From bc759943d50a03aa61d799da50b5e93c2ae5c857 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Mon, 13 Aug 2018 17:58:35 +0200 Subject: [PATCH] Fix issues found by Coverity Scan Resolves: rhbz#1602618 --- 0001-Add-a-missing-va_end-call.patch | 28 +++++ ...s-copied-by-strncpy-are-null-termina.patch | 113 ++++++++++++++++++ 0003-Fix-file-descriptor-leaks.patch | 59 +++++++++ 0004-Fix-a-directory-handle-leak.patch | 28 +++++ 0005-Fix-a-read-past-end-of-buffer.patch | 38 ++++++ ...x-a-warning-about-an-unused-variable.patch | 30 +++++ 0007-loadconv-Add-missing-fclose.patch | 46 +++++++ minicom.spec | 25 +++- 8 files changed, 365 insertions(+), 2 deletions(-) create mode 100644 0001-Add-a-missing-va_end-call.patch create mode 100644 0002-Make-sure-strings-copied-by-strncpy-are-null-termina.patch create mode 100644 0003-Fix-file-descriptor-leaks.patch create mode 100644 0004-Fix-a-directory-handle-leak.patch create mode 100644 0005-Fix-a-read-past-end-of-buffer.patch create mode 100644 0006-Fix-a-warning-about-an-unused-variable.patch create mode 100644 0007-loadconv-Add-missing-fclose.patch diff --git a/0001-Add-a-missing-va_end-call.patch b/0001-Add-a-missing-va_end-call.patch new file mode 100644 index 0000000..08f09d2 --- /dev/null +++ b/0001-Add-a-missing-va_end-call.patch @@ -0,0 +1,28 @@ +From 6b93b699cc57c433ddd0f8a055c73a4b05b575fa Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Mon, 13 Aug 2018 14:39:42 +0200 +Subject: [PATCH 1/7] Add a missing va_end() call +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Ondřej Lysoněk +--- + src/common.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/common.c b/src/common.c +index 86d806c..48f68f9 100644 +--- a/src/common.c ++++ b/src/common.c +@@ -74,6 +74,7 @@ void do_log(const char *line, ...) + (ptr->tm_year)+1900, (ptr->tm_mon)+1, ptr->tm_mday, + ptr->tm_hour, ptr->tm_min, ptr->tm_sec); + vfprintf(logfile, line, ap); ++ va_end(ap); + fprintf(logfile, "\n"); + fclose(logfile); + #else +-- +2.14.4 + diff --git a/0002-Make-sure-strings-copied-by-strncpy-are-null-termina.patch b/0002-Make-sure-strings-copied-by-strncpy-are-null-termina.patch new file mode 100644 index 0000000..dde0cf2 --- /dev/null +++ b/0002-Make-sure-strings-copied-by-strncpy-are-null-termina.patch @@ -0,0 +1,113 @@ +From 695564da74fe7c95802f5bf59e442e23a2d7cbbf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Mon, 13 Aug 2018 14:39:43 +0200 +Subject: [PATCH 2/7] Make sure strings copied by strncpy are null-terminated +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Ondřej Lysoněk +--- + src/config.c | 1 + + src/dial.c | 3 +++ + src/minicom.c | 3 +++ + src/script.c | 2 ++ + src/updown.c | 4 ++++ + 5 files changed, 13 insertions(+) + +diff --git a/src/config.c b/src/config.c +index 78b25aa..ea939c8 100644 +--- a/src/config.c ++++ b/src/config.c +@@ -88,6 +88,7 @@ void read_parms(void) + for (f = PROTO_BASE; f < MAXPROTO; f++) { + if (P_PNAME(f)[0] && P_PIORED(f) != 'Y' && P_PIORED(f) != 'N') { + strncpy(buf, P_PNAME(f) - 2, sizeof(buf)); ++ buf[sizeof(buf) - 1] = '\0'; + strcpy(P_PNAME(f), buf); + P_PIORED(f) = 'Y'; + P_PFULL(f) = 'N'; +diff --git a/src/dial.c b/src/dial.c +index a90c1d2..a3337e5 100644 +--- a/src/dial.c ++++ b/src/dial.c +@@ -829,8 +829,11 @@ static int v1_read(FILE *fp, struct dialent *d) + + memcpy(d->username, v1.username, sizeof(v1) - offsetof(struct v1_dialent, username)); + strncpy(d->name, v1.name, sizeof(d->name)); ++ d->name[sizeof(d->name) - 1] = '\0'; + strncpy(d->number, v1.number, sizeof(d->number)); ++ d->number[sizeof(d->number) - 1] = '\0'; + strncpy(d->script, v1.script, sizeof(d->script)); ++ d->script[sizeof(d->script) - 1] = '\0'; + d->lastdate[0]=0; + d->lasttime[0]=0; + d->count=0; +diff --git a/src/minicom.c b/src/minicom.c +index 4eb47d4..876805a 100644 +--- a/src/minicom.c ++++ b/src/minicom.c +@@ -1208,6 +1208,7 @@ int main(int argc, char **argv) + break; + case 't': /* Terminal type */ + strncpy(termtype, optarg, sizeof(termtype)); ++ termtype[sizeof(termtype) - 1] = '\0'; + #ifdef __GLIBC__ + /* Bug in older libc's (< 4.5.26 I think) */ + if ((s = getenv("TERMCAP")) != NULL && *s != '/') +@@ -1322,7 +1323,9 @@ int main(int argc, char **argv) + strncpy(homedir, pwd->pw_dir, sizeof(homedir)); + else + strncpy(homedir, s, sizeof(homedir)); ++ homedir[sizeof(homedir) - 1] = '\0'; + strncpy(username, pwd->pw_name, sizeof(username)); ++ username[sizeof(username) - 1] = '\0'; + + /* Get personal parameter file */ + snprintf(pparfile, sizeof(pparfile), "%s/.minirc.%s", homedir, use_port); +diff --git a/src/script.c b/src/script.c +index ee1284f..f7c4e3f 100644 +--- a/src/script.c ++++ b/src/script.c +@@ -1099,12 +1099,14 @@ int main(int argc, char **argv) + + if (argc > 2) { + strncpy(logfname, argv[2], sizeof(logfname)); ++ logfname[sizeof(logfname) - 1] = '\0'; + if (argc > 3) + strncpy(homedir, argv[3], sizeof(homedir)); + else if ((s = getenv("HOME")) != NULL) + strncpy(homedir, s, sizeof(homedir)); + else + homedir[0] = 0; ++ homedir[sizeof(homedir) - 1] = '\0'; + } + else + logfname[0] = 0; +diff --git a/src/updown.c b/src/updown.c +index 726328e..54442bb 100644 +--- a/src/updown.c ++++ b/src/updown.c +@@ -386,6 +386,7 @@ void updown(int what, int nr) + do_log("%s", trimbuf); + } else if (!strncmp (buffirst, "Bytes", 5)) { + strncpy (xfrstr, buf, sizeof(xfrstr)); ++ xfrstr[sizeof(xfrstr) - 1] = '\0'; + } + buffirst[0] = 0; + trimbuf[0] = 0; +@@ -698,8 +699,11 @@ void runscript(int ask, const char *s, const char *l, const char *p) + } + } else { + strncpy(scr_user, l, sizeof(scr_user)); ++ scr_user[sizeof(scr_user) - 1] = '\0'; + strncpy(scr_name, s, sizeof(scr_name)); ++ scr_name[sizeof(scr_name) - 1] = '\0'; + strncpy(scr_passwd, p, sizeof(scr_passwd)); ++ scr_passwd[sizeof(scr_passwd) - 1] = '\0'; + } + sprintf(scr_lines, "%d", (int) lines); /* jl 13.09.97 */ + +-- +2.14.4 + diff --git a/0003-Fix-file-descriptor-leaks.patch b/0003-Fix-file-descriptor-leaks.patch new file mode 100644 index 0000000..be39ecc --- /dev/null +++ b/0003-Fix-file-descriptor-leaks.patch @@ -0,0 +1,59 @@ +From abc0836d587862ba512acf4d4fafcf8cb121bf0a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Mon, 13 Aug 2018 14:39:44 +0200 +Subject: [PATCH 3/7] Fix file descriptor leaks +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Ondřej Lysoněk +--- + src/dial.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/dial.c b/src/dial.c +index a3337e5..eada5ee 100644 +--- a/src/dial.c ++++ b/src/dial.c +@@ -912,6 +912,7 @@ int readdialdir(void) + if (fread(&dial_ver, sizeof(dial_ver), 1, fp) != 1) + { + werror(_("Failed to read dialing directory\n")); ++ fclose(fp); + return -1; + } + if (dial_ver.magic != DIALMAGIC) { +@@ -947,12 +948,14 @@ int readdialdir(void) + dial_ver.size > sizeof(struct v4_dialent)) { + werror(_("Phonelist garbled (unknown version?)")); + dialents = mkstdent(); ++ fclose(fp); + return -1; + } + break; + case 5: + if (dial_ver.size != sizeof(struct dialent)) { + werror(_("Phonelist corrupted")); ++ fclose(fp); + return -1; + } + break; +@@ -961,6 +964,7 @@ int readdialdir(void) + // have different size on 32 and 64bit systems + if (dial_ver.size != sizeof(struct dialent) - sizeof(void *)) { + werror(_("Phonelist corrupted")); ++ fclose(fp); + return -1; + } + break; +@@ -968,6 +972,7 @@ int readdialdir(void) + werror(_("Unknown dialing directory version")); + dendd = 1; + dialents = mkstdent(); ++ fclose(fp); + return -1; + } + +-- +2.14.4 + diff --git a/0004-Fix-a-directory-handle-leak.patch b/0004-Fix-a-directory-handle-leak.patch new file mode 100644 index 0000000..c63d780 --- /dev/null +++ b/0004-Fix-a-directory-handle-leak.patch @@ -0,0 +1,28 @@ +From 97359edba99f9bc6f3f87590da2139c51fb409d4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Mon, 13 Aug 2018 14:39:45 +0200 +Subject: [PATCH 4/7] Fix a directory handle leak +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Ondřej Lysoněk +--- + src/getsdir.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/getsdir.c b/src/getsdir.c +index 2195b27..bd6b763 100644 +--- a/src/getsdir.c ++++ b/src/getsdir.c +@@ -228,6 +228,7 @@ int getsdir(const char *dirpath, const char *pattern, int sortflags, + if (!*datptr) + { + free(*datptr); ++ closedir(dirp); + return -1; + } + +-- +2.14.4 + diff --git a/0005-Fix-a-read-past-end-of-buffer.patch b/0005-Fix-a-read-past-end-of-buffer.patch new file mode 100644 index 0000000..5781a8c --- /dev/null +++ b/0005-Fix-a-read-past-end-of-buffer.patch @@ -0,0 +1,38 @@ +From fa8feee1fce1c6e728512d9e6c0bfffa89f0ce62 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Mon, 13 Aug 2018 14:39:46 +0200 +Subject: [PATCH 5/7] Fix a read past end of buffer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Ondřej Lysoněk +--- + src/ascii-xfr.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/ascii-xfr.c b/src/ascii-xfr.c +index ca27ebf..79af763 100644 +--- a/src/ascii-xfr.c ++++ b/src/ascii-xfr.c +@@ -207,7 +207,7 @@ int arecv(char *file) + } + + while ((n = read(STDIN_FILENO, line, sizeof(line))) > 0) { +- for (s = line; n-- >0; s++) { ++ for (s = line; s - line < n; s++) { + if (*s == eofchar) + break; + if (dotrans && *s == '\r') +@@ -217,7 +217,7 @@ int arecv(char *file) + } + stats(first); + first = 0; +- if (*s == eofchar) ++ if (s - line < n && *s == eofchar) + break; + } + fclose(fp); +-- +2.14.4 + diff --git a/0006-Fix-a-warning-about-an-unused-variable.patch b/0006-Fix-a-warning-about-an-unused-variable.patch new file mode 100644 index 0000000..c3fc188 --- /dev/null +++ b/0006-Fix-a-warning-about-an-unused-variable.patch @@ -0,0 +1,30 @@ +From a4e1679b67db6ecd7ce2891ed0bf5586125a9a08 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Mon, 13 Aug 2018 14:39:47 +0200 +Subject: [PATCH 6/7] Fix a warning about an unused variable +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Ondřej Lysoněk +--- + src/config.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/config.c b/src/config.c +index ea939c8..36b6e37 100644 +--- a/src/config.c ++++ b/src/config.c +@@ -536,7 +536,9 @@ static void doserial(void) + { + WIN *w; + char *serial_device = _(" A - Serial Device :"); ++#if !HAVE_LOCKDEV + char *lockfile_location = _(" B - Lockfile Location :"); ++#endif + char *callin_program = _(" C - Callin Program :"); + char *callout_program = _(" D - Callout Program :"); + char *bps_par_bits = _(" E - Bps/Par/Bits :"); +-- +2.14.4 + diff --git a/0007-loadconv-Add-missing-fclose.patch b/0007-loadconv-Add-missing-fclose.patch new file mode 100644 index 0000000..f37661e --- /dev/null +++ b/0007-loadconv-Add-missing-fclose.patch @@ -0,0 +1,46 @@ +From 1c97e4df9e01c5f22a12fb6ecce25b4d80fd8f7c Mon Sep 17 00:00:00 2001 +From: Adam Lackorzynski +Date: Mon, 13 Aug 2018 14:39:48 +0200 +Subject: [PATCH 7/7] loadconv: Add missing fclose() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Issue found and reported by David Binderman. + +This is a backport of commit f66b5c78. + +Signed-off-by: Ondřej Lysoněk +--- + src/config.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/config.c b/src/config.c +index 36b6e37..0da4989 100644 +--- a/src/config.c ++++ b/src/config.c +@@ -1865,6 +1865,7 @@ void doconv(void) + int loadconv(char *buf) + { + FILE *fp; ++ int err = 0; + + if ((fp = fopen(pfix_home(buf), "rb")) == (FILE *)NULL) { + werror(_("Cannot open conversion table %s"), pfix_home(buf)); +@@ -1874,10 +1875,11 @@ int loadconv(char *buf) + || fread(vt_outmap, sizeof(vt_outmap), (size_t)1, fp) != 1) + { + werror(_("Cannot read conversion table %s"), pfix_home(buf)); +- return 1; ++ err = 1; + } ++ + fclose(fp); +- return 0; ++ return err; + } + + int saveconv(char *buf) +-- +2.14.4 + diff --git a/minicom.spec b/minicom.spec index 69285e3..fd65a36 100644 --- a/minicom.spec +++ b/minicom.spec @@ -1,7 +1,7 @@ Summary: A text-based modem control and terminal emulation program Name: minicom Version: 2.7.1 -Release: 8%{?dist} +Release: 9%{?dist} URL: http://alioth.debian.org/projects/minicom/ # Some files are built from Public Domain files in addition to GPLv2+ files # (/usr/bin/minicom). Some LGPLv2+ files *may* be used in building of certain @@ -13,8 +13,25 @@ License: GPLv2+ and LGPLv2+ and Public Domain Source0: https://alioth.debian.org/frs/download.php/file/4215/%{name}-%{version}.tar.gz +# Upstream patch: +Patch1: 0001-Add-a-missing-va_end-call.patch +# Upstream patch: +Patch2: 0002-Make-sure-strings-copied-by-strncpy-are-null-termina.patch +# Upstream patch: +Patch3: 0003-Fix-file-descriptor-leaks.patch +# Upstream patch: +Patch4: 0004-Fix-a-directory-handle-leak.patch +# Upstream patch: +Patch5: 0005-Fix-a-read-past-end-of-buffer.patch +# Upstream patch: +Patch6: 0006-Fix-a-warning-about-an-unused-variable.patch +# Upstream patch: +Patch7: 0007-loadconv-Add-missing-fclose.patch + BuildRequires: lockdev-devel ncurses-devel autoconf automake gettext-devel BuildRequires: gcc +# For %%autosetup -S git: +BuildRequires: git Requires: lockdev lrzsz @@ -26,7 +43,7 @@ language, and other features. %prep -%autosetup +%autosetup -S git cp -pr doc doc_ rm -f doc_/Makefile* @@ -63,6 +80,10 @@ mkdir -p %{buildroot}%{_sysconfdir} %changelog +* Mon Aug 13 2018 Ondřej Lysoněk - 2.7.1-9 +- Fix issues found by Coverity Scan +- Resolves: rhbz#1602618 + * Mon Jul 23 2018 Ondřej Lysoněk - 2.7.1-8 - Corrected the License tag