diff options
author | ken <ken@FreeBSD.org> | 2015-02-25 04:30:23 +0000 |
---|---|---|
committer | ken <ken@FreeBSD.org> | 2015-02-25 04:30:23 +0000 |
commit | 917c14a976570c7f0bbdb0914cb7fdeb6f9f19e7 (patch) | |
tree | 0dee7b276c03c17fd6f8c18d4ff9670eb9376e7d /usr.bin/mt | |
parent | 1a0d38818e867b19f837592c481c2f345c6acd49 (diff) | |
download | FreeBSD-src-917c14a976570c7f0bbdb0914cb7fdeb6f9f19e7.zip FreeBSD-src-917c14a976570c7f0bbdb0914cb7fdeb6f9f19e7.tar.gz |
Fix several problems found by Coverity.
lib/libmt/mtlib.c:
In mt_start_element(), make sure we don't overflow the
cur_sb array. CID 1271325
usr.bin/mt/mt.c:
In main(), bzero the mt_com structure so that we aren't
using any uninitialized stack variables. CID 1271319
In mt_param(), only allow one -s and one -p argument. This
will prevent a memory leak caused by overwriting the
param_name and/or param_value variables. CID 1271320 and
CID 1271322
To make things simpler in mt_param(), make sure there
there is only one exit path for the function. Make sure
the arguments are explicitly freed.
Sponsored by: Spectra Logic
Pointed out by: emaste
MFC after: 1 month
Diffstat (limited to 'usr.bin/mt')
-rw-r--r-- | usr.bin/mt/mt.c | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/usr.bin/mt/mt.c b/usr.bin/mt/mt.c index 4199182..3166831 100644 --- a/usr.bin/mt/mt.c +++ b/usr.bin/mt/mt.c @@ -212,6 +212,8 @@ main(int argc, char *argv[]) int ch, len, mtfd; const char *p, *tape; + bzero(&mt_com, sizeof(mt_com)); + if ((tape = getenv("TAPE")) == NULL) tape = DEFTAPE; @@ -1333,12 +1335,24 @@ mt_param(int argc, char **argv, int mtfd, char *xml_str, list = 1; break; case 'p': + if (param_name != NULL) { + warnx("Only one paramter name may be " + "specified"); + retval = 1; + goto bailout; + } param_name = strdup(optarg); break; case 'q': quiet = 1; break; case 's': + if (param_value != NULL) { + warnx("Only one paramter value may be " + "specified"); + retval = 1; + goto bailout; + } param_value = strdup(optarg); do_set = 1; break; @@ -1350,12 +1364,16 @@ mt_param(int argc, char **argv, int mtfd, char *xml_str, } } - if ((list + do_set + xml_dump) != 1) - errx(1, "You must specify only one of -s, -l or -x"); + if ((list + do_set + xml_dump) != 1) { + warnx("You must specify only one of -s, -l or -x"); + retval = 1; + goto bailout; + } if (xml_dump != 0) { printf("%s", xml_str); - return (0); + retval = 0; + goto bailout; } if (do_set != 0) { @@ -1367,6 +1385,9 @@ mt_param(int argc, char **argv, int mtfd, char *xml_str, } else if (list != 0) retval = mt_param_list(status_data, param_name, quiet); +bailout: + free(param_name); + free(param_value); return (retval); } |