/pidgin/main: bffbd724134d: Fix CWE-252 coverity issues
Tomasz Wasilczyk
twasilczyk at pidgin.im
Sat May 17 06:06:19 EDT 2014
Changeset: bffbd724134d861384b1f81a987bfe83408dfc74
Author: Tomasz Wasilczyk <twasilczyk at pidgin.im>
Date: 2014-05-17 12:05 +0200
Branch: default
URL: https://hg.pidgin.im/pidgin/main/rev/bffbd724134d
Description:
Fix CWE-252 coverity issues
diffstat:
libpurple/image.c | 2 +-
libpurple/ntlm.c | 4 +++-
libpurple/plugins/keyrings/internalkeyring.c | 1 +
libpurple/protocols/jabber/auth.c | 5 ++++-
libpurple/protocols/msn/nexus.c | 6 ++++--
libpurple/protocols/msn/notification.c | 5 ++++-
libpurple/tests/test_util.c | 2 +-
libpurple/util.c | 10 ++++++++--
pidgin/gtksmiley-theme.c | 8 ++++++--
pidgin/plugins/gevolution/gevolution.c | 5 ++++-
pidgin/plugins/screencap.c | 1 +
11 files changed, 37 insertions(+), 12 deletions(-)
diffs (215 lines):
diff --git a/libpurple/image.c b/libpurple/image.c
--- a/libpurple/image.c
+++ b/libpurple/image.c
@@ -135,7 +135,7 @@ fill_data(PurpleImage *image)
return;
g_return_if_fail(priv->path);
- g_file_get_contents(priv->path, &contents, &length, &error);
+ (void)g_file_get_contents(priv->path, &contents, &length, &error);
if (error) {
purple_debug_error("image", "failed to read '%s' image: %s",
priv->path, error->message);
diff --git a/libpurple/ntlm.c b/libpurple/ntlm.c
--- a/libpurple/ntlm.c
+++ b/libpurple/ntlm.c
@@ -193,10 +193,12 @@ static void
des_ecb_encrypt(const guint8 *plaintext, guint8 *result, const guint8 *key)
{
PurpleCipher *cipher;
+ gssize encsiz;
cipher = purple_des_cipher_new();
purple_cipher_set_key(cipher, key, 8);
- purple_cipher_encrypt(cipher, plaintext, 8, result, 8);
+ encsiz = purple_cipher_encrypt(cipher, plaintext, 8, result, 8);
+ g_warn_if_fail(encsiz == 8);
g_object_unref(cipher);
}
diff --git a/libpurple/plugins/keyrings/internalkeyring.c b/libpurple/plugins/keyrings/internalkeyring.c
--- a/libpurple/plugins/keyrings/internalkeyring.c
+++ b/libpurple/plugins/keyrings/internalkeyring.c
@@ -338,6 +338,7 @@ intkeyring_decrypt(intkeyring_buff_t *ke
memset(plaintext, 0, sizeof(plaintext));
return NULL;
}
+ g_assert(plaintext_len > 0);
text_len = plaintext_len - verify_len;
ret = g_new(gchar, text_len + 1);
diff --git a/libpurple/protocols/jabber/auth.c b/libpurple/protocols/jabber/auth.c
--- a/libpurple/protocols/jabber/auth.c
+++ b/libpurple/protocols/jabber/auth.c
@@ -282,6 +282,7 @@ static void auth_old_cb(JabberStream *js
gchar digest[33];
PurpleCipher *hmac;
PurpleHash *md5;
+ gssize diglen;
/* Calculate the MHAC-MD5 digest */
md5 = purple_md5_hash_new();
@@ -289,10 +290,12 @@ static void auth_old_cb(JabberStream *js
challenge = purple_xmlnode_get_attrib(x, "challenge");
purple_cipher_set_key(hmac, (guchar *)pw, strlen(pw));
purple_cipher_append(hmac, (guchar *)challenge, strlen(challenge));
- purple_cipher_digest_to_str(hmac, digest, 33);
+ diglen = purple_cipher_digest_to_str(hmac, digest, 33);
g_object_unref(hmac);
g_object_unref(md5);
+ g_return_if_fail(diglen > 0);
+
/* Create the response query */
iq = jabber_iq_new_query(js, JABBER_IQ_SET, "jabber:iq:auth");
query = purple_xmlnode_get_child(iq->node, "query");
diff --git a/libpurple/protocols/msn/nexus.c b/libpurple/protocols/msn/nexus.c
--- a/libpurple/protocols/msn/nexus.c
+++ b/libpurple/protocols/msn/nexus.c
@@ -146,6 +146,7 @@ des3_cbc(const char *key, const char *iv
{
PurpleCipher *des3;
char *out;
+ gssize ciph_size;
des3 = purple_des3_cipher_new();
purple_cipher_set_key(des3, (guchar *)key, 24);
@@ -154,9 +155,10 @@ des3_cbc(const char *key, const char *iv
out = g_malloc(len);
if (decrypt)
- purple_cipher_decrypt(des3, (guchar *)data, len, (guchar *)out, len);
+ ciph_size = purple_cipher_decrypt(des3, (guchar *)data, len, (guchar *)out, len);
else
- purple_cipher_encrypt(des3, (guchar *)data, len, (guchar *)out, len);
+ ciph_size = purple_cipher_encrypt(des3, (guchar *)data, len, (guchar *)out, len);
+ g_warn_if_fail(ciph_size == len);
g_object_unref(des3);
diff --git a/libpurple/protocols/msn/notification.c b/libpurple/protocols/msn/notification.c
--- a/libpurple/protocols/msn/notification.c
+++ b/libpurple/protocols/msn/notification.c
@@ -1400,6 +1400,7 @@ url_cmd(MsnCmdProc *cmdproc, MsnCommand
PurpleHash *hash;
gchar creds[33];
char *buf;
+ gssize diglen;
gulong tmp_timestamp;
@@ -1420,10 +1421,12 @@ url_cmd(MsnCmdProc *cmdproc, MsnCommand
hash = purple_md5_hash_new();
purple_hash_append(hash, (const guchar *)buf, strlen(buf));
- purple_hash_digest_to_str(hash, creds, sizeof(creds));
+ diglen = purple_hash_digest_to_str(hash, creds, sizeof(creds));
g_object_unref(hash);
g_free(buf);
+ g_return_if_fail(diglen > 0);
+
g_free(session->passport_info.mail_url);
session->passport_info.mail_url =
g_strdup_printf("%s&auth=%s&creds=%s&sl=%ld&username=%s&mode=ttl&sid=%s&id=2&rru=%s&svc=mail&js=yes",
diff --git a/libpurple/tests/test_util.c b/libpurple/tests/test_util.c
--- a/libpurple/tests/test_util.c
+++ b/libpurple/tests/test_util.c
@@ -109,7 +109,7 @@ const char *invalid_emails[] = {
"missingDot at com",
"two@@signs.com",
"colonButNoPort at 127.0.0.1:",
- ""
+ "",
/* "someone-else at 127.0.0.1.26", */
".localStartsWithDot at domain.com",
/* "localEndsWithDot. at domain.com", */ /* I don't think this is invalid -- Stu */
diff --git a/libpurple/util.c b/libpurple/util.c
--- a/libpurple/util.c
+++ b/libpurple/util.c
@@ -4819,6 +4819,7 @@ gchar *purple_http_digest_calculate_sess
{
PurpleHash *hasher;
gchar hash[33]; /* We only support MD5. */
+ gssize digest_len;
g_return_val_if_fail(username != NULL, NULL);
g_return_val_if_fail(realm != NULL, NULL);
@@ -4861,9 +4862,11 @@ gchar *purple_http_digest_calculate_sess
purple_hash_append(hasher, (guchar *)client_nonce, strlen(client_nonce));
}
- purple_hash_digest_to_str(hasher, hash, sizeof(hash));
+ digest_len = purple_hash_digest_to_str(hasher, hash, sizeof(hash));
g_object_unref(hasher);
+ g_return_val_if_fail(digest_len > 0, NULL);
+
return g_strdup(hash);
}
@@ -4880,6 +4883,7 @@ gchar *purple_http_digest_calculate_resp
{
PurpleHash *hash;
static gchar hash2[33]; /* We only support MD5. */
+ gssize hash_len;
g_return_val_if_fail(method != NULL, NULL);
g_return_val_if_fail(digest_uri != NULL, NULL);
@@ -4961,9 +4965,11 @@ gchar *purple_http_digest_calculate_resp
}
purple_hash_append(hash, (guchar *)hash2, strlen(hash2));
- purple_hash_digest_to_str(hash, hash2, sizeof(hash2));
+ hash_len = purple_hash_digest_to_str(hash, hash2, sizeof(hash2));
g_object_unref(hash);
+ g_return_val_if_fail(hash_len > 0, NULL);
+
return g_strdup(hash2);
}
diff --git a/pidgin/gtksmiley-theme.c b/pidgin/gtksmiley-theme.c
--- a/pidgin/gtksmiley-theme.c
+++ b/pidgin/gtksmiley-theme.c
@@ -540,8 +540,12 @@ void
user_smileys_dir = probe_dirs[1] = g_build_filename(
purple_user_dir(), "smileys", NULL);
- if (!g_file_test(user_smileys_dir, G_FILE_TEST_IS_DIR))
- g_mkdir(user_smileys_dir, S_IRUSR | S_IWUSR | S_IXUSR);
+ if (!g_file_test(user_smileys_dir, G_FILE_TEST_IS_DIR)) {
+ if (g_mkdir(user_smileys_dir, S_IRUSR | S_IWUSR | S_IXUSR) == 0) {
+ purple_debug_error("gtksmiley-theme",
+ "Failed to create user smileys dir");
+ }
+ }
/* setting theme by name (copy-paste from gtkprefs) */
pidgin_smiley_theme_probe();
diff --git a/pidgin/plugins/gevolution/gevolution.c b/pidgin/plugins/gevolution/gevolution.c
--- a/pidgin/plugins/gevolution/gevolution.c
+++ b/pidgin/plugins/gevolution/gevolution.c
@@ -244,7 +244,10 @@ menu_item_send_mail_activate_cb(PurpleBl
g_free(app);
g_free(mail);
- g_spawn_command_line_async(command_line, NULL);
+ if (!g_spawn_command_line_async(command_line, NULL)) {
+ purple_debug_error("gevolution",
+ "Failed executing mailto command"):
+ }
g_free(command_line);
g_free(quoted);
}
diff --git a/pidgin/plugins/screencap.c b/pidgin/plugins/screencap.c
--- a/pidgin/plugins/screencap.c
+++ b/pidgin/plugins/screencap.c
@@ -24,6 +24,7 @@
#include <gdk/gdkkeysyms.h>
#include "debug.h"
+#include "glibcompat.h"
#include "version.h"
#include "gtk3compat.h"
More information about the Commits
mailing list