[core] attempt to quiet coverity false positives

6 years ago · dadfb5fcf5
parent 9bc61f16cb
commit dadfb5fcf5
5 changed files with 31 additions and 22 deletions
--- a/src/buffer.c
+++ b/src/buffer.c
@ -234,20 +234,19 @@ void buffer_append_string_buffer(buffer *b, const buffer *src) {

 void buffer_append_uint_hex(buffer *b, uintmax_t value) {
 	char *buf;
-	int shift = 0;
+	unsigned int shift = 0;

 	{
 		uintmax_t copy = value;
 		do {
 			copy >>= 8;
-			shift += 2; /* counting nibbles (4 bits) */
+			shift += 8; /* counting bits */
 		} while (0 != copy);
 	}

-	buf = buffer_string_prepare_append(b, shift);
-	buffer_commit(b, shift); /* will fill below */
+	buf = buffer_string_prepare_append(b, shift >> 2); /*nibbles (4 bits)*/
+	buffer_commit(b, shift >> 2); /* will fill below */

-	shift *= 4; /* count bits now */
 	while (shift > 0) {
 		shift -= 4;
 		*(buf++) = hex_chars[(value >> shift) & 0x0F];
--- a/src/lighttpd-angel.c
+++ b/src/lighttpd-angel.c
@ -68,6 +68,10 @@ int main(int argc, char **argv) {
 	struct sigaction act;

 	UNUSED(argc);
+	*(const char **)&argv[0] = BINPATH;
+      #ifdef __COVERITY__
+	__coverity_tainted_data_sanitize__(argv);
+      #endif

 	/**
 	 * we are running as root BEWARE
@ -103,13 +107,10 @@ int main(int argc, char **argv) {
 			if (0 == pid) {
 				/* i'm the child */

-				argv[0] = BINPATH;
-
 				/* intentionally pass argv params */
 				/* coverity[tainted_string : FALSE] */
-				execvp(BINPATH, argv);
-
-				exit(1);
+				execvp(argv[0], argv);
+				_exit(1);
 			} else if (-1 == pid) {
 				/** error */

--- a/src/mod_auth.c
+++ b/src/mod_auth.c
@ -619,16 +619,17 @@ static handler_t mod_auth_check_digest(server *srv, connection *con, void *p_d,

 	if (0 != strncasecmp(ds->value->ptr, "Digest ", sizeof("Digest ")-1)) {
 		return mod_auth_send_400_bad_request(srv, con);
+	} else {
+		size_t n = buffer_string_length(ds->value);
+	      #ifdef __COVERITY__
+		if (n < sizeof("Digest ")-1) {
+			return mod_auth_send_400_bad_request(srv, con);
+		}
+	      #endif
+		n -= (sizeof("Digest ")-1);
+		b = buffer_init();
+		buffer_copy_string_len(b,ds->value->ptr+sizeof("Digest ")-1,n);
 	}
-      #ifdef __COVERITY__
-	if (buffer_string_length(ds->value) < sizeof("Digest ")-1) {
-		return mod_auth_send_400_bad_request(srv, con);
-	}
-      #endif
-
-	b = buffer_init();
-	/* coverity[overflow_sink : FALSE] */
-	buffer_copy_string_len(b, ds->value->ptr+sizeof("Digest ")-1, buffer_string_length(ds->value)-(sizeof("Digest ")-1));

 	/* parse credentials from client */
 	for (c = b->ptr; *c; c++) {
--- a/src/mod_extforward.c
+++ b/src/mod_extforward.c
@ -1285,6 +1285,10 @@ static int hap_PROXY_recv (const int fd, union hap_PROXY_hdr * const hdr)
 static int mod_extforward_hap_PROXY_v1 (connection * const con,
                                        union hap_PROXY_hdr * const hdr)
 {
+  #ifdef __COVERITY__
+    __coverity_tainted_data_sink__(hdr);
+  #endif
+
    /* samples
     *   "PROXY TCP4 255.255.255.255 255.255.255.255 65535 65535\r\n"
     *   "PROXY TCP6 ffff:f...f:ffff ffff:f...f:ffff 65535 65535\r\n"
@ -1351,6 +1355,10 @@ static int mod_extforward_hap_PROXY_v1 (connection * const con,
 static int mod_extforward_hap_PROXY_v2 (connection * const con,
                                        union hap_PROXY_hdr * const hdr)
 {
+  #ifdef __COVERITY__
+    __coverity_tainted_data_sink__(hdr);
+  #endif
+
    /* If HAProxy-PROXY protocol used, then lighttpd acts as transparent proxy,
     * masquerading as servicing the client IP provided in by HAProxy-PROXY hdr.
     * The connecting con->dst_addr and con->dst_addr_buf are not saved here,
@ -1539,9 +1547,6 @@ static int mod_extforward_network_read (server *srv, connection *con,

    union hap_PROXY_hdr hdr;
    int rc = hap_PROXY_recv(con->fd, &hdr);
-  #ifdef __COVERITY__
-    __coverity_tainted_data_sanitize__(&hdr);
-  #endif /*(mod_extforward_hap_PROXY_v*() parse the tainted data)*/
    switch (rc) {
      case  2: rc = mod_extforward_hap_PROXY_v2(con, &hdr); break;
      case  1: rc = mod_extforward_hap_PROXY_v1(con, &hdr); break;
--- a/src/server.c
+++ b/src/server.c
@ -1172,6 +1172,9 @@ static int server_main (server * const srv, int argc, char **argv) {
 		do {
 			/* coverity[overwrite_var : FALSE] */
 			devnull = fdevent_open_devnull();
+		      #ifdef __COVERITY__
+			__coverity_escape__(devnull);
+		      #endif
 		} while (-1 != devnull && devnull <= STDERR_FILENO);
 		if (-1 == devnull) {
 			log_error_write(srv, __FILE__, __LINE__, "ss",