From 87325f653bc352452008530680ee89c41413ee55 Mon Sep 17 00:00:00 2001
From: Vaclav Dolezal <vdolezal@redhat.com>
Date: Mon, 12 Aug 2019 10:41:33 +0200
Subject: [PATCH] Fix some bugs reported by Covscan

 * Fix file descriptor leak
 * Fix for nomem handling in resize.c:ChangeWindowSize()
 * Fix possible unterminated string

Signed-off-by: Vaclav Dolezal <vdolezal@redhat.com>
---
 pty.c    |  8 +++++++-
 resize.c | 45 +++++++++++++++++++++------------------------
 socket.c |  4 +++-
 3 files changed, 31 insertions(+), 26 deletions(-)

diff --git a/pty.c b/pty.c
index 1c0660e..eba3bb0 100644
--- a/pty.c
+++ b/pty.c
@@ -279,7 +279,13 @@ char **ttyn;
       return -1;
     }
   signal(SIGCHLD, sigcld);
-  strncpy(TtyName, m, sizeof(TtyName));
+  if (strlen(m) < sizeof(TtyName))
+    strcpy(TtyName, m);
+  else
+    {
+      close(f);
+      return -1;
+    }
   initmaster(f);
   *ttyn = TtyName;
   return f;
diff --git a/resize.c b/resize.c
index fc4ddb9..33e9b81 100644
--- a/resize.c
+++ b/resize.c
@@ -928,6 +928,7 @@ int wi, he, hi;
     free((char *)p->w_hlines);
   p->w_hlines = nhlines;
 #endif
+  nmlines = nhlines = 0;
 
   /* change tabs */
   if (p->w_width != wi)
@@ -937,30 +938,7 @@ int wi, he, hi;
 	  t = p->w_tabs ? p->w_width : 0;
 	  p->w_tabs = xrealloc(p->w_tabs, wi + 1);
 	  if (p->w_tabs == 0)
-	    {
-	    nomem:
-	      if (nmlines)
-		{
-		  for (ty = he + hi - 1; ty >= 0; ty--)
-		    {
-		      mlt = NEWWIN(ty);
-		      FreeMline(mlt);
-		    }
-		  if (nmlines && p->w_mlines != nmlines)
-		    free((char *)nmlines);
-#ifdef COPY_PASTE
-		  if (nhlines && p->w_hlines != nhlines)
-		    free((char *)nhlines);
-#endif
-		}
-	      KillWindow(p);
-	      Msg(0, "%s", strnomem);
-	      if (nmlines)
-	        free(nmlines);
-	      if (nhlines)
-	        free(nhlines);
-	      return -1;
-	    }
+            goto nomem;
 	  for (; t < wi; t++)
 	    p->w_tabs[t] = t && !(t & 7) ? 1 : 0; 
 	  p->w_tabs[wi] = 0; 
@@ -1050,6 +1028,25 @@ int wi, he, hi;
     }
 #endif
   return 0;
+
+nomem:
+  if (nmlines || nhlines)
+    {
+      for (ty = he + hi - 1; ty >= 0; ty--)
+        {
+          mlt = NEWWIN(ty);
+          FreeMline(mlt);
+        }
+      if (nmlines && p->w_mlines != nmlines)
+        free((char *)nmlines);
+#ifdef COPY_PASTE
+      if (nhlines && p->w_hlines != nhlines)
+        free((char *)nhlines);
+#endif
+    }
+  KillWindow(p);
+  Msg(0, "%s", strnomem);
+  return -1;
 }
 
 void
diff --git a/socket.c b/socket.c
index 88c3dd8..ebf55f9 100644
--- a/socket.c
+++ b/socket.c
@@ -720,7 +720,7 @@ struct NewWindow *nwin;
   if (getcwd(m.m.create.dir, sizeof(m.m.create.dir)) == 0)
     {
       Msg(errno, "getcwd");
-      return;
+      goto end;
     }
   if (nwin->term != nwin_undef.term)
     strncpy(m.m.create.screenterm, nwin->term, MAXTERMLEN);
@@ -729,6 +729,8 @@ struct NewWindow *nwin;
   debug1("SendCreateMsg writing '%s'\n", m.m.create.line);
   if (write(s, (char *) &m, sizeof m) != sizeof m)
     Msg(errno, "write");
+
+end:
   close(s);
 }
 
-- 
2.20.1