From 917c14a976570c7f0bbdb0914cb7fdeb6f9f19e7 Mon Sep 17 00:00:00 2001 From: ken Date: Wed, 25 Feb 2015 04:30:23 +0000 Subject: Fix several problems found by Coverity. lib/libmt/mtlib.c: In mt_start_element(), make sure we don't overflow the cur_sb array. CID 1271325 usr.bin/mt/mt.c: In main(), bzero the mt_com structure so that we aren't using any uninitialized stack variables. CID 1271319 In mt_param(), only allow one -s and one -p argument. This will prevent a memory leak caused by overwriting the param_name and/or param_value variables. CID 1271320 and CID 1271322 To make things simpler in mt_param(), make sure there there is only one exit path for the function. Make sure the arguments are explicitly freed. Sponsored by: Spectra Logic Pointed out by: emaste MFC after: 1 month --- lib/libmt/mtlib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/libmt') diff --git a/lib/libmt/mtlib.c b/lib/libmt/mtlib.c index 2329fa6..ad73381 100644 --- a/lib/libmt/mtlib.c +++ b/lib/libmt/mtlib.c @@ -68,7 +68,7 @@ mt_start_element(void *user_data, const char *name, const char **attr) return; mtinfo->level++; - if ((u_int)mtinfo->level > (sizeof(mtinfo->cur_sb) / + if ((u_int)mtinfo->level >= (sizeof(mtinfo->cur_sb) / sizeof(mtinfo->cur_sb[0]))) { mtinfo->error = 1; snprintf(mtinfo->error_str, sizeof(mtinfo->error_str), -- cgit v1.1