From 470f12d631764d3706e2702762e9f3ae924cab43 Mon Sep 17 00:00:00 2001 From: GeLiXin Date: Sat, 1 Oct 2016 06:47:57 +0800 Subject: [PATCH] Fix coverity defects: CID 147531 147532 147533 147535 coverity scan CID:147531,type: Argument cannot be negative - may copy data with negative size coverity scan CID:147532,type: resource leaks - may close a fd which is negative coverity scan CID:147533,type: resource leaks - may call pwrite64 with a negative size coverity scan CID:147535,type: resource leaks - may call fdopen with a negative fd Reviewed-by: Richard Laager Reviewed-by: Brian Behlendorf Signed-off-by: GeLiXin Closes #5176 --- lib/libshare/nfs.c | 6 +++++- lib/libzpool/kernel.c | 11 ++++++----- module/nvpair/nvpair.c | 7 +++++-- 3 files changed, 16 insertions(+), 8 deletions(-) mode change 100644 => 100755 lib/libshare/nfs.c mode change 100644 => 100755 lib/libzpool/kernel.c mode change 100644 => 100755 module/nvpair/nvpair.c diff --git a/lib/libshare/nfs.c b/lib/libshare/nfs.c old mode 100644 new mode 100755 index d1b207e650..abcc1025b1 --- a/lib/libshare/nfs.c +++ b/lib/libshare/nfs.c @@ -519,6 +519,7 @@ nfs_validate_shareopts(const char *shareopts) static boolean_t nfs_is_share_active(sa_share_impl_t impl_share) { + int fd; char line[512]; char *tab, *cur; FILE *nfs_exportfs_temp_fp; @@ -526,7 +527,10 @@ nfs_is_share_active(sa_share_impl_t impl_share) if (!nfs_available()) return (B_FALSE); - nfs_exportfs_temp_fp = fdopen(dup(nfs_exportfs_temp_fd), "r"); + if ((fd = dup(nfs_exportfs_temp_fd)) == -1) + return (B_FALSE); + + nfs_exportfs_temp_fp = fdopen(fd, "r"); if (nfs_exportfs_temp_fp == NULL || fseek(nfs_exportfs_temp_fp, 0, SEEK_SET) < 0) { diff --git a/lib/libzpool/kernel.c b/lib/libzpool/kernel.c old mode 100644 new mode 100755 index 7ac505a64b..60dda39a8e --- a/lib/libzpool/kernel.c +++ b/lib/libzpool/kernel.c @@ -668,7 +668,11 @@ vn_open(char *path, int x1, int flags, int mode, vnode_t **vpp, int x2, int x3) * FREAD and FWRITE to the corresponding O_RDONLY, O_WRONLY, and O_RDWR. */ fd = open64(realpath, flags - FREAD, mode); - err = errno; + if (fd == -1) { + err = errno; + free(realpath); + return (err); + } if (flags & FCREAT) (void) umask(old_umask); @@ -691,9 +695,6 @@ vn_open(char *path, int x1, int flags, int mode, vnode_t **vpp, int x2, int x3) free(realpath); - if (fd == -1) - return (err); - if (fstat64_blk(fd, &st) == -1) { err = errno; close(fd); @@ -740,7 +741,7 @@ vn_rdwr(int uio, vnode_t *vp, void *addr, ssize_t len, offset_t offset, if (uio == UIO_READ) { rc = pread64(vp->v_fd, addr, len, offset); - if (vp->v_dump_fd != -1) { + if (vp->v_dump_fd != -1 && rc != -1) { int status; status = pwrite64(vp->v_dump_fd, addr, rc, offset); ASSERT(status != -1); diff --git a/module/nvpair/nvpair.c b/module/nvpair/nvpair.c old mode 100644 new mode 100755 index 071923ea79..14b196d969 --- a/module/nvpair/nvpair.c +++ b/module/nvpair/nvpair.c @@ -1260,6 +1260,8 @@ nvpair_type_is_array(nvpair_t *nvp) static int nvpair_value_common(nvpair_t *nvp, data_type_t type, uint_t *nelem, void *data) { + int value_sz; + if (nvp == NULL || nvpair_type(nvp) != type) return (EINVAL); @@ -1289,8 +1291,9 @@ nvpair_value_common(nvpair_t *nvp, data_type_t type, uint_t *nelem, void *data) #endif if (data == NULL) return (EINVAL); - bcopy(NVP_VALUE(nvp), data, - (size_t)i_get_value_size(type, NULL, 1)); + if ((value_sz = i_get_value_size(type, NULL, 1)) < 0) + return (EINVAL); + bcopy(NVP_VALUE(nvp), data, (size_t)value_sz); if (nelem != NULL) *nelem = 1; break;