changeset
Fix some CWE-367 coverity warnings
Tue, 06 May 2014 21:40:30 +0200
- author
- Tomasz Wasilczyk <twasilczyk@pidgin.im>
- date
- Tue, 06 May 2014 21:40:30 +0200
- branch
- release-2.x.y
- changeset 35995
- d0bbb2dad7f3
- parent 35994
- 4a39ea245fe6
- child 35996
- c0db123ecd4e
Fix some CWE-367 coverity warnings
--- a/finch/finch.c Tue May 06 20:39:01 2014 +0200 +++ b/finch/finch.c Tue May 06 21:40:30 2014 +0200 @@ -269,7 +269,6 @@ gboolean opt_version = FALSE; char *opt_config_dir_arg = NULL; gboolean debug_enabled = FALSE; - struct stat st; struct option long_options[] = { {"config", required_argument, NULL, 'c'}, @@ -379,10 +378,8 @@ purple_idle_set_ui_ops(finch_idle_get_ui_ops()); path = g_build_filename(purple_user_dir(), "plugins", NULL); - if (!g_stat(path, &st)) { - if (g_mkdir(path, S_IRUSR | S_IWUSR | S_IXUSR) != 0) - fprintf(stderr, "Couldn't create plugins dir\n"); - } + if (g_mkdir(path, S_IRUSR | S_IWUSR | S_IXUSR) != 0 && errno != EEXIST) + fprintf(stderr, "Couldn't create plugins dir\n"); purple_plugins_add_search_path(path); g_free(path);
--- a/libpurple/log.c Tue May 06 20:39:01 2014 +0200 +++ b/libpurple/log.c Tue May 06 21:40:30 2014 +0200 @@ -1704,8 +1704,15 @@ /* Change the .log extension to .idx */ strcpy(pathstr + strlen(pathstr) - 3, "idx"); - if (g_stat(pathstr, &st) == 0) - { + index_fd = g_open(pathstr, 0, O_RDONLY); + if (index_fd != -1) { + if (fstat(index_fd, &st) != 0) { + close(index_fd); + index_fd = -1; + } + } + + if (index_fd != -1) { if (st.st_mtime < log_last_modified) { purple_debug_warning("log", "Index \"%s\" exists, but is older than the log.\n", pathstr); @@ -1713,15 +1720,12 @@ else { /* The index file exists and is at least as new as the log, so open it. */ - if (!(index = g_fopen(pathstr, "rb"))) - { + if (!(index = fdopen(index_fd, "rb"))) { purple_debug_error("log", "Failed to open index file \"%s\" for reading: %s\n", pathstr, g_strerror(errno)); /* Fall through so that we'll parse the log file. */ - } - else - { + } else { purple_debug_info("log", "Using index: %s\n", pathstr); g_free(pathstr); while (fgets(buf, BUF_LONG, index))
--- a/libpurple/protocols/silc/buddy.c Tue May 06 20:39:01 2014 +0200 +++ b/libpurple/protocols/silc/buddy.c Tue May 06 21:40:30 2014 +0200 @@ -922,7 +922,6 @@ if (usign_success || ssign_success) { struct passwd *pw; - struct stat st; memset(filename2, 0, sizeof(filename2)); @@ -937,14 +936,9 @@ return; /* Create dir if it doesn't exist */ - if ((g_stat(filename, &st)) == -1) { - if (errno == ENOENT) { - if (pw->pw_uid == geteuid()) { - int ret = g_mkdir(filename, 0755); - if (ret < 0) - return; - } - } + if (pw->pw_uid == geteuid()) { + if (g_mkdir(filename, 0755) != 0 && errno != EEXIST) + return; } /* Save VCard */
--- a/libpurple/protocols/silc/util.c Tue May 06 20:39:01 2014 +0200 +++ b/libpurple/protocols/silc/util.c Tue May 06 21:40:30 2014 +0200 @@ -245,7 +245,7 @@ close(fd); return FALSE; } - } else if ((g_stat(file_private_key, &st)) == -1) { + } else { /* If file doesn't exist */ if (errno == ENOENT) { purple_connection_update_progress(gc, _("Creating SILC key pair..."), 1, 5); @@ -271,13 +271,13 @@ } /* This shouldn't really happen because silc_create_key_pair() * will set the permissions */ - else if ((g_stat(file_private_key, &st)) == -1) { + else if ((fstat(fd, &st)) == -1) { purple_debug_error("silc", "Couldn't stat '%s' private key, error: %s\n", file_private_key, g_strerror(errno)); return FALSE; } } else { - purple_debug_error("silc", "Couldn't stat '%s' private key, error: %s\n", + purple_debug_error("silc", "Couldn't open '%s' private key, error: %s\n", file_private_key, g_strerror(errno)); return FALSE; }
--- a/libpurple/util.c Tue May 06 20:39:01 2014 +0200 +++ b/libpurple/util.c Tue May 06 21:40:30 2014 +0200 @@ -2615,6 +2615,14 @@ byteswritten = fwrite(data, 1, real_size, file); #ifdef HAVE_FILENO +#ifndef _WIN32 + /* Set file permissions */ + if (fchmod(fileno(file), S_IRUSR | S_IWUSR) == -1) { + purple_debug_error("util", "Error setting permissions of " + "file %s: %s\n", filename_temp, g_strerror(errno)); + } +#endif + /* Apparently XFS (and possibly other filesystems) do not * guarantee that file data is flushed before file metadata, * so this procedure is insufficient without some flushage. */ @@ -2652,6 +2660,15 @@ g_free(filename_temp); return FALSE; } + +#ifndef _WIN32 + /* copy-pasta! */ + if (fchmod(fd, S_IRUSR | S_IWUSR) == -1) { + purple_debug_error("util", "Error setting permissions of " + "file %s: %s\n", filename_temp, g_strerror(errno)); + } +#endif + if (fsync(fd) < 0) { purple_debug_error("util", "Error syncing %s: %s\n", filename_temp, g_strerror(errno)); @@ -2689,15 +2706,6 @@ return FALSE; } -#ifndef _WIN32 - /* Set file permissions */ - if (chmod(filename_temp, S_IRUSR | S_IWUSR) == -1) - { - purple_debug_error("util", "Error setting permissions of file %s: %s\n", - filename_temp, g_strerror(errno)); - } -#endif - /* Rename to the REAL name */ if (g_rename(filename_temp, filename_full) == -1) {
--- a/pidgin/gtkmain.c Tue May 06 20:39:01 2014 +0200 +++ b/pidgin/gtkmain.c Tue May 06 21:40:30 2014 +0200 @@ -499,7 +499,6 @@ gboolean debug_enabled; gboolean migration_failed = FALSE; GList *active_accounts; - struct stat st; struct option long_options[] = { {"config", required_argument, NULL, 'c'}, @@ -808,10 +807,8 @@ * in user's home directory. */ search_path = g_build_filename(purple_user_dir(), "plugins", NULL); - if (!g_stat(search_path, &st)) { - if (!g_mkdir(search_path, S_IRUSR | S_IWUSR | S_IXUSR)) - fprintf(stderr, "Couldn't create plugins dir\n"); - } + if (g_mkdir(search_path, S_IRUSR | S_IWUSR | S_IXUSR) != 0 && errno != EEXIST) + fprintf(stderr, "Couldn't create plugins dir\n"); purple_plugins_add_search_path(search_path); g_free(search_path); purple_plugins_add_search_path(LIBDIR);
