# HG changeset patch # User Vadim Lebedev # Date 1311775313 -7200 # Node ID a190752a5256870e7ba0b10ef28f33e21cd28de6 # Parent de2f6cd6be765555718239846ccd372e241a0ca3 exosip COVERITY fixes diff -r de2f6cd6be76 -r a190752a5256 libeXosip2/src/eXcall_api.c --- a/libeXosip2/src/eXcall_api.c Wed Jul 20 14:08:12 2011 +0200 +++ b/libeXosip2/src/eXcall_api.c Wed Jul 27 16:01:53 2011 +0200 @@ -696,8 +696,8 @@ else if (subscription_status == EXOSIP_SUBCRSTATE_ACTIVE) osip_strncpy(subscription_state, "active;expires=", 15); else if (subscription_status == EXOSIP_SUBCRSTATE_TERMINATED) { +#if 0 int reason = NORESOURCE; - if (reason == DEACTIVATED) osip_strncpy(subscription_state, "terminated;reason=deactivated", 29); else if (reason == PROBATION) @@ -709,11 +709,12 @@ else if (reason == GIVEUP) osip_strncpy(subscription_state, "terminated;reason=giveup", 24); else if (reason == NORESOURCE) +#endif osip_strncpy(subscription_state, "terminated;reason=noresource", 29); } tmp = subscription_state + strlen(subscription_state); if (subscription_status != EXOSIP_SUBCRSTATE_TERMINATED) - sprintf(tmp, "%i", 180); + snprintf(tmp, 50 - (tmp - subscription_state), "%i", 180); osip_message_set_header(*request, "Subscription-State", subscription_state); return OSIP_SUCCESS; @@ -750,11 +751,7 @@ if (0 == osip_strcasecmp(tr->orig_request->sip_method, "INVITE")) { i = _eXosip_answer_invite_123456xx(jc, jd, status, answer, 0); } else { - if (jd != NULL) - i = _eXosip_build_response_default(answer, jd->d_dialog, status, - tr->orig_request); - else - i = _eXosip_build_response_default(answer, NULL, status, + i = _eXosip_build_response_default(answer, jd->d_dialog, status, tr->orig_request); if (i != 0) { OSIP_TRACE(osip_trace(__FILE__, __LINE__, OSIP_ERROR, NULL, @@ -889,13 +886,13 @@ /* syntax of Session-Expires is equivalent to "Content-Disposition" */ osip_content_disposition_init(&exp_h); if (exp_h == NULL) { - osip_content_disposition_free(exp_h); osip_header_free(cp); } else { osip_content_disposition_parse(exp_h, se_exp->hvalue); if (exp_h->element == NULL) { osip_content_disposition_free(exp_h); osip_header_free(cp); + exp_h = NULL; } else { osip_generic_param_t *param = NULL; osip_generic_param_get_byname(&exp_h->gen_params, @@ -923,7 +920,8 @@ osip_list_add(&answer->headers, cp, 0); } } - osip_content_disposition_free(exp_h); + if (exp_h) + osip_content_disposition_free(exp_h); exp_h = NULL; @@ -1321,7 +1319,11 @@ /* replace request-uri with NEW contact address */ osip_uri_free(msg->req_uri); msg->req_uri = NULL; - osip_uri_clone(co->url, &msg->req_uri); + i = osip_uri_clone(co->url, &msg->req_uri); + if (i != 0) { + osip_message_free(msg); + return i; + } /* support for diversions headers/draft! */ { @@ -1564,7 +1566,7 @@ return OSIP_NOMEM; /* parse replaces string */ - strcpy(call_id, replaces_str); + // strdup allready copied the string: strcpy(call_id, replaces_str); to_tag = strstr(call_id, totag_str); from_tag = strstr(call_id, fromtag_str); early_flag = strstr(call_id, earlyonly_str); diff -r de2f6cd6be76 -r a190752a5256 libeXosip2/src/eXinsubscription_api.c --- a/libeXosip2/src/eXinsubscription_api.c Wed Jul 20 14:08:12 2011 +0200 +++ b/libeXosip2/src/eXinsubscription_api.c Wed Jul 27 16:01:53 2011 +0200 @@ -127,11 +127,8 @@ return OSIP_BADPARAMETER; } - if (jd != NULL) - i = _eXosip_build_response_default(answer, jd->d_dialog, status, + i = _eXosip_build_response_default(answer, jd->d_dialog, status, tr->orig_request); - else - i = _eXosip_build_response_default(answer, NULL, status, tr->orig_request); if (i != 0) { OSIP_TRACE(osip_trace(__FILE__, __LINE__, OSIP_ERROR, NULL, @@ -230,10 +227,6 @@ osip_message_free(answer); return OSIP_BADPARAMETER; } - if (i != 0) { - osip_message_free(answer); - return i; - } } evt_answer = osip_new_outgoing_sipmessage(answer); @@ -303,7 +296,7 @@ tmp = subscription_state + strlen(subscription_state); if (subscription_status != EXOSIP_SUBCRSTATE_TERMINATED) - sprintf(tmp, "%li", jn->n_ss_expires - now); + snprintf(tmp, 50 - (tmp - subscription_state), "%li", jn->n_ss_expires - now); osip_message_set_header(*request, "Subscription-State", subscription_state); #endif @@ -604,12 +597,14 @@ jd->d_dialog->local_tag, jd->d_dialog->remote_tag, direction, dlg_state, remote_uri); - strcat(xml, tmp_dialog); + if (strlen(xml) + strlen(tmp_dialog) < sizeof(xml)) + strcat(xml, tmp_dialog); } } } } - strcat(xml, "" "\r\n"); + if (strlen(xml) + 16 < sizeof(xml)) + strcat(xml, "" "\r\n"); osip_message_set_content_type(notify, "application/dialog-info+xml"); osip_message_set_body(notify, xml, strlen(xml)); diff -r de2f6cd6be76 -r a190752a5256 libeXosip2/src/eXosip.c --- a/libeXosip2/src/eXosip.c Wed Jul 20 14:08:12 2011 +0200 +++ b/libeXosip2/src/eXosip.c Wed Jul 27 16:01:53 2011 +0200 @@ -1482,7 +1482,7 @@ osip_free(br->gvalue); number = osip_build_random_number(); - sprintf(tmp, "z9hG4bK%u", number); + snprintf(tmp, 40, "z9hG4bK%u", number); br->gvalue = osip_strdup(tmp); return OSIP_SUCCESS; } diff -r de2f6cd6be76 -r a190752a5256 libeXosip2/src/eXpublish_api.c --- a/libeXosip2/src/eXpublish_api.c Wed Jul 20 14:08:12 2011 +0200 +++ b/libeXosip2/src/eXpublish_api.c Wed Jul 27 16:01:53 2011 +0200 @@ -151,7 +151,7 @@ osip_message_free(message); return OSIP_NOMEM; } - sprintf(message->cseq->number, "%i", osip_cseq_num); + snprintf(message->cseq->number, length+2, "%i", osip_cseq_num); } } diff -r de2f6cd6be76 -r a190752a5256 libeXosip2/src/eXregister_api.c --- a/libeXosip2/src/eXregister_api.c Wed Jul 20 14:08:12 2011 +0200 +++ b/libeXosip2/src/eXregister_api.c Wed Jul 27 16:01:53 2011 +0200 @@ -125,7 +125,7 @@ osip_message_free(last_response); return OSIP_NOMEM; } - sprintf(reg->cseq->number, "%i", osip_cseq_num); + snprintf(reg->cseq->number, length + 2, "%i", osip_cseq_num); if (last_response != NULL && last_response->status_code == 423) { diff -r de2f6cd6be76 -r a190752a5256 libeXosip2/src/eXtl_tcp.c --- a/libeXosip2/src/eXtl_tcp.c Wed Jul 20 14:08:12 2011 +0200 +++ b/libeXosip2/src/eXtl_tcp.c Wed Jul 27 16:01:53 2011 +0200 @@ -269,6 +269,16 @@ OSIP_TRACE(osip_trace(__FILE__, __LINE__, OSIP_ERROR, NULL, "Error accepting TCP socket\n")); } else { + + if (pos >= EXOSIP_MAX_SOCKETS) { + OSIP_TRACE(osip_trace(__FILE__, __LINE__, OSIP_INFO1, NULL, + "Too many tcp connections\n")); + close(sock); + goto skipit; + + } + + tcp_socket_tab[pos].socket = sock; OSIP_TRACE(osip_trace(__FILE__, __LINE__, OSIP_INFO1, NULL, "New TCP connection accepted\n")); @@ -324,7 +334,7 @@ } - +skipit: buf = NULL; for (pos = 0; pos < EXOSIP_MAX_SOCKETS; pos++) { @@ -363,6 +373,7 @@ tcp_socket_tab[pos].previous_content_len = 0; continue; /* give up: realloc issue */ } + tcp_socket_tab[pos].previous_content[tcp_socket_tab[pos].previous_content_len + i] = 0; osip_strncpy(tcp_socket_tab[pos].previous_content + tcp_socket_tab[pos].previous_content_len, buf, i); tcp_socket_tab[pos].previous_content_len = @@ -373,6 +384,7 @@ (char *) osip_malloc(i + 1); osip_strncpy(tcp_socket_tab[pos].previous_content, buf, i); tcp_socket_tab[pos].previous_content_len = i; + tcp_socket_tab[pos].previous_content[tcp_socket_tab[pos].previous_content_len] = 0; } end_sip = strstr(tcp_socket_tab[pos].previous_content, "\r\n\r\n"); @@ -832,7 +844,7 @@ int port, int out_socket) { size_t length = 0; - char *message; + char *message = 0; int i; if (host == NULL) { @@ -861,6 +873,7 @@ } if (i != 0 || length <= 0) { + osip_free(message); return -1; } diff -r de2f6cd6be76 -r a190752a5256 libeXosip2/src/eXtl_udp.c --- a/libeXosip2/src/eXtl_udp.c Wed Jul 20 14:08:12 2011 +0200 +++ b/libeXosip2/src/eXtl_udp.c Wed Jul 27 16:01:53 2011 +0200 @@ -199,9 +199,10 @@ if (eXosip.learn_port > 0) { osip_via_t *via = NULL; osip_generic_param_t *br; + int i; - osip_message_get_via(sip, 0, &via); - if (via != NULL && via->protocol != NULL + i = osip_message_get_via(sip, 0, &via); + if (i >= 0 && via != NULL && via->protocol != NULL && (osip_strcasecmp(via->protocol, "udp") == 0 || osip_strcasecmp(via->protocol, "dtls-udp") == 0)) { osip_via_param_get_byname(via, "rport", &br); @@ -426,7 +427,7 @@ size_t length = 0; struct addrinfo *addrinfo; struct __eXosip_sockaddr addr; - char *message; + char *message = 0; char ipbuf[INET6_ADDRSTRLEN]; int i; @@ -505,6 +506,7 @@ } if (i != 0 || length <= 0) { + osip_free(message); return -1; } diff -r de2f6cd6be76 -r a190752a5256 libeXosip2/src/inet_ntop.c --- a/libeXosip2/src/inet_ntop.c Wed Jul 20 14:08:12 2011 +0200 +++ b/libeXosip2/src/inet_ntop.c Wed Jul 27 16:01:53 2011 +0200 @@ -128,7 +128,7 @@ char tmp[sizeof "255.255.255.255"]; sprintf(tmp, fmt, src[0], src[1], src[2], src[3]); - if ((size_t) strlen(tmp) > size) { + if ((size_t) strlen(tmp) >= size) { #ifndef _WIN32_WCE errno = ENOSPC; #endif @@ -171,8 +171,8 @@ memset(words, 0, sizeof words); for (i = 0; i < IN6ADDRSZ; i++) words[i / 2] |= (src[i] << ((1 - (i % 2)) << 3)); - best.base = -1; - cur.base = -1; + best.base = -1; best.len = 0; + cur.base = -1; cur.len = 0; for (i = 0; i < (IN6ADDRSZ / INT16SZ); i++) { if (words[i] == 0) { if (cur.base == -1) diff -r de2f6cd6be76 -r a190752a5256 libeXosip2/src/jauth.c --- a/libeXosip2/src/jauth.c Wed Jul 20 14:08:12 2011 +0200 +++ b/libeXosip2/src/jauth.c Wed Jul 27 16:01:53 2011 +0200 @@ -525,7 +525,8 @@ /* Compute the AKA response */ resp_hex[0] = 0; - sprintf(tmp, "%s", pszNonce); + snprintf(tmp, MAX_HEADER_LEN-1, "%s", pszNonce); + tmp[MAX_HEADER_LEN-1] = 0; nonce64 = tmp; nonce = base64_decode_string(nonce64, strlen(tmp), &noncelen); if (nonce == NULL) @@ -533,7 +534,7 @@ if (noncelen < RANDLEN + AUTNLEN) { /* Nonce is too short */ - goto done; + osip_free(nonce); goto done; } memcpy(rnd, nonce, RANDLEN); /* memcpy(autn,nonce+RANDLEN,AUTNLEN); */ @@ -602,6 +603,7 @@ char *Alg = "MD5"; int version = 0; int i; + static const char nullstr[] = ""; /* make some test */ if (passwd == NULL) @@ -698,7 +700,7 @@ { char *pszNonce = osip_strdup_without_quote(osip_www_authenticate_get_nonce(wa)); - char *pszCNonce = NULL; + char *pszCNonce = nullstr; const char *pszUser = username; char *pszRealm = NULL; const char *pszPass = NULL; @@ -822,11 +824,13 @@ return OSIP_NOMEM; } - sprintf(resp, "\"%s\"", Response); + snprintf(resp, 35, "\"%s\"", Response); + resp[34] = 0; osip_authorization_set_response(aut, resp); } osip_free(pszNonce); - osip_free(pszCNonce); + if (pszCNonce != nullstr) + osip_free(pszCNonce); osip_free(pszRealm); osip_free(pszQop); osip_free(szNonceCount); @@ -852,6 +856,7 @@ char *Alg = "MD5"; int version = 0; int i; + static const char nullstr[] = ""; /* make some test */ if (passwd == NULL) @@ -950,7 +955,7 @@ { char *pszNonce = NULL; - char *pszCNonce = NULL; + char *pszCNonce = nullstr; const char *pszUser = username; char *pszRealm = NULL; const char *pszPass = NULL; @@ -974,17 +979,17 @@ pszPass = passwd; - if (osip_www_authenticate_get_nonce(wa) == NULL) + if (osip_www_authenticate_get_nonce(wa) == NULL) { + osip_authorization_free(aut); + osip_free(pszRealm); return OSIP_SYNTAXERROR; + } pszNonce = osip_strdup_without_quote(osip_www_authenticate_get_nonce(wa)); if (qop != NULL) { /* only accept qop="auth" */ pszQop = osip_strdup("auth"); if (pszQop == NULL) { - osip_authorization_free(aut); - osip_free(pszNonce); - osip_free(pszRealm); return OSIP_NOMEM; } @@ -1076,11 +1081,12 @@ return OSIP_NOMEM; } - sprintf(resp, "\"%s\"", Response); + snprintf(resp, 35, "\"%s\"", Response); osip_proxy_authorization_set_response(aut, resp); } osip_free(pszNonce); - osip_free(pszCNonce); + if (pszCNonce != nullstr) + osip_free(pszCNonce); osip_free(pszRealm); osip_free(pszQop); osip_free(szNonceCount); diff -r de2f6cd6be76 -r a190752a5256 libeXosip2/src/jcallback.c --- a/libeXosip2/src/jcallback.c Wed Jul 20 14:08:12 2011 +0200 +++ b/libeXosip2/src/jcallback.c Wed Jul 27 16:01:53 2011 +0200 @@ -299,7 +299,7 @@ } } - if (MSG_IS_NOTIFY(tr->orig_request) + if (jn != NULL && MSG_IS_NOTIFY(tr->orig_request) && tr->last_response != NULL && tr->last_response->status_code > 199 && tr->last_response->status_code < 300) { @@ -740,7 +740,7 @@ } else if (MSG_TEST_CODE(sip, 183) && jd != NULL) { jd->d_STATE = JD_QUEUED; } - if (MSG_IS_RESPONSE_FOR(sip, "INVITE")) { + if (jc != NULL && MSG_IS_RESPONSE_FOR(sip, "INVITE")) { eXosip_call_renew_expire_time(jc); } } diff -r de2f6cd6be76 -r a190752a5256 libeXosip2/src/jevents.c --- a/libeXosip2/src/jevents.c Wed Jul 20 14:08:12 2011 +0200 +++ b/libeXosip2/src/jevents.c Wed Jul 27 16:01:53 2011 +0200 @@ -66,11 +66,11 @@ { eXosip_event_t *je; + if (jc == NULL) + return NULL; eXosip_event_init(&je, type); if (je == NULL) return NULL; - if (jc == NULL) - return NULL; je->cid = jc->c_id; if (jd != NULL) @@ -92,11 +92,11 @@ { eXosip_event_t *je; + if (js == NULL) + return NULL; eXosip_event_init(&je, type); if (je == NULL) return NULL; - if (js == NULL) - return NULL; je->sid = js->s_id; if (jd != NULL) @@ -120,11 +120,11 @@ { eXosip_event_t *je; + if (jn == NULL) + return NULL; eXosip_event_init(&je, type); if (je == NULL) return NULL; - if (jn == NULL) - return NULL; je->nid = jn->n_id; if (jd != NULL) @@ -149,11 +149,11 @@ { eXosip_event_t *je; + if (jr == NULL) + return NULL; eXosip_event_init(&je, type); if (je == NULL) return NULL; - if (jr == NULL) - return NULL; je->rid = jr->r_id; _eXosip_event_fill_messages(je, tr); diff -r de2f6cd6be76 -r a190752a5256 libeXosip2/src/jnotify.c --- a/libeXosip2/src/jnotify.c Wed Jul 20 14:08:12 2011 +0200 +++ b/libeXosip2/src/jnotify.c Wed Jul 27 16:01:53 2011 +0200 @@ -159,7 +159,7 @@ tmp[0] = '0'; tmp[1] = '\0'; } else { - sprintf(tmp, "%li", jn->n_ss_expires - now); + snprintf(tmp, 20, "%li", jn->n_ss_expires - now); } osip_message_set_expires(answer, tmp); } diff -r de2f6cd6be76 -r a190752a5256 libeXosip2/src/jpipe.c --- a/libeXosip2/src/jpipe.c Wed Jul 20 14:08:12 2011 +0200 +++ b/libeXosip2/src/jpipe.c Wed Jul 27 16:01:53 2011 +0200 @@ -193,7 +193,31 @@ } #endif - connect(my_pipe->pipes[1], (struct sockaddr *) &raddr, sizeof(raddr)); + j = connect(my_pipe->pipes[1], (struct sockaddr *) &raddr, sizeof(raddr)); +#if defined(__arc__) + if (j != 0) { + /* failed for some reason... */ + OSIP_TRACE(osip_trace + (__FILE__, __LINE__, OSIP_ERROR, NULL, + "udp plugin; cannot coonect local pipe\n")); + close(s); + close(my_pipe->pipes[1]); + osip_free(my_pipe); + return NULL; + } +#elif !defined(_WIN32_WCE) + if (j != NO_ERROR) { + /* failed for some reason... */ + OSIP_TRACE(osip_trace + (__FILE__, __LINE__, OSIP_ERROR, NULL, + "udp plugin; cannot connect local pipe\n")); + closesocket(s); + closesocket(my_pipe->pipes[1]); + osip_free(my_pipe); + return NULL; + } +#endif + my_pipe->pipes[0] = accept(s, NULL, NULL); diff -r de2f6cd6be76 -r a190752a5256 libeXosip2/src/jrequest.c --- a/libeXosip2/src/jrequest.c Wed Jul 20 14:08:12 2011 +0200 +++ b/libeXosip2/src/jrequest.c Wed Jul 27 16:01:53 2011 +0200 @@ -148,6 +148,7 @@ OSIP_TRACE(osip_trace (__FILE__, __LINE__, OSIP_ERROR, NULL, "eXosip: no default interface defined\n")); + osip_free(contact); return OSIP_NO_NETWORK; } } @@ -167,7 +168,8 @@ snprintf(contact, len - strlen(eXosip.transport) - 10, "", locip, firewall_port); } - if (osip_strcasecmp(eXosip.transport, "UDP") != 0) { + if (strlen(contact) + strlen(eXosip.transport) + strlen(";transport=>") < len && + osip_strcasecmp(eXosip.transport, "UDP") != 0) { contact[strlen(contact) - 1] = '\0'; strcat(contact, ";transport="); strcat(contact, eXosip.transport); @@ -326,6 +328,9 @@ *dest = NULL; + if (!method || !*method) + return OSIP_BADPARAMETER; + if (eXosip.eXtl == NULL) return OSIP_NO_NETWORK; @@ -352,7 +357,11 @@ doing_register = 0 == strcmp("REGISTER", method); if (doing_register) { - osip_uri_init(&(request->req_uri)); + i = osip_uri_init(&(request->req_uri)); + if (i != 0) { + osip_message_free(request); + return i; + } i = osip_uri_parse(request->req_uri, proxy); if (i != 0) { osip_message_free(request); @@ -453,7 +462,13 @@ osip_uri_uparam_get_byname(o_proxy->url, "lr", &lr_param); if (lr_param != NULL) { /* to is the remote target URI in this case! */ - osip_uri_clone(request->to->url, &(request->req_uri)); + i = osip_uri_clone(request->to->url, &(request->req_uri)); + if (i != 0) { + osip_route_free(o_proxy); + osip_message_free(request); + return i; + } + /* "[request] MUST includes a Route header field containing the route set values in order." */ osip_list_add(&request->routes, o_proxy, 0); @@ -728,6 +743,8 @@ osip_list_add(&(*reg)->contacts, new_contact, -1); } + else + osip_contact_free(new_contact); } else { osip_message_set_contact(*reg, contact); } @@ -977,7 +994,7 @@ osip_message_free(request); return OSIP_NOMEM; } - sprintf(tmp, "%i", dialog->local_cseq); + snprintf(tmp, 20, "%i", dialog->local_cseq); osip_cseq_set_number(cseq, tmp); osip_cseq_set_method(cseq, osip_strdup(method)); request->cseq = cseq; diff -r de2f6cd6be76 -r a190752a5256 libeXosip2/src/jresponse.c --- a/libeXosip2/src/jresponse.c Wed Jul 20 14:08:12 2011 +0200 +++ b/libeXosip2/src/jresponse.c Wed Jul 27 16:01:53 2011 +0200 @@ -248,7 +248,7 @@ via = (osip_via_t *) osip_list_get(&response->vias, 0); if (via == NULL || via->protocol == NULL) return OSIP_SYNTAXERROR; - if (strlen(contact) + strlen(via->protocol) < 1024 + if (strlen(contact) + strlen(via->protocol) + strlen(";transport=>") < 1024 && 0 != osip_strcasecmp(via->protocol, "UDP")) { contact[strlen(contact) - 1] = '\0'; strcat(contact, ";transport="); diff -r de2f6cd6be76 -r a190752a5256 libeXosip2/src/udp.c --- a/libeXosip2/src/udp.c Wed Jul 20 14:08:12 2011 +0200 +++ b/libeXosip2/src/udp.c Wed Jul 27 16:01:53 2011 +0200 @@ -360,11 +360,12 @@ tr = osip_list_get(jd->d_inc_trs, pos); i = cancel_match_invite(tr, evt->sip); if (i == 0) - break; + goto found; tr = NULL; pos++; } } +found: if (jd != NULL) break; /* tr has just been found! */ } @@ -1472,8 +1473,6 @@ return; } - /* we don't match any existing dialog: send a ACK & send a BYE */ - osip_event_free(evt); } int