Code cleanup from static analysis

Author: RH-steve-grubb

audisp/audispd.c

@@ -498,7 +498,12 @@ static int safe_exec(plugin_conf_t *conf)
 	}
 
 	/* Set up comm with child */
-	dup2(conf->plug_pipe[0], 0);
+	if (dup2(conf->plug_pipe[0], 0) < 0) {
+		close(conf->plug_pipe[0]);
+		close(conf->plug_pipe[1]);
+		conf->pid = 0;
+		return -1;	/* Failed to fork */
+	}
 	for (i=3; i<24; i++)	 /* Arbitrary number */
 		close(i);
 

audisp/plugins/remote/audisp-remote.c

@@ -1254,26 +1254,30 @@ static int recv_msg_gss (unsigned char *header, char *msg, uint32_t *mlen)
 
 	if (utok.length < AUDIT_RMW_HEADER_SIZE) {
 		sync_error_handler ("message too short");
+		free (utok.value);
 		return -1;
 	}
 	memcpy (header, utok.value, AUDIT_RMW_HEADER_SIZE);
 
 	if (! AUDIT_RMW_IS_MAGIC (header, AUDIT_RMW_HEADER_SIZE)) {
 		sync_error_handler ("bad magic number");
+		free (utok.value);
 		return -1;
 	}
 
 	AUDIT_RMW_UNPACK_HEADER (header, hver, mver, type, rlen, seq);
 
 	if (rlen > MAX_AUDIT_MESSAGE_LENGTH) {
 		sync_error_handler ("message too long");
+		free (utok.value);
 		return -1;
 	}
 
 	memcpy (msg, utok.value+AUDIT_RMW_HEADER_SIZE, rlen);
 
 	*mlen = rlen;
 
+	free (utok.value);
 	return 0;
 }
 #endif

audisp/plugins/zos-remote/zos-remote-plugin.c

@@ -572,8 +572,7 @@ int main(int argc, char *argv[])
                 alarm(0);                   /* cancel any pending alarm */
                 auparse_destroy(au);                               /* 2 */
                 plugin_free_config(&conf);                                /* 1 */
-        }
-        while (hup && stop == 0);
+        } while (hup && stop == 0);
 
         /* destroy queue before leaving */
         destroy_queue();

auparse/auditd-config.c

@@ -206,10 +206,10 @@ static char *get_line(auparse_state_t *au, FILE *f, char *buf, unsigned size,
 			too_long = 0;
 			*lineno = *lineno + 1;
 		} else {
-		// If a line is too long skip it.
-		// Only output 1 warning
-		if (!too_long)
-			audit_msg(au, LOG_ERR,
+			// If a line is too long skip it.
+			// Only output 1 warning
+			if (!too_long)
+				audit_msg(au, LOG_ERR,
 					"Skipping line %d in %s: too long",
 					*lineno, file);
 			too_long = 1;

auparse/data_buf.c

@@ -105,18 +105,12 @@ static int debug = 0;
 static inline char *databuf_end(DataBuf *db)
 {return (db->alloc_ptr == NULL) ? NULL : db->alloc_ptr+db->offset+db->len;}
 
-static inline char *databuf_alloc_end(DataBuf *db)
-{return (db->alloc_ptr == NULL) ? NULL : db->alloc_ptr+db->alloc_size;}
-
 static inline int databuf_tail_size(DataBuf *db)
 {return db->alloc_size - (db->offset+db->len);}
 
 static inline int databuf_tail_available(DataBuf *db, size_t append_len)
 {return append_len <= databuf_tail_size(db);}
 
-static inline size_t databuf_free_size(DataBuf *db)
-{return db->alloc_size-db->len;}
-
 /*****************************************************************************/
 /***************************  Internal Functions  ****************************/
 /*****************************************************************************/

auparse/interpret.c

@@ -778,7 +778,7 @@ static const char *print_exit(const char *val)
 
 static char *print_escaped(const char *val)
 {
-	const char *out;
+	char *out;
 
         if (*val == '"') {
                 char *term;
@@ -2585,7 +2585,7 @@ static const char *print_list(const char *val)
 		if (asprintf(&out, "conversion error(%s)", val) < 0)
 			out = NULL;
 	} else {
-		char *o = audit_flag_to_name(i);
+		const char *o = audit_flag_to_name(i);
 		if (o != NULL)
 			out = strdup(o);
 		else if (asprintf(&out, "unknown-list(%s)", val) < 0)

auparse/lru.c

@@ -61,6 +61,10 @@ static Hash *create_hash(unsigned int hsize)
 		return hash;
 
 	hash->array = malloc(hsize * sizeof(QNode*));
+	if (hash->array == NULL) {
+		free(hash);
+		return NULL;
+	}
 
 	// Initialize all hash entries as empty
 	for (i = 0; i < hsize; i++)

auparse/normalize.c

@@ -679,7 +679,7 @@ static int normalize_syscall(auparse_state_t *au, const char *syscall, int type)
 			break;
 		default:
 			{
-				char *k;
+				const char *k;
 				rc = auparse_first_record(au);
 				k = auparse_find_field(au, "key");
 				if (k && strcmp(k, "(null)")) {

src/auditd-listen.c

@@ -369,6 +369,7 @@ static int negotiate_credentials (ev_tcp *io)
 
 	context = & io->gss_context;
 	*context = GSS_C_NO_CONTEXT;
+	io->remote_name = NULL;
 
 	maj_stat = GSS_S_CONTINUE_NEEDED;
 	do {
@@ -380,8 +381,11 @@ static int negotiate_credentials (ev_tcp *io)
 				  sockaddr_to_addr4(&io->addr));
 			return -1;
 		}
-		if (recv_tok.length == 0)
+		if (recv_tok.length == 0) {
+			free(recv_tok.value);
+			recv_tok.value = NULL;
 			continue;
+		}
 
 		/* STEP 2 - let GSS process that token.  */
 
@@ -847,6 +851,7 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop,
 	if (use_gss && negotiate_credentials (client)) {
 		shutdown(afd, SHUT_RDWR);
 		close(afd);
+		free(client->remote_name);
 		free(client);
 		return;
 	}

src/ausearch-checkpt.c

@@ -204,6 +204,7 @@ int load_ChkPt(const char *fn)
 			fn, strerror(errno));
 		return -2;
 	}
+	chkpt_input_levent.node = NULL;
 	while (fgets(lbuf, MAX_LN, fd) != NULL) {
 		size_t len = strlen(lbuf);
 
@@ -229,6 +230,8 @@ int load_ChkPt(const char *fn)
 				break;
 			}
 		} else if (strncmp(lbuf, "output=", 7) == 0) {
+			free((void *)chkpt_input_levent.node);
+			chkpt_input_levent.node = NULL;
 			if (parse_checkpt_event(lbuf, 7, &chkpt_input_levent))
 				break;
 		} else {