From ecce515d54bcea54fea03f731aad646c87761d22 Mon Sep 17 00:00:00 2001
From: Mark Johnston <markj@FreeBSD.org>
Date: Wed, 2 Dec 2020 16:46:45 +0000
Subject: [PATCH] rtsold: Fix bugs reported by Coverity

- Avoid leaking a socket if llflags_get() fails.
- Avoid leaking a file handle if rtsold_init_dumpfile() fails.
- Tighten the check in if_nametosdl() which determines whether we failed
  to find the specified interface.
- Fix errno handling in an error path in rtsock_open().

MFC after:	1 week
---
 usr.sbin/rtsold/cap_llflags.c | 31 ++++++++++++++++++-------------
 usr.sbin/rtsold/dump.c        |  1 +
 usr.sbin/rtsold/if.c          |  2 +-
 usr.sbin/rtsold/rtsock.c      |  2 +-
 4 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/usr.sbin/rtsold/cap_llflags.c b/usr.sbin/rtsold/cap_llflags.c
index b2c07df7379..195f83893b4 100644
--- a/usr.sbin/rtsold/cap_llflags.c
+++ b/usr.sbin/rtsold/cap_llflags.c
@@ -72,9 +72,12 @@ llflags_get(const char *ifname, int *flagsp)
 	if (s < 0)
 		return (-1);
 
-	if (getifaddrs(&ifap) != 0)
-		return (-1);
-	error = -1;
+	ifap = NULL;
+	if (getifaddrs(&ifap) != 0) {
+		error = errno;
+		goto out;
+	}
+	error = ENOENT;
 	for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) {
 		if (strcmp(ifa->ifa_name, ifname) != 0)
 			continue;
@@ -88,27 +91,29 @@ llflags_get(const char *ifname, int *flagsp)
 		memset(&ifr6, 0, sizeof(ifr6));
 		if (strlcpy(ifr6.ifr_name, ifname, sizeof(ifr6.ifr_name)) >=
 		    sizeof(ifr6.ifr_name)) {
-			freeifaddrs(ifap);
-			errno = EINVAL;
-			return (-1);
+			error = errno;
+			goto out;
 		}
 		memcpy(&ifr6.ifr_ifru.ifru_addr, sin6, sin6->sin6_len);
 		if (ioctl(s, SIOCGIFAFLAG_IN6, &ifr6) < 0) {
 			error = errno;
-			freeifaddrs(ifap);
-			errno = error;
-			return (-1);
+			goto out;
 		}
 
 		*flagsp = ifr6.ifr_ifru.ifru_flags6;
 		error = 0;
 		break;
 	}
+out:
 	(void)close(s);
-	freeifaddrs(ifap);
-	if (error == -1)
-		errno = ENOENT;
-	return (error);
+	if (ifap != NULL)
+		freeifaddrs(ifap);
+	if (error != 0) {
+		errno = error;
+		return (-1);
+	} else {
+		return (0);
+	}
 }
 
 int
diff --git a/usr.sbin/rtsold/dump.c b/usr.sbin/rtsold/dump.c
index 65b4f979bd4..803a6c0d95d 100644
--- a/usr.sbin/rtsold/dump.c
+++ b/usr.sbin/rtsold/dump.c
@@ -148,6 +148,7 @@ rtsold_init_dumpfile(const char *dumpfile)
 	if (caph_rights_limit(fileno(fp), &rights) != 0) {
 		warnmsg(LOG_WARNING, __func__, "caph_rights_limit(%s): %s",
 		    dumpfile, strerror(errno));
+		(void)fclose(fp);
 		return (NULL);
 	}
 	return (fp);
diff --git a/usr.sbin/rtsold/if.c b/usr.sbin/rtsold/if.c
index 2cc5fa41c29..b2f2c640b17 100644
--- a/usr.sbin/rtsold/if.c
+++ b/usr.sbin/rtsold/if.c
@@ -327,7 +327,7 @@ if_nametosdl(char *name)
 			}
 		}
 	}
-	if (next == lim) {
+	if (next >= lim) {
 		/* search failed */
 		free(buf);
 		return (NULL);
diff --git a/usr.sbin/rtsold/rtsock.c b/usr.sbin/rtsold/rtsock.c
index 37f7df29d0b..4dfbf61f47d 100644
--- a/usr.sbin/rtsold/rtsock.c
+++ b/usr.sbin/rtsold/rtsock.c
@@ -84,7 +84,7 @@ rtsock_open(void)
 	if (caph_rights_limit(s, &rights) != 0) {
 		error = errno;
 		(void)close(s);
-		errno = errno;
+		errno = error;
 		return (-1);
 	}
 	return (s);
-- 
2.45.0