I had some time over the weekend and implemented fixes for warnings
in clamdtop/clamdtop.c:
- 279008 - In make_connection_real: Code can never be reached because
of a logical contradiction (CWE-561). host and port are freed and set
to NULL before they are used to set conn->remote. The fix is to
cleanup host and port after conn->remote is set.
- 147369 - In get_ip: Code can never be reached because of a logical
contradiction (CWE-561). Removed an unnecessary return statement that
could never be reached.
- 147624 - In get_port: Leak of memory or pointers to system resources
(CWE-404). dupip wasn’t being freed in the case where no port could
be found.
- 279007 - In make_connection_real: Pointer is checked against null
but then dereferenced anyway (CWE-476). This function checked soname
for NULL but wouldn’t fail in this case, and subsequent code would
dereference it. The NULL check could just be removed, though, because
the only calling function of this static function ensured that soname
is not NULL.
- 147316 - In cleanup: Value returned from a library function is not
checked for errors before being used. This value may indicate an error
condition. (CWE-252). The code ignores the value of send when exiting
because at that point it doesn’t really matter if the send succeeds.
The fix is to cast this function call to void to explicitly ignore
the return value.
- 147318 - In recv_line: Value returned from a library function is not
checked for errors before being used. This value may indicate an error
condition. (CWE-252) The code ignores the value of send when exiting
because at that point it doesn’t really matter if the send succeeds.
The fix is to cast this function call to void to explicitly ignore
the return value.
... | ... |
@@ -423,7 +423,7 @@ static void cleanup(void) |
423 | 423 |
curses_inited = 0; |
424 | 424 |
for (i = 0; i < global.num_clamd; i++) { |
425 | 425 |
if (global.conn[i].sd && global.conn[i].sd != -1) { |
426 |
- send_string_noreconn(&global.conn[i], "nEND\n"); |
|
426 |
+ (void)send_string_noreconn(&global.conn[i], "nEND\n"); |
|
427 | 427 |
#ifndef WIN32 |
428 | 428 |
close(global.conn[i].sd); |
429 | 429 |
#else |
... | ... |
@@ -564,16 +564,13 @@ char *get_ip(const char *ip) |
564 | 564 |
p1++; |
565 | 565 |
} |
566 | 566 |
|
567 |
- if (i == 0 || i > 1) |
|
567 |
+ if (i == 0 || i > 1) { |
|
568 | 568 |
return dupip; |
569 |
- |
|
570 |
- if (i == 1) { |
|
569 |
+ } else { |
|
571 | 570 |
p1 = strchr(dupip, ':'); |
572 | 571 |
*p1 = '\0'; |
573 | 572 |
return dupip; |
574 | 573 |
} |
575 |
- |
|
576 |
- return dupip; |
|
577 | 574 |
} |
578 | 575 |
|
579 | 576 |
char *get_port(const char *ip) |
... | ... |
@@ -595,6 +592,7 @@ char *get_port(const char *ip) |
595 | 595 |
return p; |
596 | 596 |
} |
597 | 597 |
|
598 |
+ free(dupip); |
|
598 | 599 |
return NULL; |
599 | 600 |
} |
600 | 601 |
|
... | ... |
@@ -634,10 +632,9 @@ static int make_connection_real(const char *soname, conn_t *conn) |
634 | 634 |
int err; |
635 | 635 |
int ret = 0; |
636 | 636 |
|
637 |
- if(soname) { |
|
638 |
- pt = strdup(soname); |
|
639 |
- OOM_CHECK(pt); |
|
640 |
- } |
|
637 |
+ pt = strdup(soname); |
|
638 |
+ OOM_CHECK(pt); |
|
639 |
+ |
|
641 | 640 |
conn->tcp = 0; |
642 | 641 |
|
643 | 642 |
#ifndef _WIN32 |
... | ... |
@@ -733,6 +730,15 @@ done: |
733 | 733 |
pt = NULL; |
734 | 734 |
} |
735 | 735 |
|
736 |
+ if (conn->remote != soname) { |
|
737 |
+ /* when we reconnect, they are the same */ |
|
738 |
+ if (NULL != conn->remote) { |
|
739 |
+ free(conn->remote); |
|
740 |
+ conn->remote = NULL; |
|
741 |
+ } |
|
742 |
+ conn->remote = make_ip(host, (port != NULL) ? port : "3310"); |
|
743 |
+ } |
|
744 |
+ |
|
736 | 745 |
if (NULL != host) { |
737 | 746 |
free(host); |
738 | 747 |
host = NULL; |
... | ... |
@@ -743,15 +749,6 @@ done: |
743 | 743 |
port = NULL; |
744 | 744 |
} |
745 | 745 |
|
746 |
- if (conn->remote != soname) { |
|
747 |
- /* when we reconnect, they are the same */ |
|
748 |
- if (NULL != conn->remote) { |
|
749 |
- free(conn->remote); |
|
750 |
- conn->remote = NULL; |
|
751 |
- } |
|
752 |
- conn->remote = make_ip(host, (port != NULL) ? port : "3310"); |
|
753 |
- } |
|
754 |
- |
|
755 | 746 |
return ret; |
756 | 747 |
} |
757 | 748 |
|
... | ... |
@@ -835,7 +832,7 @@ static int recv_line(conn_t *conn, char *buf, size_t len) |
835 | 835 |
if (nread <= 0) { |
836 | 836 |
print_con_info(conn, "%s: %s", conn->remote, strerror(errno)); |
837 | 837 |
/* it could be a timeout, be nice and send an END */ |
838 |
- send_string_noreconn(conn, "nEND\n"); |
|
838 |
+ (void)send_string_noreconn(conn, "nEND\n"); |
|
839 | 839 |
#ifndef WIN32 |
840 | 840 |
close(conn->sd); |
841 | 841 |
#else |