From 646a5c1cbfd95873950a87b5f75d52073a967023 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Mon, 28 May 2018 19:12:29 +0000 Subject: Mon May 28 19:12:29 UTC 2018 a/pkgtools-15.0-noarch-13.txz: Rebuilt. installpkg: default line length for --terselength is the number of columns. removepkg: added --terse mode. upgradepkg: default line length for --terselength is the number of columns. upgradepkg: accept -option in addition to --option. ap/vim-8.1.0026-x86_64-1.txz: Upgraded. d/bison-3.0.5-x86_64-1.txz: Upgraded. e/emacs-26.1-x86_64-1.txz: Upgraded. kde/kopete-4.14.3-x86_64-8.txz: Rebuilt. Recompiled against libidn-1.35. n/conntrack-tools-1.4.5-x86_64-1.txz: Upgraded. n/libnetfilter_conntrack-1.0.7-x86_64-1.txz: Upgraded. n/libnftnl-1.1.0-x86_64-1.txz: Upgraded. n/links-2.16-x86_64-2.txz: Rebuilt. Rebuilt to enable X driver for -g mode. n/lynx-2.8.9dev.19-x86_64-1.txz: Upgraded. n/nftables-0.8.5-x86_64-1.txz: Upgraded. n/p11-kit-0.23.11-x86_64-1.txz: Upgraded. n/ulogd-2.0.7-x86_64-1.txz: Upgraded. n/whois-5.3.1-x86_64-1.txz: Upgraded. xap/network-manager-applet-1.8.12-x86_64-1.txz: Upgraded. xap/vim-gvim-8.1.0026-x86_64-1.txz: Upgraded. --- .../bsd-finger/bsd-finger-0.17-coverity-bugs.patch | 468 +++++++++++++++++++++ 1 file changed, 468 insertions(+) create mode 100644 source/n/bsd-finger/bsd-finger-0.17-coverity-bugs.patch (limited to 'source/n/bsd-finger/bsd-finger-0.17-coverity-bugs.patch') diff --git a/source/n/bsd-finger/bsd-finger-0.17-coverity-bugs.patch b/source/n/bsd-finger/bsd-finger-0.17-coverity-bugs.patch new file mode 100644 index 000000000..06e38ed00 --- /dev/null +++ b/source/n/bsd-finger/bsd-finger-0.17-coverity-bugs.patch @@ -0,0 +1,468 @@ +From 88971a0a5660805f71ba8696e9291eaee822d996 Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Fri, 8 Feb 2013 15:12:32 +0100 +Subject: [PATCH 1/4] OVERRUN (CWE-119) + +Coverity output: +bsd-finger-0.17/finger/util.c:392: cond_true: Condition "*q", taking +true branch +bsd-finger-0.17/finger/util.c:393: cond_false: Condition +"!(*__ctype_b_loc()[(int)*q] & 2048 /* (unsigned short)_ISdigit */)", +taking false branch +bsd-finger-0.17/finger/util.c:394: if_end: End of if statement +bsd-finger-0.17/finger/util.c:394: loop: Jumping back to the beginning +of the loop +bsd-finger-0.17/finger/util.c:392: loop_begin: Jumped back to beginning +of loop +bsd-finger-0.17/finger/util.c:392: cond_false: Condition "*q", taking +false branch +bsd-finger-0.17/finger/util.c:394: loop_end: Reached end of loop +bsd-finger-0.17/finger/util.c:396: alias: Assigning: "p" = "pbuf". "p" +now points to byte 0 of "pbuf" (which consists of 15 bytes). +bsd-finger-0.17/finger/util.c:397: switch: Switch case value "11" +bsd-finger-0.17/finger/util.c:398: switch_case: Reached case "11" +bsd-finger-0.17/finger/util.c:399: ptr_incr: Incrementing "p". "p" now +points to byte 1 of "pbuf" (which consists of 15 bytes). +bsd-finger-0.17/finger/util.c:400: ptr_incr: Incrementing "p". "p" now +points to byte 2 of "pbuf" (which consists of 15 bytes). +bsd-finger-0.17/finger/util.c:401: ptr_incr: Incrementing "p". "p" now +points to byte 3 of "pbuf" (which consists of 15 bytes). +bsd-finger-0.17/finger/util.c:404: ptr_incr: Incrementing "p". "p" now +points to byte 4 of "pbuf" (which consists of 15 bytes). +bsd-finger-0.17/finger/util.c:405: ptr_incr: Incrementing "p". "p" now +points to byte 5 of "pbuf" (which consists of 15 bytes). +bsd-finger-0.17/finger/util.c:406: ptr_incr: Incrementing "p". "p" now +points to byte 6 of "pbuf" (which consists of 15 bytes). +bsd-finger-0.17/finger/util.c:407: ptr_incr: Incrementing "p". "p" now +points to byte 7 of "pbuf" (which consists of 15 bytes). +bsd-finger-0.17/finger/util.c:410: ptr_incr: Incrementing "p". "p" now +points to byte 8 of "pbuf" (which consists of 15 bytes). +bsd-finger-0.17/finger/util.c:411: ptr_incr: Incrementing "p". "p" now +points to byte 9 of "pbuf" (which consists of 15 bytes). +bsd-finger-0.17/finger/util.c:412: ptr_incr: Incrementing "p". "p" now +points to byte 10 of "pbuf" (which consists of 15 bytes). +bsd-finger-0.17/finger/util.c:413: break: Breaking from switch +bsd-finger-0.17/finger/util.c:421: switch_end: Reached end of switch +bsd-finger-0.17/finger/util.c:422: cond_true: Condition "len != 4", +taking true branch +bsd-finger-0.17/finger/util.c:423: ptr_incr: Incrementing "p". "p" now +points to byte 11 of "pbuf" (which consists of 15 bytes). +bsd-finger-0.17/finger/util.c:424: ptr_incr: Incrementing "p". "p" now +points to byte 12 of "pbuf" (which consists of 15 bytes). +bsd-finger-0.17/finger/util.c:426: ptr_incr: Incrementing "p". "p" now +points to byte 13 of "pbuf" (which consists of 15 bytes). +bsd-finger-0.17/finger/util.c:427: ptr_incr: Incrementing "p". "p" now +points to byte 14 of "pbuf" (which consists of 15 bytes). +bsd-finger-0.17/finger/util.c:428: ptr_incr: Incrementing "p". "p" now +points to byte 15 of "pbuf" (which consists of 15 bytes). +bsd-finger-0.17/finger/util.c:429: overrun-local: Overrunning array of +15 bytes at byte offset 15 by dereferencing pointer "p". + +Signed-off-by: Tomas Hozza +--- + finger/util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/finger/util.c b/finger/util.c +index a9c3b5d..ee44541 100644 +--- a/finger/util.c ++++ b/finger/util.c +@@ -386,7 +386,7 @@ prphone(const char *num) + char *p; + const char *q; + int len; +- static char pbuf[15]; ++ static char pbuf[16]; + + /* don't touch anything if the user has their own formatting */ + for (q = num; *q; ++q) +-- +1.8.1.2 + + +From 93a36eb8d32b0cbe3034e3742b128eb81934875c Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Fri, 8 Feb 2013 15:19:34 +0100 +Subject: [PATCH 2/4] RESOURCE_LEAK (CWE-772) + +Coverity output: +bsd-finger-0.17/finger/finger.c:293: cond_false: Condition "setlocale(6, +"") != NULL", taking false branch +bsd-finger-0.17/finger/finger.c:294: if_end: End of if statement +bsd-finger-0.17/finger/finger.c:296: alloc_fn: Storage is returned from +allocation function "calloc(size_t, size_t)". +bsd-finger-0.17/finger/finger.c:296: var_assign: Assigning: "used" = +storage returned from "calloc(argc, 4UL)". +bsd-finger-0.17/finger/finger.c:297: cond_false: Condition "!used", +taking false branch +bsd-finger-0.17/finger/finger.c:300: if_end: End of if statement +bsd-finger-0.17/finger/finger.c:303: cond_true: Condition "i < argc", +taking true branch +bsd-finger-0.17/finger/finger.c:304: cond_true: Condition +"!__coverity_strchr(argv[i], 64)", taking true branch +bsd-finger-0.17/finger/finger.c:306: continue: Continuing loop +bsd-finger-0.17/finger/finger.c:313: loop: Looping back +bsd-finger-0.17/finger/finger.c:303: cond_true: Condition "i < argc", +taking true branch +bsd-finger-0.17/finger/finger.c:304: cond_true: Condition +"!__coverity_strchr(argv[i], 64)", taking true branch +bsd-finger-0.17/finger/finger.c:306: continue: Continuing loop +bsd-finger-0.17/finger/finger.c:313: loop: Looping back +bsd-finger-0.17/finger/finger.c:303: cond_false: Condition "i < argc", +taking false branch +bsd-finger-0.17/finger/finger.c:313: loop_end: Reached end of loop +bsd-finger-0.17/finger/finger.c:316: cond_true: Condition "dolocal", +taking true branch +bsd-finger-0.17/finger/finger.c:316: noescape: Resource "used" is not +freed or pointed-to in function "do_local(int, char **, int *)". +bsd-finger-0.17/finger/finger.c:251:51: noescape: "do_local(int, char +**, int *)" does not free or save its pointer parameter "used". +bsd-finger-0.17/finger/finger.c:319: cond_false: Condition "pn", taking +false branch +bsd-finger-0.17/finger/finger.c:323: loop_end: Reached end of loop +bsd-finger-0.17/finger/finger.c:325: cond_true: Condition "entries == +0", taking true branch +bsd-finger-0.17/finger/finger.c:326: leaked_storage: Variable "used" +going out of scope leaks the storage it points to. + +bsd-finger-0.17/finger/finger.c:293: cond_false: Condition "setlocale(6, +"") != NULL", taking false branch +bsd-finger-0.17/finger/finger.c:294: if_end: End of if statement +bsd-finger-0.17/finger/finger.c:296: alloc_fn: Storage is returned from +allocation function "calloc(size_t, size_t)". +bsd-finger-0.17/finger/finger.c:296: var_assign: Assigning: "used" = +storage returned from "calloc(argc, 4UL)". +bsd-finger-0.17/finger/finger.c:297: cond_false: Condition "!used", +taking false branch +bsd-finger-0.17/finger/finger.c:300: if_end: End of if statement +bsd-finger-0.17/finger/finger.c:303: cond_true: Condition "i < argc", +taking true branch +bsd-finger-0.17/finger/finger.c:304: cond_true: Condition +"!__coverity_strchr(argv[i], 64)", taking true branch +bsd-finger-0.17/finger/finger.c:306: continue: Continuing loop +bsd-finger-0.17/finger/finger.c:313: loop: Looping back +bsd-finger-0.17/finger/finger.c:303: cond_true: Condition "i < argc", +taking true branch +bsd-finger-0.17/finger/finger.c:304: cond_true: Condition +"!__coverity_strchr(argv[i], 64)", taking true branch +bsd-finger-0.17/finger/finger.c:306: continue: Continuing loop +bsd-finger-0.17/finger/finger.c:313: loop: Looping back +bsd-finger-0.17/finger/finger.c:303: cond_false: Condition "i < argc", +taking false branch +bsd-finger-0.17/finger/finger.c:313: loop_end: Reached end of loop +bsd-finger-0.17/finger/finger.c:316: cond_true: Condition "dolocal", +taking true branch +bsd-finger-0.17/finger/finger.c:316: noescape: Resource "used" is not +freed or pointed-to in function "do_local(int, char **, int *)". +bsd-finger-0.17/finger/finger.c:251:51: noescape: "do_local(int, char +**, int *)" does not free or save its pointer parameter "used". +bsd-finger-0.17/finger/finger.c:319: cond_true: Condition "pn", taking +true branch +bsd-finger-0.17/finger/finger.c:321: cond_false: Condition "pn->next", +taking false branch +bsd-finger-0.17/finger/finger.c:321: cond_true: Condition "entries", +taking true branch +bsd-finger-0.17/finger/finger.c:323: loop: Jumping back to the beginning +of the loop +bsd-finger-0.17/finger/finger.c:319: loop_begin: Jumped back to +beginning of loop +bsd-finger-0.17/finger/finger.c:319: cond_false: Condition "pn", taking +false branch +bsd-finger-0.17/finger/finger.c:323: loop_end: Reached end of loop +bsd-finger-0.17/finger/finger.c:325: cond_false: Condition "entries == +0", taking false branch +bsd-finger-0.17/finger/finger.c:326: if_end: End of if statement +bsd-finger-0.17/finger/finger.c:339: cond_false: Condition "(uptr = +getutent()) != NULL", taking false branch +bsd-finger-0.17/finger/finger.c:351: loop_end: Reached end of loop +bsd-finger-0.17/finger/finger.c:352: cond_true: Condition "pn != NULL", +taking true branch +bsd-finger-0.17/finger/finger.c:354: loop: Jumping back to the beginning +of the loop +bsd-finger-0.17/finger/finger.c:352: loop_begin: Jumped back to +beginning of loop +bsd-finger-0.17/finger/finger.c:352: cond_false: Condition "pn != NULL", +taking false branch +bsd-finger-0.17/finger/finger.c:354: loop_end: Reached end of loop +bsd-finger-0.17/finger/finger.c:356: leaked_storage: Variable "used" +going out of scope leaks the storage it points to. + +Signed-off-by: Tomas Hozza +--- + finger/finger.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/finger/finger.c b/finger/finger.c +index ebf7309..6653e82 100644 +--- a/finger/finger.c ++++ b/finger/finger.c +@@ -323,7 +323,10 @@ userlist(int argc, char *argv[]) + } + + if (entries == 0) ++ { ++ free(used); + return; ++ } + + /* + * Scan thru the list of users currently logged in, saving +@@ -353,4 +356,5 @@ userlist(int argc, char *argv[]) + enter_lastlog(pn); + } + endutent(); ++ free(used); + } +-- +1.8.1.2 + + +From bf805902875147e582402fa736022c10edb163bc Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Fri, 8 Feb 2013 15:41:05 +0100 +Subject: [PATCH 3/4] RESOURCE_LEAK (CWE-772) + +Coverity output: +bsd-finger-0.17/finger/sprint.c:60: alloc_fn: Storage is returned from +allocation function "sort(void)". +bsd-finger-0.17/finger/sprint.c:142:2: alloc_fn: Storage is returned +from allocation function "malloc(size_t)". +bsd-finger-0.17/finger/sprint.c:142:2: var_assign: Assigning: "list" = +"malloc((u_int)(entries * 8UL))". +bsd-finger-0.17/finger/sprint.c:142:2: cond_false: Condition "!(list = +(PERSON **)malloc((u_int)(entries * 8UL /* sizeof (PERSON *) */)))", +taking false branch +bsd-finger-0.17/finger/sprint.c:145:2: if_end: End of if statement +bsd-finger-0.17/finger/sprint.c:146:7: var_assign: Assigning: "lp" = +"list". +bsd-finger-0.17/finger/sprint.c:146:2: cond_true: Condition "pn != +NULL", taking true branch +bsd-finger-0.17/finger/sprint.c:147:3: loop: Jumping back to the +beginning of the loop +bsd-finger-0.17/finger/sprint.c:146:2: loop_begin: Jumped back to +beginning of loop +bsd-finger-0.17/finger/sprint.c:146:2: cond_false: Condition "pn != +NULL", taking false branch +bsd-finger-0.17/finger/sprint.c:147:3: loop_end: Reached end of loop +bsd-finger-0.17/finger/sprint.c:148:2: noescape: Resource "list" is not +freed or pointed-to in function "qsort(void *, size_t, size_t, +__compar_fn_t)". +bsd-finger-0.17/finger/sprint.c:149:2: return_alloc: Returning allocated +memory "list". +bsd-finger-0.17/finger/sprint.c:60: var_assign: Assigning: "list" = +storage returned from "sort()". +bsd-finger-0.17/finger/sprint.c:76: cond_true: Condition "cnt < +entries", taking true branch +bsd-finger-0.17/finger/sprint.c:79: cond_true: Condition "pn->name", +taking true branch +bsd-finger-0.17/finger/sprint.c:80: cond_true: Condition "l > maxlname", +taking true branch +bsd-finger-0.17/finger/sprint.c:81: cond_true: Condition "pn->realname", +taking true branch +bsd-finger-0.17/finger/sprint.c:82: cond_true: Condition "l > maxrname", +taking true branch +bsd-finger-0.17/finger/sprint.c:83: loop: Jumping back to the beginning +of the loop +bsd-finger-0.17/finger/sprint.c:76: loop_begin: Jumped back to beginning +of loop +bsd-finger-0.17/finger/sprint.c:76: cond_true: Condition "cnt < +entries", taking true branch +bsd-finger-0.17/finger/sprint.c:79: cond_true: Condition "pn->name", +taking true branch +bsd-finger-0.17/finger/sprint.c:80: cond_true: Condition "l > maxlname", +taking true branch +bsd-finger-0.17/finger/sprint.c:81: cond_true: Condition "pn->realname", +taking true branch +bsd-finger-0.17/finger/sprint.c:82: cond_true: Condition "l > maxrname", +taking true branch +bsd-finger-0.17/finger/sprint.c:83: loop: Jumping back to the beginning +of the loop +bsd-finger-0.17/finger/sprint.c:76: loop_begin: Jumped back to beginning +of loop +bsd-finger-0.17/finger/sprint.c:76: cond_true: Condition "cnt < +entries", taking true branch +bsd-finger-0.17/finger/sprint.c:79: cond_true: Condition "pn->name", +taking true branch +bsd-finger-0.17/finger/sprint.c:80: cond_true: Condition "l > maxlname", +taking true branch +bsd-finger-0.17/finger/sprint.c:81: cond_true: Condition "pn->realname", +taking true branch +bsd-finger-0.17/finger/sprint.c:82: cond_false: Condition "l > +maxrname", taking false branch +bsd-finger-0.17/finger/sprint.c:82: if_end: End of if statement +bsd-finger-0.17/finger/sprint.c:83: loop: Jumping back to the beginning +of the loop +bsd-finger-0.17/finger/sprint.c:76: loop_begin: Jumped back to beginning +of loop +bsd-finger-0.17/finger/sprint.c:76: cond_false: Condition "cnt < +entries", taking false branch +bsd-finger-0.17/finger/sprint.c:83: loop_end: Reached end of loop +bsd-finger-0.17/finger/sprint.c:86: cond_true: Condition "maxlname + +maxrname > space", taking true branch +bsd-finger-0.17/finger/sprint.c:89: cond_true: Condition "maxlname + +maxrname < space - 2", taking true branch +bsd-finger-0.17/finger/sprint.c:93: cond_true: Condition "cnt < +entries", taking true branch +bsd-finger-0.17/finger/sprint.c:95: cond_true: Condition "w != NULL", +taking true branch +bsd-finger-0.17/finger/sprint.c:96: cond_true: Condition "pn->realname", +taking true branch +bsd-finger-0.17/finger/sprint.c:99: cond_true: Condition "!w->loginat", +taking true branch +bsd-finger-0.17/finger/sprint.c:101: goto: Jumping to label "office" +bsd-finger-0.17/finger/sprint.c:120: label: Reached label "office" +bsd-finger-0.17/finger/sprint.c:121: cond_true: Condition "pn->office", +taking true branch +bsd-finger-0.17/finger/sprint.c:122: if_fallthrough: Falling through to +end of if statement +bsd-finger-0.17/finger/sprint.c:124: if_end: End of if statement +bsd-finger-0.17/finger/sprint.c:125: cond_true: Condition +"pn->officephone", taking true branch +bsd-finger-0.17/finger/sprint.c:126: if_fallthrough: Falling through to +end of if statement +bsd-finger-0.17/finger/sprint.c:129: if_end: End of if statement +bsd-finger-0.17/finger/sprint.c:131: cond_true: Condition "w->host[0] != +0", taking true branch +bsd-finger-0.17/finger/sprint.c:134: loop: Jumping back to the beginning +of the loop +bsd-finger-0.17/finger/sprint.c:95: loop_begin: Jumped back to beginning +of loop +bsd-finger-0.17/finger/sprint.c:95: cond_false: Condition "w != NULL", +taking false branch +bsd-finger-0.17/finger/sprint.c:134: loop_end: Reached end of loop +bsd-finger-0.17/finger/sprint.c:135: loop: Jumping back to the beginning +of the loop +bsd-finger-0.17/finger/sprint.c:93: loop_begin: Jumped back to beginning +of loop +bsd-finger-0.17/finger/sprint.c:93: cond_true: Condition "cnt < +entries", taking true branch +bsd-finger-0.17/finger/sprint.c:95: cond_true: Condition "w != NULL", +taking true branch +bsd-finger-0.17/finger/sprint.c:96: cond_true: Condition "pn->realname", +taking true branch +bsd-finger-0.17/finger/sprint.c:99: cond_true: Condition "!w->loginat", +taking true branch +bsd-finger-0.17/finger/sprint.c:101: goto: Jumping to label "office" +bsd-finger-0.17/finger/sprint.c:120: label: Reached label "office" +bsd-finger-0.17/finger/sprint.c:121: cond_true: Condition "pn->office", +taking true branch +bsd-finger-0.17/finger/sprint.c:122: if_fallthrough: Falling through to +end of if statement +bsd-finger-0.17/finger/sprint.c:124: if_end: End of if statement +bsd-finger-0.17/finger/sprint.c:125: cond_true: Condition +"pn->officephone", taking true branch +bsd-finger-0.17/finger/sprint.c:126: if_fallthrough: Falling through to +end of if statement +bsd-finger-0.17/finger/sprint.c:129: if_end: End of if statement +bsd-finger-0.17/finger/sprint.c:131: cond_true: Condition "w->host[0] != +0", taking true branch +bsd-finger-0.17/finger/sprint.c:134: loop: Jumping back to the beginning +of the loop +bsd-finger-0.17/finger/sprint.c:95: loop_begin: Jumped back to beginning +of loop +bsd-finger-0.17/finger/sprint.c:95: cond_false: Condition "w != NULL", +taking false branch +bsd-finger-0.17/finger/sprint.c:134: loop_end: Reached end of loop +bsd-finger-0.17/finger/sprint.c:135: loop: Jumping back to the beginning +of the loop +bsd-finger-0.17/finger/sprint.c:93: loop_begin: Jumped back to beginning +of loop +bsd-finger-0.17/finger/sprint.c:93: cond_true: Condition "cnt < +entries", taking true branch +bsd-finger-0.17/finger/sprint.c:95: cond_true: Condition "w != NULL", +taking true branch +bsd-finger-0.17/finger/sprint.c:96: cond_true: Condition "pn->realname", +taking true branch +bsd-finger-0.17/finger/sprint.c:99: cond_true: Condition "!w->loginat", +taking true branch +bsd-finger-0.17/finger/sprint.c:101: goto: Jumping to label "office" +bsd-finger-0.17/finger/sprint.c:120: label: Reached label "office" +bsd-finger-0.17/finger/sprint.c:121: cond_true: Condition "pn->office", +taking true branch +bsd-finger-0.17/finger/sprint.c:122: if_fallthrough: Falling through to +end of if statement +bsd-finger-0.17/finger/sprint.c:124: if_end: End of if statement +bsd-finger-0.17/finger/sprint.c:125: cond_true: Condition +"pn->officephone", taking true branch +bsd-finger-0.17/finger/sprint.c:126: if_fallthrough: Falling through to +end of if statement +bsd-finger-0.17/finger/sprint.c:129: if_end: End of if statement +bsd-finger-0.17/finger/sprint.c:131: cond_true: Condition "w->host[0] != +0", taking true branch +bsd-finger-0.17/finger/sprint.c:134: loop: Jumping back to the beginning +of the loop +bsd-finger-0.17/finger/sprint.c:95: loop_begin: Jumped back to beginning +of loop +bsd-finger-0.17/finger/sprint.c:95: cond_false: Condition "w != NULL", +taking false branch +bsd-finger-0.17/finger/sprint.c:134: loop_end: Reached end of loop +bsd-finger-0.17/finger/sprint.c:135: loop: Jumping back to the beginning +of the loop +bsd-finger-0.17/finger/sprint.c:93: loop_begin: Jumped back to beginning +of loop +bsd-finger-0.17/finger/sprint.c:93: cond_false: Condition "cnt < +entries", taking false branch +bsd-finger-0.17/finger/sprint.c:135: loop_end: Reached end of loop +bsd-finger-0.17/finger/sprint.c:136: leaked_storage: Variable "list" +going out of scope leaks the storage it points to. + +Signed-off-by: Tomas Hozza +--- + finger/sprint.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/finger/sprint.c b/finger/sprint.c +index 0aaa82f..c66584f 100644 +--- a/finger/sprint.c ++++ b/finger/sprint.c +@@ -133,6 +133,7 @@ office: + xputc('\n'); + } + } ++ free(list); + } + + static PERSON **sort(void) { +-- +1.8.1.2 + + +From d8638a83edb2ab42adaa8a77f74d350095ce281f Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Fri, 8 Feb 2013 15:58:40 +0100 +Subject: [PATCH 4/4] DEADCODE (CWE-561) + +Coverity output: +bsd-finger-0.17/finger/net.c:173: assignment: Assigning: "ateol" = "1". +bsd-finger-0.17/finger/net.c:178: assignment: Assigning: "ateol" = "1". +bsd-finger-0.17/finger/net.c:191: const: At condition "ateol", the value +of "ateol" must be equal to 1. +bsd-finger-0.17/finger/net.c:191: dead_error_condition: The condition +"!ateol" cannot be true. +bsd-finger-0.17/finger/net.c:191: dead_error_line: Execution cannot +reach this statement "xputc(10);". + +Signed-off-by: Tomas Hozza +--- + finger/net.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/finger/net.c b/finger/net.c +index d273432..157090f 100644 +--- a/finger/net.c ++++ b/finger/net.c +@@ -183,7 +183,10 @@ void netfinger(const char *name) { + /* don't print */ + } + else { +- if (c == '\n') ateol = 1; ++ if (c == '\n') ++ ateol = 1; ++ else ++ ateol = 0; + sawret = 0; + xputc(c); + } +-- +1.8.1.2 + -- cgit v1.2.3-79-gdb01