svn commit: r339051 - stable/11/libexec/tftpd

Mon Oct 1 15:47:36 UTC 2018

Author: asomers
Date: Mon Oct  1 15:47:34 2018
New Revision: 339051
URL: https://svnweb.freebsd.org/changeset/base/339051

Log:
  MFC r336605:
  
  Fix multiple Coverity warnings in tftpd(8)
  
  * Initialize uninitialized variable (CID 1006502)
  * strcpy => strlcpy (CID 1006792, 1006791, 1006790)
  * Check function return values (CID 1009442, 1009441, 1009440)
  * Delete dead code in receive_packet (not reported by Coverity)
  * Remove redundant alarm(3) in receive_packet (not reported by Coverity)
  
  Reported by:	Coverity
  CID: 1006502, 1006792, 1006791, 1006790, 1009442, 1009441, 1009440
  Differential Revision:	https://reviews.freebsd.org/D11287

Modified:
  stable/11/libexec/tftpd/tftp-file.c
  stable/11/libexec/tftpd/tftp-io.c
  stable/11/libexec/tftpd/tftp-utils.c
  stable/11/libexec/tftpd/tftpd.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/libexec/tftpd/tftp-file.c
==============================================================================

--- stable/11/libexec/tftpd/tftp-file.c	Mon Oct  1 15:45:20 2018	(r339050)
+++ stable/11/libexec/tftpd/tftp-file.c	Mon Oct  1 15:47:34 2018	(r339051)
@@ -34,6 +34,7 @@ __FBSDID("$FreeBSD$");
 #include <netinet/in.h>
 #include <arpa/tftp.h>
 
+#include <assert.h>
 #include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -78,7 +79,8 @@ convert_from_net(char *buffer, size_t count)
 		if (buffer[i] == '\n') {
 			if (n == 0) {
 				if (ftell(file) != 0) {
-					fseek(file, -1, SEEK_END);
+					int r = fseek(file, -1, SEEK_END);
+					assert(r == 0);
 					convbuffer[n++] = '\n';
 				} else {
 					/* This shouldn't happen */

Modified: stable/11/libexec/tftpd/tftp-io.c
==============================================================================
--- stable/11/libexec/tftpd/tftp-io.c	Mon Oct  1 15:45:20 2018	(r339050)
+++ stable/11/libexec/tftpd/tftp-io.c	Mon Oct  1 15:47:34 2018	(r339051)
@@ -34,6 +34,7 @@ __FBSDID("$FreeBSD$");
 #include <arpa/tftp.h>
 #include <arpa/inet.h>
 
+#include <assert.h>
 #include <errno.h>
 #include <setjmp.h>
 #include <signal.h>
@@ -393,7 +394,7 @@ receive_packet(int peer, char *data, int size, struct 
 	struct sockaddr_storage *pfrom;
 	socklen_t fromlen;
 	int n;
-	static int waiting;
+	static int timed_out;
 
 	if (debug&DEBUG_PACKETS)
 		tftp_log(LOG_DEBUG,
@@ -401,23 +402,16 @@ receive_packet(int peer, char *data, int size, struct 
 
 	pkt = (struct tftphdr *)data;
 
-	waiting = 0;
 	signal(SIGALRM, timeout);
-	setjmp(timeoutbuf);
+	timed_out = setjmp(timeoutbuf);
 	alarm(thistimeout);
 
-	if (waiting > 0) {
-		alarm(0);
-		return (RP_TIMEOUT);
-	}
-
-	if (waiting > 0) {
+	if (timed_out != 0) {
 		tftp_log(LOG_ERR, "receive_packet: timeout");
 		alarm(0);
 		return (RP_TIMEOUT);
 	}
 
-	waiting++;
 	pfrom = (from == NULL) ? &from_local : from;
 	fromlen = sizeof(*pfrom);
 	n = recvfrom(peer, data, size, 0, (struct sockaddr *)pfrom, &fromlen);
@@ -430,8 +424,6 @@ receive_packet(int peer, char *data, int size, struct 
 		tftp_log(LOG_ERR, "receive_packet: timeout");
 		return (RP_TIMEOUT);
 	}
-
-	alarm(0);
 
 	if (n < 0) {
 		/* No idea what could have happened if it isn't a timeout */

Modified: stable/11/libexec/tftpd/tftp-utils.c
==============================================================================
--- stable/11/libexec/tftpd/tftp-utils.c	Mon Oct  1 15:45:20 2018	(r339050)
+++ stable/11/libexec/tftpd/tftp-utils.c	Mon Oct  1 15:47:34 2018	(r339051)
@@ -268,11 +268,13 @@ char *
 rp_strerror(int error)
 {
 	static char s[100];
+	size_t space = sizeof(s);
 	int i = 0;
 
 	while (rp_errors[i].desc != NULL) {
 		if (rp_errors[i].error == error) {
-			strcpy(s, rp_errors[i].desc);
+			strlcpy(s, rp_errors[i].desc, space);
+			space -= strlen(rp_errors[i].desc);
 		}
 		i++;
 	}

Modified: stable/11/libexec/tftpd/tftpd.c
==============================================================================
--- stable/11/libexec/tftpd/tftpd.c	Mon Oct  1 15:45:20 2018	(r339050)
+++ stable/11/libexec/tftpd/tftpd.c	Mon Oct  1 15:47:34 2018	(r339051)
@@ -372,7 +372,10 @@ main(int argc, char *argv[])
 			exit(1);
 		}
 		chdir("/");
-		setgroups(1, &nobody->pw_gid);
+		if (setgroups(1, &nobody->pw_gid) != 0) {
+			tftp_log(LOG_ERR, "setgroups failed");
+			exit(1);
+		}
 		if (setuid(nobody->pw_uid) != 0) {
 			tftp_log(LOG_ERR, "setuid failed");
 			exit(1);
@@ -520,7 +523,7 @@ tftp_wrq(int peer, char *recvbuffer, ssize_t size)
 	cp = parse_header(peer, recvbuffer, size, &filename, &mode);
 	size -= (cp - recvbuffer) + 1;
 
-	strcpy(fnbuf, filename);
+	strlcpy(fnbuf, filename, sizeof(fnbuf));
 	reduce_path(fnbuf);
 	filename = fnbuf;
 
@@ -565,7 +568,7 @@ tftp_rrq(int peer, char *recvbuffer, ssize_t size)
 	cp = parse_header(peer, recvbuffer, size, &filename, &mode);
 	size -= (cp - recvbuffer) + 1;
 
-	strcpy(fnbuf, filename);
+	strlcpy(fnbuf, filename, sizeof(fnbuf));
 	reduce_path(fnbuf);
 	filename = fnbuf;
 
@@ -802,6 +805,7 @@ tftp_xmitfile(int peer, const char *mode)
 	time_t now;
 	struct tftp_stats ts;
 
+	memset(&ts, 0, sizeof(ts));
 	now = time(NULL);
 	if (debug&DEBUG_SIMPLE)
 		tftp_log(LOG_DEBUG, "Transmitting file");
