lxc_container *c)
 {
+	int ret;
 	struct lxc_list *it;
 	bool has_error = true;

@ -913,7 +914,9 @@ static bool restore_net_info(struct lxc_container *c)
 		if (netdev->type != LXC_NET_VETH)
 			continue;

-		snprintf(template, sizeof(template), "vethXXXXXX");
+		ret = snprintf(template, sizeof(template), "vethXXXXXX");
+		if (ret < 0 || ret >= sizeof(template))
+			goto out_unlock;

 		if (netdev->priv.veth_attr.pair[0] == '\0' &&
 		    netdev->priv.veth_attr.veth1[0] == '\0') {
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@ -1564,7 +1564,12 @@ static bool create_run_template(struct lxc_container *c, char *tpath,
 			snprintf(txtuid, 20, "%d", hostuid_mapped);
 			n2[n2args - 4] = txtuid;
 			n2[n2args - 3] = "--mapped-gid";
-			snprintf(txtgid, 20, "%d", hostgid_mapped);
+			ret = snprintf(txtgid, 20, "%d", hostgid_mapped);
+			if (ret < 0 || ret >= 20) {
+				free(newargv);
+				free(n2);
+				_exit(EXIT_FAILURE);
+			}
 			n2[n2args - 2] = txtgid;
 			n2[n2args - 1] = NULL;
 			free(newargv);
--- a/src/lxc/parse.c
+++ b/src/lxc/parse.c
@ -68,7 +68,7 @@ int lxc_file_for_each_line_mmap(const char *file, lxc_file_cb callback,
 				void *data)
 {
 	int fd;
-	char *buf, *line;
+	char *buf, *chop, *line;
 	struct stat st;
 	int ret = 0;
 	char *saveptr = NULL;
@ -94,7 +94,7 @@ int lxc_file_for_each_line_mmap(const char *file, lxc_file_cb callback,
 		return -1;
 	}

-	for (; (line = strtok_r(buf, "\n\0", &saveptr)); buf = NULL) {
+	for (chop = buf; (line = strtok_r(chop, "\n\0", &saveptr)); chop = NULL) {
 		ret = callback(line, data);
 		if (ret) {
 			/* Callback rv > 0 means stop here callback rv < 0 means
--- a/src/lxc/state.c
+++ b/src/lxc/state.c
@ -104,7 +104,7 @@ static int fillwaitedstates(const char *strstates, lxc_state_t *states)
 extern int lxc_wait(const char *lxcname, const char *states, int timeout,
 		    const char *lxcpath)
 {
-	int state;
+	int state = -1;
 	lxc_state_t s[MAX_STATE] = {0};

 	if (fillwaitedstates(states, s))
@ -129,6 +129,11 @@ extern int lxc_wait(const char *lxcname, const char *states, int timeout,
 		sleep(1);
 	}

+	if (state < 0) {
+		ERROR("Failed to retrieve state from monitor");
+		return -1;
+	}
+
 	TRACE("Retrieved state of container %s", lxc_state2str(state));
 	if (!s[state])
 		return -1;
--- a/src/lxc/storage/btrfs.c
+++ b/src/lxc/storage/btrfs.c
@ -659,7 +659,7 @@ static void free_btrfs_tree(struct my_btrfs_tree *tree)
 static bool do_remove_btrfs_children(struct my_btrfs_tree *tree, u64 root_id,
 				     const char *path)
 {
-	int i;
+	int i, ret;
 	char *newpath;
 	size_t len;

@ -675,7 +675,11 @@ static bool do_remove_btrfs_children(struct my_btrfs_tree *tree, u64 root_id,
 				ERROR("Out of memory");
 				return false;
 			}
-			snprintf(newpath, len, "%s/%s", path, tree->nodes[i].dirname);
+			ret = snprintf(newpath, len, "%s/%s", path, tree->nodes[i].dirname);
+			if (ret < 0 || ret >= len) {
+				free(newpath);
+				return false;
+			}
 			if (!do_remove_btrfs_children(tree, tree->nodes[i].objid, newpath)) {
 				ERROR("Failed to prune %s\n", tree->nodes[i].name);
 				free(newpath);
--- a/src/lxc/tools/lxc_ls.c
+++ b/src/lxc/tools/lxc_ls.c
@ -1136,17 +1136,27 @@ static int ls_serialize(int wpipefd, struct ls *n)

 static int ls_recv_str(int fd, char **buf)
 {
+	ssize_t ret;
 	size_t slen = 0;
-	if (lxc_read_nointr(fd, &slen, sizeof(slen)) != sizeof(slen))
+
+	ret = lxc_read_nointr(fd, &slen, sizeof(slen));
+	if (ret != sizeof(slen))
 		return -1;
+
 	if (slen > 0) {
 		*buf = malloc(sizeof(char) * (slen + 1));
 		if (!*buf)
 			return -1;
-		if (lxc_read_nointr(fd, *buf, slen) != (ssize_t)slen)
+
+		ret = lxc_read_nointr(fd, *buf, slen);
+		if (ret != (ssize_t)slen) {
+			free(*buf);
 			return -1;
+		}
+
 		(*buf)[slen] = '\0';
 	}
+
 	return 0;
 }