* Fix for coverity issue 436265, we should cap copy to size of destination buffer
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
* Fix for coverity issue 436262, llv6_ntoa() returns a pointer to a buffer that can be up to 64 bytes long; likely not a problem, but this will quiet coverity
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
* Fix for coverity issue 436251, not freeing path in the normal flow of the code
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
* Fixing coverity issue #436258, Digest maybe uninitialized in some paths of this code
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
* Fix for coverity issue 436254, forgot to free 's' before returning from the function?
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
* Fixing coverity issue #436251, memory leak in put_string() function
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
* Fixing coverity issue 436215, should copy at most sizeof(devname) bytes
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
* Fixing coverity issue #436203, if no authentication (or no accounting) server was found, we still need to free the allocated local instance
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
* Fixing coverity issue #436171, use of uninitialized variable
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
* Use of signed vs unsigned variable in printf for MD4Update
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
* Fixing coverity issue #436182, fixing possible buffer overrun in handling of PW_CLASS attribute
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
* Fixing coverity issue #436156
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
* Compile errors
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
[paulus@ozlabs.org - Squashed to avoid breaking bisection]
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
if (verbose)
msgf("timeout set to %d seconds", timeout);
-
+ free(s);
return 0;
}
int put_string(register char *s)
{
+ char *s1;
quiet = 0;
+
s = clean(s, 1);
+ s1 = s;
if (verbose) {
if (quiet)
register char c = *s++;
if (c != '\\') {
- if (!write_char (c))
+ if (!write_char (c)) {
+ free(s1);
return 0;
+ }
continue;
}
break;
default:
- if (!write_char (c))
+ if (!write_char (c)) {
+ free(s1);
return 0;
+ }
break;
}
checksigs();
alarm(0);
alarmed = 0;
+ free(s1);
return (1);
}
static void
check_maxoctets(void *arg)
{
- unsigned int used;
+ unsigned int used = 0;
ppp_link_stats_st stats;
if (ppp_get_link_stats(&stats)) {
int i;
PPP_MD_CTX *ctx;
- u_char Digest[SHA_DIGEST_LENGTH];
+ u_char Digest[SHA_DIGEST_LENGTH] = {};
int hash_len;
u_char Challenge[8];
char tmp[MAXNAMELEN+1];
strcpy(tmp, strrchr(rhostname, '\\') + 1);
- strcpy(rhostname, tmp);
+ strlcpy(rhostname, tmp, sizeof(rhostname));
}
if (chap_verify_hook)
static void
ipv6cp_script(char *script)
{
- char strspeed[32], strlocal[32], strremote[32];
+ char strspeed[32], strlocal[64], strremote[64];
char *argv[8];
sprintf(strspeed, "%d", baud_rate);
}
info("Plugin %s loaded.", arg);
(*init)();
+ if (path != arg)
+ free(path);
return 1;
errclose:
return 1;
memcpy(&pvcaddr, &addr, sizeof pvcaddr);
- strlcpy(devnam, cp, MAXPATHLEN);
+ strlcpy(devnam, cp, sizeof(devnam));
ppp_set_devnam(devnam);
devstat.st_mode = S_IFSOCK;
if (the_channel != &pppoa_channel) {
/* Close socket */
close(fd);
if (r && doit) {
- strlcpy(devnam, cmd, MAXPATHLEN);
+ strlcpy(devnam, cmd, sizeof(devnam));
if (the_channel != &pppoe_channel) {
the_channel = &pppoe_channel;
break;
case PW_CLASS:
/* Save Class attribute to pass it in accounting request */
- if (vp->lvalue <= MAXCLASSLEN) {
+ // if (vp->lvalue <= MAXCLASSLEN) { // <- Attribute could be this big, but vp->strvalue is limited to AUTH_STRING_LEN characters
+ if (vp->lvalue <= AUTH_STRING_LEN) {
rstate.class_len=vp->lvalue;
memcpy(rstate.class, vp->strvalue, rstate.class_len);
} /* else too big for our buffer - ignore it */
if (accts->max)
*acctserver = accts;
+ else
+ free(accts);
if (auths->max)
*authserver = auths;
+ else
+ free(auths);
return;
}
}
else if (count > 512) /* Check for count too large */
{
- printf("\nError: MD4Update called with illegal count value %d.",
+ printf("\nError: MD4Update called with illegal count value %u.",
count);
return;
}