From 73578bc612b63e451a9203f7187f77152d069350 Mon Sep 17 00:00:00 2001 From: Laxmikant Rashinkar Date: Sat, 19 Jul 2014 13:06:25 -0700 Subject: coverity: fixed unchecked return value --- rdp/rdp_mcs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'rdp') diff --git a/rdp/rdp_mcs.c b/rdp/rdp_mcs.c index 55067b1f..18c33ac4 100644 --- a/rdp/rdp_mcs.c +++ b/rdp/rdp_mcs.c @@ -19,6 +19,7 @@ */ #include "rdp.h" +#include "common/log.h" /*****************************************************************************/ struct rdp_mcs *APP_CC @@ -598,7 +599,8 @@ failed")); int APP_CC rdp_mcs_init(struct rdp_mcs *self, struct stream *s) { - rdp_iso_init(self->iso_layer, s); + if (rdp_iso_init(self->iso_layer, s)) + log_message(LOG_LEVEL_ERROR, "rdp_mcs.c: rdp_iso_init() failed"); s_push_layer(s, mcs_hdr, 8); return 0; } -- cgit v1.2.1 From 023c0b5bc1591fad9094d2e440b6315a8ff908d8 Mon Sep 17 00:00:00 2001 From: Laxmikant Rashinkar Date: Sun, 20 Jul 2014 11:11:20 -0700 Subject: coverity: fixed out of bounds read-write --- rdp/rdp_rdp.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'rdp') diff --git a/rdp/rdp_rdp.c b/rdp/rdp_rdp.c index 973b8fe9..70155c60 100644 --- a/rdp/rdp_rdp.c +++ b/rdp/rdp_rdp.c @@ -427,6 +427,12 @@ rdp_rdp_process_color_pointer_pdu(struct rdp_rdp *self, struct stream *s) return 1; } + /* there are only 32 cursors */ + if (cache_idx > 31) + { + return 1; + } + cursor = self->cursors + cache_idx; in_uint16_le(s, cursor->x); in_uint16_le(s, cursor->y); @@ -457,7 +463,7 @@ rdp_rdp_process_cached_pointer_pdu(struct rdp_rdp *self, struct stream *s) in_uint16_le(s, cache_idx); - if (cache_idx >= sizeof(self->cursors) / sizeof(cursor)) + if (cache_idx > 31) { return 1; } -- cgit v1.2.1 From 27055d5762d23ae3996e7e41ef45ef6454fa2d65 Mon Sep 17 00:00:00 2001 From: Laxmikant Rashinkar Date: Sat, 26 Jul 2014 13:33:23 -0700 Subject: coverity: improper use of negative value --- rdp/rdp_rdp.c | 3 +++ rdp/rdp_tcp.c | 3 +++ 2 files changed, 6 insertions(+) (limited to 'rdp') diff --git a/rdp/rdp_rdp.c b/rdp/rdp_rdp.c index 70155c60..9ce63664 100644 --- a/rdp/rdp_rdp.c +++ b/rdp/rdp_rdp.c @@ -1170,6 +1170,9 @@ rdp_rec_check_file(struct rdp_rdp *self) } self->rec_fd = g_file_open(file_name); + if (self->rec_fd < 0) + return 1; + make_stream(s); init_stream(s, 8192); out_uint8a(s, "XRDPREC1", 8); diff --git a/rdp/rdp_tcp.c b/rdp/rdp_tcp.c index a919259e..f0a76d7d 100644 --- a/rdp/rdp_tcp.c +++ b/rdp/rdp_tcp.c @@ -157,7 +157,10 @@ int APP_CC rdp_tcp_connect(struct rdp_tcp *self, char *ip, char *port) { DEBUG((" in rdp_tcp_connect ip %s port %s", ip, port)); + self->sck = g_tcp_socket(); + if (self->sck < 0) + return 1; if (g_tcp_connect(self->sck, ip, port) == 0) { -- cgit v1.2.1 From 0915d33d707d7bd29e724ebc9412a17fdd5840d4 Mon Sep 17 00:00:00 2001 From: Laxmikant Rashinkar Date: Sat, 26 Jul 2014 15:06:35 -0700 Subject: coverity: dead code --- rdp/rdp_lic.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'rdp') diff --git a/rdp/rdp_lic.c b/rdp/rdp_lic.c index e3ff3a7e..5c61ed00 100644 --- a/rdp/rdp_lic.c +++ b/rdp/rdp_lic.c @@ -174,8 +174,10 @@ rdp_lic_process_demand(struct rdp_lic *self, struct stream *s) the security of licence negotiation isn't exactly paramount. */ g_memset(null_data, 0, sizeof(null_data)); rdp_lic_generate_keys(self, null_data, server_random, null_data); + licence_size = 0; /* todo load_licence(&licence_data); */ +#if 0 if (licence_size > 0) { /* Generate a signature for the HWID buffer */ @@ -192,6 +194,7 @@ rdp_lic_process_demand(struct rdp_lic *self, struct stream *s) g_free(licence_data); return; } +#endif rdp_lic_send_request(self, null_data, null_data, self->sec_layer->rdp_layer->mod->username, -- cgit v1.2.1 From ad4bea9a6e68374da79bc2f22e10b6e1103e492b Mon Sep 17 00:00:00 2001 From: Laxmikant Rashinkar Date: Mon, 28 Jul 2014 17:25:22 -0700 Subject: coverity: fixed missing break in switch --- rdp/rdp_bitmap.c | 3 +++ rdp/rdp_lic.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'rdp') diff --git a/rdp/rdp_bitmap.c b/rdp/rdp_bitmap.c index 0963588f..4ba821d3 100644 --- a/rdp/rdp_bitmap.c +++ b/rdp/rdp_bitmap.c @@ -164,6 +164,7 @@ bitmap_decompress1(char *output, int width, int height, char *input, int size) break; case 8: /* Bicolor */ color1 = CVAL(input); + /* fall through is intentional */ case 3: /* Color */ color2 = CVAL(input); break; @@ -435,6 +436,7 @@ bitmap_decompress2(char *output, int width, int height, char *input, int size) case 8: /* Bicolor */ color1[EIK0] = CVAL(input); color1[EIK1] = CVAL(input); + /* fall through is intentional */ case 3: /* Color */ color2[EIK0] = CVAL(input); color2[EIK1] = CVAL(input); @@ -752,6 +754,7 @@ bitmap_decompress3(char *output, int width, int height, char *input, int size) color1[0] = CVAL(input); color1[1] = CVAL(input); color1[2] = CVAL(input); + /* fall through is intentional */ case 3: /* Color */ color2[0] = CVAL(input); color2[1] = CVAL(input); diff --git a/rdp/rdp_lic.c b/rdp/rdp_lic.c index 5c61ed00..2441bc7f 100644 --- a/rdp/rdp_lic.c +++ b/rdp/rdp_lic.c @@ -175,9 +175,9 @@ rdp_lic_process_demand(struct rdp_lic *self, struct stream *s) g_memset(null_data, 0, sizeof(null_data)); rdp_lic_generate_keys(self, null_data, server_random, null_data); +#if 0 licence_size = 0; /* todo load_licence(&licence_data); */ -#if 0 if (licence_size > 0) { /* Generate a signature for the HWID buffer */ -- cgit v1.2.1