From 08325b58bef83bfed181c493f269ef57477152c0 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Fri, 18 Apr 2014 20:26:47 -0400 Subject: scan-build: Add a check for result from getaddrinfo As documented, getaddrinfo always sets its result when it returns no error. But scan-build doesn't know that, and thinks we might be def --- src/common/address.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/common') diff --git a/src/common/address.c b/src/common/address.c index e5930dedc..2825b123d 100644 --- a/src/common/address.c +++ b/src/common/address.c @@ -236,7 +236,9 @@ tor_addr_lookup(const char *name, uint16_t family, tor_addr_t *addr) hints.ai_family = family; hints.ai_socktype = SOCK_STREAM; err = sandbox_getaddrinfo(name, NULL, &hints, &res); - if (!err) { + /* The check for 'res' here shouldn't be necessary, but it makes static + * analysis tools happy. */ + if (!err && res) { best = NULL; for (res_p = res; res_p; res_p = res_p->ai_next) { if (family == AF_UNSPEC) { -- cgit v1.2.3 From 685d450ab3823c578514ce6986d00c6e219abb43 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Sat, 19 Apr 2014 13:07:30 -0400 Subject: scan-build: avoid undef behaior in tor_inet_pton If we had an address of the form "1.2.3.4" and we tried to pass it to tor_inet_pton with AF_INET6, it was possible for our 'eow' pointer to briefly move backwards to the point before the start of the string, before we moved it right back to the start of the string. C doesn't allow that, and though we haven't yet hit a compiler that decided to nuke us in response, it's best to fix. So, be more explicit about requiring there to be a : before any IPv4 address part of the IPv6 address. We would have rejected addresses without a : for not being IPv6 later on anyway. --- src/common/compat.c | 4 +++- src/test/test_addr.c | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'src/common') diff --git a/src/common/compat.c b/src/common/compat.c index c5945fbd2..8d816b90e 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -2195,8 +2195,10 @@ tor_inet_pton(int af, const char *src, void *dst) else { unsigned byte1,byte2,byte3,byte4; char more; - for (eow = dot-1; eow >= src && TOR_ISDIGIT(*eow); --eow) + for (eow = dot-1; eow > src && TOR_ISDIGIT(*eow); --eow) ; + if (*eow != ':') + return 0; ++eow; /* We use "scanf" because some platform inet_aton()s are too lax diff --git a/src/test/test_addr.c b/src/test/test_addr.c index cee2dcf2a..50011e606 100644 --- a/src/test/test_addr.c +++ b/src/test/test_addr.c @@ -346,6 +346,9 @@ test_addr_ip6_helpers(void) test_pton6_bad("a:::b:c"); test_pton6_bad(":::a:b:c"); test_pton6_bad("a:b:c:::"); + test_pton6_bad("1.2.3.4"); + test_pton6_bad(":1.2.3.4"); + test_pton6_bad(".2.3.4"); /* test internal checking */ test_external_ip("fbff:ffff::2:7", 0); -- cgit v1.2.3 From 3b1f7f75a7efa51ae5549a6413e90066cfe307a8 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Sat, 19 Apr 2014 13:16:56 -0400 Subject: scan-build: memarea_strndup() undefined behavior The memarea_strndup() function would have hit undefined behavior by creating an 'end' pointer off the end of a string if it had ever been given an 'n' argument bigger than the length of the memory ares that it's scanning. Fortunately, we never did that except in the unit tests. But it's not a safe behavior to leave lying around. --- src/common/memarea.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'src/common') diff --git a/src/common/memarea.c b/src/common/memarea.c index e2d07fca9..bcaea0949 100644 --- a/src/common/memarea.c +++ b/src/common/memarea.c @@ -291,14 +291,11 @@ memarea_strdup(memarea_t *area, const char *s) char * memarea_strndup(memarea_t *area, const char *s, size_t n) { - size_t ln; + size_t ln = 0; char *result; - const char *cp, *end = s+n; tor_assert(n < SIZE_T_CEILING); - for (cp = s; cp < end && *cp; ++cp) + for (ln = 0; ln < n && s[ln]; ++ln) ; - /* cp now points to s+n, or to the 0 in the string. */ - ln = cp-s; result = memarea_alloc(area, ln+1); memcpy(result, s, ln); result[ln]='\0'; -- cgit v1.2.3